Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
# Manages NTP-related configugration and the ntpd service.
class base::ntp {
package { 'ntp': ensure => present }
# Handle transitions back from base::ntp::cron.
file { '/etc/cron.d/ntpdate-loop':
ensure => absent;
}
# Configuration files that are the same regardless of operating system.
file {
'/etc/filter-syslog/ntp':
source => 'puppet:///modules/base/ntp/etc/filter-syslog/ntp';
'/etc/ntp.conf':
source => 'puppet:///modules/base/ntp/etc/ntp.conf',
notify => Service['ntpd'];
}
# Operating-system-specific configuration. In Debian, ntpdate is a
# separate package. In Red Hat, ntpdate comes with ntp package. Also,
# setup service according to OS.
case $::operatingsystem {
'redhat': {
service { 'ntpd':
ensure => running,
require => Package['ntp'],
enable => true,
}
file {
'/etc/ntp/ntpservers':
source => 'puppet:///modules/base/ntp/etc/ntp/ntpservers',
notify => Service['ntpd'];
'/etc/sysconfig/ntpd':
source => $::lsbdistrelease ? {
3 => 'puppet:///modules/base/ntp/etc/sysconfig/ntpd.EL3',
default => 'puppet:///modules/base/ntp/etc/sysconfig/ntpd.EL4',
},
notify => Service['ntpd'],
}
}
'debian', 'ubuntu': {
package { 'ntpdate': ensure => present }
service { 'ntpd':
name => $::lsbdistcodename ? {
'sarge' => 'ntp-server',
default => 'ntp'
},
ensure => running,
enable => true,
hasstatus => false,
status => 'pidof ntpd',
}
file { '/etc/default/ntpdate':
source => 'puppet:///modules/base/ntp/etc/default/ntpdate',
notify => Service['ntpd'],
}
}
}
# Open the firewall to allow NTP traffic from the monitoring servers.
base::iptables::rule { 'ntp':
description => 'Allow monitoring servers to check NTP status',
source => [ '171.67.16.36', '171.67.22.24', '171.67.217.112/28' ],
protocol => 'udp',
port => 123,
}
}
# Required if the Nagios servers need to query ntpd.
# FIXME: Roll into the main class once we have a dev environment.
class base::ntp::nagios inherits base::ntp {
File['/etc/ntp.conf'] {
source => 'puppet:///modules/base/ntp/etc/ntp.conf.nagios',
}
}
# If you don't want ntpd running, use this class.
class base::ntp::disabled inherits base::ntp {
Service['ntpd'] {
ensure => stopped,
enable => false,
}
}
# An alternative to ntpd is to run ntpdate in a cron job.
class base::ntp::cron inherits base::ntp::disabled {
File['/etc/cron.d/ntpdate-loop'] {
ensure => present,
source => 'puppet:///modules/base/ntp/etc/cron.d/ntpdate-loop',
}
}
# Used by systems that aren't at Stanford and hence don't have access to our
# time servers.
class base::ntp::off-campus inherits base::ntp {
File['/etc/ntp.conf'] {
source => 'puppet:///modules/base/ntp/etc/ntp.conf.off-campus',
}
# Some further adjustments are needed by operating system.
case $::operatingsystem {
'redhat': {
File['/etc/ntp/ntpservers'] {
source => 'puppet:///modules/base/ntp/etc/ntp/ntpservers.off-campus',
}
}
'debian', 'ubuntu': {
File['/etc/default/ntpdate'] {
source => 'puppet:///modules/base/ntp/etc/default/ntpdate.off-campus',
}
}
default: {}
}
}