make bm-bl[26] timeservers

[dsa-puppet.git] / modules / ntp / templates / ntp.conf

diff --git a/modules/ntp/templates/ntp.conf b/modules/ntp/templates/ntp.conf
index fdc6d1545c41c815f62bffe0e6c23ee2a001e184..4fc219f13414e58b78b3db1c8af107339f64c638 100644 (file)
--- a/modules/ntp/templates/ntp.conf
+++ b/modules/ntp/templates/ntp.conf
@@ -6,24 +6,55 @@
 driftfile /var/lib/ntp/ntp.drift
 statsdir /var/log/ntpstats/
 
 driftfile /var/lib/ntp/ntp.drift
 statsdir /var/log/ntpstats/
 

-statistics loopstats peerstats clockstats
+statistics loopstats peerstats clockstats cryptostats

 filegen loopstats file loopstats type day enable
 filegen peerstats file peerstats type day enable
 filegen clockstats file clockstats type day enable
 filegen loopstats file loopstats type day enable
 filegen peerstats file peerstats type day enable
 filegen clockstats file clockstats type day enable

+filegen cryptostats file cryptostats type day enable

 
 

-<% case fqdn
-       when /geo[123].debian.org/:
--%>
+crypto randfile /dev/urandom
+keysdir /etc/ntp.keys.d
+
+<% if scope.lookupvar('site::nodeinfo')['timeserver'] -%>

 server 0.debian.pool.ntp.org iburst dynamic
 server 1.debian.pool.ntp.org iburst dynamic
 server 2.debian.pool.ntp.org iburst dynamic
 server 3.debian.pool.ntp.org iburst dynamic
 server 0.debian.pool.ntp.org iburst dynamic
 server 1.debian.pool.ntp.org iburst dynamic
 server 2.debian.pool.ntp.org iburst dynamic
 server 3.debian.pool.ntp.org iburst dynamic

-<%     when "ancina.debian.org/": -%>
-server ntp.ugent.be iburst dynamic
-<%     else -%>
-server geo1.debian.org iburst dynamic
-server geo2.debian.org iburst dynamic
-server geo3.debian.org iburst dynamic
+
+<% if @lsbmajdistrelease >= '8' -%>
+leapfile /usr/share/zoneinfo/leap-seconds.list
+<% else -%>
+leapfile /var/lib/ntp/leap-seconds.list
+<% end -%>
+<% elsif scope.lookupvar('site::nodeinfo')['misc']['natted'] -%>
+# autokey doesn't work behind nat
+
+# czerny's, bm-bl2's, and ubc-bl2's ipv4 IP, hard coded for the benefit of
+# hosts that do not have RTC's (since they won't be able to do DNS until
+# they have a reasonable clock).
+server 82.195.75.109        iburst
+server 5.153.231.242        iburst
+server 206.12.19.212        iburst
+
+server czerny.debian.org    iburst
+server clementi.debian.org  iburst
+server bm-bl1.debian.org    iburst
+server bm-bl2.debian.org    iburst
+server ubc-bl2.debian.org   iburst
+server ubc-bl6.debian.org   iburst
+<% else -%>
+server czerny.debian.org       iburst autokey
+server clementi.debian.org     iburst autokey
+server bm-bl1.debian.org       iburst autokey
+server bm-bl2.debian.org       iburst autokey
+server ubc-bl2.debian.org      iburst autokey
+server ubc-bl6.debian.org      iburst autokey
+restrict czerny.debian.org     notrust nomodify notrap ntpport
+restrict clementi.debian.org   notrust nomodify notrap ntpport
+restrict bm-bl1.debian.org     notrust nomodify notrap ntpport
+restrict bm-bl2.debian.org     notrust nomodify notrap ntpport
+restrict ubc-bl2.debian.org    notrust nomodify notrap ntpport
+restrict ubc-bl6.debian.org    notrust nomodify notrap ntpport

 <% end -%>
 
 restrict -4 default kod notrap nomodify nopeer noquery
 <% end -%>
 
 restrict -4 default kod notrap nomodify nopeer noquery


@@ -31,3 +62,7 @@ restrict -6 default kod notrap nomodify nopeer noquery
 
 restrict 127.0.0.1
 restrict ::1
 
 restrict 127.0.0.1
 restrict ::1

+
+# vim:set et:
+# vim:set sts=4 ts=4:
+# vim:set shiftwidth=4: