quiet you

[dsa-puppet.git] / modules / ntp / manifests / init.pp

diff --git a/modules/ntp/manifests/init.pp b/modules/ntp/manifests/init.pp
index 1b02a836050c2e00d1abaf5a04b1eed70de32f2d..35f0669d076751702aaef4887f83b5b45835894b 100644 (file)
--- a/modules/ntp/manifests/init.pp
+++ b/modules/ntp/manifests/init.pp
@@ -1,14 +1,43 @@
 class ntp {
-       package { ntp: ensure => installed }
-       file { "/var/lib/ntp/":
+
+       package { 'ntp':
+               ensure => installed
+       }
+
+       service { 'ntp':
+               ensure  => running,
+               require => Package['ntp']
+       }
+
+       @ferm::rule { 'dsa-ntp':
+               domain      => '(ip ip6)',
+               description => 'Allow ntp access',
+               rule        => '&SERVICE(udp, 123)'
+       }
+
+       file { '/var/lib/ntp':
                ensure  => directory,
                owner   => ntp,
                group   => ntp,
-               mode    => 755
-               ;
+               mode    => '0755',
+               require => Package['ntp']
+       }
+       file { '/etc/ntp.conf':
+               content => template('ntp/ntp.conf'),
+               notify  => Service['ntp'],
+               require => Package['ntp'],
+       }
+       file { '/etc/ntp.keys.d':
+               ensure  => directory,
+               group   => 'ntp',
+               mode    => '0750',
+               notify  => Service['ntp'],
+               require => Package['ntp'],
        }
-       exec { "ntp restart":
-               path        => "/etc/init.d:/usr/bin:/usr/sbin:/bin:/sbin",
-               refreshonly => true,
+
+       if getfromhash($site::nodeinfo, 'timeserver') {
+               include ntp::timeserver
+       } else {
+               include ntp::client
        }
 }