class ntp {
- package { ntp: ensure => installed }
- file { "/var/lib/ntp/":
- ensure => directory,
- owner => ntp,
- group => ntp,
- mode => 755
- ;
- "/var/lib/ntpstats":
- ensure => directory,
- owner => ntp,
- group => ntp,
- mode => 755
- ;
- "/etc/ntp.conf":
- owner => root,
- group => root,
- mode => 444,
- content => template("ntp/ntp.conf"),
- notify => Exec["ntp restart"],
- require => Package["ntp"]
- ;
- }
- exec { "ntp restart":
- path => "/etc/init.d:/usr/bin:/usr/sbin:/bin:/sbin",
- refreshonly => true,
- }
- ferm::rule { "dsa-ntp":
- domain => "(ip ip6)",
- description => "Allow ntp access",
- rule => "proto udp mod state state (NEW) dport (123) ACCEPT"
- }
+
+ package { 'ntp':
+ ensure => installed
+ }
+
+ service { 'ntp':
+ ensure => running,
+ require => Package['ntp']
+ }
+
+ @ferm::rule { 'dsa-ntp':
+ domain => '(ip ip6)',
+ description => 'Allow ntp access',
+ rule => '&SERVICE(udp, 123)'
+ }
+
+ file { '/etc/init.d/ntp':
+ source => 'puppet:///modules/ntp/ntp.init',
+ mode => '0555',
+ notify => Exec['systemctl daemon-reload'],
+ }
+ file { '/var/lib/ntp':
+ ensure => directory,
+ owner => ntp,
+ group => ntp,
+ mode => '0755',
+ require => Package['ntp']
+ }
+ file { '/etc/ntp.conf':
+ content => template('ntp/ntp.conf'),
+ notify => Service['ntp'],
+ require => Package['ntp'],
+ }
+ file { '/etc/ntp.keys.d':
+ ensure => directory,
+ group => 'ntp',
+ mode => '0750',
+ notify => Service['ntp'],
+ require => Package['ntp'],
+ }
+
+ if getfromhash($site::nodeinfo, 'timeserver') {
+ include ntp::timeserver
+ } else {
+ include ntp::client
+ }
}