diff options
Diffstat (limited to 'roles')
| -rw-r--r-- | roles/common/templates/etc/ntp.conf.j2 | 26 |
1 files changed, 15 insertions, 11 deletions
diff --git a/roles/common/templates/etc/ntp.conf.j2 b/roles/common/templates/etc/ntp.conf.j2 index 2022a4b..7bd1c4a 100644 --- a/roles/common/templates/etc/ntp.conf.j2 +++ b/roles/common/templates/etc/ntp.conf.j2 @@ -1,65 +1,69 @@ # /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help driftfile /var/lib/ntp/ntp.drift # Enable this if you want statistics to be logged. #statsdir /var/log/ntpstats/ statistics loopstats peerstats clockstats filegen loopstats file loopstats type day enable filegen peerstats file peerstats type day enable filegen clockstats file clockstats type day enable # You do need to talk to an NTP server or two (or three). {% if 'NTP-master' in group_names %} # Use Stratum One Time Servers: # http://support.ntp.org/bin/view/Servers/StratumOneTimeServers -server ntp1.sp.se iburst -server ntp2.sp.se iburst -server ntp2.gbg.netnod.se iburst -server ntp1.sth.netnod.se iburst -server ntp2.sth.netnod.se iburst +server sth1.ntp.se iburst +server sth2.ntp.se iburst +server gbg1.ntp.se iburst +server gbg2.ntp.se iburst +server ntp1.sp.se iburst +server ntp2.sp.se iburst {% else %} # Sychronize to our (stratum 2) NTP server, to ensure our network has a # consistent time. {% for host in groups['NTP-master'] | sort %} server {{ ipsec[ hostvars[host].inventory_hostname_short ] }} prefer iburst {% endfor %} -server 0.{{ geoip | default('debian') }}.pool.ntp.org iburst -server 1.{{ geoip | default('debian') }}.pool.ntp.org iburst -server 2.{{ geoip | default('debian') }}.pool.ntp.org iburst -server 3.{{ geoip | default('debian') }}.pool.ntp.org iburst +pool 0.{{ geoip | default('debian') }}.pool.ntp.org iburst +pool 1.{{ geoip | default('debian') }}.pool.ntp.org iburst +pool 2.{{ geoip | default('debian') }}.pool.ntp.org iburst +pool 3.{{ geoip | default('debian') }}.pool.ntp.org iburst {% endif %} # Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for # details. The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions> # might also be helpful. # # Note that "restrict" applies to both servers and clients, so a configuration # that might be intended to block requests from certain clients could also end # up blocking replies from your own upstream servers. # By default, exchange time with everybody, but don't allow configuration. -restrict -4 default limited kod nomodify notrap nopeer noquery -restrict -6 default limited kod nomodify notrap nopeer noquery +restrict -4 default kod notrap nomodify nopeer noquery limited +restrict -6 default kod notrap nomodify nopeer noquery limited # Local users may interrogate the ntp server more closely. restrict 127.0.0.1 restrict ::1 +# Needed for adding pool entries +restrict source notrap nomodify noquery + # Clients from this (example!) subnet have unlimited access, but only if # cryptographically authenticated. #restrict 192.168.123.0 mask 255.255.255.0 notrust # If you want to provide time to your local subnet, change the next line. # (Again, the address is an example only.) #broadcast 192.168.123.255 # If you want to listen to time broadcasts on your local subnet, de-comment the # next lines. Please do this only if you trust everybody on the network! #disable auth #broadcastclient |