From e8e01842f4e578ec427dd8d6f5a5e40b498458af Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Thu, 5 Nov 2020 17:13:03 +0100 Subject: Change NTP client to systemd-timesyncd. (Excluding our NTP master.) It's simpler, arguably more secure, and provides enough functionality when only simple client use-cases are desired. We allow outgoing connections to 123/udp also on NTP slaves so systemd-timesyncd can connect to the fallbacks NTP servers. --- .../templates/etc/systemd/timesyncd.conf.d/fripost.conf.j2 | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 roles/common/templates/etc/systemd/timesyncd.conf.d/fripost.conf.j2 (limited to 'roles/common/templates/etc/systemd') diff --git a/roles/common/templates/etc/systemd/timesyncd.conf.d/fripost.conf.j2 b/roles/common/templates/etc/systemd/timesyncd.conf.d/fripost.conf.j2 new file mode 100644 index 0000000..f578cd9 --- /dev/null +++ b/roles/common/templates/etc/systemd/timesyncd.conf.d/fripost.conf.j2 @@ -0,0 +1,9 @@ +[Time] +# Sychronize to our (stratum 2) NTP server, to ensure our network has a +# consistent time. +{%- set ntp = [] -%} +{%- for host in groups['NTP_master'] -%} +{%- set _ = ntp.append(ipsec[ hostvars[host].inventory_hostname_short ]) -%} +{%- endfor %} + +NTP={{ ntp | join(' ') }} -- cgit v1.2.3