diff --git a/.travis.yml b/.travis.yml index 0626b0e..94e6f35 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,104 +1,105 @@ --- dist: xenial language: ruby cache: bundler before_install: - bundle -v - rm -f Gemfile.lock - "# Update system gems if requested. This is useful to temporarily workaround troubles in the test runner" - "# See https://github.com/puppetlabs/pdk-templates/commit/705154d5c437796b821691b707156e1b056d244f for an example of how this was used" - '[ -z "$RUBYGEMS_VERSION" ] || gem update --system $RUBYGEMS_VERSION' - gem --version - bundle -v script: - 'SIMPLECOV=yes bundle exec rake $CHECK' bundler_args: --without system_tests rvm: - 2.5.3 stages: - static - spec - acceptance matrix: fast_finish: true include: - env: CHECK="check:symlinks check:git_ignore check:dot_underscore check:test_file rubocop syntax lint metadata_lint" stage: static - env: PUPPET_GEM_VERSION="~> 5.0" CHECK=parallel_spec rvm: 2.4.5 stage: spec - env: PUPPET_GEM_VERSION="~> 6.0" CHECK=parallel_spec rvm: 2.5.3 stage: spec - before_script: ["bundle exec rake 'litmus:provision_list[waffle_deb]'", "bundle exec rake 'litmus:install_agent[puppet5]'", "bundle exec rake litmus:install_module"] bundler_args: dist: trusty env: PLATFORMS=deb_puppet5 rvm: 2.5.3 script: ["bundle exec rake litmus:acceptance:parallel"] services: docker stage: acceptance sudo: required - before_script: ["bundle exec rake 'litmus:provision_list[waffle_deb]'", "bundle exec rake 'litmus:install_agent[puppet6]'", "bundle exec rake litmus:install_module"] bundler_args: dist: trusty env: PLATFORMS=deb_puppet6 rvm: 2.5.3 script: ["bundle exec rake litmus:acceptance:parallel"] services: docker stage: acceptance sudo: required - before_script: ["bundle exec rake 'litmus:provision_list[waffle_el6]'", "bundle exec rake 'litmus:install_agent[puppet5]'", "bundle exec rake litmus:install_module"] bundler_args: dist: trusty env: PLATFORMS=el6_puppet5 rvm: 2.5.3 script: ["bundle exec rake litmus:acceptance:parallel"] services: docker stage: acceptance sudo: required - before_script: ["bundle exec rake 'litmus:provision_list[waffle_el6]'", "bundle exec rake 'litmus:install_agent[puppet6]'", "bundle exec rake litmus:install_module"] bundler_args: dist: trusty env: PLATFORMS=el6_puppet6 rvm: 2.5.3 script: ["bundle exec rake litmus:acceptance:parallel"] services: docker stage: acceptance sudo: required - before_script: ["bundle exec rake 'litmus:provision_list[waffle_el7]'", "bundle exec rake 'litmus:install_agent[puppet5]'", "bundle exec rake litmus:install_module"] bundler_args: dist: trusty env: PLATFORMS=el7_puppet5 rvm: 2.5.3 script: ["bundle exec rake litmus:acceptance:parallel"] services: docker stage: acceptance sudo: required - before_script: ["bundle exec rake 'litmus:provision_list[waffle_el7]'", "bundle exec rake 'litmus:install_agent[puppet6]'", "bundle exec rake litmus:install_module"] bundler_args: dist: trusty env: PLATFORMS=el7_puppet6 rvm: 2.5.3 script: ["bundle exec rake litmus:acceptance:parallel"] services: docker stage: acceptance sudo: required branches: only: - master - /^v\d/ - release + - /devel*/ notifications: email: false slack: secure: hFiD5ejH+4p5mnXINU7qsoRObHyeQNn/mns2FLeNDXj7EEWFuqDbnO+jxw87GjXCeoSenkoszOIYvDn/p/we5SGqlMDMyFLCDT4D5tLN4lRYSphOo+Db0uNynPCwFgTbG1BdN4eQuy2GdT8LQuNcEjXmLrdrR7A9FbRzTbwEGkE= diff --git a/REFERENCE.md b/REFERENCE.md index 2f8767e..9b99378 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -1,461 +1,477 @@ # Reference ## Table of Contents **Classes** _Public Classes_ * [`ntp`](#ntp): ntp Main class, includes all other classes. _Private Classes_ * `ntp::config`: This class handles the configuration file. * `ntp::install`: This class handles ntp packages. * `ntp::service`: This class handles the ntp service. **Data types** * [`Ntp::Key_id`](#ntpkey_id): See http://doc.ntp.org/4.2.6/authopt.html#controlkey for documentation Alternatively: type Ntp::Key_id = Variant[Integer, Pattern['']] * [`Ntp::Poll_interval`](#ntppoll_interval): See http://doc.ntp.org/4.2.6/clockopt.html#server for documentation Alternatively: type Ntp::Poll_interval = Variant[Integer, Pattern['']] ## Classes ### ntp ntp Main class, includes all other classes. #### Parameters The following parameters are available in the `ntp` class. ##### `authprov` Data type: `Optional[String]` Enables compatibility with W32Time in some versions of NTPd (such as Novell DSfW). Default value: undef. ##### `broadcastclient` Data type: `Boolean` Enables reception of broadcast server messages to any local interface. Default value: false. ##### `burst` Data type: `Boolean` When the server is reachable, send a burst of eight packets instead of the usual one. Default value: false. ##### `config` Data type: `Stdlib::Absolutepath` Specifies a file for NTP's configuration info. Default value: '/etc/ntp.conf' (or '/etc/inet/ntp.conf' on Solaris). ##### `config_dir` Data type: `Optional[Stdlib::Absolutepath]` Specifies a directory for the NTP configuration files. Default value: undef. ##### `config_epp` Data type: `Optional[String]` Specifies an absolute or relative file path to an EPP template for the config file. Example value: 'ntp/ntp.conf.epp'. A validation error is thrown if both this **and** the `config_template` parameter are specified. ##### `config_file_mode` Data type: `String` Specifies a file mode for the ntp configuration file. Default value: '0664'. ##### `config_template` Data type: `Optional[String]` Specifies an absolute or relative file path to an ERB template for the config file. Example value: 'ntp/ntp.conf.erb'. A validation error is thrown if both this **and** the `config_epp` parameter are specified. +##### `daemon_extra_opts` + +Data type: `Optional[String]` + +Specifies any arguments to pass to ntp daemon. Default value: '-g'. +Example value: '-g -i /var/lib/ntp' to enable jaildir options. +Note that user is a specific parameter handled separately. + ##### `disable_auth` Data type: `Boolean` Disables cryptographic authentication for broadcast client, multicast client, and symmetric passive associations. ##### `disable_dhclient` Data type: `Boolean` Disables `ntp-servers` in `dhclient.conf` to prevent Dhclient from managing the NTP configuration. ##### `disable_kernel` Data type: `Boolean` Disables kernel time discipline. ##### `disable_monitor` Data type: `Boolean` Disables the monitoring facility in NTP. Default value: true. ##### `driftfile` Data type: `Stdlib::Absolutepath` Specifies an NTP driftfile. Default value: '/var/lib/ntp/drift' (except on AIX and Solaris). ##### `enable_mode7` Data type: `Boolean` Enables processing of NTP mode 7 implementation-specific requests which are used by the deprecated ntpdc program. Default value: false. ##### `fudge` Data type: `Optional[Array[String]]` Provides additional information for individual clock drivers. Default value: [ ] ##### `iburst_enable` Data type: `Boolean` Specifies whether to enable the iburst option for every NTP peer. Default value: false (true on AIX and Debian). ##### `interfaces` Data type: `Array[String]` Specifies one or more network interfaces for NTP to listen on. Default value: [ ]. ##### `interfaces_ignore` Data type: `Array[String]` Specifies one or more ignore pattern for the NTP listener configuration (for example: all, wildcard, ipv6). Default value: [ ]. ##### `keys` Data type: `Array[String]` Distributes keys to keys file. Default value: [ ]. ##### `keys_controlkey` Data type: `Optional[Ntp::Key_id]` Specifies the key identifier to use with the ntpq utility. Value in the range of 1 to 65,534 inclusive. Default value: ' '. ##### `keys_enable` Data type: `Boolean` Whether to enable key-based authentication. Default value: false. ##### `keys_file` Data type: `Stdlib::Absolutepath` Specifies the complete path and location of the MD5 key file containing the keys and key identifiers used by ntpd, ntpq and ntpdc when operating with symmetric key cryptography. Default value: `/etc/ntp.keys` (on RedHat and Amazon, `/etc/ntp/keys`). ##### `keys_requestkey` Data type: `Optional[Ntp::Key_id]` Specifies the key identifier to use with the ntpdc utility program. Value in the range of 1 to 65,534. Default value: ' '. ##### `keys_trusted` Data type: `Optional[Array[Ntp::Key_id]]` Provides one or more keys to be trusted by NTP. Default value: [ ]. ##### `leapfile` Data type: `Optional[Stdlib::Absolutepath]` Specifies a leap second file for NTP to use. Default value: ' '. ##### `logfile` Data type: `Optional[Stdlib::Absolutepath]` Specifies a log file for NTP to use instead of syslog. Default value: ' '. ##### `logconfig` Data type: `Optional[String]` Specifies the logconfig for NTP to use. Default value: ' '. ##### `minpoll` Data type: `Optional[Ntp::Poll_interval]` Sets Puppet to non-standard minimal poll interval of upstream servers. Values: 3 to 16. Default: undef. ##### `maxpoll` Data type: `Optional[Ntp::Poll_interval]` Sets use non-standard maximal poll interval of upstream servers. Values: 3 to 16. Default option: undef, except on FreeBSD (on FreeBSD, defaults to 9). ##### `ntpsigndsocket` Data type: `Optional[Stdlib::Absolutepath]` Sets NTP to sign packets using the socket in the ntpsigndsocket path. Requires NTP to be configured to sign sockets. Value: Path to the socket directory; for example, for Samba: `usr/local/samba/var/lib/ntp_signd/`. Default value: undef. ##### `package_ensure` Data type: `String` Whether to install the NTP package, and what version to install. Values: 'present', 'latest', or a specific version number. Default value: 'present'. ##### `package_manage` Data type: `Boolean` Whether to manage the NTP package. Default value: true. ##### `package_name` Data type: `Array[String]` Specifies the NTP package to manage. Default value: ['ntp'] (except on AIX and Solaris). ##### `panic` Data type: `Optional[Integer[0]]` Whether NTP should "panic" in the event of a very large clock skew. Applies only if `tinker` option set to true or if your environment is in a virtual machine. Default value: 0 if environment is virtual, undef in all other cases. ##### `peers` Data type: `Array[String]` List of NTP servers with which to synchronise the local clock. ##### `tos_orphan` Data type: `Optional[Integer[1]]` Enables Orphan mode for peer group Value: Should be set to 2 more than the worst-case externally-reachable source's stratum. ##### `pool` Data type: `Optional[Array[String]]` List of NTP server pools with which to synchronise the local clock. ##### `preferred_servers` Data type: `Array[String]` Specifies one or more preferred peers. Puppet appends 'prefer' to each matching item in the `servers` array. Default value: [ ]. ##### `noselect_servers` Data type: `Array[String]` Specifies one or more peers to not sync with. Puppet appends 'noselect' to each matching item in the `servers` array. Default value: [ ]. ##### `restrict` Data type: `Array[String]` Specifies one or more `restrict` options for the NTP configuration. Puppet prefixes each item with 'restrict', so you need to list only the content of the restriction. Default value for most operating systems: '[default kod nomodify notrap nopeer noquery', '-6 default kod nomodify notrap nopeer noquery', '127.0.0.1', '-6 ::1']'. Default value for AIX systems: '['default nomodify notrap nopeer noquery', '127.0.0.1',]'. ##### `servers` Data type: `Array[String]` Specifies one or more servers to be used as NTP peers. Default value: varies by operating system. ##### `service_enable` Data type: `Boolean` Whether to enable the NTP service at boot. Default value: true. ##### `service_ensure` Data type: `Enum['running', 'stopped']` Whether the NTP service should be running. Default value: 'running'. ##### `service_manage` Data type: `Boolean` Whether to manage the NTP service. Default value: true. ##### `service_name` Data type: `String` The NTP service to manage. Default value: varies by operating system. ##### `service_provider` Data type: `Optional[String]` Which service provider to use for NTP. Default value: 'undef'. ##### `service_hasstatus` Data type: `Boolean` Whether service has a functional status command. Default value: true. ##### `service_hasrestart` Data type: `Boolean` Whether service has a restart command. Default value: true. ##### `slewalways` Data type: `Optional[Enum['yes','no']]` xntpd setting to disable stepping behavior and always slew the clock to handle adjustments. Only relevant for AIX. Default value: 'undef'. Allowed values: 'yes', 'no' ##### `statistics` Data type: `Optional[Array]` List of statistics to have NTP generate and keep. Default value: [ ]. ##### `statsdir` Data type: `Optional[Stdlib::Absolutepath]` Location of the NTP statistics directory on the managed system. Default value: '/var/log/ntpstats'. ##### `step_tickers_file` Data type: `Optional[Stdlib::Absolutepath]` Location of the step tickers file on the managed system. Default value: varies by operating system. ##### `step_tickers_epp` Data type: `Optional[String]` Location of the step tickers EPP template file. Default value: varies by operating system. Validation error is thrown if both this and the `step_tickers_template` parameters are specified. ##### `step_tickers_template` Data type: `Optional[String]` Location of the step tickers ERB template file. Default value: varies by operating system. Validation error is thrown if both this and the `step_tickers_epp` parameter are specified. ##### `stepout` Data type: `Optional[Integer[0, 65535]]` Value for stepout if `tinker` value is true. Valid options: unsigned shortint digit. Default value: undef. ##### `tos` Data type: `Boolean` Whether to enable tos options. Default value: false. ##### `tos_minclock` Data type: `Optional[Integer[1]]` Specifies the minclock tos option. Default value: 3. ##### `tos_maxclock` Data type: `Optional[Integer[1]]` Specifies the maxclock tos option. Default value: 6. ##### `tos_minsane` Data type: `Optional[Integer[1]]` Specifies the minsane tos option. Default value: 1. ##### `tos_floor` Data type: `Optional[Integer[1]]` Specifies the floor tos option. Default value: 1. ##### `tos_ceiling` Data type: `Optional[Integer[1]]` Specifies the ceiling tos option. Default value: 15. ##### `tos_cohort` Data type: `Variant[Boolean, Integer[0,1]]` Specifies the cohort tos option. Valid options: 0 or 1. Default value: 0. ##### `tinker` Data type: `Optional[Boolean]` Whether to enable tinker options. Default value: false. ##### `udlc` Data type: `Boolean` Specifies whether to configure NTP to use the undisciplined local clock as a time source. Default value: false. ##### `udlc_stratum` Data type: `Optional[Integer[1,15]]` Specifies the stratum the server should operate at when using the undisciplined local clock as the time source. This value should be set to no less than 10 if ntpd might be accessible outside your immediate, controlled network. Default value: 10.am udlc +##### `user` + +Data type: `Optional[String]` + +Specifies user to run ntpd daemon. Default value: ntp. +Usually set by default on Centos7 (/etc/systemd/system/multi-user.target.wants/ntpd.service) and ubuntu 18.04 (/usr/lib/ntp/ntp-systemd-wrapper) +This is currently restricted to Redhat based systems of version 7 and above and Ubuntu 18.04. + ## Data types ### Ntp::Key_id See http://doc.ntp.org/4.2.6/authopt.html#controlkey for documentation Alternatively: type Ntp::Key_id = Variant[Integer, Pattern['']] Alias of `Integer[1, 65534]` ### Ntp::Poll_interval See http://doc.ntp.org/4.2.6/clockopt.html#server for documentation Alternatively: type Ntp::Poll_interval = Variant[Integer, Pattern['']] Alias of `Integer[4, 17]` diff --git a/data/common.yaml b/data/common.yaml index 91d6f33..ef5f2aa 100644 --- a/data/common.yaml +++ b/data/common.yaml @@ -1,69 +1,71 @@ --- ntp::authprov: ~ ntp::broadcastclient: false ntp::burst: false ntp::config_dir: ~ ntp::config_file_mode: '0644' ntp::config: '/etc/ntp.conf' ntp::config_template: ~ ntp::config_epp: ~ +ntp::daemon_extra_opts: ~ ntp::disable_auth: false ntp::disable_dhclient: false ntp::disable_kernel: false ntp::disable_monitor: true ntp::driftfile: '/var/lib/ntp/drift' ntp::enable_mode7: false ntp::fudge: [] ntp::iburst_enable: true ntp::interfaces_ignore: [] ntp::interfaces: [] ntp::keys_controlkey: ~ ntp::keys_enable: false ntp::keys_file: '/etc/ntp.keys' ntp::keys_requestkey: ~ ntp::keys_trusted: [] ntp::keys: [] ntp::leapfile: ~ ntp::logfile: ~ ntp::logconfig: ~ ntp::ntpsigndsocket: ~ ntp::maxpoll: ~ ntp::minpoll: ~ ntp::package_ensure: present ntp::package_manage: true ntp::package_name: [ 'ntp' ] ntp::panic: ~ ntp::peers: [] ntp::pool: [] ntp::preferred_servers: [] ntp::noselect_servers: [] ntp::servers: - '0.pool.ntp.org' - '1.pool.ntp.org' - '2.pool.ntp.org' - '3.pool.ntp.org' ntp::service_enable: true ntp::service_ensure: running ntp::service_manage: true ntp::service_name: ntpd ntp::service_provider: ~ ntp::service_hasstatus: true ntp::service_hasrestart: true ntp::slewalways: ~ ntp::statistics: [] ntp::statsdir: '/var/log/ntpstats' ntp::stepout: ~ ntp::step_tickers_file: ~ ntp::step_tickers_template: ~ ntp::step_tickers_epp: ~ ntp::tinker: ~ ntp::tos_ceiling: 15 ntp::tos_cohort: 0 ntp::tos_floor: 1 ntp::tos_maxclock: 6 ntp::tos_minclock: 3 ntp::tos_minsane: 1 ntp::tos_orphan: ~ ntp::tos: false ntp::udlc_stratum: 10 ntp::udlc: false +ntp::user: ~ diff --git a/manifests/config.pp b/manifests/config.pp index c007550..0c0081b 100644 --- a/manifests/config.pp +++ b/manifests/config.pp @@ -1,106 +1,163 @@ # @summary # This class handles the configuration file. # # @api private # class ntp::config { #The servers-netconfig file overrides NTP config on SLES 12, interfering with our configuration. if ($facts['operatingsystem'] == 'SLES' and $facts['operatingsystemmajrelease'] == '12') or ($facts['operatingsystem'] == 'OpenSuSE' and $facts['operatingsystemmajrelease'] == '42') { file { '/var/run/ntp/servers-netconfig': ensure => 'absent' } } + case $::osfamily + { + 'redhat': + { + $daemon_config = '/etc/sysconfig/ntpd' + if $ntp::daemon_extra_opts { + file_line { 'Set NTPD daemon options': + ensure => present, + path => $daemon_config, + line => "OPTIONS='${ntp::daemon_extra_opts}'", + match => '^OPTIONS\=', + } + } + if $ntp::user and $facts['operatingsystemmajrelease'] != '6' { + file_line { 'Set NTPD daemon user': + ensure => present, + path => '/etc/systemd/system/multi-user.target.wants/ntpd.service', + line => "ExecStart=/usr/sbin/ntpd -u ${ntp::user}:${ntp::user} \$OPTIONS", + match => '^ExecStart\=', + } + } + } + 'Debian': + { + $daemon_config = '/etc/default/ntp' + if $ntp::daemon_extra_opts { + file_line { 'Set NTPD daemon options': + ensure => present, + path => $daemon_config, + line => "NTPD_OPTS='${ntp::daemon_extra_opts}'", + match => '^NTPD_OPTS\=', + } + } + if $ntp::user and $facts['operatingsystemmajrelease'] == '18.04' { + file_line { 'Set NTPD daemon user': + ensure => present, + path => '/usr/lib/ntp/ntp-systemd-wrapper', + line => "RUNASUSER=${ntp::user}", + match => '^RUNASUSER\=', + } + } + } + 'Suse': + { + $daemon_config = '/etc/sysconfig/ntp' + if $ntp::daemon_extra_opts { + file_line { 'Set NTPD daemon options': + ensure => present, + path => $daemon_config, + line => "OPTIONS='${ntp::daemon_extra_opts}'", + match => '^OPTIONS\=', + } + } + } + default: { } + } + if $ntp::keys_enable { case $ntp::config_dir { '/', '/etc', undef: {} default: { file { $ntp::config_dir: ensure => directory, owner => 0, group => 0, mode => '0775', recurse => false, } } } file { $ntp::keys_file: ensure => file, owner => 0, group => 0, mode => '0600', content => epp('ntp/keys.epp'), } } #If both epp and erb are defined, throw validation error. #Otherwise use the defined erb/epp template, or use default if $ntp::config_epp and $ntp::config_template { fail('Cannot supply both config_epp and config_template templates for ntp config file.') } elsif $ntp::config_template { $config_content = template($ntp::config_template) } elsif $ntp::config_epp { $config_content = epp($ntp::config_epp) } else { $config_content = epp('ntp/ntp.conf.epp') } file { $ntp::config: ensure => file, owner => 0, group => 0, mode => $::ntp::config_file_mode, content => $config_content, } #If both epp and erb are defined, throw validation error. #Otherwise use the defined erb/epp template, or use default if $::ntp::step_tickers_file { if $::ntp::step_tickers_template and $::ntp::step_tickers_epp { fail('Cannot supply both step_tickers_file and step_tickers_epp templates for step ticker file') } elsif $::ntp::step_tickers_template { $step_ticker_content = template($ntp::step_tickers_template) } elsif $::ntp::step_tickers_epp { $step_ticker_content = epp($::ntp::step_tickers_epp) } else{ $step_ticker_content = epp('ntp/step-tickers.epp') } file { $::ntp::step_tickers_file: ensure => file, owner => 0, group => 0, mode => $::ntp::config_file_mode, content => $step_ticker_content, } } if $ntp::logfile { file { $ntp::logfile: ensure => file, owner => 'ntp', group => 'ntp', mode => '0664', } } if $ntp::disable_dhclient { augeas { 'disable ntp-servers in dhclient.conf': context => '/files/etc/dhcp/dhclient.conf', changes => 'rm request/*[.="ntp-servers"]', } file { '/var/lib/ntp/ntp.conf.dhcp': ensure => absent, } #remove dhclient ntp script which modifies ntp.conf on RHEL and Amazon Linux file { '/etc/dhcp/dhclient.d/ntp.sh': ensure => absent, } } } diff --git a/manifests/init.pp b/manifests/init.pp index cb9341a..ca7ca3e 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -1,304 +1,316 @@ # ntp # # Main class, includes all other classes. # # @param authprov # Enables compatibility with W32Time in some versions of NTPd (such as Novell DSfW). Default value: undef. # # @param broadcastclient # Enables reception of broadcast server messages to any local interface. Default value: false. # # @param burst # When the server is reachable, send a burst of eight packets instead of the usual one. Default value: false. # # @param config # Specifies a file for NTP's configuration info. Default value: '/etc/ntp.conf' (or '/etc/inet/ntp.conf' on Solaris). # # @param config_dir # Specifies a directory for the NTP configuration files. Default value: undef. # # @param config_epp # Specifies an absolute or relative file path to an EPP template for the config file. # Example value: 'ntp/ntp.conf.epp'. A validation error is thrown if both this **and** the `config_template` parameter are specified. # # @param config_file_mode # Specifies a file mode for the ntp configuration file. Default value: '0664'. # # @param config_template # Specifies an absolute or relative file path to an ERB template for the config file. # Example value: 'ntp/ntp.conf.erb'. A validation error is thrown if both this **and** the `config_epp` parameter are specified. # +# @param daemon_extra_opts +# Specifies any arguments to pass to ntp daemon. Default value: '-g'. +# Example value: '-g -i /var/lib/ntp' to enable jaildir options. +# Note that user is a specific parameter handled separately. +# # @param disable_auth # Disables cryptographic authentication for broadcast client, multicast client, and symmetric passive associations. # # @param disable_dhclient # Disables `ntp-servers` in `dhclient.conf` to prevent Dhclient from managing the NTP configuration. # # @param disable_kernel # Disables kernel time discipline. # # @param disable_monitor # Disables the monitoring facility in NTP. Default value: true. # # @param driftfile # Specifies an NTP driftfile. Default value: '/var/lib/ntp/drift' (except on AIX and Solaris). # # @param enable_mode7 # Enables processing of NTP mode 7 implementation-specific requests which are used by the deprecated ntpdc program. Default value: false. # # @param fudge # Provides additional information for individual clock drivers. Default value: [ ] # # @param iburst_enable # Specifies whether to enable the iburst option for every NTP peer. Default value: false (true on AIX and Debian). # # @param interfaces # Specifies one or more network interfaces for NTP to listen on. Default value: [ ]. # # @param interfaces_ignore # Specifies one or more ignore pattern for the NTP listener configuration (for example: all, wildcard, ipv6). Default value: [ ]. # # @param keys # Distributes keys to keys file. Default value: [ ]. # # @param keys_controlkey # Specifies the key identifier to use with the ntpq utility. Value in the range of 1 to 65,534 inclusive. Default value: ' '. # # @param keys_enable # Whether to enable key-based authentication. Default value: false. # # @param keys_file # Specifies the complete path and location of the MD5 key file containing the keys and key identifiers used by ntpd, ntpq and ntpdc # when operating with symmetric key cryptography. Default value: `/etc/ntp.keys` (on RedHat and Amazon, `/etc/ntp/keys`). # # @param keys_requestkey # Specifies the key identifier to use with the ntpdc utility program. Value in the range of 1 to 65,534. Default value: ' '. # # @param keys_trusted # Provides one or more keys to be trusted by NTP. Default value: [ ]. # # @param leapfile # Specifies a leap second file for NTP to use. Default value: ' '. # # @param logfile # Specifies a log file for NTP to use instead of syslog. Default value: ' '. # # @param logconfig # Specifies the logconfig for NTP to use. Default value: ' '. # # @param minpoll # Sets Puppet to non-standard minimal poll interval of upstream servers. # Values: 3 to 16. Default: undef. # # @param maxpoll # Sets use non-standard maximal poll interval of upstream servers. # Values: 3 to 16. Default option: undef, except on FreeBSD (on FreeBSD, defaults to 9). # # @param ntpsigndsocket # Sets NTP to sign packets using the socket in the ntpsigndsocket path. Requires NTP to be configured to sign sockets. # Value: Path to the socket directory; for example, for Samba: `usr/local/samba/var/lib/ntp_signd/`. Default value: undef. # # @param package_ensure # Whether to install the NTP package, and what version to install. Values: 'present', 'latest', or a specific version number. # Default value: 'present'. # # @param package_manage # Whether to manage the NTP package. Default value: true. # # @param package_name # Specifies the NTP package to manage. Default value: ['ntp'] (except on AIX and Solaris). # # @param panic # Whether NTP should "panic" in the event of a very large clock skew. Applies only if `tinker` option set to true or if your environment # is in a virtual machine. Default value: 0 if environment is virtual, undef in all other cases. # # @param peers # List of NTP servers with which to synchronise the local clock. # # @param tos_orphan # Enables Orphan mode for peer group # Value: Should be set to 2 more than the worst-case externally-reachable source's stratum. # # @param pool # List of NTP server pools with which to synchronise the local clock. # # @param preferred_servers # Specifies one or more preferred peers. Puppet appends 'prefer' to each matching item in the `servers` array. # Default value: [ ]. # # @param noselect_servers # Specifies one or more peers to not sync with. Puppet appends 'noselect' to each matching item in the `servers` array. # Default value: [ ]. # # @param restrict # Specifies one or more `restrict` options for the NTP configuration. # Puppet prefixes each item with 'restrict', so you need to list only the content of the restriction. # Default value for most operating systems: # '[default kod nomodify notrap nopeer noquery', '-6 default kod nomodify notrap nopeer noquery', '127.0.0.1', '-6 ::1']'. # Default value for AIX systems: # '['default nomodify notrap nopeer noquery', '127.0.0.1',]'. # # @param servers # Specifies one or more servers to be used as NTP peers. Default value: varies by operating system. # # @param service_enable # Whether to enable the NTP service at boot. Default value: true. # # @param service_ensure # Whether the NTP service should be running. Default value: 'running'. # # @param service_manage # Whether to manage the NTP service. Default value: true. # # @param service_name # The NTP service to manage. Default value: varies by operating system. # # @param service_provider # Which service provider to use for NTP. Default value: 'undef'. # # @param service_hasstatus # Whether service has a functional status command. Default value: true. # # @param service_hasrestart # Whether service has a restart command. Default value: true. # # @param slewalways # xntpd setting to disable stepping behavior and always slew the clock to handle adjustments. # Only relevant for AIX. Default value: 'undef'. Allowed values: 'yes', 'no' # # @param statistics # List of statistics to have NTP generate and keep. Default value: [ ]. # # @param statsdir # Location of the NTP statistics directory on the managed system. Default value: '/var/log/ntpstats'. # # @param step_tickers_file # Location of the step tickers file on the managed system. Default value: varies by operating system. # # @param step_tickers_epp # Location of the step tickers EPP template file. Default value: varies by operating system. # Validation error is thrown if both this and the `step_tickers_template` parameters are specified. # # @param step_tickers_template # Location of the step tickers ERB template file. Default value: varies by operating system. # Validation error is thrown if both this and the `step_tickers_epp` parameter are specified. # # @param stepout # Value for stepout if `tinker` value is true. Valid options: unsigned shortint digit. Default value: undef. # # @param tos # Whether to enable tos options. Default value: false. # # @param tos_minclock # Specifies the minclock tos option. Default value: 3. # # @param tos_maxclock # Specifies the maxclock tos option. Default value: 6. # # @param tos_minsane # Specifies the minsane tos option. Default value: 1. # # @param tos_floor # Specifies the floor tos option. Default value: 1. # # @param tos_ceiling # Specifies the ceiling tos option. Default value: 15. # # @param tos_cohort # Specifies the cohort tos option. Valid options: 0 or 1. Default value: 0. # # @param tinker # Whether to enable tinker options. Default value: false. # # @param udlc # Specifies whether to configure NTP to use the undisciplined local clock as a time source. Default value: false. # # @param udlc_stratum # Specifies the stratum the server should operate at when using the undisciplined local clock as the time source. # This value should be set to no less than 10 if ntpd might be accessible outside your immediate, controlled network. # Default value: 10.am udlc # +# @param user +# Specifies user to run ntpd daemon. Default value: ntp. +# Usually set by default on Centos7 (/etc/systemd/system/multi-user.target.wants/ntpd.service) and ubuntu 18.04 (/usr/lib/ntp/ntp-systemd-wrapper) +# This is currently restricted to Redhat based systems of version 7 and above and Ubuntu 18.04. +# class ntp ( Boolean $broadcastclient, Boolean $burst, Stdlib::Absolutepath $config, Optional[Stdlib::Absolutepath] $config_dir, String $config_file_mode, Optional[String] $config_epp, Optional[String] $config_template, Boolean $disable_auth, Boolean $disable_dhclient, Boolean $disable_kernel, Boolean $disable_monitor, Boolean $enable_mode7, Optional[Array[String]] $fudge, Stdlib::Absolutepath $driftfile, Optional[Stdlib::Absolutepath] $leapfile, Optional[Stdlib::Absolutepath] $logfile, Optional[String] $logconfig, Boolean $iburst_enable, Array[String] $keys, Boolean $keys_enable, Stdlib::Absolutepath $keys_file, Optional[Ntp::Key_id] $keys_controlkey, Optional[Ntp::Key_id] $keys_requestkey, Optional[Array[Ntp::Key_id]] $keys_trusted, Optional[Ntp::Poll_interval] $minpoll, Optional[Ntp::Poll_interval] $maxpoll, String $package_ensure, Boolean $package_manage, Array[String] $package_name, Optional[Integer[0]] $panic, Array[String] $peers, Optional[Array[String]] $pool, Array[String] $preferred_servers, Array[String] $noselect_servers, Array[String] $restrict, Array[String] $interfaces, Array[String] $interfaces_ignore, Array[String] $servers, Boolean $service_enable, Enum['running', 'stopped'] $service_ensure, Boolean $service_manage, String $service_name, Optional[String] $service_provider, Boolean $service_hasstatus, Boolean $service_hasrestart, Optional[Enum['yes','no']] $slewalways, Optional[Array] $statistics, Optional[Stdlib::Absolutepath] $statsdir, Optional[Integer[0, 65535]] $stepout, Optional[Stdlib::Absolutepath] $step_tickers_file, Optional[String] $step_tickers_epp, Optional[String] $step_tickers_template, Optional[Boolean] $tinker, Boolean $tos, Optional[Integer[1]] $tos_maxclock, Optional[Integer[1]] $tos_minclock, Optional[Integer[1]] $tos_minsane, Optional[Integer[1]] $tos_floor, Optional[Integer[1]] $tos_ceiling, Optional[Integer[1]] $tos_orphan, Variant[Boolean, Integer[0,1]] $tos_cohort, Boolean $udlc, Optional[Integer[1,15]] $udlc_stratum, Optional[Stdlib::Absolutepath] $ntpsigndsocket, Optional[String] $authprov, + Optional[String] $user, + Optional[String] $daemon_extra_opts, ) { # defaults for tinker and panic are different, when running on virtual machines if $facts['is_virtual'] { $_tinker = pick($tinker, true) $_panic = pick($panic, 0) } else { $_tinker = pick($tinker, false) $_panic = $panic } contain ntp::install contain ntp::config contain ntp::service Class['::ntp::install'] -> Class['::ntp::config'] ~> Class['::ntp::service'] } diff --git a/spec/acceptance/ntp_user_and_daemon_opts_spec.rb b/spec/acceptance/ntp_user_and_daemon_opts_spec.rb new file mode 100644 index 0000000..890db0a --- /dev/null +++ b/spec/acceptance/ntp_user_and_daemon_opts_spec.rb @@ -0,0 +1,50 @@ +require 'spec_helper_acceptance' + +case os[:family] +when 'redhat', 'freebsd', 'linux' + servicename = 'ntpd' +when 'solaris' + case fact('kernelrelease') + when '5.10' + servicename = 'network/ntp4' + when '5.11' + servicename = 'network/ntp' + end +when 'aix' + servicename = 'xntpd' +else + servicename = if os[:family] == 'sles' && os[:release].start_with?('12', '15') + 'ntpd' + else + 'ntp' + end +end +config = if os[:family] == 'redhat' + '/etc/sysconfig/ntpd' + elsif os[:family] == 'sles' + '/etc/sysconfig/ntp' + else + '/etc/default/ntp' + end +describe 'ntp class with daemon options:', unless: UNSUPPORTED_PLATFORMS.include?(os[:family]) do + let(:pp) { "class { 'ntp': service_enable => true, service_ensure => running, service_manage => true, service_name => '#{servicename}', user => 'ntp', daemon_extra_opts => '-g -i /var/lib/ntp' }" } + + context 'when run' do + it 'is successful' do + apply_manifest(pp, catch_failures: true) + end + + describe file(config.to_s) do + its(:content) { is_expected.to match(%r{(OPTIONS|NTPD_OPTS)='-g -i \/var\/lib\/ntp'}) } + end + if os[:family] == 'redhat' && !os[:release].start_with?('6') + describe file('/etc/systemd/system/multi-user.target.wants/ntpd.service') do + its(:content) { is_expected.to match(%r{ntpd -u ntp:ntp}) } + end + elsif os[:family] == 'ubuntu' && os[:release].start_with?('18') + describe file('/usr/lib/ntp/ntp-systemd-wrapper') do + its(:content) { is_expected.to match(%r{RUNASUSER=ntp}) } + end + end + end +end