From 4756ae458abe1567e3d6b0d286d5029cea6cf159 Mon Sep 17 00:00:00 2001
From: Pavan-Gunda <pavan.gunda@elastisys.com>
Date: Sun, 7 Apr 2024 17:27:19 +0200
Subject: [PATCH 1/2] ntp: add config to set which interface ntp should listen

---
 roles/kubernetes/preinstall/defaults/main.yml     | 6 ++++++
 roles/kubernetes/preinstall/templates/ntp.conf.j2 | 7 +++++++
 2 files changed, 13 insertions(+)

diff --git a/roles/kubernetes/preinstall/defaults/main.yml b/roles/kubernetes/preinstall/defaults/main.yml
index eb33ed3db76..12cbcbc5a68 100644
--- a/roles/kubernetes/preinstall/defaults/main.yml
+++ b/roles/kubernetes/preinstall/defaults/main.yml
@@ -98,6 +98,12 @@ ntp_servers:
 ntp_restrict:
   - "127.0.0.1"
   - "::1"
+# Specify whether to filter interfaces
+ntp_filter_interface: false
+# Specify the interfaces
+# Only takes effect when ntp_filter_interface is true
+ntp_interfaces:
+  - ens3
 # The NTP driftfile path
 # Only takes effect when ntp_manage_config is true.
 ntp_driftfile: /var/lib/ntp/ntp.drift
diff --git a/roles/kubernetes/preinstall/templates/ntp.conf.j2 b/roles/kubernetes/preinstall/templates/ntp.conf.j2
index abeb8996acf..46511dc335b 100644
--- a/roles/kubernetes/preinstall/templates/ntp.conf.j2
+++ b/roles/kubernetes/preinstall/templates/ntp.conf.j2
@@ -35,6 +35,13 @@ restrict -6 default kod notrap nomodify nopeer noquery limited
 restrict {{ item }}
 {% endfor %}
 
+{% if ntp_filter_interface %}
+interface ignore wildcard
+{% for item in ntp_listen %}
+interface listen {{ item }}
+{% endfor %}
+{% endif %}
+
 # Needed for adding pool entries
 restrict source notrap nomodify noquery
 

From 1b67ecfc259382e0cc814851b2dce0957078cdfe Mon Sep 17 00:00:00 2001
From: Pavan-Gunda <pavan.gunda@elastisys.com>
Date: Wed, 10 Apr 2024 08:45:53 +0200
Subject: [PATCH 2/2] Fixed config to only have one variable

---
 roles/kubernetes/preinstall/defaults/main.yml     | 5 +++--
 roles/kubernetes/preinstall/templates/ntp.conf.j2 | 6 +++---
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/roles/kubernetes/preinstall/defaults/main.yml b/roles/kubernetes/preinstall/defaults/main.yml
index 12cbcbc5a68..de043a5441f 100644
--- a/roles/kubernetes/preinstall/defaults/main.yml
+++ b/roles/kubernetes/preinstall/defaults/main.yml
@@ -102,8 +102,9 @@ ntp_restrict:
 ntp_filter_interface: false
 # Specify the interfaces
 # Only takes effect when ntp_filter_interface is true
-ntp_interfaces:
-  - ens3
+# ntp_interfaces:
+#   - ignore wildcard
+#   - listen xxx
 # The NTP driftfile path
 # Only takes effect when ntp_manage_config is true.
 ntp_driftfile: /var/lib/ntp/ntp.drift
diff --git a/roles/kubernetes/preinstall/templates/ntp.conf.j2 b/roles/kubernetes/preinstall/templates/ntp.conf.j2
index 46511dc335b..1a5c69c1b69 100644
--- a/roles/kubernetes/preinstall/templates/ntp.conf.j2
+++ b/roles/kubernetes/preinstall/templates/ntp.conf.j2
@@ -35,10 +35,10 @@ restrict -6 default kod notrap nomodify nopeer noquery limited
 restrict {{ item }}
 {% endfor %}
 
+# Needed for filtering interfaces
 {% if ntp_filter_interface %}
-interface ignore wildcard
-{% for item in ntp_listen %}
-interface listen {{ item }}
+{% for item in ntp_interfaces %}
+interface {{ item }}
 {% endfor %}
 {% endif %}