diff --git a/Gemfile b/Gemfile index 42962fc4..4e733308 100644 --- a/Gemfile +++ b/Gemfile @@ -7,6 +7,7 @@ group :development, :test do gem 'puppet-lint', :require => false gem 'serverspec', :require => false gem 'rspec-system-serverspec', :require => false + gem 'vagrant-wrapper', :require => false end if puppetversion = ENV['PUPPET_GEM_VERSION'] diff --git a/manifests/init.pp b/manifests/init.pp index 2c8b9e45..be951187 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -31,7 +31,7 @@ validate_array($package_name) validate_bool($panic) validate_array($preferred_servers) - validate_bool($restrict) + validate_array($restrict) validate_array($servers) validate_bool($service_enable) validate_string($service_ensure) diff --git a/manifests/params.pp b/manifests/params.pp index ef037fcf..61273930 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -8,7 +8,12 @@ $keys_trusted = [] $package_ensure = 'present' $preferred_servers = [] - $restrict = true + $restrict = [ + 'restrict default kod nomodify notrap nopeer noquery', + 'restrict -6 default kod nomodify notrap nopeer noquery', + 'restrict 127.0.0.1', + 'restrict -6 ::1', + ] $service_enable = true $service_ensure = 'running' $service_manage = true diff --git a/templates/ntp.conf.erb b/templates/ntp.conf.erb index c0a821ba..94b36755 100644 --- a/templates/ntp.conf.erb +++ b/templates/ntp.conf.erb @@ -6,13 +6,12 @@ tinker panic 0 <% end -%> -<% if @restrict -%> -# Permit time synchronization with our time source, but do not -# permit the source to query or modify the service on this system. -restrict default kod nomodify notrap nopeer noquery -restrict -6 default kod nomodify notrap nopeer noquery -restrict 127.0.0.1 -restrict -6 ::1 +<% if @restrict != [] -%> +# Permit time synchronization with our time source, but do not' +# permit the source to query or modify the service on this system.' +<% @restrict.flatten.each do |restrict| -%> +<%= restrict %> +<% end %> <% end -%> # Servers