Enabled usage of the $ntpsigndsocket parameter, for socket signing wh…

…en needed.
puppetlabs · Dec 21, 2015 · 6669249 · 6669249
1 parent d92334e
commit 6669249
Show file tree

Hide file tree

Showing 5 changed files with 40 additions and 0 deletions.
diff --git a/README.markdown b/README.markdown
@@ -225,6 +225,11 @@ Tells Puppet to use non-standard minimal poll interval of upstream servers. Vali
 
 Tells Puppet to use non-standard maximal poll interval of upstream servers. Valid options: 3 to 16. Default option: undef, except FreeBSD (on FreeBSD `maxpoll` set 9 by default).
 
+####`ntpsigndsocket`
+
+Tells NTP to sign packets using the socket in the ntpsigndsocket path. NTP must be configured to sign sockets for this to work.
+Valid options a path to the socket directory, in the case of Samba it would be: ntpsigndsocket = usr/local/samba/var/lib/ntp_signd, there is no default.
+
 ####`package_ensure`
 
 Tells Puppet whether the NTP package should be installed, and what version. Valid options: 'present', 'latest', or a specific version number. Default value: 'present'

diff --git a/manifests/init.pp b/manifests/init.pp
@@ -44,6 +44,7 @@
   $tos_cohort        = $ntp::params::tos_cohort,
   $udlc              = $ntp::params::udlc,
   $udlc_stratum      = $ntp::params::udlc_stratum,
+  $ntpsigndsocket    = $ntp::params::ntpsigndsocket,
 ) inherits ntp::params {
 
   validate_bool($broadcastclient)
@@ -55,6 +56,7 @@
   validate_bool($disable_monitor)
   validate_absolute_path($driftfile)
   if $logfile { validate_absolute_path($logfile) }
+  if $ntpsigndsocket { validate_absolute_path($ntpsigndsocket) }
   if $leapfile { validate_absolute_path($leapfile) }
   validate_bool($iburst_enable)
   validate_bool($keys_enable)

diff --git a/manifests/params.pp b/manifests/params.pp
@@ -32,6 +32,7 @@
   $tos_ceiling       = '15'
   $tos_cohort        = '0'
   $disable_dhclient  = false
+  $ntpsigndsocket    = undef
 
   # Allow a list of fudge options
   $fudge             = []

diff --git a/spec/classes/ntp_spec.rb b/spec/classes/ntp_spec.rb
@@ -578,6 +578,33 @@
           end
         end
 
+        describe 'with parameter ntpsigndsocket' do
+          context 'when set to true' do
+            let(:params) {{
+                :servers => ['a', 'b', 'c', 'd'],
+                :ntpsigndsocket => '/usr/local/samba/var/lib/ntp_signd',
+            }}
+
+            it 'should contain ntpsigndsocket setting' do
+              should contain_file('/etc/ntp.conf').with({
+                'content' => %r(^ntpsigndsocket /usr/local/samba/var/lib/ntp_signd\n),
+              })
+            end
+          end
+
+          context 'when set to false' do
+            let(:params) {{
+                :servers => ['a', 'b', 'c', 'd'],
+            }}
+
+            it 'should not contain a ntpsigndsocket line' do
+              should_not contain_file('/etc/ntp.conf').with({
+                'content' => /ntpsigndsocket /,
+              })
+            end
+          end
+        end
+
         describe 'with parameter tos' do
           context 'when set to true' do
             let(:params) {{

diff --git a/templates/ntp.conf.erb b/templates/ntp.conf.erb
@@ -65,6 +65,11 @@ driftfile <%= @driftfile %>
 logfile <%= @logfile %>
 <% end -%>
 
+<% unless @ntpsigndsocket.nil? -%>
+# Enable signed packets
+ntpsigndsocket <%= @ntpsigndsocket %>
+<% end -%>
+
 <% unless @peers.empty? -%>
 # Peers
 <% [@peers].flatten.each do |peer| -%>