From 66692498ce047e38124fb1a77c9f97c7b8d5da16 Mon Sep 17 00:00:00 2001 From: Wayne Andersen Date: Tue, 15 Dec 2015 14:53:26 -0700 Subject: [PATCH] Enabled usage of the $ntpsigndsocket parameter, for socket signing when needed. --- README.markdown | 5 +++++ manifests/init.pp | 2 ++ manifests/params.pp | 1 + spec/classes/ntp_spec.rb | 27 +++++++++++++++++++++++++++ templates/ntp.conf.erb | 5 +++++ 5 files changed, 40 insertions(+) diff --git a/README.markdown b/README.markdown index f817a615..c741c792 100644 --- a/README.markdown +++ b/README.markdown @@ -225,6 +225,11 @@ Tells Puppet to use non-standard minimal poll interval of upstream servers. Vali Tells Puppet to use non-standard maximal poll interval of upstream servers. Valid options: 3 to 16. Default option: undef, except FreeBSD (on FreeBSD `maxpoll` set 9 by default). +####`ntpsigndsocket` + +Tells NTP to sign packets using the socket in the ntpsigndsocket path. NTP must be configured to sign sockets for this to work. +Valid options a path to the socket directory, in the case of Samba it would be: ntpsigndsocket = usr/local/samba/var/lib/ntp_signd, there is no default. + ####`package_ensure` Tells Puppet whether the NTP package should be installed, and what version. Valid options: 'present', 'latest', or a specific version number. Default value: 'present' diff --git a/manifests/init.pp b/manifests/init.pp index 50e97546..774d88f4 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -44,6 +44,7 @@ $tos_cohort = $ntp::params::tos_cohort, $udlc = $ntp::params::udlc, $udlc_stratum = $ntp::params::udlc_stratum, + $ntpsigndsocket = $ntp::params::ntpsigndsocket, ) inherits ntp::params { validate_bool($broadcastclient) @@ -55,6 +56,7 @@ validate_bool($disable_monitor) validate_absolute_path($driftfile) if $logfile { validate_absolute_path($logfile) } + if $ntpsigndsocket { validate_absolute_path($ntpsigndsocket) } if $leapfile { validate_absolute_path($leapfile) } validate_bool($iburst_enable) validate_bool($keys_enable) diff --git a/manifests/params.pp b/manifests/params.pp index 6f0edf9f..ec538953 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -32,6 +32,7 @@ $tos_ceiling = '15' $tos_cohort = '0' $disable_dhclient = false + $ntpsigndsocket = undef # Allow a list of fudge options $fudge = [] diff --git a/spec/classes/ntp_spec.rb b/spec/classes/ntp_spec.rb index 72f9fe79..b01717b6 100644 --- a/spec/classes/ntp_spec.rb +++ b/spec/classes/ntp_spec.rb @@ -578,6 +578,33 @@ end end + describe 'with parameter ntpsigndsocket' do + context 'when set to true' do + let(:params) {{ + :servers => ['a', 'b', 'c', 'd'], + :ntpsigndsocket => '/usr/local/samba/var/lib/ntp_signd', + }} + + it 'should contain ntpsigndsocket setting' do + should contain_file('/etc/ntp.conf').with({ + 'content' => %r(^ntpsigndsocket /usr/local/samba/var/lib/ntp_signd\n), + }) + end + end + + context 'when set to false' do + let(:params) {{ + :servers => ['a', 'b', 'c', 'd'], + }} + + it 'should not contain a ntpsigndsocket line' do + should_not contain_file('/etc/ntp.conf').with({ + 'content' => /ntpsigndsocket /, + }) + end + end + end + describe 'with parameter tos' do context 'when set to true' do let(:params) {{ diff --git a/templates/ntp.conf.erb b/templates/ntp.conf.erb index 85ce0621..c8c17677 100644 --- a/templates/ntp.conf.erb +++ b/templates/ntp.conf.erb @@ -65,6 +65,11 @@ driftfile <%= @driftfile %> logfile <%= @logfile %> <% end -%> +<% unless @ntpsigndsocket.nil? -%> +# Enable signed packets +ntpsigndsocket <%= @ntpsigndsocket %> +<% end -%> + <% unless @peers.empty? -%> # Peers <% [@peers].flatten.each do |peer| -%>