NTP-Server Setup auf srv04.
This commit is contained in:
commit
204285bd14
7 changed files with 72 additions and 0 deletions
6
group_vars/ffhh
Normal file
6
group_vars/ffhh
Normal file
|
@ -0,0 +1,6 @@
|
|||
---
|
||||
prefix4: 10.112.0.0
|
||||
netmask4: 255.255.192.0
|
||||
|
||||
prefix6: 2a03:2267:0000:0000:0000:0000:0000:0000
|
||||
netmask6: ffff:ffff:ffff:ffff:0000:0000:0000:0000
|
5
production
Normal file
5
production
Normal file
|
@ -0,0 +1,5 @@
|
|||
[services]
|
||||
srv04 ansible_ssh_host=80.252.100.116
|
||||
|
||||
[ffhh]
|
||||
srv04
|
3
roles/ntp-server/handlers/main.yml
Normal file
3
roles/ntp-server/handlers/main.yml
Normal file
|
@ -0,0 +1,3 @@
|
|||
---
|
||||
- name: restart ntpd
|
||||
service: name=ntp state=restarted
|
14
roles/ntp-server/tasks/main.yml
Normal file
14
roles/ntp-server/tasks/main.yml
Normal file
|
@ -0,0 +1,14 @@
|
|||
---
|
||||
- name: be sure ntp is installed
|
||||
apt: name=ntp state=latest
|
||||
tags: ntp
|
||||
|
||||
- name: be sure ntp is configured
|
||||
template: src=ntp.conf.j2 dest=/etc/ntp.conf
|
||||
notify:
|
||||
- restart ntpd
|
||||
tags: ntp
|
||||
|
||||
- name: be sure ntpd is running and enabled
|
||||
service: name=ntp state=started enabled=yes
|
||||
tags: ntp
|
37
roles/ntp-server/templates/ntp.conf.j2
Normal file
37
roles/ntp-server/templates/ntp.conf.j2
Normal file
|
@ -0,0 +1,37 @@
|
|||
# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help
|
||||
|
||||
driftfile /var/lib/ntp/ntp.drift
|
||||
|
||||
logfile /var/log/ntpstats/ntp.log
|
||||
|
||||
statistics loopstats peerstats clockstats
|
||||
filegen loopstats file loopstats type day enable
|
||||
filegen peerstats file peerstats type day enable
|
||||
filegen clockstats file clockstats type day enable
|
||||
|
||||
server 127.127.1.0
|
||||
fudge 127.127.1.0 stratum 10
|
||||
|
||||
server ptbtime1.ptb.de
|
||||
server ptbtime2.ptb.de
|
||||
server ptbtime3.ptb.de
|
||||
|
||||
# Restrict all incoming connection
|
||||
restrict -4 default ignore
|
||||
restrict -6 default ignore
|
||||
|
||||
restrict 192.53.103.108 nomodify notrap nopeer noquery
|
||||
restrict 192.53.103.104 nomodify notrap nopeer noquery
|
||||
restrict 192.53.103.103 nomodify notrap nopeer noquery
|
||||
|
||||
# Local users may interrogate the ntp server more closely.
|
||||
restrict 127.0.0.1
|
||||
restrict -6 ::1
|
||||
|
||||
# Disable the monlist request as this is associated with ntp
|
||||
# amplification attacks
|
||||
disable monitor
|
||||
|
||||
restrict {{ prefix4 }} mask {{ netmask4 }} nomodify notrap nopeer
|
||||
restrict {{ prefix6 }} mask {{ netmask6 }} nomodify notrap nopeer
|
||||
|
5
services.yml
Normal file
5
services.yml
Normal file
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
- hosts: services
|
||||
roles:
|
||||
- ntp-server
|
||||
|
2
site.yml
Normal file
2
site.yml
Normal file
|
@ -0,0 +1,2 @@
|
|||
---
|
||||
- include: services.yml
|
Loading…
Reference in a new issue