NTP-Server Setup auf srv04.

roles/ntp-server/handlers/main.yml

@@ -0,0 +1,3 @@
+---
+- name: restart ntpd
+  service: name=ntp state=restarted

roles/ntp-server/tasks/main.yml

@@ -0,0 +1,14 @@
+---
+- name: be sure ntp is installed
+  apt: name=ntp state=latest
+  tags: ntp
+
+- name: be sure ntp is configured
+  template: src=ntp.conf.j2 dest=/etc/ntp.conf
+  notify:
+    - restart ntpd
+  tags: ntp
+
+- name: be sure ntpd is running and enabled
+  service: name=ntp state=started enabled=yes
+  tags: ntp

roles/ntp-server/templates/ntp.conf.j2

@@ -0,0 +1,37 @@
+# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help
+
+driftfile /var/lib/ntp/ntp.drift
+
+logfile /var/log/ntpstats/ntp.log
+
+statistics loopstats peerstats clockstats
+filegen loopstats file loopstats type day enable
+filegen peerstats file peerstats type day enable
+filegen clockstats file clockstats type day enable
+
+server 127.127.1.0
+fudge  127.127.1.0 stratum 10
+
+server ptbtime1.ptb.de
+server ptbtime2.ptb.de
+server ptbtime3.ptb.de
+
+# Restrict all incoming connection
+restrict -4 default ignore
+restrict -6 default ignore
+
+restrict 192.53.103.108 nomodify notrap nopeer noquery
+restrict 192.53.103.104 nomodify notrap nopeer noquery
+restrict 192.53.103.103 nomodify notrap nopeer noquery
+ 
+# Local users may interrogate the ntp server more closely.
+restrict 127.0.0.1
+restrict -6 ::1
+ 
+# Disable the monlist request as this is associated with ntp
+# amplification attacks
+disable monitor
+ 
+restrict {{ prefix4 }} mask {{ netmask4 }} nomodify notrap nopeer
+restrict {{ prefix6 }} mask {{ netmask6 }} nomodify notrap nopeer
+