NTP-Server Setup auf srv04.

This commit is contained in:
baldo 2015-08-29 22:27:47 +02:00
commit 204285bd14
7 changed files with 72 additions and 0 deletions

6
group_vars/ffhh Normal file
View file

@ -0,0 +1,6 @@
---
prefix4: 10.112.0.0
netmask4: 255.255.192.0
prefix6: 2a03:2267:0000:0000:0000:0000:0000:0000
netmask6: ffff:ffff:ffff:ffff:0000:0000:0000:0000

5
production Normal file
View file

@ -0,0 +1,5 @@
[services]
srv04 ansible_ssh_host=80.252.100.116
[ffhh]
srv04

View file

@ -0,0 +1,3 @@
---
- name: restart ntpd
service: name=ntp state=restarted

View file

@ -0,0 +1,14 @@
---
- name: be sure ntp is installed
apt: name=ntp state=latest
tags: ntp
- name: be sure ntp is configured
template: src=ntp.conf.j2 dest=/etc/ntp.conf
notify:
- restart ntpd
tags: ntp
- name: be sure ntpd is running and enabled
service: name=ntp state=started enabled=yes
tags: ntp

View file

@ -0,0 +1,37 @@
# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help
driftfile /var/lib/ntp/ntp.drift
logfile /var/log/ntpstats/ntp.log
statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable
server 127.127.1.0
fudge 127.127.1.0 stratum 10
server ptbtime1.ptb.de
server ptbtime2.ptb.de
server ptbtime3.ptb.de
# Restrict all incoming connection
restrict -4 default ignore
restrict -6 default ignore
restrict 192.53.103.108 nomodify notrap nopeer noquery
restrict 192.53.103.104 nomodify notrap nopeer noquery
restrict 192.53.103.103 nomodify notrap nopeer noquery
# Local users may interrogate the ntp server more closely.
restrict 127.0.0.1
restrict -6 ::1
# Disable the monlist request as this is associated with ntp
# amplification attacks
disable monitor
restrict {{ prefix4 }} mask {{ netmask4 }} nomodify notrap nopeer
restrict {{ prefix6 }} mask {{ netmask6 }} nomodify notrap nopeer

5
services.yml Normal file
View file

@ -0,0 +1,5 @@
---
- hosts: services
roles:
- ntp-server

2
site.yml Normal file
View file

@ -0,0 +1,2 @@
---
- include: services.yml