NTP-Server Setup auf srv04.
This commit is contained in:
baldo
commit
204285bd14
6
group_vars/ffhh
Normal file
6
group_vars/ffhh
Normal file
|
|
@ -0,0 +1,6 @@
|
||||||
|
---
|
||||||
|
prefix4: 10.112.0.0
|
||||||
|
netmask4: 255.255.192.0
|
||||||
|
|
||||||
|
prefix6: 2a03:2267:0000:0000:0000:0000:0000:0000
|
||||||
|
netmask6: ffff:ffff:ffff:ffff:0000:0000:0000:0000
|
||||||
5
production
Normal file
5
production
Normal file
|
|
@ -0,0 +1,5 @@
|
||||||
|
[services]
|
||||||
|
srv04 ansible_ssh_host=80.252.100.116
|
||||||
|
|
||||||
|
[ffhh]
|
||||||
|
srv04
|
||||||
3
roles/ntp-server/handlers/main.yml
Normal file
3
roles/ntp-server/handlers/main.yml
Normal file
|
|
@ -0,0 +1,3 @@
|
||||||
|
---
|
||||||
|
- name: restart ntpd
|
||||||
|
service: name=ntp state=restarted
|
||||||
14
roles/ntp-server/tasks/main.yml
Normal file
14
roles/ntp-server/tasks/main.yml
Normal file
|
|
@ -0,0 +1,14 @@
|
||||||
|
---
|
||||||
|
- name: be sure ntp is installed
|
||||||
|
apt: name=ntp state=latest
|
||||||
|
tags: ntp
|
||||||
|
|
||||||
|
- name: be sure ntp is configured
|
||||||
|
template: src=ntp.conf.j2 dest=/etc/ntp.conf
|
||||||
|
notify:
|
||||||
|
- restart ntpd
|
||||||
|
tags: ntp
|
||||||
|
|
||||||
|
- name: be sure ntpd is running and enabled
|
||||||
|
service: name=ntp state=started enabled=yes
|
||||||
|
tags: ntp
|
||||||
37
roles/ntp-server/templates/ntp.conf.j2
Normal file
37
roles/ntp-server/templates/ntp.conf.j2
Normal file
|
|
@ -0,0 +1,37 @@
|
||||||
|
# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help
|
||||||
|
|
||||||
|
driftfile /var/lib/ntp/ntp.drift
|
||||||
|
|
||||||
|
logfile /var/log/ntpstats/ntp.log
|
||||||
|
|
||||||
|
statistics loopstats peerstats clockstats
|
||||||
|
filegen loopstats file loopstats type day enable
|
||||||
|
filegen peerstats file peerstats type day enable
|
||||||
|
filegen clockstats file clockstats type day enable
|
||||||
|
|
||||||
|
server 127.127.1.0
|
||||||
|
fudge 127.127.1.0 stratum 10
|
||||||
|
|
||||||
|
server ptbtime1.ptb.de
|
||||||
|
server ptbtime2.ptb.de
|
||||||
|
server ptbtime3.ptb.de
|
||||||
|
|
||||||
|
# Restrict all incoming connection
|
||||||
|
restrict -4 default ignore
|
||||||
|
restrict -6 default ignore
|
||||||
|
|
||||||
|
restrict 192.53.103.108 nomodify notrap nopeer noquery
|
||||||
|
restrict 192.53.103.104 nomodify notrap nopeer noquery
|
||||||
|
restrict 192.53.103.103 nomodify notrap nopeer noquery
|
||||||
|
|
||||||
|
# Local users may interrogate the ntp server more closely.
|
||||||
|
restrict 127.0.0.1
|
||||||
|
restrict -6 ::1
|
||||||
|
|
||||||
|
# Disable the monlist request as this is associated with ntp
|
||||||
|
# amplification attacks
|
||||||
|
disable monitor
|
||||||
|
|
||||||
|
restrict {{ prefix4 }} mask {{ netmask4 }} nomodify notrap nopeer
|
||||||
|
restrict {{ prefix6 }} mask {{ netmask6 }} nomodify notrap nopeer
|
||||||
|
|
||||||
5
services.yml
Normal file
5
services.yml
Normal file
|
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
- hosts: services
|
||||||
|
roles:
|
||||||
|
- ntp-server
|
||||||
|
|
||||||
Loading…
Reference in a new issue