Configure NTP
This commit is contained in:
parent
16e9dce12b
commit
5d345eecad
4
hosts
4
hosts
|
@ -40,7 +40,6 @@ strombola.csclub.uwaterloo.ca
|
||||||
[syscom:children]
|
[syscom:children]
|
||||||
syscom-bare-metal
|
syscom-bare-metal
|
||||||
syscom-containers
|
syscom-containers
|
||||||
load-balancers
|
|
||||||
|
|
||||||
[syscom-bare-metal]
|
[syscom-bare-metal]
|
||||||
aspartame.csclub.uwaterloo.ca
|
aspartame.csclub.uwaterloo.ca
|
||||||
|
@ -62,6 +61,9 @@ rt.csclub.uwaterloo.ca
|
||||||
netbox.csclub.uwaterloo.ca
|
netbox.csclub.uwaterloo.ca
|
||||||
logstash.csclub.uwaterloo.ca
|
logstash.csclub.uwaterloo.ca
|
||||||
|
|
||||||
|
[syscom-containers:children]
|
||||||
|
load-balancers
|
||||||
|
|
||||||
[audio-sink]
|
[audio-sink]
|
||||||
nullsleep.csclub.uwaterloo.ca
|
nullsleep.csclub.uwaterloo.ca
|
||||||
|
|
||||||
|
|
|
@ -5,6 +5,7 @@
|
||||||
roles:
|
roles:
|
||||||
- common
|
- common
|
||||||
- core
|
- core
|
||||||
|
- container
|
||||||
- devel
|
- devel
|
||||||
- generate-hosts
|
- generate-hosts
|
||||||
- auth
|
- auth
|
||||||
|
|
|
@ -5,6 +5,7 @@
|
||||||
roles:
|
roles:
|
||||||
- common
|
- common
|
||||||
- core
|
- core
|
||||||
|
- container
|
||||||
- static-ipv6
|
- static-ipv6
|
||||||
- generate-hosts
|
- generate-hosts
|
||||||
- auth
|
- auth
|
||||||
|
|
|
@ -3,11 +3,12 @@
|
||||||
become: yes
|
become: yes
|
||||||
become_method: sudo
|
become_method: sudo
|
||||||
roles:
|
roles:
|
||||||
# - common
|
- common
|
||||||
#- core
|
- core
|
||||||
#- static-ipv6
|
- container
|
||||||
#- generate-hosts
|
- static-ipv6
|
||||||
#- auth
|
- generate-hosts
|
||||||
#- csc-packages
|
- auth
|
||||||
|
- csc-packages
|
||||||
- load-balancer
|
- load-balancer
|
||||||
- cleanup
|
- cleanup
|
||||||
|
|
|
@ -11,6 +11,7 @@
|
||||||
- sssd
|
- sssd
|
||||||
- sssd-tools
|
- sssd-tools
|
||||||
- kstart
|
- kstart
|
||||||
|
- sudo
|
||||||
|
|
||||||
- name: install ubuntu sss pam and nss
|
- name: install ubuntu sss pam and nss
|
||||||
apt: name={{ item }} state=latest
|
apt: name={{ item }} state=latest
|
||||||
|
|
|
@ -0,0 +1,7 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: Disable NTP
|
||||||
|
service:
|
||||||
|
name: ntp
|
||||||
|
state: stopped
|
||||||
|
enabled: no
|
|
@ -0,0 +1,37 @@
|
||||||
|
# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help
|
||||||
|
|
||||||
|
driftfile /var/lib/ntp/ntp.drift
|
||||||
|
|
||||||
|
# Enable this if you want statistics to be logged.
|
||||||
|
#statsdir /var/log/ntpstats/
|
||||||
|
statistics loopstats peerstats clockstats
|
||||||
|
filegen loopstats file loopstats type day enable
|
||||||
|
filegen peerstats file peerstats type day enable
|
||||||
|
filegen clockstats file clockstats type day enable
|
||||||
|
|
||||||
|
# NTP Server
|
||||||
|
server ntp.csclub.uwaterloo.ca
|
||||||
|
server ntp.student.cs.uwaterloo.ca
|
||||||
|
server ntp.cs.uwaterloo.ca
|
||||||
|
server ntp.cscf.uwaterloo.ca
|
||||||
|
|
||||||
|
# Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for
|
||||||
|
# details. The web page
|
||||||
|
# <http://support.ntp.org/bin/view/Support/AccessRestrictions>
|
||||||
|
# might also be helpful.
|
||||||
|
#
|
||||||
|
# Note that "restrict" applies to both servers and clients, so a configuration
|
||||||
|
# that might be intended to block requests from certain clients could also end
|
||||||
|
# up blocking replies from your own upstream servers.
|
||||||
|
|
||||||
|
# Disable the monitoring facility.
|
||||||
|
# see https://isc.sans.edu/forums/diary/NTP+reflection+attack/17300
|
||||||
|
disable monitor
|
||||||
|
|
||||||
|
# By default, exchange time with everybody, but don't allow configuration
|
||||||
|
restrict -4 default kod notrap nomodify nopeer noquery
|
||||||
|
restrict -6 default kod notrap nomodify nopeer noquery
|
||||||
|
|
||||||
|
# Local users may interrogate the ntp server more closely.
|
||||||
|
restrict 127.0.0.1
|
||||||
|
restrict ::1
|
|
@ -95,6 +95,17 @@
|
||||||
- name: Install ntp
|
- name: Install ntp
|
||||||
apt: name=ntp state=latest
|
apt: name=ntp state=latest
|
||||||
|
|
||||||
|
- name: Copy NTP configuration
|
||||||
|
copy:
|
||||||
|
src: ntp.conf
|
||||||
|
dest: /etc/ntp.conf
|
||||||
|
backup: no
|
||||||
|
|
||||||
|
- name: Restart NTP
|
||||||
|
service:
|
||||||
|
name: ntp
|
||||||
|
state: restarted
|
||||||
|
|
||||||
- name: Install debian package management
|
- name: Install debian package management
|
||||||
apt: name={{ item }} state=latest
|
apt: name={{ item }} state=latest
|
||||||
with_items:
|
with_items:
|
||||||
|
|
|
@ -0,0 +1,7 @@
|
||||||
|
---
|
||||||
|
- hosts: containers
|
||||||
|
become: yes
|
||||||
|
become_method: sudo
|
||||||
|
roles:
|
||||||
|
- container
|
||||||
|
- cleanup
|
|
@ -0,0 +1,7 @@
|
||||||
|
---
|
||||||
|
- hosts: all
|
||||||
|
become: yes
|
||||||
|
become_method: sudo
|
||||||
|
roles:
|
||||||
|
- core
|
||||||
|
- cleanup
|
17
webnode.yml
17
webnode.yml
|
@ -3,13 +3,14 @@
|
||||||
become: yes
|
become: yes
|
||||||
become_method: sudo
|
become_method: sudo
|
||||||
roles:
|
roles:
|
||||||
#- common
|
- common
|
||||||
#- core
|
- core
|
||||||
#- static-ipv6
|
- container
|
||||||
#- generate-hosts
|
- static-ipv6
|
||||||
#- auth
|
- generate-hosts
|
||||||
#- csc-packages
|
- auth
|
||||||
#- devel
|
- csc-packages
|
||||||
#- general-use
|
- devel
|
||||||
|
- general-use
|
||||||
- webnode
|
- webnode
|
||||||
- cleanup
|
- cleanup
|
||||||
|
|
Loading…
Reference in New Issue