Configure NTP
This commit is contained in:
parent
16e9dce12b
commit
5d345eecad
4
hosts
4
hosts
|
@ -40,7 +40,6 @@ strombola.csclub.uwaterloo.ca
|
|||
[syscom:children]
|
||||
syscom-bare-metal
|
||||
syscom-containers
|
||||
load-balancers
|
||||
|
||||
[syscom-bare-metal]
|
||||
aspartame.csclub.uwaterloo.ca
|
||||
|
@ -62,6 +61,9 @@ rt.csclub.uwaterloo.ca
|
|||
netbox.csclub.uwaterloo.ca
|
||||
logstash.csclub.uwaterloo.ca
|
||||
|
||||
[syscom-containers:children]
|
||||
load-balancers
|
||||
|
||||
[audio-sink]
|
||||
nullsleep.csclub.uwaterloo.ca
|
||||
|
||||
|
|
|
@ -5,6 +5,7 @@
|
|||
roles:
|
||||
- common
|
||||
- core
|
||||
- container
|
||||
- devel
|
||||
- generate-hosts
|
||||
- auth
|
||||
|
|
|
@ -5,6 +5,7 @@
|
|||
roles:
|
||||
- common
|
||||
- core
|
||||
- container
|
||||
- static-ipv6
|
||||
- generate-hosts
|
||||
- auth
|
||||
|
|
|
@ -3,11 +3,12 @@
|
|||
become: yes
|
||||
become_method: sudo
|
||||
roles:
|
||||
# - common
|
||||
#- core
|
||||
#- static-ipv6
|
||||
#- generate-hosts
|
||||
#- auth
|
||||
#- csc-packages
|
||||
- common
|
||||
- core
|
||||
- container
|
||||
- static-ipv6
|
||||
- generate-hosts
|
||||
- auth
|
||||
- csc-packages
|
||||
- load-balancer
|
||||
- cleanup
|
||||
|
|
|
@ -11,6 +11,7 @@
|
|||
- sssd
|
||||
- sssd-tools
|
||||
- kstart
|
||||
- sudo
|
||||
|
||||
- name: install ubuntu sss pam and nss
|
||||
apt: name={{ item }} state=latest
|
||||
|
|
|
@ -0,0 +1,7 @@
|
|||
---
|
||||
|
||||
- name: Disable NTP
|
||||
service:
|
||||
name: ntp
|
||||
state: stopped
|
||||
enabled: no
|
|
@ -0,0 +1,37 @@
|
|||
# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help
|
||||
|
||||
driftfile /var/lib/ntp/ntp.drift
|
||||
|
||||
# Enable this if you want statistics to be logged.
|
||||
#statsdir /var/log/ntpstats/
|
||||
statistics loopstats peerstats clockstats
|
||||
filegen loopstats file loopstats type day enable
|
||||
filegen peerstats file peerstats type day enable
|
||||
filegen clockstats file clockstats type day enable
|
||||
|
||||
# NTP Server
|
||||
server ntp.csclub.uwaterloo.ca
|
||||
server ntp.student.cs.uwaterloo.ca
|
||||
server ntp.cs.uwaterloo.ca
|
||||
server ntp.cscf.uwaterloo.ca
|
||||
|
||||
# Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for
|
||||
# details. The web page
|
||||
# <http://support.ntp.org/bin/view/Support/AccessRestrictions>
|
||||
# might also be helpful.
|
||||
#
|
||||
# Note that "restrict" applies to both servers and clients, so a configuration
|
||||
# that might be intended to block requests from certain clients could also end
|
||||
# up blocking replies from your own upstream servers.
|
||||
|
||||
# Disable the monitoring facility.
|
||||
# see https://isc.sans.edu/forums/diary/NTP+reflection+attack/17300
|
||||
disable monitor
|
||||
|
||||
# By default, exchange time with everybody, but don't allow configuration
|
||||
restrict -4 default kod notrap nomodify nopeer noquery
|
||||
restrict -6 default kod notrap nomodify nopeer noquery
|
||||
|
||||
# Local users may interrogate the ntp server more closely.
|
||||
restrict 127.0.0.1
|
||||
restrict ::1
|
|
@ -95,6 +95,17 @@
|
|||
- name: Install ntp
|
||||
apt: name=ntp state=latest
|
||||
|
||||
- name: Copy NTP configuration
|
||||
copy:
|
||||
src: ntp.conf
|
||||
dest: /etc/ntp.conf
|
||||
backup: no
|
||||
|
||||
- name: Restart NTP
|
||||
service:
|
||||
name: ntp
|
||||
state: restarted
|
||||
|
||||
- name: Install debian package management
|
||||
apt: name={{ item }} state=latest
|
||||
with_items:
|
||||
|
|
|
@ -0,0 +1,7 @@
|
|||
---
|
||||
- hosts: containers
|
||||
become: yes
|
||||
become_method: sudo
|
||||
roles:
|
||||
- container
|
||||
- cleanup
|
|
@ -0,0 +1,7 @@
|
|||
---
|
||||
- hosts: all
|
||||
become: yes
|
||||
become_method: sudo
|
||||
roles:
|
||||
- core
|
||||
- cleanup
|
17
webnode.yml
17
webnode.yml
|
@ -3,13 +3,14 @@
|
|||
become: yes
|
||||
become_method: sudo
|
||||
roles:
|
||||
#- common
|
||||
#- core
|
||||
#- static-ipv6
|
||||
#- generate-hosts
|
||||
#- auth
|
||||
#- csc-packages
|
||||
#- devel
|
||||
#- general-use
|
||||
- common
|
||||
- core
|
||||
- container
|
||||
- static-ipv6
|
||||
- generate-hosts
|
||||
- auth
|
||||
- csc-packages
|
||||
- devel
|
||||
- general-use
|
||||
- webnode
|
||||
- cleanup
|
||||
|
|
Loading…
Reference in New Issue