Merge pull request 'neoloc/ntpserver' (#51) from neoloc/ntpserver into develop

Reviewed-on: unkinben/puppet-prod#51

hieradata/common.yaml

@@ -1,7 +1,7 @@
 ---
-profiles::base::ntp_servers:
-  - 0.au.pool.ntp.org
-  - 1.au.pool.ntp.org
+profiles::ntp::client::peers:
+  - ntp01.main.unkin.net
+  - ntp02.main.unkin.net
 
 profiles::base::puppet_servers:
   - 'prodinf01n01.main.unkin.net'
@@ -116,6 +116,16 @@ profiles::base::hosts::additional_hosts:
     hostname: prodinf01n06.main.unkin.net
     aliases:
       - prodinf01n06
+  - ip: 198.18.17.9
+    hostname: prodinf01n09.main.unkin.net
+    aliases:
+      - prodinf01n09
+      - ntp01.main.unkin.net
+  - ip: 198.18.17.10
+    hostname: prodinf01n10.main.unkin.net
+    aliases:
+      - prodinf01n10
+      - ntp02.main.unkin.net
   - ip: 198.18.17.22
     hostname: prodinf01n22.main.unkin.net
     aliases:

hieradata/roles/infra/ntpserver.yaml

@@ -0,0 +1,10 @@
+---
+profiles::ntp::client::client_only: false
+profiles::ntp::server::allowquery:
+  - '198.18.17.0/24'
+
+profiles::ntp::server::peers:
+  - '0.au.pool.ntp.org'
+  - '1.au.pool.ntp.org'
+  - '2.au.pool.ntp.org'
+  - '3.au.pool.ntp.org'

site/profiles/manifests/base.pp

@@ -1,11 +1,8 @@
 # this is the base class, which will be used by all servers
 class profiles::base (
-  Array  $ntp_servers,
   Array  $puppet_servers,
 ) {
-  class { 'chrony':
-    servers => $ntp_servers,
-  }
+
   case $facts['os']['family'] {
     'RedHat': {
       include profiles::yum::global
@@ -31,6 +28,7 @@ class profiles::base (
   include profiles::base::scripts
   include profiles::base::hosts
   include profiles::accounts::sysadmin
+  include profiles::ntp::client
 
   # include the python class
   class { 'python':

site/profiles/manifests/ntp/client.pp

@@ -0,0 +1,30 @@
+# setup an ntp client using chrony
+# use exported resources from profiles::ntp::server if they are available
+class profiles::ntp::client (
+  Array     $peers,
+  Boolean   $wait_enable = true,
+  Enum[
+    'running',
+    'stopped'
+  ]         $wait_ensure = 'running',
+  Boolean   $client_only = true,
+) {
+
+  # If $client_only, setup a client. Servers are set to false so that they are configured
+  # through the profiles::ntp::server class.
+  if $client_only {
+
+    # Define the client configuration based on OS family
+    if $facts['os']['family'] == 'RedHat' {
+      class { 'chrony':
+        servers     => $peers,
+        wait_enable => $wait_enable,
+        wait_ensure => $wait_ensure,
+      }
+    } else {
+      class { 'chrony':
+        servers    => $peers,
+      }
+    }
+  }
+}

site/profiles/manifests/ntp/server.pp

@@ -0,0 +1,39 @@
+# chronyd server class with exported resources
+class profiles::ntp::server (
+  Array[Variant[
+    Stdlib::IP::Address::V4,
+    Stdlib::IP::Address::V4::CIDR
+  ]]                  $allowquery = ['127.0.0.1'],
+  Array[Stdlib::Host] $peers = [
+    '0.pool.ntp.org',
+    '1.pool.ntp.org',
+    '2.pool.ntp.org',
+    '3.pool.ntp.org'
+  ],
+  Boolean             $wait_enable = true,
+  Enum[
+    'running',
+    'stopped'
+  ]                   $wait_ensure = 'running',
+){
+
+  # check the enc_role has been set, it can take two puppet runs to do this
+  # TODO: change away from external fact
+  if $facts['enc_role'] == 'roles::infra::ntpserver' {
+
+    # define the server
+    if $facts['os']['family'] == 'RedHat' {
+      class { 'chrony':
+        servers     => $peers,
+        queryhosts  => $allowquery,
+        wait_enable => $wait_enable,
+        wait_ensure => $wait_ensure,
+      }
+    } else {
+      class { 'chrony':
+        servers    => $peers,
+        queryhosts => $allowquery,
+      }
+    }
+  }
+}

site/roles/manifests/infra/ntpserver.pp

@@ -0,0 +1,6 @@
+# a role to deploy a ntp server
+class roles::infra::ntpserver {
+  include profiles::defaults
+  include profiles::base
+  include profiles::ntp::server
+}