feat: add ntp server/client

- add ntp client and server class - add ntp server role - update hiera.yaml to work with enc_role - cleanup base profile
2023-11-10 23:21:08 +11:00 · 2023-11-10 23:21:08 +11:00 · 9cb730d116
commit 9cb730d116
parent 11508f2538
8 changed files with 105 additions and 12 deletions
--- a/hiera.yaml
+++ b/hiera.yaml
@ -5,10 +5,14 @@ defaults:
  data_hash: "yaml_data"
 hierarchy:
  - name: Node-specific data
-    path: "nodes/%{trusted.certname}.yaml"
-  - name: "Per-OS & Release Specific Data"
-    path: "os/%{facts.os.name}/%{facts.os.name}%{facts.os.release.major}.yaml"
-  - name: "Per-OS Specific Data"
-    path: "os/%{facts.os.name}/all_releases.yaml"
+    paths:
+      - "nodes/%{trusted.certname}.yaml"
+  - name: Role-specific data
+    paths:
+      - "%{facts.enc_role_path}.yaml"
+  - name: "OS Related"
+    paths:
+      - "os/%{facts.os.name}/%{facts.os.name}%{facts.os.release.major}.yaml"
+      - "os/%{facts.os.name}/all_releases.yaml"
  - name: Common data shared across nodes
    path: "common.yaml"
--- a/hieradata/common.yaml
+++ b/hieradata/common.yaml
@ -1,7 +1,7 @@
 ---
-profiles::base::ntp_servers:
-  - 0.au.pool.ntp.org
-  - 1.au.pool.ntp.org
+profiles::ntp::client::peers:
+  - ntp01.main.unkin.net
+  - ntp02.main.unkin.net

 profiles::base::puppet_servers:
  - 'prodinf01n01.main.unkin.net'
@ -116,6 +116,16 @@ profiles::base::hosts::additional_hosts:
    hostname: prodinf01n06.main.unkin.net
    aliases:
      - prodinf01n06
+  - ip: 198.18.17.9
+    hostname: prodinf01n09.main.unkin.net
+    aliases:
+      - prodinf01n09
+      - ntp01.main.unkin.net
+  - ip: 198.18.17.10
+    hostname: prodinf01n10.main.unkin.net
+    aliases:
+      - prodinf01n10
+      - ntp02.main.unkin.net
  - ip: 198.18.17.22
    hostname: prodinf01n22.main.unkin.net
    aliases:
--- a/hieradata/roles/infra/ntpserver.yaml
+++ b/hieradata/roles/infra/ntpserver.yaml
@ -0,0 +1,10 @@
+---
+profiles::ntp::client::client_only: false
+profiles::ntp::server::allowquery:
+  - '198.18.17.0/24'
+
+profiles::ntp::server::peers:
+  - '0.au.pool.ntp.org'
+  - '1.au.pool.ntp.org'
+  - '2.au.pool.ntp.org'
+  - '3.au.pool.ntp.org'
--- a/site/profiles/manifests/base.pp
+++ b/site/profiles/manifests/base.pp
@ -1,11 +1,8 @@
 # this is the base class, which will be used by all servers
 class profiles::base (
-  Array  $ntp_servers,
  Array  $puppet_servers,
 ) {
-  class { 'chrony':
-    servers => $ntp_servers,
-  }
+
  case $facts['os']['family'] {
    'RedHat': {
      include profiles::yum::global
@ -31,6 +28,7 @@ class profiles::base (
  include profiles::base::scripts
  include profiles::base::hosts
  include profiles::accounts::sysadmin
+  include profiles::ntp::client

  # include the python class
  class { 'python':
--- a/site/profiles/manifests/ntp/client.pp
+++ b/site/profiles/manifests/ntp/client.pp
@ -0,0 +1,30 @@
+# setup an ntp client using chrony
+# use exported resources from profiles::ntp::server if they are available
+class profiles::ntp::client (
+  Array     $peers,
+  Boolean   $wait_enable = true,
+  Enum[
+    'running',
+    'stopped'
+  ]         $wait_ensure = 'running',
+  Boolean   $client_only = true,
+) {
+
+  # If $client_only, setup a client. Servers are set to false so that they are configured
+  # through the profiles::ntp::server class.
+  if $client_only {
+
+    # Define the client configuration based on OS family
+    if $facts['os']['family'] == 'RedHat' {
+      class { 'chrony':
+        servers     => $peers,
+        wait_enable => $wait_enable,
+        wait_ensure => $wait_ensure,
+      }
+    } else {
+      class { 'chrony':
+        servers    => $peers,
+      }
+    }
+  }
+}
--- a/site/profiles/manifests/ntp/server.pp
+++ b/site/profiles/manifests/ntp/server.pp
@ -0,0 +1,34 @@
+# chronyd server class with exported resources
+class profiles::ntp::server (
+  Array[Variant[
+    Stdlib::IP::Address::V4,
+    Stdlib::IP::Address::V4::CIDR
+  ]]                  $allowquery = ['127.0.0.1'],
+  Array[Stdlib::Host] $peers = [
+    '0.pool.ntp.org',
+    '1.pool.ntp.org',
+    '2.pool.ntp.org',
+    '3.pool.ntp.org'
+  ],
+  Boolean             $wait_enable = true,
+  Enum[
+    'running',
+    'stopped'
+  ]                   $wait_ensure = 'running',
+){
+
+  # define the server
+  if $facts['os']['family'] == 'RedHat' {
+    class { 'chrony':
+      servers     => $peers,
+      queryhosts  => $allowquery,
+      wait_enable => $wait_enable,
+      wait_ensure => $wait_ensure,
+    }
+  } else {
+    class { 'chrony':
+      servers    => $peers,
+      queryhosts => $allowquery,
+    }
+  }
+}
--- a/site/profiles/templates/base/facts/enc_role.erb
+++ b/site/profiles/templates/base/facts/enc_role.erb
@ -1 +1,2 @@
 enc_role=<%= @enc_role[0] %>
+enc_role=<%= @enc_role[0].gsub('::', '/') %>
--- a/site/roles/manifests/infra/ntpserver.pp
+++ b/site/roles/manifests/infra/ntpserver.pp
@ -0,0 +1,6 @@
+# a role to deploy a ntp server
+class roles::infra::ntpserver {
+  include profiles::defaults
+  include profiles::base
+  include profiles::ntp::server
+}