From 9cb730d116bcb22ae904a6004e40bcfa5e66ab43 Mon Sep 17 00:00:00 2001 From: Ben Vincent Date: Fri, 10 Nov 2023 23:21:08 +1100 Subject: [PATCH] feat: add ntp server/client - add ntp client and server class - add ntp server role - update hiera.yaml to work with enc_role - cleanup base profile --- hiera.yaml | 14 +++++--- hieradata/common.yaml | 16 +++++++-- hieradata/roles/infra/ntpserver.yaml | 10 ++++++ site/profiles/manifests/base.pp | 6 ++-- site/profiles/manifests/ntp/client.pp | 30 ++++++++++++++++ site/profiles/manifests/ntp/server.pp | 34 +++++++++++++++++++ .../templates/base/facts/enc_role.erb | 1 + site/roles/manifests/infra/ntpserver.pp | 6 ++++ 8 files changed, 105 insertions(+), 12 deletions(-) create mode 100644 hieradata/roles/infra/ntpserver.yaml create mode 100644 site/profiles/manifests/ntp/client.pp create mode 100644 site/profiles/manifests/ntp/server.pp create mode 100644 site/roles/manifests/infra/ntpserver.pp diff --git a/hiera.yaml b/hiera.yaml index c601683..d117ebd 100644 --- a/hiera.yaml +++ b/hiera.yaml @@ -5,10 +5,14 @@ defaults: data_hash: "yaml_data" hierarchy: - name: Node-specific data - path: "nodes/%{trusted.certname}.yaml" - - name: "Per-OS & Release Specific Data" - path: "os/%{facts.os.name}/%{facts.os.name}%{facts.os.release.major}.yaml" - - name: "Per-OS Specific Data" - path: "os/%{facts.os.name}/all_releases.yaml" + paths: + - "nodes/%{trusted.certname}.yaml" + - name: Role-specific data + paths: + - "%{facts.enc_role_path}.yaml" + - name: "OS Related" + paths: + - "os/%{facts.os.name}/%{facts.os.name}%{facts.os.release.major}.yaml" + - "os/%{facts.os.name}/all_releases.yaml" - name: Common data shared across nodes path: "common.yaml" diff --git a/hieradata/common.yaml b/hieradata/common.yaml index 47674fe..964e975 100644 --- a/hieradata/common.yaml +++ b/hieradata/common.yaml @@ -1,7 +1,7 @@ --- -profiles::base::ntp_servers: - - 0.au.pool.ntp.org - - 1.au.pool.ntp.org +profiles::ntp::client::peers: + - ntp01.main.unkin.net + - ntp02.main.unkin.net profiles::base::puppet_servers: - 'prodinf01n01.main.unkin.net' @@ -116,6 +116,16 @@ profiles::base::hosts::additional_hosts: hostname: prodinf01n06.main.unkin.net aliases: - prodinf01n06 + - ip: 198.18.17.9 + hostname: prodinf01n09.main.unkin.net + aliases: + - prodinf01n09 + - ntp01.main.unkin.net + - ip: 198.18.17.10 + hostname: prodinf01n10.main.unkin.net + aliases: + - prodinf01n10 + - ntp02.main.unkin.net - ip: 198.18.17.22 hostname: prodinf01n22.main.unkin.net aliases: diff --git a/hieradata/roles/infra/ntpserver.yaml b/hieradata/roles/infra/ntpserver.yaml new file mode 100644 index 0000000..e618573 --- /dev/null +++ b/hieradata/roles/infra/ntpserver.yaml @@ -0,0 +1,10 @@ +--- +profiles::ntp::client::client_only: false +profiles::ntp::server::allowquery: + - '198.18.17.0/24' + +profiles::ntp::server::peers: + - '0.au.pool.ntp.org' + - '1.au.pool.ntp.org' + - '2.au.pool.ntp.org' + - '3.au.pool.ntp.org' diff --git a/site/profiles/manifests/base.pp b/site/profiles/manifests/base.pp index 692ad57..d601bf8 100644 --- a/site/profiles/manifests/base.pp +++ b/site/profiles/manifests/base.pp @@ -1,11 +1,8 @@ # this is the base class, which will be used by all servers class profiles::base ( - Array $ntp_servers, Array $puppet_servers, ) { - class { 'chrony': - servers => $ntp_servers, - } + case $facts['os']['family'] { 'RedHat': { include profiles::yum::global @@ -31,6 +28,7 @@ class profiles::base ( include profiles::base::scripts include profiles::base::hosts include profiles::accounts::sysadmin + include profiles::ntp::client # include the python class class { 'python': diff --git a/site/profiles/manifests/ntp/client.pp b/site/profiles/manifests/ntp/client.pp new file mode 100644 index 0000000..0429266 --- /dev/null +++ b/site/profiles/manifests/ntp/client.pp @@ -0,0 +1,30 @@ +# setup an ntp client using chrony +# use exported resources from profiles::ntp::server if they are available +class profiles::ntp::client ( + Array $peers, + Boolean $wait_enable = true, + Enum[ + 'running', + 'stopped' + ] $wait_ensure = 'running', + Boolean $client_only = true, +) { + + # If $client_only, setup a client. Servers are set to false so that they are configured + # through the profiles::ntp::server class. + if $client_only { + + # Define the client configuration based on OS family + if $facts['os']['family'] == 'RedHat' { + class { 'chrony': + servers => $peers, + wait_enable => $wait_enable, + wait_ensure => $wait_ensure, + } + } else { + class { 'chrony': + servers => $peers, + } + } + } +} diff --git a/site/profiles/manifests/ntp/server.pp b/site/profiles/manifests/ntp/server.pp new file mode 100644 index 0000000..0739737 --- /dev/null +++ b/site/profiles/manifests/ntp/server.pp @@ -0,0 +1,34 @@ +# chronyd server class with exported resources +class profiles::ntp::server ( + Array[Variant[ + Stdlib::IP::Address::V4, + Stdlib::IP::Address::V4::CIDR + ]] $allowquery = ['127.0.0.1'], + Array[Stdlib::Host] $peers = [ + '0.pool.ntp.org', + '1.pool.ntp.org', + '2.pool.ntp.org', + '3.pool.ntp.org' + ], + Boolean $wait_enable = true, + Enum[ + 'running', + 'stopped' + ] $wait_ensure = 'running', +){ + + # define the server + if $facts['os']['family'] == 'RedHat' { + class { 'chrony': + servers => $peers, + queryhosts => $allowquery, + wait_enable => $wait_enable, + wait_ensure => $wait_ensure, + } + } else { + class { 'chrony': + servers => $peers, + queryhosts => $allowquery, + } + } +} diff --git a/site/profiles/templates/base/facts/enc_role.erb b/site/profiles/templates/base/facts/enc_role.erb index d59acdf..69c6d06 100644 --- a/site/profiles/templates/base/facts/enc_role.erb +++ b/site/profiles/templates/base/facts/enc_role.erb @@ -1 +1,2 @@ enc_role=<%= @enc_role[0] %> +enc_role=<%= @enc_role[0].gsub('::', '/') %> diff --git a/site/roles/manifests/infra/ntpserver.pp b/site/roles/manifests/infra/ntpserver.pp new file mode 100644 index 0000000..887efce --- /dev/null +++ b/site/roles/manifests/infra/ntpserver.pp @@ -0,0 +1,6 @@ +# a role to deploy a ntp server +class roles::infra::ntpserver { + include profiles::defaults + include profiles::base + include profiles::ntp::server +}