diff options
| author | Jacob Salmela <me@jacobsalmela.com> | 2023-05-17 09:53:50 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-05-17 09:53:50 -0500 |
| commit | 1b9c2b57a8dcf924c946d37ff42649b50d41c011 (patch) | |
| tree | 20fcd678d1a3e3194a68bcf0141c7e6054884ee2 | |
| parent | 8c1a3ff8024377e2efed51c461c1190c25da9d23 (diff) | |
| download | cloud-init-git-1b9c2b57a8dcf924c946d37ff42649b50d41c011.tar.gz | |
Add 'peers' and 'allow' directives in cc_ntp (#3124)
Signed-off-by: Jacob Salmela <jacob.salmela@hpe.com>
30 files changed, 192 insertions, 2 deletions
diff --git a/cloudinit/config/cc_ntp.py b/cloudinit/config/cc_ntp.py index 47659af7..8d834336 100644 --- a/cloudinit/config/cc_ntp.py +++ b/cloudinit/config/cc_ntp.py @@ -282,11 +282,24 @@ meta: MetaSchema = { {% for server in servers -%} server {{server}} iburst {% endfor %} + {% if peers -%}# peers{% endif %} + {% for peer in peers -%} + peer {{peer}} + {% endfor %} + {% if allow -%}# allow{% endif %} + {% for cidr in allow -%} + allow {{cidr}} + {% endfor %} pools: [0.int.pool.ntp.org, 1.int.pool.ntp.org, ntp.myorg.org] servers: - ntp.server.local - ntp.ubuntu.com - - 192.168.23.2""" + - 192.168.23.2 + allow: + - 192.168.23.0/32 + peers: + - km001 + - km002""" ), ], "frequency": PER_INSTANCE, @@ -425,6 +438,8 @@ def write_ntp_config_template( service_name=None, servers=None, pools=None, + allow=None, + peers=None, path=None, template_fn=None, template=None, @@ -437,6 +452,10 @@ def write_ntp_config_template( list. @param pools: A list of strings specifying ntp pools. Defaults to empty list. + @param allow: A list of strings specifying a network/CIDR. Defaults to + empty list. + @param peers: A list nodes that should peer with each other. Defaults to + empty list. @param path: A string to specify where to write the rendered template. @param template_fn: A string to specify the template source file. @param template: A string specifying the contents of the template. This @@ -450,6 +469,10 @@ def write_ntp_config_template( servers = [] if not pools: pools = [] + if not allow: + allow = [] + if not peers: + peers = [] if len(servers) == 0 and len(pools) == 0 and distro_name == "cos": return @@ -474,7 +497,12 @@ def write_ntp_config_template( if not template_fn and not template: raise ValueError("Not template_fn or template provided") - params = {"servers": servers, "pools": pools} + params = { + "servers": servers, + "pools": pools, + "allow": allow, + "peers": peers, + } if template: tfile = temp_utils.mkstemp(prefix="template_name-", suffix=".tmpl") template_fn = tfile[1] # filepath is second item in tuple @@ -596,11 +624,18 @@ def handle(name: str, cfg: Config, cloud: Cloud, args: list) -> None: ) raise RuntimeError(msg) + LOG.debug("service_name: %s", ntp_client_config.get("service_name")) + LOG.debug("servers: %s", ntp_cfg.get("servers", [])) + LOG.debug("pools: %s", ntp_cfg.get("pools", [])) + LOG.debug("allow: %s", ntp_cfg.get("allow", [])) + LOG.debug("peers: %s", ntp_cfg.get("peers", [])) write_ntp_config_template( cloud.distro.name, service_name=ntp_client_config.get("service_name"), servers=ntp_cfg.get("servers", []), pools=ntp_cfg.get("pools", []), + allow=ntp_cfg.get("allow", []), + peers=ntp_cfg.get("peers", []), path=ntp_client_config.get("confpath"), template_fn=template_fn, template=ntp_client_config.get("template"), diff --git a/cloudinit/config/schemas/schema-cloud-config-v1.json b/cloudinit/config/schemas/schema-cloud-config-v1.json index 3c2b90f9..6f576f12 100644 --- a/cloudinit/config/schemas/schema-cloud-config-v1.json +++ b/cloudinit/config/schemas/schema-cloud-config-v1.json @@ -1846,6 +1846,23 @@ "uniqueItems": true, "description": "List of ntp servers. If both pools and servers are\nempty, 4 default pool servers will be provided with\nthe format ``{0-3}.{distro}.pool.ntp.org``." }, + "peers": { + "type": "array", + "items": { + "type": "string", + "format": "hostname" + }, + "uniqueItems": true, + "description": "List of ntp peers." + }, + "allow": { + "type": "array", + "items": { + "type": "string" + }, + "uniqueItems": true, + "description": "List of CIDRs to allow" + }, "ntp_client": { "type": "string", "default": "auto", diff --git a/templates/chrony.conf.alpine.tmpl b/templates/chrony.conf.alpine.tmpl index 45efc18c..4a748f56 100644 --- a/templates/chrony.conf.alpine.tmpl +++ b/templates/chrony.conf.alpine.tmpl @@ -11,6 +11,12 @@ pool {{pool}} iburst {% for server in servers -%} server {{server}} iburst {% endfor %} +{% for peer in peers -%} +peer {{peer}} +{% endfor %} +{% for a in allow -%} +allow {{a}} +{% endfor %} # This directive specifies the location of the file containing ID/key pairs for # NTP authentication. diff --git a/templates/chrony.conf.centos.tmpl b/templates/chrony.conf.centos.tmpl index 5b3542ef..43b1f5d7 100644 --- a/templates/chrony.conf.centos.tmpl +++ b/templates/chrony.conf.centos.tmpl @@ -11,6 +11,12 @@ pool {{pool}} iburst {% for server in servers -%} server {{server}} iburst {% endfor %} +{% for peer in peers -%} +peer {{peer}} +{% endfor %} +{% for a in allow -%} +allow {{a}} +{% endfor %} # Record the rate at which the system clock gains/losses time. driftfile /var/lib/chrony/drift diff --git a/templates/chrony.conf.cos.tmpl b/templates/chrony.conf.cos.tmpl index fa115f86..91955cd1 100644 --- a/templates/chrony.conf.cos.tmpl +++ b/templates/chrony.conf.cos.tmpl @@ -12,6 +12,12 @@ pool {{pool}} iburst {% for server in servers -%} server {{server}} iburst {% endfor %} +{% for peer in peers -%} +peer {{peer}} +{% endfor %} +{% for a in allow -%} +allow {{a}} +{% endfor %} # This directive specify the file into which chronyd will store the rate # information. diff --git a/templates/chrony.conf.debian.tmpl b/templates/chrony.conf.debian.tmpl index 661bf04e..9d93eb1e 100644 --- a/templates/chrony.conf.debian.tmpl +++ b/templates/chrony.conf.debian.tmpl @@ -11,6 +11,12 @@ pool {{pool}} iburst {% for server in servers -%} server {{server}} iburst {% endfor %} +{% for peer in peers -%} +peer {{peer}} +{% endfor %} +{% for a in allow -%} +allow {{a}} +{% endfor %} # This directive specify the location of the file containing ID/key pairs for # NTP authentication. diff --git a/templates/chrony.conf.fedora.tmpl b/templates/chrony.conf.fedora.tmpl index 8551f793..5cd462a7 100644 --- a/templates/chrony.conf.fedora.tmpl +++ b/templates/chrony.conf.fedora.tmpl @@ -11,6 +11,12 @@ pool {{pool}} iburst {% for server in servers -%} server {{server}} iburst {% endfor %} +{% for peer in peers -%} +peer {{peer}} +{% endfor %} +{% for a in allow -%} +allow {{a}} +{% endfor %} # Record the rate at which the system clock gains/losses time. driftfile /var/lib/chrony/drift diff --git a/templates/chrony.conf.freebsd.tmpl b/templates/chrony.conf.freebsd.tmpl index 1e4155f3..a9dd394e 100644 --- a/templates/chrony.conf.freebsd.tmpl +++ b/templates/chrony.conf.freebsd.tmpl @@ -42,6 +42,12 @@ server {{server}} iburst pool {{pool}} iburst {% endfor %} +{% for peer in peers -%} +peer {{peer}} +{% endfor %} +{% for a in allow -%} +allow {{a}} +{% endfor %} ####################################################################### ### AVOIDING POTENTIALLY BOGUS CHANGES TO YOUR CLOCK # diff --git a/templates/chrony.conf.opensuse-leap.tmpl b/templates/chrony.conf.opensuse-leap.tmpl index a3d3e0ec..57a44c12 100644 --- a/templates/chrony.conf.opensuse-leap.tmpl +++ b/templates/chrony.conf.opensuse-leap.tmpl @@ -11,6 +11,12 @@ pool {{pool}} iburst {% for server in servers -%} server {{server}} iburst {% endfor %} +{% for peer in peers -%} +peer {{peer}} +{% endfor %} +{% for a in allow -%} +allow {{a}} +{% endfor %} # Record the rate at which the system clock gains/losses time. driftfile /var/lib/chrony/drift diff --git a/templates/chrony.conf.opensuse-microos.tmpl b/templates/chrony.conf.opensuse-microos.tmpl index a3d3e0ec..57a44c12 100644 --- a/templates/chrony.conf.opensuse-microos.tmpl +++ b/templates/chrony.conf.opensuse-microos.tmpl @@ -11,6 +11,12 @@ pool {{pool}} iburst {% for server in servers -%} server {{server}} iburst {% endfor %} +{% for peer in peers -%} +peer {{peer}} +{% endfor %} +{% for a in allow -%} +allow {{a}} +{% endfor %} # Record the rate at which the system clock gains/losses time. driftfile /var/lib/chrony/drift diff --git a/templates/chrony.conf.opensuse-tumbleweed.tmpl b/templates/chrony.conf.opensuse-tumbleweed.tmpl index a3d3e0ec..57a44c12 100644 --- a/templates/chrony.conf.opensuse-tumbleweed.tmpl +++ b/templates/chrony.conf.opensuse-tumbleweed.tmpl @@ -11,6 +11,12 @@ pool {{pool}} iburst {% for server in servers -%} server {{server}} iburst {% endfor %} +{% for peer in peers -%} +peer {{peer}} +{% endfor %} +{% for a in allow -%} +allow {{a}} +{% endfor %} # Record the rate at which the system clock gains/losses time. driftfile /var/lib/chrony/drift diff --git a/templates/chrony.conf.opensuse.tmpl b/templates/chrony.conf.opensuse.tmpl index a3d3e0ec..57a44c12 100644 --- a/templates/chrony.conf.opensuse.tmpl +++ b/templates/chrony.conf.opensuse.tmpl @@ -11,6 +11,12 @@ pool {{pool}} iburst {% for server in servers -%} server {{server}} iburst {% endfor %} +{% for peer in peers -%} +peer {{peer}} +{% endfor %} +{% for a in allow -%} +allow {{a}} +{% endfor %} # Record the rate at which the system clock gains/losses time. driftfile /var/lib/chrony/drift diff --git a/templates/chrony.conf.photon.tmpl b/templates/chrony.conf.photon.tmpl index 8551f793..5cd462a7 100644 --- a/templates/chrony.conf.photon.tmpl +++ b/templates/chrony.conf.photon.tmpl @@ -11,6 +11,12 @@ pool {{pool}} iburst {% for server in servers -%} server {{server}} iburst {% endfor %} +{% for peer in peers -%} +peer {{peer}} +{% endfor %} +{% for a in allow -%} +allow {{a}} +{% endfor %} # Record the rate at which the system clock gains/losses time. driftfile /var/lib/chrony/drift diff --git a/templates/chrony.conf.rhel.tmpl b/templates/chrony.conf.rhel.tmpl index 5b3542ef..43b1f5d7 100644 --- a/templates/chrony.conf.rhel.tmpl +++ b/templates/chrony.conf.rhel.tmpl @@ -11,6 +11,12 @@ pool {{pool}} iburst {% for server in servers -%} server {{server}} iburst {% endfor %} +{% for peer in peers -%} +peer {{peer}} +{% endfor %} +{% for a in allow -%} +allow {{a}} +{% endfor %} # Record the rate at which the system clock gains/losses time. driftfile /var/lib/chrony/drift diff --git a/templates/chrony.conf.sle-micro.tmpl b/templates/chrony.conf.sle-micro.tmpl index a3d3e0ec..57a44c12 100644 --- a/templates/chrony.conf.sle-micro.tmpl +++ b/templates/chrony.conf.sle-micro.tmpl @@ -11,6 +11,12 @@ pool {{pool}} iburst {% for server in servers -%} server {{server}} iburst {% endfor %} +{% for peer in peers -%} +peer {{peer}} +{% endfor %} +{% for a in allow -%} +allow {{a}} +{% endfor %} # Record the rate at which the system clock gains/losses time. driftfile /var/lib/chrony/drift diff --git a/templates/chrony.conf.sle_hpc.tmpl b/templates/chrony.conf.sle_hpc.tmpl index a3d3e0ec..57a44c12 100644 --- a/templates/chrony.conf.sle_hpc.tmpl +++ b/templates/chrony.conf.sle_hpc.tmpl @@ -11,6 +11,12 @@ pool {{pool}} iburst {% for server in servers -%} server {{server}} iburst {% endfor %} +{% for peer in peers -%} +peer {{peer}} +{% endfor %} +{% for a in allow -%} +allow {{a}} +{% endfor %} # Record the rate at which the system clock gains/losses time. driftfile /var/lib/chrony/drift diff --git a/templates/chrony.conf.sles.tmpl b/templates/chrony.conf.sles.tmpl index a3d3e0ec..57a44c12 100644 --- a/templates/chrony.conf.sles.tmpl +++ b/templates/chrony.conf.sles.tmpl @@ -11,6 +11,12 @@ pool {{pool}} iburst {% for server in servers -%} server {{server}} iburst {% endfor %} +{% for peer in peers -%} +peer {{peer}} +{% endfor %} +{% for a in allow -%} +allow {{a}} +{% endfor %} # Record the rate at which the system clock gains/losses time. driftfile /var/lib/chrony/drift diff --git a/templates/chrony.conf.ubuntu.tmpl b/templates/chrony.conf.ubuntu.tmpl index 50a6f518..06da6123 100644 --- a/templates/chrony.conf.ubuntu.tmpl +++ b/templates/chrony.conf.ubuntu.tmpl @@ -15,6 +15,12 @@ pool {{pool}} iburst {% for server in servers -%} server {{server}} iburst {% endfor %} +{% for peer in peers -%} +peer {{peer}} +{% endfor %} +{% for a in allow -%} +allow {{a}} +{% endfor %} # This directive specify the location of the file containing ID/key pairs for # NTP authentication. diff --git a/templates/ntp.conf.alpine.tmpl b/templates/ntp.conf.alpine.tmpl index 59ca8fc1..eb32e412 100644 --- a/templates/ntp.conf.alpine.tmpl +++ b/templates/ntp.conf.alpine.tmpl @@ -8,3 +8,6 @@ {% for server in servers -%} server {{server}} {% endfor %} +{% for peer in peers -%} +peer {{peer}} +{% endfor %} diff --git a/templates/ntp.conf.debian.tmpl b/templates/ntp.conf.debian.tmpl index affe983d..d57f8924 100644 --- a/templates/ntp.conf.debian.tmpl +++ b/templates/ntp.conf.debian.tmpl @@ -29,6 +29,9 @@ pool {{pool}} iburst {% for server in servers -%} server {{server}} iburst {% endfor %} +{% for peer in peers -%} +peer {{peer}} +{% endfor %} # Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for # details. The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions> diff --git a/templates/ntp.conf.fedora.tmpl b/templates/ntp.conf.fedora.tmpl index af7b1b09..796bd934 100644 --- a/templates/ntp.conf.fedora.tmpl +++ b/templates/ntp.conf.fedora.tmpl @@ -30,6 +30,9 @@ pool {{pool}} iburst {% for server in servers -%} server {{server}} iburst {% endfor %} +{% for peer in peers -%} +peer {{peer}} +{% endfor %} #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client diff --git a/templates/ntp.conf.freebsd.tmpl b/templates/ntp.conf.freebsd.tmpl index 8d417f6d..c32cc307 100644 --- a/templates/ntp.conf.freebsd.tmpl +++ b/templates/ntp.conf.freebsd.tmpl @@ -36,6 +36,9 @@ tos minclock 3 maxclock 6 {% for pool in pools -%} pool {{pool}} iburst {% endfor %} +{% for peer in peers -%} +peer {{peer}} +{% endfor %} # # To configure a specific server, such as an organization-wide local diff --git a/templates/ntp.conf.opensuse.tmpl b/templates/ntp.conf.opensuse.tmpl index f3ab565f..e179e9b0 100644 --- a/templates/ntp.conf.opensuse.tmpl +++ b/templates/ntp.conf.opensuse.tmpl @@ -42,6 +42,9 @@ pool {{pool}} iburst {% for server in servers -%} server {{server}} iburst {% endfor %} +{% for peer in peers -%} +peer {{peer}} +{% endfor %} # Access control configuration; see /usr/share/doc/packages/ntp/html/accopt.html for # details. The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions> diff --git a/templates/ntp.conf.photon.tmpl b/templates/ntp.conf.photon.tmpl index 4d4910d1..6d166aa3 100644 --- a/templates/ntp.conf.photon.tmpl +++ b/templates/ntp.conf.photon.tmpl @@ -31,6 +31,9 @@ pool {{pool}} iburst {% for server in servers -%} server {{server}} iburst {% endfor %} +{% for peer in peers -%} +peer {{peer}} +{% endfor %} #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client diff --git a/templates/ntp.conf.rhel.tmpl b/templates/ntp.conf.rhel.tmpl index 62b47764..9884df5f 100644 --- a/templates/ntp.conf.rhel.tmpl +++ b/templates/ntp.conf.rhel.tmpl @@ -31,6 +31,9 @@ pool {{pool}} iburst {% for server in servers -%} server {{server}} iburst {% endfor %} +{% for peer in peers -%} +peer {{peer}} +{% endfor %} #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client diff --git a/templates/ntp.conf.sles.tmpl b/templates/ntp.conf.sles.tmpl index f3ab565f..e179e9b0 100644 --- a/templates/ntp.conf.sles.tmpl +++ b/templates/ntp.conf.sles.tmpl @@ -42,6 +42,9 @@ pool {{pool}} iburst {% for server in servers -%} server {{server}} iburst {% endfor %} +{% for peer in peers -%} +peer {{peer}} +{% endfor %} # Access control configuration; see /usr/share/doc/packages/ntp/html/accopt.html for # details. The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions> diff --git a/templates/ntp.conf.ubuntu.tmpl b/templates/ntp.conf.ubuntu.tmpl index 862a4fbd..333d4cc1 100644 --- a/templates/ntp.conf.ubuntu.tmpl +++ b/templates/ntp.conf.ubuntu.tmpl @@ -27,6 +27,9 @@ pool {{pool}} iburst {% for server in servers -%} server {{server}} iburst {% endfor %} +{% for peer in peers -%} +peer {{peer}} +{% endfor %} # Use Ubuntu's ntp server as a fallback. # pool ntp.ubuntu.com diff --git a/templates/ntpd.conf.openbsd.tmpl b/templates/ntpd.conf.openbsd.tmpl index 05610bb6..bfd2c1be 100644 --- a/templates/ntpd.conf.openbsd.tmpl +++ b/templates/ntpd.conf.openbsd.tmpl @@ -12,6 +12,9 @@ servers {{pool}} {% for server in servers -%}# servers server {{server}} {% endfor %} +{% for peer in peers -%} +peer {{peer}} +{% endfor %} sensor * constraint from "9.9.9.9" # quad9 v4 without DNS diff --git a/tests/unittests/config/test_cc_ntp.py b/tests/unittests/config/test_cc_ntp.py index 62c9b3fb..52221c11 100644 --- a/tests/unittests/config/test_cc_ntp.py +++ b/tests/unittests/config/test_cc_ntp.py @@ -830,6 +830,17 @@ class TestNTPSchema: "ntp.pools: 123 is not of type 'array'.*" "ntp.servers: 'non-array' is not of type 'array'", ), + ( + { + "ntp": { + "peers": [123], + "allow": ["www.example.com", None], + } + }, + "Cloud config schema errors: " + "ntp.allow.1: None is not of type 'string',*" + ", ntp.peers.0: 123 is not of type 'string'", + ), ), ) @skipUnlessJsonSchema() diff --git a/tools/.github-cla-signers b/tools/.github-cla-signers index ab8a9283..b4a9326e 100644 --- a/tools/.github-cla-signers +++ b/tools/.github-cla-signers @@ -61,6 +61,7 @@ ITJamie ixjhuang izzyleung j5awry +jacobsalmela jamesottinger Jehops jf |