diff options
| author | Alex Harpin <development@landsofshadow.co.uk> | 2015-02-26 22:50:05 +0000 |
|---|---|---|
| committer | Alex Harpin <development@landsofshadow.co.uk> | 2015-02-26 22:50:05 +0000 |
| commit | b9e07101d6347c0359fc68eac62e049acdfdbb78 (patch) | |
| tree | 1829823bf808c85df9d3eae49d910f5f55ff3196 /scripts | |
| parent | 2bea0c31e1469bc5ac1b20fdb16598b6e0d11699 (diff) | |
| download | vyatta-cfg-system-b9e07101d6347c0359fc68eac62e049acdfdbb78.tar.gz vyatta-cfg-system-b9e07101d6347c0359fc68eac62e049acdfdbb78.zip | |
vyatta-cfg-system: redesign the layout and updating of ntp
When NTP is configured on the system, it not only acts as a client
for the configured servers, but also as a server. Although the server
is only available as a time source, it still represents a service that
the user hasn't specifically enabled.
This commit sets the default configuration of NTP to disallow all
external access, so the system acts purely as a client by default, and
also introduces the ability to configure which addresses / subnets are
allowed to both query and use it as a time source. If the servers
configured are specified as host names, these are resolved to IP
addresses before being added to ntp.conf, with the same process carried
out after name server changes.
syntax 'set system ntp client address'
Bug #94 http://bugzilla.vyos.net/show_bug.cgi?id=94
Diffstat (limited to 'scripts')
| -rwxr-xr-x | scripts/system/vyatta_update_ntp.pl | 75 | ||||
| -rwxr-xr-x | scripts/system/vyatta_update_resolv.pl | 7 | ||||
| -rwxr-xr-x | scripts/vyatta-system-nameservers | 1 |
3 files changed, 69 insertions, 14 deletions
diff --git a/scripts/system/vyatta_update_ntp.pl b/scripts/system/vyatta_update_ntp.pl index a162f858..118cfc18 100755 --- a/scripts/system/vyatta_update_ntp.pl +++ b/scripts/system/vyatta_update_ntp.pl @@ -21,27 +21,78 @@ use strict; use lib "/opt/vyatta/share/perl5"; use Vyatta::Config; +use NetAddr::IP; die "$0 expects no arguments\n" if (@ARGV); -# Weed existing servers from config -print grep {! /^server/ } <STDIN>; +sub ntp_format { + my ($cidr) = @_; + my $ip = NetAddr::IP->new($cidr); + die "$cidr: not a valid IP address" unless $ip; -my $cfg = new Vyatta::Config; -$cfg->setLevel("system ntp"); - -foreach my $server ($cfg->listNodes("server")) { - print "server $server iburst"; - for my $property (qw(dynamic noselect preempt prefer)) { - print " $property" if ($cfg->exists("server $server $property")); + my $address = $ip->addr(); + my $mask = $ip->mask(); + + if ($mask eq '255.255.255.255') { + if ($ip->version() == 6) { + return "-6 $address"; + } else { + return "$address"; + } + } else { + if ($ip->version() == 6) { + return "-6 $address mask $mask"; + } else { + return "$address mask $mask"; + } } - print "\n"; } -exit 0; +my @ntp; +if (-e '/etc/ntp.conf') { + open (my $file, '<', '/etc/ntp.conf') + or die("$0: Error! Unable to open '/etc/ntp.conf' for input: $!\n"); + @ntp = <$file>; + close ($file); +} +open (my $output, '>', '/etc/ntp.conf') + or die("$0: Error! Unable to open '/etc/ntp.conf' for output: $!\n"); + +my $cfg = new Vyatta::Config; +$cfg->setLevel("system ntp"); +foreach my $line (@ntp) { + if ($line =~ /^# VyOS CLI configuration options/) { + print $output $line; + print $output "\n"; + last; + } else { + print $output $line; + } +} +if ($cfg->exists("server")) { + print $output "# Servers\n\n"; + foreach my $server ($cfg->listNodes("server")) { + my $server_addr = ntp_format($server); + print $output "server $server_addr iburst"; + for my $property (qw(dynamic noselect preempt prefer)) { + print $output " $property" if ($cfg->exists("server $server $property")); + } + print $output "\nrestrict $server_addr nomodify notrap nopeer noquery\n"; + } + print $output "\n"; +} +if ($cfg->exists("client")) { + print $output "# Clients\n\n"; + my @clients = $cfg->returnValues("client address"); + foreach my $client (@clients) { + my $address = ntp_format($client); + print $output "restrict $address nomodify notrap nopeer\n"; + } + print $output "\n"; +} - +exit 0; diff --git a/scripts/system/vyatta_update_resolv.pl b/scripts/system/vyatta_update_resolv.pl index 0dfa4bec..5de1f789 100755 --- a/scripts/system/vyatta_update_resolv.pl +++ b/scripts/system/vyatta_update_resolv.pl @@ -227,8 +227,11 @@ if (($dhclient_script == 1) || ($config_mode == 1)) { } if ($restart_ntp == 1) { # this corresponds to what is done in name-server/node.def as a fix for bug 1300 - my $cmd_ntp_restart = "if [ -f /etc/ntp.conf ] && grep -q '^server' /etc/ntp.conf; then /usr/sbin/invoke-rc.d ntp restart >&/dev/null; fi &"; - system($cmd_ntp_restart); + if ($vc->exists("system ntp server") || $vc->existsOrig("system ntp server")) { + system("sudo /opt/vyatta/sbin/vyatta_update_ntp.pl"); + my $cmd_ntp_restart = "if [ -f /etc/ntp.conf ] && grep -q '^server' /etc/ntp.conf; then /usr/sbin/invoke-rc.d ntp restart >&/dev/null; fi &"; + system($cmd_ntp_restart); + } } } diff --git a/scripts/vyatta-system-nameservers b/scripts/vyatta-system-nameservers index 7b66cf77..99019fd1 100755 --- a/scripts/vyatta-system-nameservers +++ b/scripts/vyatta-system-nameservers @@ -39,6 +39,7 @@ restart_dnsmasq () { restart_ntp () { # restart ntp if ntp is configured if [ -f /etc/ntp.conf ] && grep -q "^server" /etc/ntp.conf; then + sudo /opt/vyatta/sbin/vyatta_update_ntp.pl /usr/sbin/invoke-rc.d ntp restart >&/dev/null fi } |