diff options
| -rwxr-xr-x | scripts/system/vyatta_update_ntp.pl | 75 | ||||
| -rwxr-xr-x | scripts/system/vyatta_update_resolv.pl | 7 | ||||
| -rwxr-xr-x | scripts/vyatta-system-nameservers | 1 | ||||
| -rw-r--r-- | sysconf/ntp.conf | 22 | ||||
| -rw-r--r-- | templates/system/ntp/client/address/node.def | 6 | ||||
| -rw-r--r-- | templates/system/ntp/client/node.def | 1 | ||||
| -rw-r--r-- | templates/system/ntp/node.def | 4 |
7 files changed, 88 insertions, 28 deletions
diff --git a/scripts/system/vyatta_update_ntp.pl b/scripts/system/vyatta_update_ntp.pl index a162f858..118cfc18 100755 --- a/scripts/system/vyatta_update_ntp.pl +++ b/scripts/system/vyatta_update_ntp.pl @@ -21,27 +21,78 @@ use strict; use lib "/opt/vyatta/share/perl5"; use Vyatta::Config; +use NetAddr::IP; die "$0 expects no arguments\n" if (@ARGV); -# Weed existing servers from config -print grep {! /^server/ } <STDIN>; +sub ntp_format { + my ($cidr) = @_; + my $ip = NetAddr::IP->new($cidr); + die "$cidr: not a valid IP address" unless $ip; -my $cfg = new Vyatta::Config; -$cfg->setLevel("system ntp"); - -foreach my $server ($cfg->listNodes("server")) { - print "server $server iburst"; - for my $property (qw(dynamic noselect preempt prefer)) { - print " $property" if ($cfg->exists("server $server $property")); + my $address = $ip->addr(); + my $mask = $ip->mask(); + + if ($mask eq '255.255.255.255') { + if ($ip->version() == 6) { + return "-6 $address"; + } else { + return "$address"; + } + } else { + if ($ip->version() == 6) { + return "-6 $address mask $mask"; + } else { + return "$address mask $mask"; + } } - print "\n"; } -exit 0; +my @ntp; +if (-e '/etc/ntp.conf') { + open (my $file, '<', '/etc/ntp.conf') + or die("$0: Error! Unable to open '/etc/ntp.conf' for input: $!\n"); + @ntp = <$file>; + close ($file); +} +open (my $output, '>', '/etc/ntp.conf') + or die("$0: Error! Unable to open '/etc/ntp.conf' for output: $!\n"); + +my $cfg = new Vyatta::Config; +$cfg->setLevel("system ntp"); +foreach my $line (@ntp) { + if ($line =~ /^# VyOS CLI configuration options/) { + print $output $line; + print $output "\n"; + last; + } else { + print $output $line; + } +} +if ($cfg->exists("server")) { + print $output "# Servers\n\n"; + foreach my $server ($cfg->listNodes("server")) { + my $server_addr = ntp_format($server); + print $output "server $server_addr iburst"; + for my $property (qw(dynamic noselect preempt prefer)) { + print $output " $property" if ($cfg->exists("server $server $property")); + } + print $output "\nrestrict $server_addr nomodify notrap nopeer noquery\n"; + } + print $output "\n"; +} +if ($cfg->exists("client")) { + print $output "# Clients\n\n"; + my @clients = $cfg->returnValues("client address"); + foreach my $client (@clients) { + my $address = ntp_format($client); + print $output "restrict $address nomodify notrap nopeer\n"; + } + print $output "\n"; +} - +exit 0; diff --git a/scripts/system/vyatta_update_resolv.pl b/scripts/system/vyatta_update_resolv.pl index 0dfa4bec..5de1f789 100755 --- a/scripts/system/vyatta_update_resolv.pl +++ b/scripts/system/vyatta_update_resolv.pl @@ -227,8 +227,11 @@ if (($dhclient_script == 1) || ($config_mode == 1)) { } if ($restart_ntp == 1) { # this corresponds to what is done in name-server/node.def as a fix for bug 1300 - my $cmd_ntp_restart = "if [ -f /etc/ntp.conf ] && grep -q '^server' /etc/ntp.conf; then /usr/sbin/invoke-rc.d ntp restart >&/dev/null; fi &"; - system($cmd_ntp_restart); + if ($vc->exists("system ntp server") || $vc->existsOrig("system ntp server")) { + system("sudo /opt/vyatta/sbin/vyatta_update_ntp.pl"); + my $cmd_ntp_restart = "if [ -f /etc/ntp.conf ] && grep -q '^server' /etc/ntp.conf; then /usr/sbin/invoke-rc.d ntp restart >&/dev/null; fi &"; + system($cmd_ntp_restart); + } } } diff --git a/scripts/vyatta-system-nameservers b/scripts/vyatta-system-nameservers index 7b66cf77..99019fd1 100755 --- a/scripts/vyatta-system-nameservers +++ b/scripts/vyatta-system-nameservers @@ -39,6 +39,7 @@ restart_dnsmasq () { restart_ntp () { # restart ntp if ntp is configured if [ -f /etc/ntp.conf ] && grep -q "^server" /etc/ntp.conf; then + sudo /opt/vyatta/sbin/vyatta_update_ntp.pl /usr/sbin/invoke-rc.d ntp restart >&/dev/null fi } diff --git a/sysconf/ntp.conf b/sysconf/ntp.conf index 248cdc2d..855d5097 100644 --- a/sysconf/ntp.conf +++ b/sysconf/ntp.conf @@ -4,21 +4,21 @@ # configuration subsystem. Please do not manually edit it. # # The first section of this file consists of static parameters -# that can not be changed via the Vyatta configuration subsystem. +# (that can not be changed via the VyOS CLI) and default values +# that prevent ntpd being queried (client only mode). # driftfile /var/lib/ntp/ntp.drift -# By default, exchange time with everybody, but don't allow configuration. -restrict -4 default kod notrap nomodify nopeer noquery -restrict -6 default kod notrap nomodify nopeer noquery +# By default, only allow ntpd to query time sources, ignore any +# incoming requests. -# Local users may interrogate the ntp server more closely. -restrict 127.0.0.1 -restrict ::1 +restrict default ignore +restrict -6 default ignore -# -# The remainder of this file is for parameters that are set up via -# the Vyatta configuration subsystem. -# +# Local users have unrestricted access, allowing reconfiguration +# via ntpdc +restrict 127.0.0.1 +restrict -6 ::1 +# VyOS CLI configuration options diff --git a/templates/system/ntp/client/address/node.def b/templates/system/ntp/client/address/node.def new file mode 100644 index 00000000..a48a2b5a --- /dev/null +++ b/templates/system/ntp/client/address/node.def @@ -0,0 +1,6 @@ +multi: +type: ipv4net,ipv6net +help: IP address + +val_help: ipv4net; IP address and prefix length +val_help: ipv6net; IPv6 address and prefix length diff --git a/templates/system/ntp/client/node.def b/templates/system/ntp/client/node.def new file mode 100644 index 00000000..dd849f8f --- /dev/null +++ b/templates/system/ntp/client/node.def @@ -0,0 +1 @@ +help: Network Time Protocol (NTP) client diff --git a/templates/system/ntp/node.def b/templates/system/ntp/node.def index 7a4ddad7..38e67e05 100644 --- a/templates/system/ntp/node.def +++ b/templates/system/ntp/node.def @@ -2,8 +2,7 @@ priority: 400 help: Network Time Protocol (NTP) configuration end: - /opt/vyatta/sbin/vyatta_update_ntp.pl </etc/ntp.conf >/tmp/ntp.conf - sudo cp -b /tmp/ntp.conf /etc/ntp.conf + sudo /opt/vyatta/sbin/vyatta_update_ntp.pl if grep -q '^server' /etc/ntp.conf then if pgrep -f -u ntp /usr/sbin/ntpd > /dev/null @@ -15,4 +14,3 @@ end: else sudo /usr/sbin/invoke-rc.d ntp stop fi - rm -f /tmp/ntp.conf |