From 3c33359d0c9700a1c80f1a222fe5f43642cd4fde Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sun, 17 Jan 2021 09:44:41 +0100 Subject: ntp: T2185: store configuration in volatile /run area --- data/templates/ntp/ntp.conf.tmpl | 39 ----------------------------------- data/templates/ntp/ntpd.conf.tmpl | 39 +++++++++++++++++++++++++++++++++++ data/templates/ntp/override.conf.tmpl | 5 ++++- 3 files changed, 43 insertions(+), 40 deletions(-) delete mode 100644 data/templates/ntp/ntp.conf.tmpl create mode 100644 data/templates/ntp/ntpd.conf.tmpl (limited to 'data/templates/ntp') diff --git a/data/templates/ntp/ntp.conf.tmpl b/data/templates/ntp/ntp.conf.tmpl deleted file mode 100644 index 2b56b53c3..000000000 --- a/data/templates/ntp/ntp.conf.tmpl +++ /dev/null @@ -1,39 +0,0 @@ -### Autogenerated by ntp.py ### - -# -# Non-configurable defaults -# -driftfile /var/lib/ntp/ntp.drift -# By default, only allow ntpd to query time sources, ignore any incoming requests -restrict default noquery nopeer notrap nomodify -# Local users have unrestricted access, allowing reconfiguration via ntpdc -restrict 127.0.0.1 -restrict -6 ::1 - -# -# Configurable section -# -{% if server is defined and server is not none %} -{% for server, config in server.items() %} -{% set association = 'server' %} -{% if config.pool is defined %} -{% set association = 'pool' %} -{% endif %} -{{ association }} {{ server | replace('_', '-') }} iburst {{ 'noselect' if config.noselect is defined }} {{ 'preempt' if config.preempt is defined }} {{ 'prefer' if config.prefer is defined }} -{% endfor %} -{% endif %} - -{% if allow_clients is defined and allow_clients.address is defined %} -# Allowed clients configuration -{% for address in allow_clients.address %} -restrict {{ address|address_from_cidr }} mask {{ address|netmask_from_cidr }} nomodify notrap nopeer -{% endfor %} -{% endif %} - -{% if listen_address %} -# NTP should listen on configured addresses only -interface ignore wildcard -{% for address in listen_address %} -interface listen {{ address }} -{% endfor %} -{% endif %} diff --git a/data/templates/ntp/ntpd.conf.tmpl b/data/templates/ntp/ntpd.conf.tmpl new file mode 100644 index 000000000..2b56b53c3 --- /dev/null +++ b/data/templates/ntp/ntpd.conf.tmpl @@ -0,0 +1,39 @@ +### Autogenerated by ntp.py ### + +# +# Non-configurable defaults +# +driftfile /var/lib/ntp/ntp.drift +# By default, only allow ntpd to query time sources, ignore any incoming requests +restrict default noquery nopeer notrap nomodify +# Local users have unrestricted access, allowing reconfiguration via ntpdc +restrict 127.0.0.1 +restrict -6 ::1 + +# +# Configurable section +# +{% if server is defined and server is not none %} +{% for server, config in server.items() %} +{% set association = 'server' %} +{% if config.pool is defined %} +{% set association = 'pool' %} +{% endif %} +{{ association }} {{ server | replace('_', '-') }} iburst {{ 'noselect' if config.noselect is defined }} {{ 'preempt' if config.preempt is defined }} {{ 'prefer' if config.prefer is defined }} +{% endfor %} +{% endif %} + +{% if allow_clients is defined and allow_clients.address is defined %} +# Allowed clients configuration +{% for address in allow_clients.address %} +restrict {{ address|address_from_cidr }} mask {{ address|netmask_from_cidr }} nomodify notrap nopeer +{% endfor %} +{% endif %} + +{% if listen_address %} +# NTP should listen on configured addresses only +interface ignore wildcard +{% for address in listen_address %} +interface listen {{ address }} +{% endfor %} +{% endif %} diff --git a/data/templates/ntp/override.conf.tmpl b/data/templates/ntp/override.conf.tmpl index e0b947686..28eb61b21 100644 --- a/data/templates/ntp/override.conf.tmpl +++ b/data/templates/ntp/override.conf.tmpl @@ -1,11 +1,14 @@ {% set vrf_command = 'ip vrf exec ' + vrf + ' ' if vrf is defined else '' %} [Unit] StartLimitIntervalSec=0 +ConditionPathExists={{config_file}} After=vyos-router.service [Service] ExecStart= -ExecStart={{vrf_command}}/usr/lib/ntp/ntp-systemd-wrapper +ExecStart={{vrf_command}}/usr/sbin/ntpd -g -p {{config_file | replace('.conf', '.pid') }} -c {{config_file}} -u ntp:ntp +PIDFile= +PIDFile={{config_file | replace('.conf', '.pid') }} Restart=always RestartSec=10 -- cgit v1.2.3