kosmos/chef
kosmos/chef
8
3
Fork 0
Code Issues 30 Pull Requests 3 Projects 2 Activity
chef/cookbooks/ntp/metadata.json
Greg Karékinian 7da2c5a738 Add ntp cookbook
2017-06-09 21:23:42 +02:00

1 line
13 KiB
JSON
Raw Blame History

{"name":"ntp","version":"3.4.0","description":"Installs and configures ntp as a client or server","long_description":"# NTP Cookbook\n\n[![Build Status](https://travis-ci.org/chef-cookbooks/ntp.svg?branch=master)](http://travis-ci.org/chef-cookbooks/ntp) [![Cookbook Version](https://img.shields.io/cookbook/v/ntp.svg)](https://supermarket.chef.io/cookbooks/ntp)\n\nInstalls and configures ntp. On Windows systems it uses the Meinberg port of the standard NTPd client to Windows.\n\n## Requirements\n\n### Platforms\n\n- Debian-family Linux Distributions\n- RedHat-family Linux Distributions\n- Fedora\n- Gentoo Linux\n- openSUSE\n- FreeBSD\n- Windows 2008 R2+\n- Mac OS X 10.11+\n\n### Chef\n\n- Chef 12.1+\n\n### Cookbooks\n\n- none\n\n## Attributes\n\n### Recommended tunables\n\n- `ntp['servers']` - (applies to NTP Servers and Clients)\n\n - Array, should be a list of upstream NTP servers that will be considered authoritative by the local NTP daemon. The local NTP daemon will act as a client, adjusting local time to match time data retrieved from the upstream NTP servers.\n\n The NTP protocol works best with at least 4 servers. The ntp daemon will disregard any server after the 10th listed, but will continue monitoring all listed servers. For more information, see [Upstream Server Time Quantity](http://support.ntp.org/bin/view/Support/SelectingOffsiteNTPServers#Section_5.3.3.) at [support.ntp.org](http://support.ntp.org).\n\n- `ntp['peers']` - (applies to NTP Servers ONLY)\n\n - Array, should be a list of local NTP peers. For more information, see [Designing Your NTP Network](http://support.ntp.org/bin/view/Support/DesigningYourNTPNetwork) at [support.ntp.org](http://support.ntp.org).\n\n- `ntp['restrictions']` - (applies to NTP Servers only)\n\n - Array, should be a list of restrict lines to define access to NTP clients on your LAN.\n\n- `ntp['sync_clock']` (applies to NTP Servers and Clients)\n\n - Boolean. Defaults to false. Forces the ntp daemon to be halted, an ntp -q command to be issued, and the ntp daemon to be restarted again on every Chef-client run. Will have no effect if drift is over 1000 seconds.\n\n- `ntp['sync_hw_clock']` (applies to NTP Servers and Clients)\n\n - Boolean. Defaults to false. On *nix-based systems, forces the 'hwclock --systohc' command to be issued on every Chef-client run. This will sync the hardware clock to the system clock.\n - Not available on Windows.\n\n- `ntp['restrict_default']`\n\n - String. Defaults to 'kod notrap nomodify nopeer noquery'. Set to 'ignore' to [further lock down access](http://support.ntp.org/bin/view/Support/AccessRestrictions#Section_6.5.1.1.2.).\n\n- `ntp[\"listen_network\"]` / `ntp[\"listen\"]`\n\n - String, optional attribute. Default is for NTP to listen on all addresses.\n - `ntp[\"listen_network\"]` should be set to 'primary' to listen on the node's primary IP address as determined by ohai, or set to a CIDR (eg: '192.168.4.0/24') to listen on the last node address on that CIDR.\n - `ntp[\"listen\"]` can be set to a specific address (eg: '192.168.4.10') instead of `ntp[\"listen_network\"]` to force listening on a specific address.\n - If both `ntp[\"listen\"]` and `ntp[\"listen_network\"]` are set then `ntp[\"listen\"]` will always win.\n\n- `ntp[\"ignore\"]`\n\n - Array, interface names to ignore from listening. Can be used to disable listening wildcard interfaces (eg: ['wildcard', '::1']), can be combined with `ntp[\"listen\"]`\n\n- `ntp[\"statistics\"]`\n\n - Boolean. Default to true. Enable/disable statistics data logging into `ntp['statsdir']`.\n - Not available on Windows.\n\n- `ntp['conf_restart_immediate']`\n\n - Boolean. Defaults to false. Restarts NTP service immediately after a config update if true. Otherwise it is a delayed restart.\n\n- `ntp['peer']['disable_tinker_panic_on_virtualization_guest']` (applies to virtualized hosts only)\n\n - Boolean. Defaults to true. Sets tinker panic to 0\\. NTP default it 1000\\. (See <http://www.vmware.com/vmtn/resources/238> p. 23 for explanation on disabling panic) (Note: this overrides `ntp['tinker']['panic']` attribute)\n\n- `ntp['peer']['use_iburst']` (applies to NTP Servers ONLY)\n\n - Boolean. Defaults to true. Enables iburst in peer declaration.\n\n- `ntp['peer']['use_burst']` (applies to NTP Servers ONLY)\n\n - Boolean. Defaults to false. Enables burst in peer declaration.\n\n- `ntp['peer']['minpoll']` (applies to NTP Servers ONLY)\n\n - Boolean. Defaults to 6 (ntp default). Specify the minimum poll intervals for NTP messages, in seconds to the power of two.\n\n- `ntp['peer']['maxpoll']` (applies to NTP Servers ONLY)\n\n - Boolean. Defaults to 10 (ntp default). Specify the maximum poll intervals for NTP messages, in seconds to the power of two.\n\n- `ntp['server']['prefer']` (applies to NTP Servers and Clients)\n\n - String. Defaults to emtpy string. The server from `ntp['servers']` to prefer getting the time from.\n\n- `ntp['server']['use_iburst']` (applies to NTP Servers and Clients)\n\n - Boolean. Defaults to true. Enables iburst in server declaration.\n\n- `ntp['server']['use_burst']` (applies to NTP Servers and Clients)\n\n - Boolean. Defaults to false. Enables burst in server declaration.\n\n- `ntp['server']['minpoll']` (applies to NTP Servers and Clients)\n\n - Boolean. Defaults to 6 (ntp default). Specify the minimum poll intervals for NTP messages, in seconds to the power of two.\n\n- `ntp['server']['maxpoll']` (applies to NTP Servers and Clients)\n\n - Boolean. Defaults to 10 (ntp default). Specify the maximum poll intervals for NTP messages, in seconds to the power of two.\n\n- `ntp['tinker']['allan']`\n\n - Number. Defaults to 1500 (ntp default). Spedifies the Allan intercept, which is a parameter of the PLL/FLL clock discipline algorithm, in seconds.\n\n- `ntp['tinker']['dispersion']`\n\n - Number. Defaults to 15 (ntp default). Specifies the dispersion increase rate in parts-per-million (PPM).\n\n- `ntp['tinker']['panic']`\n\n - Number. Defaults to 1000 (ntp default). Spedifies the panic threshold in seconds. If set to zero, the panic sanity check is disabled and a clock offset of any value will be accepted.\n\n- `ntp['tinker']['step']`\n\n - Number. Defaults to 0.128 (ntp default). Spedifies the step threshold in seconds. If set to zero, step adjustments will never occur. Note: The kernel time discipline is disabled if the step threshold is set to zero or greater than 0.5 s.\n\n- `ntp['tinker']['stepout']`\n\n - Number. Defaults to 900 (ntp default). Specifies the stepout threshold in seconds. If set to zero, popcorn spikes will not be suppressed.\n\n- `ntp['localhost']['noquery']` (applies to NTP Servers and Clients)\n\n - Boolean. Defaults to false. Set to true if using ntp < 4.2.8 or any unpatched ntp version to mitigate CVE-2014-9293 / CVE-2014-9294 / CVE-2014-9295\n\n- `ntp['orphan']['enabled']`\n\n - Boolean, enables orphan mode if set to true\n\n- `ntp['orphan']['stratum']`\n\n - Number. Defaults to 5, recommended value for stratum is 2 more than the worst-case externally-reachable source of time\n\n### Automatically Set Attributes\n\nThese attributes are set based on platform / system information provided by Ohai\n\n- `ntp['packages']`\n\n - Array, the packages to install\n - Default, ntp for everything, ntpdate depending on platform. Not applicable for\n - Windows nodes\n\n- `ntp['service']`\n\n - String, the service to act on\n - Default, ntp, NTP, or ntpd, depending on platform\n\n- `ntp['varlibdir']`\n\n - String, the path to /var/lib files such as the driftfile.\n - Default, platform-specific location. Not applicable for Windows nodes\n\n- `ntp['driftfile']`\n\n - String, the path to the frequency file.\n - Default, platform-specific location.\n\n- `ntp['conffile']`\n\n - String, the path to the ntp configuration file.\n - Default, platform-specific location.\n\n- `ntp['statsdir']`\n\n - String, the directory path for files created by the statistics facility.\n - Default, platform-specific location. Not applicable for Windows nodes\n\n- `ntp['conf_owner'] and ntp['conf_group']`\n\n - String, the owner and group of the sysconf directory files, such as /etc/ntp.conf.\n - Default, platform-specific root:root or root:wheel.\n\n- `ntp['var_owner'] and ntp['var_group']`\n\n - String, the owner and group of the /var/lib directory files, such as /var/lib/ntp.\n - Default, platform-specific ntp:ntp or root:wheel. Not applicable for Windows nodes\n\n- `ntp['leapfile']`\n\n - String, the path to the ntp leapfile.\n - Default, /etc/ntp.leapseconds.\n\n- `ntp['package_url']`\n\n - String, the URL to the the Meinberg NTPd client installation package.\n - Default, Meinberg site download URL\n - Windows platform only\n\n- `ntp['vs_runtime_url']`\n\n - String, the URL to the the Visual Studio C++ 2008 runtime libraries that are required for the Meinberg NTP client.\n - Default, Microsoft site download URL\n - Windows platform only\n\n- `ntp['vs_runtime_productname']`\n\n - String, the installation name of the Visual Studio C++ Runtimes file.\n - Default, \"Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022\"\n - Windows platform only\n\n- `ntp['sync_hw_clock']`\n\n - Boolean, determines if the ntpdate command is issued to sync the hardware clock\n - Default, false\n - Not applicable for Windows nodes\n\n- `ntp['apparmor_enabled']`\n\n - Boolean, enables configuration of apparmor if set to true\n - Defaults to false and will make no provisions for apparmor.\n - If a platform has apparmor enabled (currently Ubuntu) default will become true.\n\n- `ntp['use_cmos']`\n\n - Boolean, uses a high stratum undisciplined clock for machines with real CMOS clock.\n - Defaults to true unless a platform appears to be virtualized according to Ohai.\n\n## Usage\n\n### default recipe\n\nSet up the ntp attributes in a role. For example in a base.rb role applied to all nodes:\n\n```ruby\nname 'base'\ndescription 'Role applied to all systems'\ndefault_attributes(\n 'ntp' => {\n 'servers' => ['time0.int.example.org', 'time1.int.example.org']\n }\n)\n```\n\nThen in an ntpserver.rb role that is applied to NTP servers (e.g., time.int.example.org):\n\n```ruby\nname 'ntp_server'\ndescription 'Role applied to the system that should be an NTP server.'\ndefault_attributes(\n 'ntp' => {\n 'servers' => ['0.pool.ntp.org', '1.pool.ntp.org'],\n 'peers' => ['time0.int.example.org', 'time1.int.example.org'],\n 'restrictions' => ['10.0.0.0 mask 255.0.0.0 nomodify notrap']\n }\n)\n```\n\nThe timeX.int.example.org used in these roles should be the names or IP addresses of internal NTP servers. Then simply add ntp, or `ntp::default` to your run_list to apply the ntp daemon's configuration.\n\n### windows_client recipe\n\nWindows only. Apply on a Windows host to install the Meinberg NTPd client.\n\n### mac_os_x_client recipe\n\nMac OS X only. Apply on a Mac OS X host to configure NTP.\n\n## License & Authors\n\n- Author:: Joshua Timberman ([joshua@chef.io](mailto:joshua@chef.io))\n- Contributor:: Eric G. Wolfe ([wolfe21@marshall.edu](mailto:wolfe21@marshall.edu))\n- Contributor:: Fletcher Nichol ([fletcher@nichol.ca](mailto:fletcher@nichol.ca))\n- Contributor:: Tim Smith ([tsmith@chef.io](mailto:tsmith@chef.io))\n- Contributor:: Charles Johnson ([charles@chef.io](mailto:charles@chef.io))\n- Contributor:: Brad Knowles ([bknowles@momentumsi.com](mailto:bknowles@momentumsi.com))\n\n```text\nCopyright 2009-2016, Chef Software, Inc.\nCopyright 2012, Eric G. Wolfe\nCopyright 2012, Fletcher Nichol\nCopyright 2012, Webtrends, Inc.\nCopyright 2013, Limelight Networks, Inc.\nCopyright 2013, Brad Knowles\nCopyright 2013, Brad Beam\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n```\n","maintainer":"Chef Software, Inc.","maintainer_email":"cookbooks@chef.io","license":"Apache-2.0","platforms":{"amazon":">= 0.0.0","centos":">= 0.0.0","debian":">= 0.0.0","fedora":">= 0.0.0","freebsd":">= 0.0.0","gentoo":">= 0.0.0","redhat":">= 0.0.0","scientific":">= 0.0.0","solaris2":">= 0.0.0","oracle":">= 0.0.0","ubuntu":">= 0.0.0","windows":">= 0.0.0","mac_os_x":">= 0.0.0"},"dependencies":{},"recommendations":{},"suggestions":{},"conflicting":{},"providing":{},"replacing":{},"attributes":{},"groupings":{},"recipes":{"ntp":"Installs and configures ntp either as a server or client"},"source_url":"https://github.com/chef-cookbooks/ntp","issues_url":"https://github.com/chef-cookbooks/ntp/issues","chef_version":[[">= 12.1"]],"ohai_version":[]}
Reference in New Issue View Git Blame Copy Permalink