kubespray/roles/kubernetes/preinstall/templates/ntp.conf.j2

53 lines
1.8 KiB
Django/Jinja

# {{ ansible_managed }}
# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help
driftfile {{ ntp_driftfile }}
{% if ntp_tinker_panic is sameas true %}
# Always reset the clock, even if the new time is more than 1000s away
# from the current system time. Useful for VMs that can be paused
# and much later resumed.
tinker panic 0
{% endif %}
# Specify one or more NTP servers.
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
{% for item in ntp_servers %}
pool {{ item }}
{% endfor %}
# Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for
# details. The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions>
# might also be helpful.
#
# Note that "restrict" applies to both servers and clients, so a configuration
# that might be intended to block requests from certain clients could also end
# up blocking replies from your own upstream servers.
# By default, exchange time with everybody, but don't allow configuration.
restrict -4 default kod notrap nomodify nopeer noquery limited
restrict -6 default kod notrap nomodify nopeer noquery limited
# Local users may interrogate the ntp server more closely.
{% for item in ntp_restrict %}
restrict {{ item }}
{% endfor %}
# Needed for filtering interfaces
{% if ntp_filter_interface %}
{% for item in ntp_interfaces %}
interface {{ item }}
{% endfor %}
{% endif %}
# Needed for adding pool entries
restrict source notrap nomodify noquery
# Disable the monitoring facility to prevent amplification attacks using ntpdc
# monlist command when default restrict does not include the noquery flag. See
# CVE-2013-5211 for more details.
# Note: Monitoring will not be disabled with the limited restriction flag.
disable monitor