c12s-kubespray/roles/kubernetes/preinstall/templates/ntp.conf.j2

# {{ ansible_managed }}

# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help

driftfile {{ ntp_driftfile }}

{% if ntp_tinker_panic is sameas true %}
# Always reset the clock, even if the new time is more than 1000s away
# from the current system time. Usefull for VMs that can be paused
# and much later resumed.
tinker panic 0
{% endif %}

# Specify one or more NTP servers.
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
{% for item in ntp_servers %}
pool {{ item }}
{% endfor %}

# Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for
# details.  The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions>
# might also be helpful.
#
# Note that "restrict" applies to both servers and clients, so a configuration
# that might be intended to block requests from certain clients could also end
# up blocking replies from your own upstream servers.

# By default, exchange time with everybody, but don't allow configuration.
restrict -4 default kod notrap nomodify nopeer noquery limited
restrict -6 default kod notrap nomodify nopeer noquery limited

# Local users may interrogate the ntp server more closely.
{% for item in ntp_restrict %}
restrict {{ item }}
{% endfor %}

# Needed for adding pool entries
restrict source notrap nomodify noquery

# Disable the monitoring facility to prevent amplification attacks using ntpdc
# monlist command when default restrict does not include the noquery flag. See
# CVE-2013-5211 for more details.
# Note: Monitoring will not be disabled with the limited restriction flag.
disable monitor
add-managed-ntp-support (#9027) 2022-06-28 20:15:34 +00:00			`# {{ ansible_managed }}`

			`# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help`

			`driftfile {{ ntp_driftfile }}`

			`{% if ntp_tinker_panic is sameas true %}`
			`# Always reset the clock, even if the new time is more than 1000s away`
			`# from the current system time. Usefull for VMs that can be paused`
			`# and much later resumed.`
			`tinker panic 0`
			`{% endif %}`

			`# Specify one or more NTP servers.`
			`# Use public servers from the pool.ntp.org project.`
			`# Please consider joining the pool (http://www.pool.ntp.org/join.html).`
			`{% for item in ntp_servers %}`
			`pool {{ item }}`
			`{% endfor %}`

			`# Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for`
			`# details. The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions>`
			`# might also be helpful.`
			`#`
			`# Note that "restrict" applies to both servers and clients, so a configuration`
			`# that might be intended to block requests from certain clients could also end`
			`# up blocking replies from your own upstream servers.`

			`# By default, exchange time with everybody, but don't allow configuration.`
			`restrict -4 default kod notrap nomodify nopeer noquery limited`
			`restrict -6 default kod notrap nomodify nopeer noquery limited`

			`# Local users may interrogate the ntp server more closely.`
			`{% for item in ntp_restrict %}`
			`restrict {{ item }}`
			`{% endfor %}`

			`# Needed for adding pool entries`
			`restrict source notrap nomodify noquery`

			`# Disable the monitoring facility to prevent amplification attacks using ntpdc`
			`# monlist command when default restrict does not include the noquery flag. See`
			`# CVE-2013-5211 for more details.`
			`# Note: Monitoring will not be disabled with the limited restriction flag.`
			`disable monitor`