[ntp] On utilise ntp pour squeeze + corrections pour openntpd

openntpd n'est pas dans squeeze ... darcs-hash:20110208180615-ddb99-6ac6661cb6b127040559b21f768d2f0124dadd8c.gz
2011-02-08 19:06:15 +01:00 · 2011-02-08 19:06:15 +01:00 · 753328d81c
commit 753328d81c
parent d771874e62
6 changed files with 95 additions and 3 deletions
--- a/Bundler/ntp.xml
+++ b/Bundler/ntp.xml
@ -0,0 +1,6 @@
+<Bundle name="ntp">
+  <ConfigFile name="/etc/default/ntp"/>
+  <ConfigFile name="/etc/ntp.conf"/>
+  <Package name="ntp"/>
+  <Service name="ntp"/>
+</Bundle>
--- a/Cfg/etc/default/ntp/info.xml
+++ b/Cfg/etc/default/ntp/info.xml
@ -0,0 +1,3 @@
+<FileInfo>
+    <Info owner='root' group='root' perms='0644'/>
+</FileInfo>
--- a/Cfg/etc/default/ntp/ntp
+++ b/Cfg/etc/default/ntp/ntp
@ -0,0 +1 @@
+NTPD_OPTS='-g -x'
--- a/Metadata/groups.xml
+++ b/Metadata/groups.xml
@ -393,7 +393,6 @@
    <Bundle name="logcheck"/>
    <Bundle name="nss"/>
    <Bundle name="monit"/>
-    <Bundle name="openntpd"/>
    <Bundle name="scripts"/>
  </Group>

@ -401,6 +400,7 @@
     comment="profile minimal pour etch">
    <Group name="crans-common"/>
    <Group name="etch"/>
+    <Group name="openntpd"/>
  </Group>

  <Group name="crans-lenny" profile="true" public="true"
@ -408,6 +408,7 @@
    <Group name="crans-common"/>
    <Group name="lenny"/>
    <Group name="nss-ldapd"/>
+    <Group name="openntpd"/>
  </Group>

  <Group name="crans-squeeze" profile="true" public="true"
@ -415,6 +416,7 @@
    <Group name="crans-common"/>
    <Group name="squeeze"/>
    <Group name="nss-ldapd"/>
+    <Group name="ntp"/>
  </Group>

  <Group name="crans-dom0" public="true"
@ -452,7 +454,7 @@

    <Bundle name="apt"/>
    <Bundle name="apt-keys"/>
-    <Bundle name="openntpd"/>
+    <Bundle name="ntp"/>
  </Group>

  <!-- +=============================+ -->
@ -837,6 +839,16 @@
    <Group name="home-permanent"/>
  </Group>

+  <Group name="ntp"
+     comment="Client NTP">
+     <Bundle name="ntp"/>
+  </Group>
+
+  <Group name="openntpd"
+     comment="Client OpenNTPd">
+     <Bundle name="openntpd"/>
+  </Group>
+
  <!-- +===================================================+ -->
  <!-- | Configuration des backends utilises en production | -->
  <!-- +===================================================+ -->
--- a/Python/etc/monit/services
+++ b/Python/etc/monit/services
@ -69,7 +69,7 @@ service("cups",
        init="cupsys",
        pidf="cups/cupsd")

-service("crans-common",
+service("openntpd",
        name="openntpd",
        pidf="openntpd/ntpd")

@ -112,6 +112,8 @@ service("nscd",
        pidf="nscd/nscd",
        extra=["if failed unixsocket /var/run/nscd/socket then restart"])

+service("ntp", pidf="ntpd")
+
 service("openvpn-ovh",
        pidf="openvpn.ovh",
        init="openvpn")
--- a/Python/etc/ntp.conf
+++ b/Python/etc/ntp.conf
@ -0,0 +1,68 @@
+@# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help
+@
+@driftfile /var/lib/ntp/ntp.drift
+@
+@
+@# Enable this if you want statistics to be logged.
+@#statsdir /var/log/ntpstats/
+@
+@statistics loopstats peerstats clockstats
+@filegen loopstats file loopstats type day enable
+@filegen peerstats file peerstats type day enable
+@filegen clockstats file clockstats type day enable
+@
+@
+
+if has("ntp-server"):
+    @# You do need to talk to an NTP server or two (or three).
+    @#server ntp.crans.org
+    @
+    @# pool.ntp.org maps to about 1000 low-stratum NTP servers.  Your server will
+    @# pick a different set every time it starts up.  Please consider joining the
+    @# pool: <http://www.pool.ntp.org/join.html>
+    @server 0.debian.pool.ntp.org iburst
+    @server 1.debian.pool.ntp.org iburst
+    @server 2.debian.pool.ntp.org iburst
+    @server 3.debian.pool.ntp.org iburst
+else:
+    @# You do need to talk to an NTP server or two (or three).
+    @server ntp.crans.org
+    @
+    @# pool.ntp.org maps to about 1000 low-stratum NTP servers.  Your server will
+    @# pick a different set every time it starts up.  Please consider joining the
+    @# pool: <http://www.pool.ntp.org/join.html>
+    @#server 0.debian.pool.ntp.org iburst
+    @#server 1.debian.pool.ntp.org iburst
+    @#server 2.debian.pool.ntp.org iburst
+    @#server 3.debian.pool.ntp.org iburst
+@
+@
+@# Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for
+@# details.  The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions>
+@# might also be helpful.
+@#
+@# Note that "restrict" applies to both servers and clients, so a configuration
+@# that might be intended to block requests from certain clients could also end
+@# up blocking replies from your own upstream servers.
+@
+@# By default, exchange time with everybody, but don't allow configuration.
+@restrict -4 default kod notrap nomodify nopeer noquery
+@restrict -6 default kod notrap nomodify nopeer noquery
+@
+@# Local users may interrogate the ntp server more closely.
+@restrict 127.0.0.1
+@restrict ::1
+@
+@# Clients from this (example!) subnet have unlimited access, but only if
+@# cryptographically authenticated.
+@#restrict 192.168.123.0 mask 255.255.255.0 notrust
+@
+@
+@# If you want to provide time to your local subnet, change the next line.
+@# (Again, the address is an example only.)
+@#broadcast 192.168.123.255
+@
+@# If you want to listen to time broadcasts on your local subnet, de-comment the
+@# next lines.  Please do this only if you trust everybody on the network!
+@#disable auth
+@#broadcastclient