From: Peter Palfrader Date: Sun, 17 May 2015 08:27:17 +0000 (+0200) Subject: make bm-bl[26] timeservers X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=e92eea431bf48910e63f6f9ffdf3cce7b7e3a2fe;p=mirror%2Fdsa-puppet.git make bm-bl[26] timeservers --- diff --git a/modules/ntp/files/ntpkey_iff_dijkstra.pub b/modules/ntp/files/ntpkey_iff_dijkstra.pub deleted file mode 100644 index e79b74b2c..000000000 --- a/modules/ntp/files/ntpkey_iff_dijkstra.pub +++ /dev/null @@ -1,14 +0,0 @@ -# ntpkey_iffpar_dijkstra.3580366111 -# Sun Jun 16 10:08:31 2013 - -# This is the public version of this 'private' key - -# the private data has been replaced by 0x01. -# (just ask 'openssl dsa -text < foo.pub') - ------BEGIN DSA PRIVATE KEY----- -MIHkAgEAAkEA2o1sXziDsTZ5BVpRK7Y/2CTZS0tAF1jfe91y6ag6PvWjKIKwl+iC -n8IaoEk2BuJCfB8pMPDX7lnu+l6hKihXewIVAMiCXU1mEr0X5/m+1fuxpwFY76fH -AkAk7WcsxZDOIo1xNnQKLmxGJuXzdIf7Nm8omaGkPOyUeP/8GsfvgEaon7GVYptn -rJhUHe2m9dPiwQ4jg/0m/lptAkAk7WcsxZDOIo1xNnQKLmxGJuXzdIf7Nm8omaGk -POyUeP/8GsfvgEaon7GVYptnrJhUHe2m9dPiwQ4jg/0m/lptAgEB ------END DSA PRIVATE KEY----- diff --git a/modules/ntp/files/ntpkey_iff_luchesi.pub b/modules/ntp/files/ntpkey_iff_luchesi.pub deleted file mode 100644 index 253f841c3..000000000 --- a/modules/ntp/files/ntpkey_iff_luchesi.pub +++ /dev/null @@ -1,14 +0,0 @@ -# ntpkey_iffpar_luchesi.3580364530 -# Sun Jun 16 09:42:10 2013 - -# This is the public version of this 'private' key - -# the private data has been replaced by 0x01. -# (just ask 'openssl dsa -text < foo.pub') - ------BEGIN DSA PRIVATE KEY----- -MIHkAgEAAkEA/idRNPJErBEQ0bUoZwcNOAYkkiRvifcnY+jRJCmnrgM/iZcUDHyP -ybViXPWC/EZFP6dXeMsyUrGy1Zl8ggziWQIVANReUa/ez8lwC4k3OqNK9yMRIxBb -AkBorTfNb5mHqO+j7XOMfbLls9ZgZcZmE4zNLtXJt3ymy6mWvnwO6UIN6nuihesw -IlED9pic+18zTlf6L5MeJY2OAkBorTfNb5mHqO+j7XOMfbLls9ZgZcZmE4zNLtXJ -t3ymy6mWvnwO6UIN6nuiheswIlED9pic+18zTlf6L5MeJY2OAgEB ------END DSA PRIVATE KEY----- diff --git a/modules/ntp/files/ntpkey_iff_ubc-bl2.pub b/modules/ntp/files/ntpkey_iff_ubc-bl2.pub new file mode 100644 index 000000000..2b55ea386 --- /dev/null +++ b/modules/ntp/files/ntpkey_iff_ubc-bl2.pub @@ -0,0 +1,14 @@ +# ntpkey_iffpar_ubc-bl2.3640839808 +# Sun May 17 08:23:28 2015 + +# This is the public version of this 'private' key - +# the private data has been replaced by 0x01. +# (just ask 'openssl dsa -text < foo.pub') + +-----BEGIN DSA PRIVATE KEY----- +MIHkAgEAAkEAySxY3xdu+ul8s+fa0CoiCGHJX17GDdtlccGsSfJE/pAzpL6Z0ZkU +Eu3KZB/iCpIMGPT5mBoPnRfmryJSjYgEJQIVAJSHGz9lYGMDQoHxshYzPp36nOKz +AkBKe7pe9biZHsufrvYf2bMLIYHggytrF0HJuHidYMwFSt9xGa1tzDkDWIwLjBp2 +XyXw1jRmzJWzyM5EgmmBqCu0AkBKe7pe9biZHsufrvYf2bMLIYHggytrF0HJuHid +YMwFSt9xGa1tzDkDWIwLjBp2XyXw1jRmzJWzyM5EgmmBqCu0AgEB +-----END DSA PRIVATE KEY----- diff --git a/modules/ntp/files/ntpkey_iff_ubc-bl6.pub b/modules/ntp/files/ntpkey_iff_ubc-bl6.pub new file mode 100644 index 000000000..1d46500fe --- /dev/null +++ b/modules/ntp/files/ntpkey_iff_ubc-bl6.pub @@ -0,0 +1,14 @@ +# ntpkey_iffpar_ubc-bl6.3640839818 +# Sun May 17 08:23:38 2015 + +# This is the public version of this 'private' key - +# the private data has been replaced by 0x01. +# (just ask 'openssl dsa -text < foo.pub') + +-----BEGIN DSA PRIVATE KEY----- +MIHkAgEAAkEA0gSSF1QzTIr4vGVzf3GrmPYS+VO0txjykuuHz0O86SKdd16yAv1r +p/0jvOzZJEucH2mOtdCEFxmcPyM6SRpX9wIVANugqs7MBpyfEGEmLdLHeR3e/S+T +AkBZAW9K23bTFIwr8U00Sac873SrdobLiByM/ZObcgKzajnnEiWiK3vHEEhxGLLF ++IFXTtIRkzzVGo9nU/bfisCMAkBZAW9K23bTFIwr8U00Sac873SrdobLiByM/ZOb +cgKzajnnEiWiK3vHEEhxGLLF+IFXTtIRkzzVGo9nU/bfisCMAgEB +-----END DSA PRIVATE KEY----- diff --git a/modules/ntp/manifests/client.pp b/modules/ntp/manifests/client.pp index bee691c3b..9fd935652 100644 --- a/modules/ntp/manifests/client.pp +++ b/modules/ntp/manifests/client.pp @@ -16,11 +16,17 @@ class ntp::client { file { '/etc/ntp.keys.d/ntpkey_iff_bm-bl2': source => 'puppet:///modules/ntp/ntpkey_iff_bm-bl2.pub', } + file { '/etc/ntp.keys.d/ntpkey_iff_ubc-bl2': + source => 'puppet:///modules/ntp/ntpkey_iff_ubc-bl2.pub', + } + file { '/etc/ntp.keys.d/ntpkey_iff_ubc-bl6': + source => 'puppet:///modules/ntp/ntpkey_iff_ubc-bl6.pub', + } file { '/etc/ntp.keys.d/ntpkey_iff_dijkstra': - source => 'puppet:///modules/ntp/ntpkey_iff_dijkstra.pub', + ensure => absent, } file { '/etc/ntp.keys.d/ntpkey_iff_luchesi': - source => 'puppet:///modules/ntp/ntpkey_iff_luchesi.pub', + ensure => absent, } file { '/etc/ntp.keys.d/ntpkey_iff_ravel': ensure => absent, diff --git a/modules/ntp/templates/ntp.conf b/modules/ntp/templates/ntp.conf index 0e63ee776..4fc219f13 100644 --- a/modules/ntp/templates/ntp.conf +++ b/modules/ntp/templates/ntp.conf @@ -29,32 +29,32 @@ leapfile /var/lib/ntp/leap-seconds.list <% elsif scope.lookupvar('site::nodeinfo')['misc']['natted'] -%> # autokey doesn't work behind nat -# czerny's, bm-bl2's, and dijkstra's ipv4 IP, hard coded for the benefit of +# czerny's, bm-bl2's, and ubc-bl2's ipv4 IP, hard coded for the benefit of # hosts that do not have RTC's (since they won't be able to do DNS until # they have a reasonable clock). server 82.195.75.109 iburst server 5.153.231.242 iburst -server 206.12.19.218 iburst +server 206.12.19.212 iburst server czerny.debian.org iburst server clementi.debian.org iburst server bm-bl1.debian.org iburst server bm-bl2.debian.org iburst -server dijkstra.debian.org iburst -server luchesi.debian.org iburst +server ubc-bl2.debian.org iburst +server ubc-bl6.debian.org iburst <% else -%> server czerny.debian.org iburst autokey server clementi.debian.org iburst autokey server bm-bl1.debian.org iburst autokey server bm-bl2.debian.org iburst autokey -server dijkstra.debian.org iburst autokey -server luchesi.debian.org iburst autokey +server ubc-bl2.debian.org iburst autokey +server ubc-bl6.debian.org iburst autokey restrict czerny.debian.org notrust nomodify notrap ntpport restrict clementi.debian.org notrust nomodify notrap ntpport restrict bm-bl1.debian.org notrust nomodify notrap ntpport restrict bm-bl2.debian.org notrust nomodify notrap ntpport -restrict dijkstra.debian.org notrust nomodify notrap ntpport -restrict luchesi.debian.org notrust nomodify notrap ntpport +restrict ubc-bl2.debian.org notrust nomodify notrap ntpport +restrict ubc-bl6.debian.org notrust nomodify notrap ntpport <% end -%> restrict -4 default kod notrap nomodify nopeer noquery