starlingx/stx-puppet
Code Issues Proposed changes

Merge "puppet-manifests: Added apparmor rule for /etc/ntp_initial.conf"

Browse Source
This commit is contained in:
Zuul 2023-07-18 20:33:51 +00:00 committed by Gerrit Code Review
commit 972fc0dd33
1 changed files with 16 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
puppet-manifests/src/modules/platform/manifests/ntp.pp
View File

@ -1,23 +1,25 @@
class platform::ntp::apparmor {
exec { 'apparmor-update-ntpd':
command => "sed -i '/\\/etc\\/ntp.conf r,/a\\ \\ \\/etc\\/ntp_initial.conf r,' /etc/apparmor.d/usr.sbin.ntpd",
unless => "grep -q '/etc/ntp_initial.conf r,' /etc/apparmor.d/usr.sbin.ntpd",
notify => Exec['reload-apparmor-ntp-profile'],
}
exec { 'reload-apparmor-ntp-profile':
command => '/usr/sbin/apparmor_parser -vTr /etc/apparmor.d/usr.sbin.ntpd',
refreshonly => true
}
}
class platform::ntp (
$ntpdate_timeout,
$servers = [],
$enabled = true,
)
{
include platform::ntp::apparmor
# Setting ntp service name
case $::osfamily {
'RedHat': {
$ntp_service_name = 'ntpd'
$ntp_pmon_conf_template = 'platform/ntp.pmon.conf.erb'
}
'Debian': {
$ntp_service_name = 'ntp'
$ntp_pmon_conf_template = 'platform/ntp_debian.pmon.conf.erb'
}
default: {
fail("unsuported osfamily ${::osfamily}, currently Debian and Redhat are the only supported platforms")
}
}
$ntp_service_name = 'ntp'
$ntp_pmon_conf_template = 'platform/ntp_debian.pmon.conf.erb'
if $enabled {
$pmon_ensure = 'link'
@ -26,6 +28,7 @@ class platform::ntp (
}
File['ntp_config']
-> Class['platform::ntp::apparmor']
-> File['ntp_config_initial']
-> file { 'ntp_pmon_config':
ensure => file,