Merge pull request redhat-openstack#238 from ccin2p3/broadcast_and_auth

Broadcast and auth

Author: hunner

README.markdown

@@ -135,6 +135,10 @@ The following parameters are available in the `::ntp` class:
 
 **Deprecated; replaced by the `package_ensure` parameter**. Tells Puppet whether to keep the ntp module updated to the latest version available. Valid options: 'true' or 'false'. Default value: 'false'
 
+####`broadcastclient`
+
+Enable reception of broadcast server messages to any local interface.
+
 ####`config`
 
 Specifies a file for ntp's configuration info. Valid options: string containing an absolute path. Default value: '/etc/ntp.conf' (or '/etc/inet/ntp.conf' on Solaris)
@@ -143,6 +147,11 @@ Specifies a file for ntp's configuration info. Valid options: string containing
 
 Specifies a file to act as a template for the config file. Valid options: string containing a path (absolute, or relative to the module path). Default value: 'ntp/ntp.conf.erb'
 
+####`disable_auth`
+
+Do  not  require cryptographic authentication for broadcast client, multicast 
+client and symmetric passive associations.
+
 ####`disable_monitor`
 
 Tells Puppet whether to refrain from monitoring the NTP service. Valid options: 'true' or 'false'. Default value: 'false'

manifests/init.pp

@@ -1,7 +1,9 @@
 class ntp (
   $autoupdate        = $ntp::params::autoupdate,
+  $broadcastclient   = $ntp::params::broadcastclient,
   $config            = $ntp::params::config,
   $config_template   = $ntp::params::config_template,
+  $disable_auth      = $ntp::params::disable_auth,
   $disable_monitor   = $ntp::params::disable_monitor,
   $driftfile         = $ntp::params::driftfile,
   $logfile           = $ntp::params::logfile,
@@ -26,8 +28,10 @@
   $udlc              = $ntp::params::udlc
 ) inherits ntp::params {
 
+  validate_bool($broadcastclient)
   validate_absolute_path($config)
   validate_string($config_template)
+  validate_bool($disable_auth)
   validate_bool($disable_monitor)
   validate_absolute_path($driftfile)
   if $logfile { validate_absolute_path($logfile) }

manifests/params.pp

@@ -15,6 +15,8 @@
   $service_manage    = true
   $udlc              = false
   $interfaces        = []
+  $disable_auth      = false
+  $broadcastclient   = false
 
 # On virtual machines allow large clock skews.
   $panic = str2bool($::is_virtual) ? {

spec/classes/ntp_spec.rb

@@ -126,6 +126,54 @@
             }
           end
         end
+        describe 'with parameter disable_auth' do
+          context 'when set to true' do
+            let(:params) {{
+              :disable_auth => true,
+            }}
+
+            it 'should contain disable auth setting' do
+              should contain_file('/etc/ntp.conf').with({
+              'content' => /^disable auth\n/,
+              })
+            end
+          end
+          context 'when set to false' do
+            let(:params) {{
+              :disable_auth => false,
+            }}
+
+            it 'should not contain disable auth setting' do
+              should_not contain_file('/etc/ntp.conf').with({
+              'content' => /^disable auth\n/,
+              })
+            end
+          end
+        end
+        describe 'with parameter broadcastclient' do
+          context 'when set to true' do
+            let(:params) {{
+              :broadcastclient => true,
+            }}
+
+            it 'should contain broadcastclient setting' do
+              should contain_file('/etc/ntp.conf').with({
+              'content' => /^broadcastclient\n/,
+              })
+            end
+          end
+          context 'when set to false' do
+            let(:params) {{
+              :broadcastclient => false,
+            }}
+
+            it 'should not contain broadcastclient setting' do
+              should_not contain_file('/etc/ntp.conf').with({
+              'content' => /^broadcastclient\n/,
+              })
+            end
+          end
+        end
 
         describe "ntp::install on #{system}" do
           let(:params) {{ :package_ensure => 'present', :package_name => ['ntp'], :package_manage => true, }}

templates/ntp.conf.erb

@@ -9,6 +9,9 @@ tinker panic 0
 <% if @disable_monitor == true -%>
 disable monitor
 <% end -%>
+<% if @disable_auth == true -%>
+disable auth
+<% end -%>
 
 <% if @restrict != [] -%>
 # Permit time synchronization with our time source, but do not
@@ -27,6 +30,10 @@ interface listen <%= interface %>
 <% end -%>
 <% end -%>
 
+<% if @broadcastclient == true -%>
+broadcastclient
+<% end -%>
+
 <% [@servers].flatten.each do |server| -%>
 server <%= server %><% if @iburst_enable == true -%> iburst<% end %><% if @preferred_servers.include?(server) -%> prefer<% end %>
 <% end -%>