ntp keys - trusted, requestkeys
105 views
Skip to first unread message
robp...@gmail.com
Mar 10, 2015, 10:30:00 AM3/10/15
to puppet...@googlegroups.com
Hello List,
I'm new to Puppet but learned quite a lot already (Learning VM, every course in the library, quite a lot of docs) and I'm about to configure the first nodes. I'd like to start with the NTP module, checked it out already.
Now according to the documentation, the parameters:
I'm new to Puppet but learned quite a lot already (Learning VM, every course in the library, quite a lot of docs) and I'm about to configure the first nodes. I'd like to start with the NTP module, checked it out already.
Now according to the documentation, the parameters:
keys_requestkeyProvides a request key to be used by NTP. Valid options: string. Default value: ' '
keys_trusted:Provides one or more keys to be trusted by NTP. Valid options: array of keys. Default value: [ ]
are the ones I need to configure the NTP symmetric keys. But the keys I specify here will generate the following lines in /etc/ntp.conf:
trustedkey my%trusted#key!
requestkey my%request#key!
while the NTP documentation specifies something very different.
requestkey key
Specifies the key identifier to use with the ntpdc utility program, which uses a proprietary protocol specific to this implementation of
ntpd. The key argument is a key identifier for the trusted key, where the value can be in the range 1 to 65,534, inclusive.
trustedkey key [...]
Specifies the key identifiers which are trusted for the purposes of authenticating peers with symmetric key cryptography, as well as keys
used by the ntpq and ntpdc programs. The authentication procedures require that both the local and remote servers share the same key and
key identifier for this purpose, although different keys can be used with different servers. The key arguments are 32-bit unsigned inte-
gers with values from 1 to 65,534.
So the ntp.conf should only contain the key identifiers pointing at the /etc/ntp.keys which won't be changed by Puppet.
I am completely wrong? How do you do it?
Thanks
Rob
I am completely wrong? How do you do it?
Thanks
Rob
Robert Poulson
Mar 10, 2015, 10:44:38 AM3/10/15
to puppet...@googlegroups.com
So the ntp.conf should only contain the key identifiers pointing at the /etc/ntp.keys which won't be changed by Puppet.
Okay, it works exactly like this. I misinterpreted the description, one has to specify the key identifiers - was misleading but probably it's just me.
Thanks
Rob
Hunter Haugen
Mar 10, 2015, 11:57:50 AM3/10/15
to puppet-users
It does not currently have a keys_file_content parameter or anything, so looks like no. You could use an additional file resource to manage that. A PR to the ntp module to manage the keys would be nice too :)
-Hunter
--ThanksRob
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CANwwCtzPPZdZuTUEyEi__Ge%3DUwcazNhXfAQ3VUfUxsVrNUdWfA%40mail.gmail.com.
Reply all
Reply to author
Forward
0 new messages