Stacklight (#5)
* Stacklight
* Add a flag to enable mode7
collectd failed to monitor ntpd on Xenial servers because it uses mode7
requests but newer ntpd releases (4.2.7p230 and later) disable this mode
by default for security reasons. Even though the ntpd configuration only
allows queries from the 127.0.0.1 address, mode7 requests aren't enabled
for safety unless the user model explicitly says so.
diff --git a/metadata/service/client/init.yml b/metadata/service/client/init.yml
index 87ef14f..d71b06e 100644
--- a/metadata/service/client/init.yml
+++ b/metadata/service/client/init.yml
@@ -12,3 +12,4 @@
strata:
- ${_param:ntp_strata_host1}
- ${_param:ntp_strata_host2}
+ mode7: false
diff --git a/ntp/files/ntp.conf b/ntp/files/ntp.conf
index 744f094..6704d18 100644
--- a/ntp/files/ntp.conf
+++ b/ntp/files/ntp.conf
@@ -25,6 +25,10 @@
restrict 127.0.0.1
restrict ::1
+{%- if ntp.mode7 %}
+# mode7 is required for collectd monitoring
+enable mode7
+{%- endif %}
# Location of drift file
driftfile /var/lib/ntp/ntp.drift
diff --git a/ntp/map.jinja b/ntp/map.jinja
index f136b18..60f7d70 100644
--- a/ntp/map.jinja
+++ b/ntp/map.jinja
@@ -2,12 +2,15 @@
{% set client = salt['grains.filter_by']({
'Arch': {
'service': 'ntpd',
+ 'mode7': False,
},
'Debian': {
'service': 'ntp',
+ 'mode7': False,
},
'RedHat': {
'service': 'ntpd',
+ 'mode7': False,
},
}, merge=salt['pillar.get']('ntp:client')) %}
diff --git a/ntp/meta/collectd.yml b/ntp/meta/collectd.yml
index 5e34280..a686ceb 100644
--- a/ntp/meta/collectd.yml
+++ b/ntp/meta/collectd.yml
@@ -1,5 +1,8 @@
-plugin:
+{% from "ntp/map.jinja" import client with context %}
+
+{%- if client.get('enabled', False) and client.mode7 %}
+local_plugin:
ntp_server_status:
plugin: ntpd
- execution: local
template: ntp/files/collectd_ntpd.conf
+{%- endif %}