Merge "Add Salt 2018.3 tests"
diff --git a/metadata.yml b/metadata.yml
index 8cfbafc..61b0ad7 100644
--- a/metadata.yml
+++ b/metadata.yml
@@ -1,3 +1,3 @@
 name: "ntp"
 version: "0.2"
-source: "https://github.com/tcpcloud/salt-formula-ntp"
+source: "https://github.com/salt-formulas/salt-formula-ntp"
diff --git a/metadata/service/client/single.yml b/metadata/service/client/single.yml
index f0d44e1..c6f6e8b 100644
--- a/metadata/service/client/single.yml
+++ b/metadata/service/client/single.yml
@@ -9,6 +9,7 @@
   ntp:
     client:
       enabled: true
+      logfile: '/var/log/ntp.log'
       stratum:
         primary:
           server: ${_param:ntp_strata_host1}
@@ -16,3 +17,4 @@
     server:
       enabled: false
       mode7: false
+      logfile: '/var/log/ntp.log'
diff --git a/ntp/files/ntp.conf b/ntp/files/ntp.conf
index df8db2c..9356420 100644
--- a/ntp/files/ntp.conf
+++ b/ntp/files/ntp.conf
@@ -11,6 +11,10 @@
 # Associate to cloud NTP pool servers
 {%- if client.get('enabled', False) %}
 
+{%- if client.logfile is defined %}
+logfile {{ client.logfile }}
+{%- endif %}
+
 {%- if client.stratum is defined %}
 {%- for stratum_name, stratum in client.stratum.items() %}
 server {{ stratum.server }} {%- if stratum.get('key_id') %} key {{ stratum.key_id }} {%- endif %} {%- if loop.first %} iburst{%- endif %}
@@ -25,6 +29,10 @@
 
 {%- if server.get('enabled', False) %}
 
+{%- if server.logfile is defined %}
+logfile {{ server.logfile }}
+{%- endif %}
+
 {%- if server.interface is defined and server.interface != None %}
 {%- for _, iface in server.interface.items() %}
 interface {{ iface.action }} {{ iface.value }}
@@ -70,8 +78,11 @@
 {%- endif %}
 {%- endif %}
 
+# Exchange time with everybody, but don't allow configuration.
+restrict -4 default kod notrap nomodify nopeer noquery
+restrict -6 default kod notrap nomodify nopeer noquery
+
 # Only allow read-only access from localhost
-restrict default noquery nopeer
 restrict 127.0.0.1
 restrict ::1
 
@@ -90,16 +101,10 @@
 {%- for r in server.get('restrict', {}) %}
 restrict {{ r.subnet }} mask {{ r.mask }} {{ r.options|default('nomodify notrap nopeer') }}
 {%- endfor %}
-
-# Exchange time with everybody, but don't allow configuration.
-#restrict -4 default kod notrap nomodify nopeer noquery
-#restrict -6 default kod notrap nomodify nopeer noquery
 {%- endif %}
 
-
 # Location of drift file
 driftfile /var/lib/ntp/ntp.drift
-logfile /var/log/ntp.log
 
 {%- if client.get('auth', {}).get('enabled', False) or server.get('auth', {}).get('enabled', False) %}
 
diff --git a/ntp/map.jinja b/ntp/map.jinja
index 3f4d703..bb62c04 100644
--- a/ntp/map.jinja
+++ b/ntp/map.jinja
@@ -32,4 +32,11 @@
             'address': '0.0.0.0',
         }
     },
-}, merge=salt['pillar.get']('ntp:server')) %}
\ No newline at end of file
+}, merge=salt['pillar.get']('ntp:server')) %}
+
+{%- set monitoring = salt['grains.filter_by']({
+  'default': {
+    'ntp_offset_threshold': 200,
+  },
+}, grain='os_family', merge=salt['pillar.get']('ntp:monitoring')) %}
+
diff --git a/ntp/meta/prometheus.yml b/ntp/meta/prometheus.yml
index 0428dab..5c632cf 100644
--- a/ntp/meta/prometheus.yml
+++ b/ntp/meta/prometheus.yml
@@ -1,17 +1,18 @@
-{%- from "ntp/map.jinja" import client with context %}
+{%- from "ntp/map.jinja" import client, monitoring with context %}
 
 {%- if client.get('enabled', False) %}
-{%- raw %}
 server:
   alert:
-    NtpOffset:
+    NtpOffsetTooHigh:
+      {%- set threshold = monitoring.ntp_offset_threshold %}
       if: >-
-        ntpq_offset >= 250
+        ntpq_offset >= {{ threshold }}
+      for: 2m
       labels:
         severity: warning
         service: ntp
       annotations:
-        summary: 'NTP offset is too high'
-        description: 'NTP offset is higher than 250ms on node {{ $labels.host }}'
+        summary: "NTP offset reached the limit of {{ threshold }}ms{%- raw %}"
+        description: "The NTP offset on the {{ $labels.host }} node is {{ $value }}ms for at least 2 minutes."
 {%- endraw %}
-{%- endif %}
\ No newline at end of file
+{%- endif %}
diff --git a/ntp/schemas/client.yaml b/ntp/schemas/client.yaml
index 21033b4..cabda1f 100644
--- a/ntp/schemas/client.yaml
+++ b/ntp/schemas/client.yaml
@@ -13,6 +13,10 @@
     description: |
       Enables NTP client service.
     type: boolean
+  logfile:
+    description: |
+      NTP log file path.
+    type: string
   mode7:
     description: |
       Enables mode7 for the NTP server.
diff --git a/ntp/schemas/server.yaml b/ntp/schemas/server.yaml
index 44ccbdf..1c8fdbc 100644
--- a/ntp/schemas/server.yaml
+++ b/ntp/schemas/server.yaml
@@ -15,6 +15,10 @@
     description: |
       Enables NTP server service.
     type: boolean
+  logfile:
+    description: |
+      NTP log file path.
+    type: string
   mode7:
     description: |
       Enables mode7 for the NTP server.
diff --git a/tests/pillar/client.sls b/tests/pillar/client.sls
index 58ae2aa..fd770b7 100644
--- a/tests/pillar/client.sls
+++ b/tests/pillar/client.sls
@@ -1,6 +1,7 @@
 ntp:
   client:
     enabled: true
+    logfile: '/var/log/ntp.log'
     strata:
     - ntp.cesnet.cz
     - pool.ntp.org
diff --git a/tests/pillar/server.sls b/tests/pillar/server.sls
index 5287e83..b623e0c 100644
--- a/tests/pillar/server.sls
+++ b/tests/pillar/server.sls
@@ -1,6 +1,7 @@
 ntp:
   server:
     enabled: true
+    logfile: '/var/log/ntp.log'
     mode7: true
     orphan: 5
     peers:
@@ -15,4 +16,4 @@
       subnet: 172.16.1.1
     strata:
     - ntp.cesnet.cz
-    - pool.ntp.org
\ No newline at end of file
+    - pool.ntp.org