Merge "Add Salt 2018.3 tests"
diff --git a/metadata.yml b/metadata.yml
index 8cfbafc..61b0ad7 100644
--- a/metadata.yml
+++ b/metadata.yml
@@ -1,3 +1,3 @@
name: "ntp"
version: "0.2"
-source: "https://github.com/tcpcloud/salt-formula-ntp"
+source: "https://github.com/salt-formulas/salt-formula-ntp"
diff --git a/metadata/service/client/single.yml b/metadata/service/client/single.yml
index f0d44e1..c6f6e8b 100644
--- a/metadata/service/client/single.yml
+++ b/metadata/service/client/single.yml
@@ -9,6 +9,7 @@
ntp:
client:
enabled: true
+ logfile: '/var/log/ntp.log'
stratum:
primary:
server: ${_param:ntp_strata_host1}
@@ -16,3 +17,4 @@
server:
enabled: false
mode7: false
+ logfile: '/var/log/ntp.log'
diff --git a/ntp/files/ntp.conf b/ntp/files/ntp.conf
index df8db2c..9356420 100644
--- a/ntp/files/ntp.conf
+++ b/ntp/files/ntp.conf
@@ -11,6 +11,10 @@
# Associate to cloud NTP pool servers
{%- if client.get('enabled', False) %}
+{%- if client.logfile is defined %}
+logfile {{ client.logfile }}
+{%- endif %}
+
{%- if client.stratum is defined %}
{%- for stratum_name, stratum in client.stratum.items() %}
server {{ stratum.server }} {%- if stratum.get('key_id') %} key {{ stratum.key_id }} {%- endif %} {%- if loop.first %} iburst{%- endif %}
@@ -25,6 +29,10 @@
{%- if server.get('enabled', False) %}
+{%- if server.logfile is defined %}
+logfile {{ server.logfile }}
+{%- endif %}
+
{%- if server.interface is defined and server.interface != None %}
{%- for _, iface in server.interface.items() %}
interface {{ iface.action }} {{ iface.value }}
@@ -70,8 +78,11 @@
{%- endif %}
{%- endif %}
+# Exchange time with everybody, but don't allow configuration.
+restrict -4 default kod notrap nomodify nopeer noquery
+restrict -6 default kod notrap nomodify nopeer noquery
+
# Only allow read-only access from localhost
-restrict default noquery nopeer
restrict 127.0.0.1
restrict ::1
@@ -90,16 +101,10 @@
{%- for r in server.get('restrict', {}) %}
restrict {{ r.subnet }} mask {{ r.mask }} {{ r.options|default('nomodify notrap nopeer') }}
{%- endfor %}
-
-# Exchange time with everybody, but don't allow configuration.
-#restrict -4 default kod notrap nomodify nopeer noquery
-#restrict -6 default kod notrap nomodify nopeer noquery
{%- endif %}
-
# Location of drift file
driftfile /var/lib/ntp/ntp.drift
-logfile /var/log/ntp.log
{%- if client.get('auth', {}).get('enabled', False) or server.get('auth', {}).get('enabled', False) %}
diff --git a/ntp/map.jinja b/ntp/map.jinja
index 3f4d703..bb62c04 100644
--- a/ntp/map.jinja
+++ b/ntp/map.jinja
@@ -32,4 +32,11 @@
'address': '0.0.0.0',
}
},
-}, merge=salt['pillar.get']('ntp:server')) %}
\ No newline at end of file
+}, merge=salt['pillar.get']('ntp:server')) %}
+
+{%- set monitoring = salt['grains.filter_by']({
+ 'default': {
+ 'ntp_offset_threshold': 200,
+ },
+}, grain='os_family', merge=salt['pillar.get']('ntp:monitoring')) %}
+
diff --git a/ntp/meta/prometheus.yml b/ntp/meta/prometheus.yml
index 0428dab..5c632cf 100644
--- a/ntp/meta/prometheus.yml
+++ b/ntp/meta/prometheus.yml
@@ -1,17 +1,18 @@
-{%- from "ntp/map.jinja" import client with context %}
+{%- from "ntp/map.jinja" import client, monitoring with context %}
{%- if client.get('enabled', False) %}
-{%- raw %}
server:
alert:
- NtpOffset:
+ NtpOffsetTooHigh:
+ {%- set threshold = monitoring.ntp_offset_threshold %}
if: >-
- ntpq_offset >= 250
+ ntpq_offset >= {{ threshold }}
+ for: 2m
labels:
severity: warning
service: ntp
annotations:
- summary: 'NTP offset is too high'
- description: 'NTP offset is higher than 250ms on node {{ $labels.host }}'
+ summary: "NTP offset reached the limit of {{ threshold }}ms{%- raw %}"
+ description: "The NTP offset on the {{ $labels.host }} node is {{ $value }}ms for at least 2 minutes."
{%- endraw %}
-{%- endif %}
\ No newline at end of file
+{%- endif %}
diff --git a/ntp/schemas/client.yaml b/ntp/schemas/client.yaml
index 21033b4..cabda1f 100644
--- a/ntp/schemas/client.yaml
+++ b/ntp/schemas/client.yaml
@@ -13,6 +13,10 @@
description: |
Enables NTP client service.
type: boolean
+ logfile:
+ description: |
+ NTP log file path.
+ type: string
mode7:
description: |
Enables mode7 for the NTP server.
diff --git a/ntp/schemas/server.yaml b/ntp/schemas/server.yaml
index 44ccbdf..1c8fdbc 100644
--- a/ntp/schemas/server.yaml
+++ b/ntp/schemas/server.yaml
@@ -15,6 +15,10 @@
description: |
Enables NTP server service.
type: boolean
+ logfile:
+ description: |
+ NTP log file path.
+ type: string
mode7:
description: |
Enables mode7 for the NTP server.
diff --git a/tests/pillar/client.sls b/tests/pillar/client.sls
index 58ae2aa..fd770b7 100644
--- a/tests/pillar/client.sls
+++ b/tests/pillar/client.sls
@@ -1,6 +1,7 @@
ntp:
client:
enabled: true
+ logfile: '/var/log/ntp.log'
strata:
- ntp.cesnet.cz
- pool.ntp.org
diff --git a/tests/pillar/server.sls b/tests/pillar/server.sls
index 5287e83..b623e0c 100644
--- a/tests/pillar/server.sls
+++ b/tests/pillar/server.sls
@@ -1,6 +1,7 @@
ntp:
server:
enabled: true
+ logfile: '/var/log/ntp.log'
mode7: true
orphan: 5
peers:
@@ -15,4 +16,4 @@
subnet: 172.16.1.1
strata:
- ntp.cesnet.cz
- - pool.ntp.org
\ No newline at end of file
+ - pool.ntp.org