Hello List,
I'm new to Puppet but learned quite a lot already (Learning VM, every
course in the library, quite a lot of docs) and I'm about to configure the
first nodes. I'd like to start with the NTP module, checked it out already.
Now according to the documentation, the parameters:
keys_requestkey
>
> Provides a request key to be used by NTP. Valid options: string. Default
> value: ' '
> keys_trusted:
>
> Provides one or more keys to be trusted by NTP. Valid options: array of
> keys. Default value: [ ]
>
are the ones I need to configure the NTP symmetric keys. But the keys I
specify here will generate the following lines in /etc/ntp.conf:
trustedkey my%trusted#key!
requestkey my%request#key!
while the NTP documentation specifies something very different.
> requestkey key
> *Specifies the key identifier* to use with the ntpdc utility
> program, which uses a proprietary protocol specific to this implementation
> of
> ntpd. The key argument is a key identifier for the trusted key,
> where the value can be in the range 1 to 65,534, inclusive.
>
trustedkey key [...]
>
*Specifies the key identifiers* which are trusted for the purposes
> of authenticating peers with symmetric key cryptography, as well as keys
> used by the ntpq and ntpdc programs. The authentication procedures
> require that both the local and remote servers share the same key and
> key identifier for this purpose, although different keys can be
> used with different servers. The key arguments are 32-bit unsigned inte-
> gers with values from 1 to 65,534.
>
So the ntp.conf should only contain the key identifiers pointing at the
/etc/ntp.keys which won't be changed by Puppet.
I am completely wrong? How do you do it?
Thanks
Rob
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/bd5f6be0-84b8-4deb-958c-e61b47841f0f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
