Hello List,
I'm new to Puppet but learned quite a lot already (Learning VM, every
course in the library, quite a lot of docs) and I'm about to configure the
first nodes. I'd like to start with the NTP module, checked it out already.
Now according to the documentation, the parameters:
keys_requestkey
>
> Provides a request key to be used by NTP. Valid options: string. Default
> value: ' '
> keys_trusted:
>
> Provides one or more keys to be trusted by NTP. Valid options: array of
> keys. Default value: [ ]
>
are the ones I need to configure the NTP symmetric keys. But the keys I
specify here will generate the following lines in /etc/ntp.conf:
trustedkey my%trusted#key!
requestkey my%request#key!
while the NTP documentation specifies something very different.
> requestkey key
> *Specifies the key identifier* to use with the ntpdc utility
> program, which uses a proprietary protocol specific to this implementation
> of
> ntpd. The key argument is a key identifier for the trusted key,
> where the value can be in the range 1 to 65,534, inclusive.
>
trustedkey key [...]
>
*Specifies the key identifiers* which are trusted for the purposes
> of authenticating peers with symmetric key cryptography, as well as keys
> used by the ntpq and ntpdc programs. The authentication procedures
> require that both the local and remote servers share the same key and
> key identifier for this purpose, although different keys can be
> used with different servers. The key arguments are 32-bit unsigned inte-
> gers with values from 1 to 65,534.
>
So the ntp.conf should only contain the key identifiers pointing at the
/etc/ntp.keys which won't be changed by Puppet.
I am completely wrong? How do you do it?
Thanks
Rob
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/bd5f6be0-84b8-4deb-958c-e61b47841f0f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
