diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 035c43d8..432d5389 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -22,17 +22,15 @@ jobs: strategy: matrix: os: - - "amazonlinux-2" - "centos-7" - - "centos-8" - - "debian-9" - - "debian-10" + - "centos-stream-8" + - "debian-11" + - "debian-12" - "fedora-latest" - - "opensuse-leap-15" - - "oraclelinux-7" - "oraclelinux-8" - "ubuntu-1804" - "ubuntu-2004" + - "ubuntu-2204" suite: - "default" fail-fast: false diff --git a/CHANGELOG.md b/CHANGELOG.md index ce338721..796f73b6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,23 @@ This file is used to list changes made in each version of the ntp cookbook. ## Unreleased +## 5.0.18 - *2024-01-24* + +Updated readme this cookbook only support chef 15.5+ + +Remove support for debian-8 / debian-9 / debian-10 / oraclelinux-7 / opensuse-leap-15 +Adds support for debian-11 / debian-12 + +Redhat removed support for ntp in favor of chrony: () + +since debian bookworm the ntp user is ntpsec (i expect debian will continue to use this in all later versions) + +for debian / redhat based os'es there is a leap-second file, prefer to use this. + +updated changelog file, removed links to tickets.opscode.com as the markdown link check failed + + + ## 5.0.17 - *2024-02-02* ## 5.0.16 - *2024-02-02* @@ -117,7 +134,7 @@ Standardise files with files in sous-chefs/repo-management ## 3.8.0 (2020-12-04) -- Changed installing ntp.leapseconds file dynamicaly [from](https://www.ietf.org/timezones/data/leap-seconds.list) (or other). Use `node['ntp']['leapfile_url']` to override - [@mnosenko](https://github.com/mnosenko) +- Changed installing ntp.leapseconds file dynamicaly [from](https://data.iana.org/time-zones/data/leap-seconds.list) (or other). Use `node['ntp']['leapfile_url']` to override - [@mnosenko](https://github.com/mnosenko) - Improve how we inject the helper libraries - [@tas50](https://github.com/tas50) - Require Chef 12.15+ - [@tas50](https://github.com/tas50) - Add testing in Github actions - [@tas50](https://github.com/tas50) @@ -302,7 +319,7 @@ Standardise files with files in sous-chefs/repo-management ## v1.8.6 (2015-05-14) -- **PR [#102](102)** - Update leapseconds file to 3660249600 (through C49) +- **PR [#102]** - Update leapseconds file to 3660249600 (through C49) - Gemfile parity with ChefDK 0.5.1 - .kitchen.yml platform updates to current bento boxes @@ -359,8 +376,8 @@ Standardise files with files in sous-chefs/repo-management ## v1.6.4 (2014-07-02) - Leapseconds File Expired, update to 3626380800 -- **[COOK-3887](https://tickets.opscode.com/browse/COOK-3887)** - Trivial changes to achieve Gentoo support -- **[COOK-1876](https://tickets.opscode.com/browse/COOK-1876)** - ntp leapfile assumes ntpd >= 4.2.6 syntax +- **[COOK-3887]** - Trivial changes to achieve Gentoo support +- **[COOK-1876]** - ntp leapfile assumes ntpd >= 4.2.6 syntax ## v1.6.2 (2014-03-19) @@ -370,16 +387,16 @@ Standardise files with files in sous-chefs/repo-management ### Improvement -- **[COOK-4346](https://tickets.opscode.com/browse/COOK-4346)** - Solaris 11 support for ntp -- **[COOK-4339](https://tickets.opscode.com/browse/COOK-4339)** - Disable Monitoring by Default -- **[COOK-3604](https://tickets.opscode.com/browse/COOK-3604)** - Enable listening on specific interfaces +- **[COOK-4346]** - Solaris 11 support for ntp +- **[COOK-4339]** - Disable Monitoring by Default +- **[COOK-3604]** - Enable listening on specific interfaces ### Bug -- **[COOK-4106](https://tickets.opscode.com/browse/COOK-4106)** - Check for default content in ntp.conf -- **[COOK-4087](https://tickets.opscode.com/browse/COOK-4087)** - quote option in readme -- **[COOK-3797](https://tickets.opscode.com/browse/COOK-3797)** - Cookbook fails to upload due to 1.9.x syntax -- **[COOK-3023](https://tickets.opscode.com/browse/COOK-3023)** - NTP leapseconds file denied by Ubuntu apparmor profile +- **[COOK-4106]** - Check for default content in ntp.conf +- **[COOK-4087]** - quote option in readme +- **[COOK-3797]** - Cookbook fails to upload due to 1.9.x syntax +- **[COOK-3023]** - NTP leapseconds file denied by Ubuntu apparmor profile ## v1.5.4 (2013-12-29) @@ -389,31 +406,31 @@ Standardise files with files in sous-chefs/repo-management ### Bug -- **[COOK-3797](https://tickets.opscode.com/browse/COOK-3797)** - Add /spec to Chefignore +- **[COOK-3797]** - Add /spec to Chefignore ## v1.5.0 -### Improvement +### Improvemen -- **[COOK-3651](https://tickets.opscode.com/browse/COOK-3651)** - Refactor and clean up -- **[COOK-3630](https://tickets.opscode.com/browse/COOK-3630)** - Switch NTP cookbook linting from Tailor to Rubocop -- **[COOK-3273](https://tickets.opscode.com/browse/COOK-3273)** - Add tests +- **[COOK-3651]** - Refactor and clean up +- **[COOK-3630]** - Switch NTP cookbook linting from Tailor to Rubocop +- **[COOK-3273]** - Add tests -### New Feature +### New Featur -- **[COOK-3636](https://tickets.opscode.com/browse/COOK-3636)** - Allow ntp cookbook to update clock to ntp servers +- **[COOK-3636]** - Allow ntp cookbook to update clock to ntp servers ### Bug -- **[COOK-3410](https://tickets.opscode.com/browse/COOK-3410)** - Remove redundant ntpdate/disable recipes -- **[COOK-1170](https://tickets.opscode.com/browse/COOK-1170)** - Allow redefining NTP servers in a role +- **[COOK-3410]** - Remove redundant ntpdate/disable recipes +- **[COOK-1170]** - Allow redefining NTP servers in a role ## v1.4.0 -### Improvement +### Improvemen -- **[COOK-3365](https://tickets.opscode.com/browse/COOK-3365)** - Update ntp leapseconds file to version 3597177600 -- **[COOK-1674](https://tickets.opscode.com/browse/COOK-1674)** - Add Windows support +- **[COOK-3365]** - Update ntp leapseconds file to version 3597177600 +- **[COOK-1674]** - Add Windows support ## v1.3.2 diff --git a/README.md b/README.md index d7d69f60..37e6a8fc 100644 --- a/README.md +++ b/README.md @@ -20,14 +20,13 @@ This cookbook is maintained by the Sous Chefs. The Sous Chefs are a community of - RedHat-family Linux Distributions 5-7 (8 does not contain NTP client) - Fedora - Gentoo Linux -- openSUSE / SLES 12+ - FreeBSD - Windows 2008 R2+ - macOS 10.11+ ### Chef -- Chef 12.1+ +- Chef 15.5+ ### Cookbooks @@ -215,10 +214,15 @@ These attributes are set based on platform / system information provided by Ohai - String, the owner and group of the /var/lib directory files, such as /var/lib/ntp. - Default, platform-specific ntp:ntp or root:wheel. Not applicable for Windows nodes +- `['ntp']['leapfile_managed_by_os']` + - Boolean. Defaults to false. This uses leapfile provided by the cookbook, when combined with leapfile you can use the leapfile provided by your OS. + - `ntp['leapfile']` - String, the path to the ntp leapfile. - - Default, /etc/ntp.leapseconds. + - Default: `/etc/ntp.leapseconds` + - Debian default: `/usr/share/zoneinfo/leap-seconds.list`, + - RedHat default: `/usr/share/zoneinfo/leapseconds` - `ntp['package_url']` diff --git a/attributes/default.rb b/attributes/default.rb index 535ea0f2..ae670d5f 100644 --- a/attributes/default.rb +++ b/attributes/default.rb @@ -42,8 +42,15 @@ default['ntp']['statsdir'] = '/var/log/ntpstats/' default['ntp']['conf_owner'] = 'root' default['ntp']['conf_group'] = 'root' -default['ntp']['var_owner'] = 'ntp' -default['ntp']['var_group'] = 'ntp' + +if platform?('debian') && node['platform_version'].to_i >= 12 + default['ntp']['var_owner'] = 'ntpsec' + default['ntp']['var_group'] = 'ntpsec' +else + default['ntp']['var_owner'] = 'ntp' + default['ntp']['var_group'] = 'ntp' +end + default['ntp']['leapfile'] = '/etc/ntp.leapseconds' default['ntp']['sync_clock'] = false default['ntp']['sync_hw_clock'] = false @@ -85,15 +92,20 @@ # Set to true if using ntp < 4.2.8 or any unpatched ntp version to mitigate CVE-2014-9293 / CVE-2014-9294 / CVE-2014-9295 default['ntp']['localhost']['noquery'] = false +default['ntp']['leapfile_managed_by_os'] = false # overrides on a platform-by-platform basis case node['platform_family'] when 'debian' + default['ntp']['leapfile_managed_by_os'] = true default['ntp']['service'] = 'ntp' - default['ntp']['apparmor_enabled'] = true if File.exist? '/etc/init.d/apparmor' + default['ntp']['apparmor_enabled'] = true if File.exist?('/etc/init.d/apparmor') + default['ntp']['leapfile'] = '/usr/share/zoneinfo/leap-seconds.list' when 'rhel', 'fedora', 'amazon' + default['ntp']['leapfile_managed_by_os'] = true default['ntp']['packages'] = %w(ntp ntpdate) if node['platform_version'].to_i >= 7 default['ntp']['driftfile'] = "#{node['ntp']['varlibdir']}/drift" + default['ntp']['leapfile'] = '/usr/share/zoneinfo/leapseconds' when 'windows' default['ntp']['service'] = 'NTP' default['ntp']['driftfile'] = 'C:\\NTP\\ntp.drift' diff --git a/kitchen.dokken.yml b/kitchen.dokken.yml index 47eff95d..577bfe3b 100644 --- a/kitchen.dokken.yml +++ b/kitchen.dokken.yml @@ -106,6 +106,9 @@ platforms: driver: image: dokken/ubuntu-22.04 pid_one_command: /bin/systemd + attributes: + ntp: + apparmor_enabled: false - name: ubuntu-23.04 driver: diff --git a/kitchen.global.yml b/kitchen.global.yml index a382fcd0..156465e2 100644 --- a/kitchen.global.yml +++ b/kitchen.global.yml @@ -17,16 +17,12 @@ verifier: platforms: - name: almalinux-8 - name: almalinux-9 - - name: amazonlinux-2023 - name: centos-7 - name: centos-stream-8 - name: centos-stream-9 - - name: debian-9 - - name: debian-10 - name: debian-11 - name: debian-12 - name: fedora-latest - - name: opensuse-leap-15 - name: oraclelinux-7 - name: oraclelinux-8 - name: oraclelinux-9 diff --git a/kitchen.yml b/kitchen.yml index 5eee8b96..38dc5e70 100644 --- a/kitchen.yml +++ b/kitchen.yml @@ -14,9 +14,10 @@ verifier: platforms: - name: amazonlinux-2 - name: centos-7 - - name: centos-8 - - name: debian-9 - - name: debian-10 + - name: centos-stream-8 + - name: centos-stream-9 + - name: debian-11 + - name: debian-12 - name: fedora-latest - name: freebsd-12 - name: opensuse-leap-15 diff --git a/metadata.rb b/metadata.rb index 90a71fdf..721694bb 100644 --- a/metadata.rb +++ b/metadata.rb @@ -15,7 +15,6 @@ supports 'freebsd' supports 'gentoo' supports 'mac_os_x' -supports 'opensuseleap' supports 'oracle' supports 'redhat' supports 'scientific' diff --git a/recipes/default.rb b/recipes/default.rb index c39a02c5..c0d8745c 100644 --- a/recipes/default.rb +++ b/recipes/default.rb @@ -83,7 +83,7 @@ source node['ntp']['leapfile_url'] notifies :restart, "service[#{node['ntp']['service']}]" end - else + elsif !node['ntp']['leapfile_managed_by_os'] cookbook_file node['ntp']['leapfile'] do owner node['ntp']['conf_owner'] group node['ntp']['conf_group'] diff --git a/spec/unit/attributes_spec.rb b/spec/unit/attributes_spec.rb index 2ed91fa6..7873f0b2 100644 --- a/spec/unit/attributes_spec.rb +++ b/spec/unit/attributes_spec.rb @@ -69,11 +69,11 @@ expect(ntp['conf_group']).to eq('root') end - it 'sets the var_owner to root' do + it 'sets the var_owner to ntp' do expect(ntp['var_owner']).to eq('ntp') end - it 'sets the var_group to root' do + it 'sets the var_group to ntp' do expect(ntp['var_group']).to eq('ntp') end @@ -173,12 +173,20 @@ end describe 'on Debian-family platforms' do - cached(:chef_run) { ChefSpec::SoloRunner.new(platform: 'debian', version: '10').converge('ntp::default') } + cached(:chef_run) { ChefSpec::SoloRunner.new(platform: 'debian', version: '12').converge('ntp::default') } it 'sets the package list to ntp & ntpdate' do expect(ntp['packages']).to include('ntp') expect(ntp['packages']).to_not include('ntpdate') end + + it 'sets the var_owner to ntpsec' do + expect(ntp['var_owner']).to eq('ntpsec') + end + + it 'sets the var_group to ntpsec' do + expect(ntp['var_group']).to eq('ntpsec') + end end describe 'on Ubuntu' do diff --git a/spec/unit/recipes/default_spec.rb b/spec/unit/recipes/default_spec.rb index 35b3e5bf..b9f4747d 100644 --- a/spec/unit/recipes/default_spec.rb +++ b/spec/unit/recipes/default_spec.rb @@ -59,29 +59,6 @@ end end - context 'the leapfile' do - cached(:cookbook_file) { chef_run.cookbook_file('/etc/ntp.leapseconds') } - - it 'creates the cookbook_file' do - expect(chef_run).to create_cookbook_file('/etc/ntp.leapseconds') - end - - it 'is owned by ntp:ntp' do - expect(cookbook_file.owner).to eq('root') - expect(cookbook_file.group).to eq('root') - end - - it 'has 0644 permissions' do - expect(cookbook_file.mode).to eq('0644') - end - - it 'notifies ntp service to restart' do - resource = chef_run.cookbook_file(chef_run.node['ntp']['leapfile']) - service = "service[#{chef_run.node['ntp']['service']}]" - expect(resource).to notify(service).to(:restart).delayed - end - end - context 'ntp["pools"] is used' do cached(:chef_run) do runner = ChefSpec::SoloRunner.new(platform: 'ubuntu', version: '16.04') diff --git a/test/integration/default/default_spec.rb b/test/integration/default/default_spec.rb index 6f879b31..213e6ea8 100644 --- a/test/integration/default/default_spec.rb +++ b/test/integration/default/default_spec.rb @@ -19,6 +19,28 @@ it { should_not be_enabled } it { should_not be_running } end +elsif os.family == 'redhat' && os.release.to_i < 8 + describe file '/usr/share/zoneinfo/leapseconds' do + it { should be_file } + end +elsif os.family == 'debian' + describe file '/etc/ntp.conf' do + it { should be_file } + end + + describe ntp_conf do + its('tos') { should eq 'maxdist 1' } + end + + describe file '/usr/share/zoneinfo/leap-seconds.list' do + it { should be_file } + end + + describe service service_name do + it { should be_enabled } + it { should be_running } + end + elsif os.windows? describe file 'C:\NTP\etc\ntp.conf' do it { should be_file }