From 538deff9ead2a832508ea74897d859ed08b28e74 Mon Sep 17 00:00:00 2001
From: Pavan Gunda <pavan.gunda@elastisys.com>
Date: Thu, 25 Apr 2024 16:51:45 +0200
Subject: [PATCH] ntp: add config to filter and set ntp interfaces (#11066)

* ntp: add config to set which interface ntp should listen

* Fixed config to only have one variable
---
 roles/kubernetes/preinstall/defaults/main.yml     | 7 +++++++
 roles/kubernetes/preinstall/templates/ntp.conf.j2 | 7 +++++++
 2 files changed, 14 insertions(+)

diff --git a/roles/kubernetes/preinstall/defaults/main.yml b/roles/kubernetes/preinstall/defaults/main.yml
index 8ab2c9aa1..4e6fba915 100644
--- a/roles/kubernetes/preinstall/defaults/main.yml
+++ b/roles/kubernetes/preinstall/defaults/main.yml
@@ -98,6 +98,13 @@ ntp_servers:
 ntp_restrict:
   - "127.0.0.1"
   - "::1"
+# Specify whether to filter interfaces
+ntp_filter_interface: false
+# Specify the interfaces
+# Only takes effect when ntp_filter_interface is true
+# ntp_interfaces:
+#   - ignore wildcard
+#   - listen xxx
 # The NTP driftfile path
 # Only takes effect when ntp_manage_config is true.
 ntp_driftfile: /var/lib/ntp/ntp.drift
diff --git a/roles/kubernetes/preinstall/templates/ntp.conf.j2 b/roles/kubernetes/preinstall/templates/ntp.conf.j2
index abeb8996a..1a5c69c1b 100644
--- a/roles/kubernetes/preinstall/templates/ntp.conf.j2
+++ b/roles/kubernetes/preinstall/templates/ntp.conf.j2
@@ -35,6 +35,13 @@ restrict -6 default kod notrap nomodify nopeer noquery limited
 restrict {{ item }}
 {% endfor %}
 
+# Needed for filtering interfaces
+{% if ntp_filter_interface %}
+{% for item in ntp_interfaces %}
+interface {{ item }}
+{% endfor %}
+{% endif %}
+
 # Needed for adding pool entries
 restrict source notrap nomodify noquery
 
-- 
GitLab