2 files changed, 90 insertions, 0 deletions

diff --git a/ipa-client/ipaclient/Makefile.am b/ipa-client/ipaclient/Makefile.am
index c4008585..03823892 100644
--- a/ipa-client/ipaclient/Makefile.am
+++ b/ipa-client/ipaclient/Makefile.am
@@ -6,6 +6,7 @@ app_PYTHON = 			\
 	dnsclient.py		\
 	ipachangeconf.py	\
 	ipadiscovery.py		\
+	ntpconf.py		\
 	$(NULL)
 
 EXTRA_DIST =			\
diff --git a/ipa-client/ipaclient/ntpconf.py b/ipa-client/ipaclient/ntpconf.py
new file mode 100644
index 00000000..6ee19f0b
--- /dev/null
+++ b/ipa-client/ipaclient/ntpconf.py
@@ -0,0 +1,89 @@
+# Authors: Karl MacMillan <kmacmillan@redhat.com>
+#
+# Copyright (C) 2007  Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; version 2 or later
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+
+from ipa.ipautil import *
+import shutil
+
+ntp_conf = """# Permit time synchronization with our time source, but do not
+# permit the source to query or modify the service on this system.
+restrict default kod nomodify notrap nopeer noquery
+restrict -6 default kod nomodify notrap nopeer noquery
+
+# Permit all access over the loopback interface.  This could
+# be tightened as well, but to do so would effect some of
+# the administrative functions.
+restrict 127.0.0.1 
+restrict -6 ::1
+
+# Hosts on local network are less restricted.
+#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
+
+# Use public servers from the pool.ntp.org project.
+# Please consider joining the pool (http://www.pool.ntp.org/join.html).
+server $SERVER
+
+#broadcast 192.168.1.255 key 42		# broadcast server
+#broadcastclient			# broadcast client
+#broadcast 224.0.1.1 key 42		# multicast server
+#multicastclient 224.0.1.1		# multicast client
+#manycastserver 239.255.254.254		# manycast server
+#manycastclient 239.255.254.254 key 42	# manycast client
+
+# Undisciplined Local Clock. This is a fake driver intended for backup
+# and when no outside source of synchronized time is available. 
+server	127.127.1.0	# local clock
+#fudge	127.127.1.0 stratum 10	
+
+# Drift file.  Put this in a directory which the daemon can write to.
+# No symbolic links allowed, either, since the daemon updates the file
+# by creating a temporary in the same directory and then rename()'ing
+# it to the file.
+driftfile /var/lib/ntp/drift
+
+# Key file containing the keys and key identifiers used when operating
+# with symmetric key cryptography. 
+keys /etc/ntp/keys
+
+# Specify the key identifiers which are trusted.
+#trustedkey 4 8 42
+
+# Specify the key identifier to use with the ntpdc utility.
+#requestkey 8
+
+# Specify the key identifier to use with the ntpq utility.
+#controlkey 8
+"""
+
+def config_ntp(server_fqdn):
+    sub_dict = { }
+    sub_dict["SERVER"] = server_fqdn
+    
+    nc = template_str(ntp_conf, sub_dict)
+    
+    shutil.copy("/etc/ntp.conf", "/etc/ntp.conf.ipasave")
+    
+    fd = open("/etc/ntp.conf", "w")
+    fd.write(nc)
+    fd.close()
+
+    # Set the ntpd to start on boot
+    run(["/sbin/chkconfig", "ntpd", "on"])
+    
+    # Restart ntpd
+    run(["/sbin/service", "ntpd", "restart"])