ansible-lockdown/UBUNTU22-CIS

systemd-timesyncd NTP configuration error

Jeroen0494 opened this issue · 0 comments

Jeroen0494 commented

Describe the Issue
Using the following variables:

## Control 2.1.1.1
# This variable choses the tool used for time synchronization
# The three options are `chrony`, `ntp`, and `systemd-timesyncd`.
ubtu22cis_time_sync_tool: "systemd-timesyncd"

## Controls 2.1.2.1 2.1.3.1, 2.1.4.1 - Configure time pools & servers for chrony, timesyncd, and ntp
# The following variable represents a list of of time server pools used
# for configuring chrony, timesyncd, and ntp.
# Each list item contains two settings, `name` (the domain name of the pool) and synchronization `options`.
# The default setting for the `options` is `iburst maxsources 4` -- please refer to the documentation
# of the time synchronization mechanism you are using.
ubtu22cis_time_pool:
    - name: 0.nl.pool.ntp.org
    - name: 1.nl.pool.ntp.org
    - name: 2.nl.pool.ntp.org
    - name: 3.nl.pool.ntp.org"

# The following variable represents a list of of time servers used
# for configuring chrony, timesyncd, and ntp.
# Each list item contains two settings, `name` (the domain name of the server) and synchronization `options`.
# The default setting for the `options` is `iburst` -- please refer to the documentation
# of the time synchronization mechanism you are using.
ubtu22cis_time_servers:
    - name: 0.pool.ntp.org
    - name: 1.pool.ntp.org
    - name: 2.pool.ntp.org
    - name: 3.pool.ntp.org

The following configuration is generated:

$ cat /etc/systemd/timesyncd.conf.d/50-timesyncd.conf 
## Ansible controlled file
# Added as part of ansible-lockdown CIS baseline
# provided by MindPointGroup LLC

NTP=[{'name': '0.nl.pool.ntp.org'}, {'name': '1.nl.pool.ntp.org'}, {'name': '2.nl.pool.ntp.org'}, {'name': '3.nl.pool.ntp.org"'}]


FallbackNTP=0.pool.ntp.org 1.pool.ntp.org 2.pool.ntp.org 3.pool.ntp.org

Expected Behavior
NTP should be a string, much like FallbackNTP.

Actual Behavior
A JSON list is generated and pasted in the file

Control(s) Affected
What controls are being affected by the issue

Environment (please complete the following information):

  • branch being used: devel
  • Ansible Version: core 2.12.5
  • Host Python Version: 3.10.12
  • Ansible Server Python Version: 3.10.12

Possible Solution
Change the template from this:

## Ansible controlled file
# Added as part of ansible-lockdown CIS baseline
# provided by MindPointGroup LLC

NTP={{ ubtu22cis_time_pool }}


FallbackNTP={% for servers in ubtu22cis_time_servers %}{{ servers.name }} {% endfor %}

To this:

## Ansible controlled file
# Added as part of ansible-lockdown CIS baseline
# provided by MindPointGroup LLC

NTP={% for servers in ubtu22cis_time_pool %}{{ servers.name }} {% endfor %}


FallbackNTP={% for servers in ubtu22cis_time_servers %}{{ servers.name }} {% endfor %}