driftfile /var/lib/ntp/drift

# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery

# Permit all access over the loopback interface.  This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1
restrict -6 ::1

<%- if scope['platform::ntp::enabled'] == true -%>
# orphan - Use orphan mode if external servers are unavailable (or not configured).
# minclock - Prevent clustering algorithm from casting out any outlyers by setting
#            minclock to the maximum number of ntp servers that can be configured
#            (3 external plus peer controller). Default value is 3.
tos orphan 12 minclock 4

# Use the other controller node as a peer, this is especially important if
# there are no external servers
peer <%= @peer_server %>

<%- scope['platform::ntp::servers'].each do |server| -%>
server <%= server %>
<%- end -%>

<%- end -%>