From ecac6df71dbfad8d43b473710edd5ac21cef255d Mon Sep 17 00:00:00 2001
From: Bernhard M. Wiedemann <bwiedemann@suse.de>
Date: Feb 08 2019 16:04:26 +0000
Subject: ntp: do not use bindaddress


because it only bound to 127.0.0.1 as documented in
https://chrony.tuxfamily.org/doc/3.2/chrony.conf.html#bindaddress

  Currently, for each of the IPv4 and IPv6 protocols, only one bindaddress
  directive can be specified. Therefore, it is not useful on computers
  which should serve NTP on multiple network interfaces.

Access control is still provided through the allow directives
which deny access from the Internet

Fixes https://progress.opensuse.org/issues/38918

---

diff --git a/pillar/role/ntp.sls b/pillar/role/ntp.sls
index 8653b9a..4182ec6 100644
--- a/pillar/role/ntp.sls
+++ b/pillar/role/ntp.sls
@@ -10,10 +10,3 @@ chrony:
     - ntp2.opensuse.org
   otherparams:
     - makestep -1 1
-    {% for ip in ipv4 %}
-    # filter only the priv IPs and exclude the VRRPs
-    {% if ip.startswith('192.168') and not ip.endswith('.4') %}
-    - bindaddress {{ ip }}
-    {% endif %}
-    {% endfor %}
-    - bindaddress 127.0.0.1