ntp: switch to chrony

roles/ntp/handlers/main.yml

@@ -1,7 +1,4 @@
 ---
 
-- name: Restart ntp
-  service: name=ntp state=restarted
-
-- name: Restart ntpd
-  service: name=ntpd state=restarted
+- name: Restart chrony
+  service: name=chrony state=restarted

roles/ntp/tasks/main.yml

@@ -1,11 +1,11 @@
 ---
 
-- name: Install ntp
-  apt: name=ntp
+- name: Install chrony
+  apt: name=chrony
 
-- name: Configure ntp
-  template: src=ntp.conf.j2 dest=/etc/ntp.conf
-  notify: Restart ntp
+- name: Configure chrony
+  template: src=chrony.conf.j2 dest=/etc/chrony/chrony.conf
+  notify: Restart chrony
 
-- name: Start the ntp service
-  service: name=ntp state=started enabled=yes
+- name: Start chrony
+  service: name=chrony state=started enabled=yes

roles/ntp/templates/chrony.conf.j2

@@ -0,0 +1,53 @@
+# Welcome to the chrony configuration file. See chrony.conf(5) for more
+# information about usable directives.
+
+# Include configuration files found in /etc/chrony/conf.d.
+confdir /etc/chrony/conf.d
+
+{% for srv in ntp_servers %}
+server {{ srv }} iburst
+{% endfor %}
+{% if ntp_peers is defined %}
+
+{% for peer in ntp_peers %}
+peer {{ peer }}
+{% endfor %}
+{% endif %}
+
+{% if ntp_server is defined and ntp_server is true %}
+allow 10.90.0.0/16
+allow 2001:678:ddc::/48
+{% endif -%}
+
+# This directive specify the location of the file containing ID/key pairs for
+# NTP authentication.
+keyfile /etc/chrony/chrony.keys
+
+# This directive specify the file into which chronyd will store the rate
+# information.
+driftfile /var/lib/chrony/chrony.drift
+
+# Save NTS keys and cookies.
+ntsdumpdir /var/lib/chrony
+
+# Uncomment the following line to turn logging on.
+#log tracking measurements statistics
+
+# Log files location.
+logdir /var/log/chrony
+
+# Stop bad estimates upsetting machine clock.
+maxupdateskew 100.0
+
+# This directive enables kernel synchronisation (every 11 minutes) of the
+# real-time clock. Note that it can’t be used along with the 'rtcfile' directive.
+rtcsync
+
+# Step the system clock instead of slewing it if the adjustment is larger than
+# one second, but only in the first three clock updates.
+makestep 1 3
+
+# Get TAI-UTC offset and leap seconds from the system tz database.
+# This directive must be commented out when using time sources serving
+# leap-smeared time.
+leapsectz right/UTC

roles/ntp/templates/ntp.conf.j2

@@ -1,17 +0,0 @@
-# {{ ansible_managed }}
-
-{% for srv in ntp_servers %}
-server {{ srv }} iburst
-{% endfor %}
-{% if ntp_peers is defined %}
-
-{% for peer in ntp_peers %}
-peer {{ peer }}
-{% endfor %}
-{% endif %}
-
-restrict default kod nomodify notrap nopeer noquery
-restrict -6 default kod nomodify notrap nopeer noquery
-
-restrict 127.0.0.1
-restrict -6 ::1