From 9f50cb58b3b5b1b1663e6c530f0959a539d25128 Mon Sep 17 00:00:00 2001 From: Markus Hauschild Date: Wed, 29 Sep 2021 17:42:39 +0200 Subject: [PATCH] ntp: switch to chrony --- roles/ntp/handlers/main.yml | 7 ++-- roles/ntp/tasks/main.yml | 14 ++++---- roles/ntp/templates/chrony.conf.j2 | 53 ++++++++++++++++++++++++++++++ roles/ntp/templates/ntp.conf.j2 | 17 ---------- 4 files changed, 62 insertions(+), 29 deletions(-) create mode 100644 roles/ntp/templates/chrony.conf.j2 delete mode 100644 roles/ntp/templates/ntp.conf.j2 diff --git a/roles/ntp/handlers/main.yml b/roles/ntp/handlers/main.yml index b4bf1ca..59b25e5 100644 --- a/roles/ntp/handlers/main.yml +++ b/roles/ntp/handlers/main.yml @@ -1,7 +1,4 @@ --- -- name: Restart ntp - service: name=ntp state=restarted - -- name: Restart ntpd - service: name=ntpd state=restarted +- name: Restart chrony + service: name=chrony state=restarted diff --git a/roles/ntp/tasks/main.yml b/roles/ntp/tasks/main.yml index 6913b3d..6011c59 100644 --- a/roles/ntp/tasks/main.yml +++ b/roles/ntp/tasks/main.yml @@ -1,11 +1,11 @@ --- -- name: Install ntp - apt: name=ntp +- name: Install chrony + apt: name=chrony -- name: Configure ntp - template: src=ntp.conf.j2 dest=/etc/ntp.conf - notify: Restart ntp +- name: Configure chrony + template: src=chrony.conf.j2 dest=/etc/chrony/chrony.conf + notify: Restart chrony -- name: Start the ntp service - service: name=ntp state=started enabled=yes +- name: Start chrony + service: name=chrony state=started enabled=yes diff --git a/roles/ntp/templates/chrony.conf.j2 b/roles/ntp/templates/chrony.conf.j2 new file mode 100644 index 0000000..17b9923 --- /dev/null +++ b/roles/ntp/templates/chrony.conf.j2 @@ -0,0 +1,53 @@ +# Welcome to the chrony configuration file. See chrony.conf(5) for more +# information about usable directives. + +# Include configuration files found in /etc/chrony/conf.d. +confdir /etc/chrony/conf.d + +{% for srv in ntp_servers %} +server {{ srv }} iburst +{% endfor %} +{% if ntp_peers is defined %} + +{% for peer in ntp_peers %} +peer {{ peer }} +{% endfor %} +{% endif %} + +{% if ntp_server is defined and ntp_server is true %} +allow 10.90.0.0/16 +allow 2001:678:ddc::/48 +{% endif -%} + +# This directive specify the location of the file containing ID/key pairs for +# NTP authentication. +keyfile /etc/chrony/chrony.keys + +# This directive specify the file into which chronyd will store the rate +# information. +driftfile /var/lib/chrony/chrony.drift + +# Save NTS keys and cookies. +ntsdumpdir /var/lib/chrony + +# Uncomment the following line to turn logging on. +#log tracking measurements statistics + +# Log files location. +logdir /var/log/chrony + +# Stop bad estimates upsetting machine clock. +maxupdateskew 100.0 + +# This directive enables kernel synchronisation (every 11 minutes) of the +# real-time clock. Note that it can’t be used along with the 'rtcfile' directive. +rtcsync + +# Step the system clock instead of slewing it if the adjustment is larger than +# one second, but only in the first three clock updates. +makestep 1 3 + +# Get TAI-UTC offset and leap seconds from the system tz database. +# This directive must be commented out when using time sources serving +# leap-smeared time. +leapsectz right/UTC diff --git a/roles/ntp/templates/ntp.conf.j2 b/roles/ntp/templates/ntp.conf.j2 deleted file mode 100644 index 745924d..0000000 --- a/roles/ntp/templates/ntp.conf.j2 +++ /dev/null @@ -1,17 +0,0 @@ -# {{ ansible_managed }} - -{% for srv in ntp_servers %} -server {{ srv }} iburst -{% endfor %} -{% if ntp_peers is defined %} - -{% for peer in ntp_peers %} -peer {{ peer }} -{% endfor %} -{% endif %} - -restrict default kod nomodify notrap nopeer noquery -restrict -6 default kod nomodify notrap nopeer noquery - -restrict 127.0.0.1 -restrict -6 ::1