Use chrony to lock kvm virtualized vm to host rtc
Some checks failed
continuous-integration/drone/push Build is failing
Some checks failed
continuous-integration/drone/push Build is failing
Chrony uses PHC via VirtIO PTP on KVM to sync the virtial mashines time to the hosts RTC within nanoseconds. Ntpd is still used for anything else not virtualized on kvm.
This commit is contained in:
parent
d647550425
commit
f5cc5cea9c
@ -5,3 +5,6 @@
|
||||
|
||||
- name: Restart ntpd
|
||||
service: name=ntpd state=restarted
|
||||
|
||||
- name: Restart chrony
|
||||
service: name=chrony state=restarted
|
||||
|
||||
34
roles/ntp/tasks/chrony.yml
Normal file
34
roles/ntp/tasks/chrony.yml
Normal file
@ -0,0 +1,34 @@
|
||||
---
|
||||
# Use chronyd to lock time via PHC to hosts RTC
|
||||
|
||||
- name: Install chrony
|
||||
apt:
|
||||
name: chrony
|
||||
state: latest
|
||||
install_recommends: no
|
||||
|
||||
- name: Load kmod ptp_kvm at boot time
|
||||
blockinfile:
|
||||
path: /etc/modules-load.d/ptp_kvm.conf
|
||||
create: yes
|
||||
owner: root
|
||||
mode: '0400'
|
||||
block: |
|
||||
# Load VirtIO PTP driver for chrony
|
||||
ptp_kvm
|
||||
register: load_ptp_kvm
|
||||
when:
|
||||
- ansible_virtualization_role == 'guest'
|
||||
- ansible_virtualization_type == 'kvm'
|
||||
|
||||
- name: Load kmod ptp_kvm
|
||||
modprobe:
|
||||
name: ptp_kvm
|
||||
state: present
|
||||
when: not (load_ptp_kvm is skipped)
|
||||
|
||||
- name: Configure chronyd
|
||||
template:
|
||||
src: chrony.conf.j2
|
||||
dest: /etc/chrony/chrony.conf
|
||||
notify: Restart chrony
|
||||
@ -1,11 +1,16 @@
|
||||
---
|
||||
# Select best time source
|
||||
# * on kvm sync to hypervisor rtc within nanoseconds accuracy
|
||||
# * on anything else use ntpd wich supports only milliseconds accuracy
|
||||
|
||||
- name: Install ntp
|
||||
apt: name=ntp
|
||||
- name: Setup chrony
|
||||
include_tasks: chrony.yml
|
||||
register: ntp_use_chrony
|
||||
when:
|
||||
- ansible_virtualization_role == 'guest'
|
||||
- ansible_virtualization_type == 'kvm'
|
||||
|
||||
- name: Configure ntp
|
||||
template: src=ntp.conf.j2 dest=/etc/ntp.conf
|
||||
notify: Restart ntp
|
||||
|
||||
- name: Start the ntp service
|
||||
service: name=ntp state=started enabled=yes
|
||||
- name: Setup ntpd
|
||||
include_tasks: ntp.yml
|
||||
when:
|
||||
- ntp_use_chrony is skipped
|
||||
|
||||
11
roles/ntp/tasks/ntp.yml
Normal file
11
roles/ntp/tasks/ntp.yml
Normal file
@ -0,0 +1,11 @@
|
||||
---
|
||||
|
||||
- name: Install ntp
|
||||
apt: name=ntp
|
||||
|
||||
- name: Configure ntp
|
||||
template: src=ntp.conf.j2 dest=/etc/ntp.conf
|
||||
notify: Restart ntp
|
||||
|
||||
- name: Start the ntp service
|
||||
service: name=ntp state=started enabled=yes
|
||||
27
roles/ntp/templates/chrony.conf.j2
Normal file
27
roles/ntp/templates/chrony.conf.j2
Normal file
@ -0,0 +1,27 @@
|
||||
# {{ ansible_managed }}
|
||||
|
||||
{% if not (load_ptp_kvm is skipped) %}
|
||||
refclock PHC /dev/ptp0 poll 2
|
||||
{% elif ntp_servers is defined %}
|
||||
{% for srv in ntp_servers %}
|
||||
server {{ srv }} iburst
|
||||
{% endfor %}
|
||||
{% else %}
|
||||
pool 2.debian.pool.ntp.org iburst
|
||||
{% endif %}
|
||||
|
||||
{% if ntp_peers is defined %}
|
||||
{% for peer in ntp_peers %}
|
||||
peer {{ peer }}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
|
||||
keyfile /etc/chrony/chrony.keys
|
||||
driftfile /var/lib/chrony/chrony.drift
|
||||
logdir /var/log/chrony
|
||||
maxupdateskew 100.0
|
||||
rtcsync
|
||||
makestep 1 3
|
||||
|
||||
# Do not allow chronyc for security reasons
|
||||
cmdport 0
|
||||
Loading…
Reference in New Issue
Block a user