Update .drone.yml

Chrony uses PHC via VirtIO PTP on KVM to sync the virtial mashines time to
the hosts RTC within nanoseconds. Ntpd is still used for anything else
not virtualized on kvm.

.drone.yml

@@ -6,7 +6,6 @@ type: docker
 
 steps:
 - name: lint
-  image: alpine:latest
+  image: cytopia/ansible-lint:latest
   commands:
-  - apk add git ansible ansible-lint
   - ansible-lint -x305,403,701

roles/ntp/handlers/main.yml

@@ -5,3 +5,6 @@
 
 - name: Restart ntpd
   service: name=ntpd state=restarted
+
+- name: Restart chrony
+  service: name=chrony state=restarted

roles/ntp/tasks/chrony.yml

@@ -0,0 +1,34 @@
+---
+# Use chronyd to lock time via PHC to hosts RTC
+
+- name: Install chrony
+  apt:
+    name: chrony
+    state: latest
+    install_recommends: no
+
+- name: Load kmod ptp_kvm at boot time
+  blockinfile:
+    path: /etc/modules-load.d/ptp_kvm.conf
+    create: yes
+    owner: root
+    mode: '0400'
+    block: |
+      # Load VirtIO PTP driver for chrony
+      ptp_kvm
+  register: load_ptp_kvm
+  when:
+  - ansible_virtualization_role == 'guest'
+  - ansible_virtualization_type == 'kvm'
+
+- name: Load kmod ptp_kvm
+  modprobe:
+    name: ptp_kvm
+    state: present
+  when: not (load_ptp_kvm is skipped)
+
+- name: Configure chronyd
+  template:
+    src: chrony.conf.j2
+    dest: /etc/chrony/chrony.conf
+  notify: Restart chrony

roles/ntp/tasks/main.yml

@@ -1,11 +1,16 @@
 ---
+# Select best time source
+# * on kvm sync to hypervisor rtc within nanoseconds accuracy
+# * on anything else use ntpd wich supports only milliseconds accuracy
 
-- name: Install ntp
+- name: Setup chrony
-  apt: name=ntp
+  include_tasks: chrony.yml
+  register: ntp_use_chrony
+  when:
+  - ansible_virtualization_role == 'guest'
+  - ansible_virtualization_type == 'kvm'
 
-- name: Configure ntp
+- name: Setup ntpd
-  template: src=ntp.conf.j2 dest=/etc/ntp.conf
+  include_tasks: ntp.yml
-  notify: Restart ntp
+  when:
-
+  - ntp_use_chrony is skipped
-- name: Start the ntp service
-  service: name=ntp state=started enabled=yes

roles/ntp/tasks/ntp.yml

@@ -0,0 +1,11 @@
+---
+
+- name: Install ntp
+  apt: name=ntp
+
+- name: Configure ntp
+  template: src=ntp.conf.j2 dest=/etc/ntp.conf
+  notify: Restart ntp
+
+- name: Start the ntp service
+  service: name=ntp state=started enabled=yes

roles/ntp/templates/chrony.conf.j2

@@ -0,0 +1,27 @@
+# {{ ansible_managed }}
+
+{% if not (load_ptp_kvm is skipped) %}
+refclock PHC /dev/ptp0 poll 2
+{% elif ntp_servers is defined %}
+{% for srv in ntp_servers %}
+server {{ srv }} iburst
+{% endfor %}
+{% else %}
+pool 2.debian.pool.ntp.org iburst
+{% endif %}
+
+{% if ntp_peers is defined %}
+{% for peer in ntp_peers %}
+peer {{ peer }}
+{% endfor %}
+{% endif %}
+
+keyfile /etc/chrony/chrony.keys
+driftfile /var/lib/chrony/chrony.drift
+logdir /var/log/chrony
+maxupdateskew 100.0
+rtcsync
+makestep 1 3
+
+# Do not allow chronyc for security reasons
+cmdport 0