common: install chrony (instead of ntp)

2021-08-01 15:38:23 +02:00 · 2021-08-01 15:38:23 +02:00 · 2eb5440c3c
parent 0d288bf6e1
commit 2eb5440c3c
13 changed files with 69 additions and 56 deletions
--- a/host_vars/bacon.binary.kitchen
+++ b/host_vars/bacon.binary.kitchen
@ -1,9 +1,11 @@
 ---

+ntp_server: true
+
 ntp_servers:
 - ptbtime2.ptb.de
 - ntp1.rrze.uni-erlangen.de
- ntps1-0.cs.tu-berlin.de
+- rustime01.rus.uni-stuttgart.de

 ntp_peers:
 - 172.23.1.60
--- a/host_vars/weizen.binary.kitchen
+++ b/host_vars/weizen.binary.kitchen
@ -1,6 +1,8 @@
 ---

+ntp_server: true
+
 ntp_servers:
 - ptbtime1.ptb.de
 - ntp1.rrze.uni-erlangen.de
- ntps1-0.cs.tu-berlin.de
+- rustime01.rus.uni-stuttgart.de
--- a/host_vars/wurst.binary.kitchen
+++ b/host_vars/wurst.binary.kitchen
@ -1,9 +1,11 @@
 ---

+ntp_server: true
+
 ntp_servers:
 - ptbtime1.ptb.de
 - ntp1.rrze.uni-erlangen.de
- ntps1-0.cs.tu-berlin.de
+- rustime01.rus.uni-stuttgart.de

 ntp_peers:
 - 172.23.2.3
--- a/roles/common/handlers/main.yml
+++ b/roles/common/handlers/main.yml
@ -1,5 +1,8 @@
 ---

+- name: Restart chrony
+  service: name=chrony state=restarted
+
 - name: Restart journald
  service: name=systemd-journald state=restarted

--- a/roles/common/tasks/chrony.yml
+++ b/roles/common/tasks/chrony.yml
@ -0,0 +1,8 @@
+---
+
+- name: Install chrony
+  apt: name=chrony
+
+- name: Configure chrony
+  template: src=chrony.conf.j2 dest=/etc/chrony/chrony.conf
+  notify: Restart chrony
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@ -16,3 +16,6 @@
 - name: Debian
  include: Debian.yml
  when: ansible_os_family == 'Debian' and 'pve-manager' not in ansible_facts.packages
+
+- name: Setup chrony
+  include: chrony.yml
--- a/roles/common/templates/chrony.conf.j2
+++ b/roles/common/templates/chrony.conf.j2
@ -0,0 +1,46 @@
+# Welcome to the chrony configuration file. See chrony.conf(5) for more
+# information about usable directives.
+
+{% for srv in ntp_servers %}
+server {{ srv }} iburst
+{% endfor %}
+{% if ntp_peers is defined %}
+
+{% for peer in ntp_peers %}
+peer {{ peer }}
+{% endfor %}
+{% endif %}
+
+{% if ntp_server is defined and ntp_server is true %}
+allow 172.23.0.0/16
+{% endif -%}
+
+# This directive specify the location of the file containing ID/key pairs for
+# NTP authentication.
+keyfile /etc/chrony/chrony.keys
+
+# This directive specify the file into which chronyd will store the rate
+# information.
+driftfile /var/lib/chrony/chrony.drift
+
+# Uncomment the following line to turn logging on.
+#log tracking measurements statistics
+
+# Log files location.
+logdir /var/log/chrony
+
+# Stop bad estimates upsetting machine clock.
+maxupdateskew 100.0
+
+# This directive enables kernel synchronisation (every 11 minutes) of the
+# real-time clock. Note that it can’t be used along with the 'rtcfile' directive.
+rtcsync
+
+# Step the system clock instead of slewing it if the adjustment is larger than
+# one second, but only in the first three clock updates.
+makestep 1 3
+
+# Get TAI-UTC offset and leap seconds from the system tz database.
+# This directive must be commented out when using time sources serving
+# leap-smeared time.
+leapsectz right/UTC
--- a/roles/ntp/handlers/main.yml
+++ b/roles/ntp/handlers/main.yml
@ -1,7 +0,0 @@
---
-
- name: Restart ntp
-  service: name=ntp state=restarted
-
- name: Restart ntpd
-  service: name=ntpd state=restarted
--- a/roles/ntp/tasks/Debian.yml
+++ b/roles/ntp/tasks/Debian.yml
@ -1,11 +0,0 @@
---
-
- name: Install ntp
-  apt: name=ntp
-
- name: Configure ntp
-  template: src=ntp.conf.j2 dest=/etc/ntp.conf
-  notify: Restart ntp
-
- name: Start the ntp service
-  service: name=ntp state=started enabled=yes
--- a/roles/ntp/tasks/FreeBSD.yml
+++ b/roles/ntp/tasks/FreeBSD.yml
@ -1,10 +0,0 @@
---
-
-# ntp is already installed on FreeBSD
-
- name: Configure ntp
-  template: src=ntp.conf.j2 dest=/etc/ntp.conf
-  notify: Restart ntpd
-
- name: Start the ntp service
-  service: name=ntpd state=started enabled=yes
--- a/roles/ntp/tasks/main.yml
+++ b/roles/ntp/tasks/main.yml
@ -1,9 +0,0 @@
---
-
- name: Debian
-  include: Debian.yml
-  when: ansible_os_family == 'Debian'
-
- name: FreeBSD
-  include: FreeBSD.yml
-  when: ansible_distribution == 'FreeBSD'
--- a/roles/ntp/templates/ntp.conf.j2
+++ b/roles/ntp/templates/ntp.conf.j2
@ -1,15 +0,0 @@
-{% for srv in ntp_servers %}
-server {{ srv }} iburst
-{% endfor %}
-{% if ntp_peers is defined %}
-
-{% for peer in ntp_peers %}
-peer {{ peer }}
-{% endfor %}
-{% endif %}
-
-restrict default kod nomodify notrap nopeer noquery
-restrict -6 default kod nomodify notrap nopeer noquery
-
-restrict 127.0.0.1
-restrict -6 ::1
--- a/site.yml
+++ b/site.yml
@ -4,7 +4,6 @@
  hosts: all
  roles:
  - common
-  - ntp
  - root_keys

 - name: Setup unattended updates