diff --git a/host_vars/bacon.binary.kitchen b/host_vars/bacon.binary.kitchen index 1de01b2..8d3a05c 100644 --- a/host_vars/bacon.binary.kitchen +++ b/host_vars/bacon.binary.kitchen @@ -1,9 +1,11 @@ --- +ntp_server: true + ntp_servers: - ptbtime2.ptb.de - ntp1.rrze.uni-erlangen.de -- ntps1-0.cs.tu-berlin.de +- rustime01.rus.uni-stuttgart.de ntp_peers: - 172.23.1.60 diff --git a/host_vars/weizen.binary.kitchen b/host_vars/weizen.binary.kitchen index 3c4b8eb..515d9d8 100644 --- a/host_vars/weizen.binary.kitchen +++ b/host_vars/weizen.binary.kitchen @@ -1,6 +1,8 @@ --- +ntp_server: true + ntp_servers: - ptbtime1.ptb.de - ntp1.rrze.uni-erlangen.de -- ntps1-0.cs.tu-berlin.de +- rustime01.rus.uni-stuttgart.de diff --git a/host_vars/wurst.binary.kitchen b/host_vars/wurst.binary.kitchen index c21f99b..9ed02a1 100644 --- a/host_vars/wurst.binary.kitchen +++ b/host_vars/wurst.binary.kitchen @@ -1,9 +1,11 @@ --- +ntp_server: true + ntp_servers: - ptbtime1.ptb.de - ntp1.rrze.uni-erlangen.de -- ntps1-0.cs.tu-berlin.de +- rustime01.rus.uni-stuttgart.de ntp_peers: - 172.23.2.3 diff --git a/roles/common/handlers/main.yml b/roles/common/handlers/main.yml index aa48e5f..c20a8b6 100644 --- a/roles/common/handlers/main.yml +++ b/roles/common/handlers/main.yml @@ -1,5 +1,8 @@ --- +- name: Restart chrony + service: name=chrony state=restarted + - name: Restart journald service: name=systemd-journald state=restarted diff --git a/roles/common/tasks/chrony.yml b/roles/common/tasks/chrony.yml new file mode 100644 index 0000000..baa085a --- /dev/null +++ b/roles/common/tasks/chrony.yml @@ -0,0 +1,8 @@ +--- + +- name: Install chrony + apt: name=chrony + +- name: Configure chrony + template: src=chrony.conf.j2 dest=/etc/chrony/chrony.conf + notify: Restart chrony diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml index f201ebc..7d41272 100644 --- a/roles/common/tasks/main.yml +++ b/roles/common/tasks/main.yml @@ -16,3 +16,6 @@ - name: Debian include: Debian.yml when: ansible_os_family == 'Debian' and 'pve-manager' not in ansible_facts.packages + +- name: Setup chrony + include: chrony.yml diff --git a/roles/common/templates/chrony.conf.j2 b/roles/common/templates/chrony.conf.j2 new file mode 100644 index 0000000..61abf41 --- /dev/null +++ b/roles/common/templates/chrony.conf.j2 @@ -0,0 +1,46 @@ +# Welcome to the chrony configuration file. See chrony.conf(5) for more +# information about usable directives. + +{% for srv in ntp_servers %} +server {{ srv }} iburst +{% endfor %} +{% if ntp_peers is defined %} + +{% for peer in ntp_peers %} +peer {{ peer }} +{% endfor %} +{% endif %} + +{% if ntp_server is defined and ntp_server is true %} +allow 172.23.0.0/16 +{% endif -%} + +# This directive specify the location of the file containing ID/key pairs for +# NTP authentication. +keyfile /etc/chrony/chrony.keys + +# This directive specify the file into which chronyd will store the rate +# information. +driftfile /var/lib/chrony/chrony.drift + +# Uncomment the following line to turn logging on. +#log tracking measurements statistics + +# Log files location. +logdir /var/log/chrony + +# Stop bad estimates upsetting machine clock. +maxupdateskew 100.0 + +# This directive enables kernel synchronisation (every 11 minutes) of the +# real-time clock. Note that it can’t be used along with the 'rtcfile' directive. +rtcsync + +# Step the system clock instead of slewing it if the adjustment is larger than +# one second, but only in the first three clock updates. +makestep 1 3 + +# Get TAI-UTC offset and leap seconds from the system tz database. +# This directive must be commented out when using time sources serving +# leap-smeared time. +leapsectz right/UTC diff --git a/roles/ntp/handlers/main.yml b/roles/ntp/handlers/main.yml deleted file mode 100644 index b4bf1ca..0000000 --- a/roles/ntp/handlers/main.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- - -- name: Restart ntp - service: name=ntp state=restarted - -- name: Restart ntpd - service: name=ntpd state=restarted diff --git a/roles/ntp/tasks/Debian.yml b/roles/ntp/tasks/Debian.yml deleted file mode 100644 index 6913b3d..0000000 --- a/roles/ntp/tasks/Debian.yml +++ /dev/null @@ -1,11 +0,0 @@ ---- - -- name: Install ntp - apt: name=ntp - -- name: Configure ntp - template: src=ntp.conf.j2 dest=/etc/ntp.conf - notify: Restart ntp - -- name: Start the ntp service - service: name=ntp state=started enabled=yes diff --git a/roles/ntp/tasks/FreeBSD.yml b/roles/ntp/tasks/FreeBSD.yml deleted file mode 100644 index da2f02f..0000000 --- a/roles/ntp/tasks/FreeBSD.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- - -# ntp is already installed on FreeBSD - -- name: Configure ntp - template: src=ntp.conf.j2 dest=/etc/ntp.conf - notify: Restart ntpd - -- name: Start the ntp service - service: name=ntpd state=started enabled=yes diff --git a/roles/ntp/tasks/main.yml b/roles/ntp/tasks/main.yml deleted file mode 100644 index ae3bb58..0000000 --- a/roles/ntp/tasks/main.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- - -- name: Debian - include: Debian.yml - when: ansible_os_family == 'Debian' - -- name: FreeBSD - include: FreeBSD.yml - when: ansible_distribution == 'FreeBSD' diff --git a/roles/ntp/templates/ntp.conf.j2 b/roles/ntp/templates/ntp.conf.j2 deleted file mode 100644 index 7226197..0000000 --- a/roles/ntp/templates/ntp.conf.j2 +++ /dev/null @@ -1,15 +0,0 @@ -{% for srv in ntp_servers %} -server {{ srv }} iburst -{% endfor %} -{% if ntp_peers is defined %} - -{% for peer in ntp_peers %} -peer {{ peer }} -{% endfor %} -{% endif %} - -restrict default kod nomodify notrap nopeer noquery -restrict -6 default kod nomodify notrap nopeer noquery - -restrict 127.0.0.1 -restrict -6 ::1 diff --git a/site.yml b/site.yml index 20e192a..4da344d 100644 --- a/site.yml +++ b/site.yml @@ -4,7 +4,6 @@ hosts: all roles: - common - - ntp - root_keys - name: Setup unattended updates