From dbe9dbdc2716081d140edb1321bc1650c20e4025 Mon Sep 17 00:00:00 2001 From: Jeltz Date: Thu, 25 Aug 2022 22:21:38 +0200 Subject: [PATCH 1/2] Add ntp-1.int --- hosts | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts b/hosts index 5876707..62b39c9 100644 --- a/hosts +++ b/hosts @@ -86,6 +86,7 @@ dhcp-fleming.adm.auro.re dhcp-fleming-backup.adm.auro.re dns-fleming.adm.auro.re dns-fleming-backup.adm.auro.re +ntp-1.int.infra.auro.re prometheus-fleming.adm.auro.re #prometheus-fleming-fo.adm.auro.re radius-fleming.adm.auro.re From d2c1b1c07a7017379d1214abdfa559c9e34183f0 Mon Sep 17 00:00:00 2001 From: Jeltz Date: Thu, 25 Aug 2022 23:01:00 +0200 Subject: [PATCH 2/2] chronyd: add role + playbook --- playbooks/chronyd.yml | 16 ++++++++++++++++ roles/chronyd/defaults/main.yml | 9 +++++++++ roles/chronyd/handlers/main.yml | 6 ++++++ roles/chronyd/tasks/main.yml | 24 ++++++++++++++++++++++++ roles/chronyd/templates/chrony.conf.j2 | 23 +++++++++++++++++++++++ roles/chronyd/templates/chrony.keys.j2 | 1 + 6 files changed, 79 insertions(+) create mode 100755 playbooks/chronyd.yml create mode 100644 roles/chronyd/defaults/main.yml create mode 100644 roles/chronyd/handlers/main.yml create mode 100644 roles/chronyd/tasks/main.yml create mode 100644 roles/chronyd/templates/chrony.conf.j2 create mode 100644 roles/chronyd/templates/chrony.keys.j2 diff --git a/playbooks/chronyd.yml b/playbooks/chronyd.yml new file mode 100755 index 0000000..e5a0619 --- /dev/null +++ b/playbooks/chronyd.yml @@ -0,0 +1,16 @@ +#!/usr/bin/env ansible-playbook +--- +- hosts: + - ntp-1.int.infra.auro.re + vars: + chronyd__allow_networks: + - 10.128.0.0/16 + - 2a09:6840:128::/48 + chronyd__pools: + - 0.pool.ntp.org + - 1.pool.ntp.org + - 2.pool.ntp.org + - 3.pool.ntp.org + roles: + - chronyd +... diff --git a/roles/chronyd/defaults/main.yml b/roles/chronyd/defaults/main.yml new file mode 100644 index 0000000..8355138 --- /dev/null +++ b/roles/chronyd/defaults/main.yml @@ -0,0 +1,9 @@ +--- +chronyd__pools: [] +chronyd__key_file: /etc/chrony/chrony.keys +chronyd__drift_file: /var/lib/chrony/chrony.drift +chronyd__nts_dump_dir: /var/lib/chrony +chronyd__max_update_skew: 100.0 +chronyd__rtcsync: true +chronyd__allow_networks: [] +... diff --git a/roles/chronyd/handlers/main.yml b/roles/chronyd/handlers/main.yml new file mode 100644 index 0000000..4a12e18 --- /dev/null +++ b/roles/chronyd/handlers/main.yml @@ -0,0 +1,6 @@ +--- +- name: Restart chronyd + systemd: + name: chronyd.service + state: restarted +... diff --git a/roles/chronyd/tasks/main.yml b/roles/chronyd/tasks/main.yml new file mode 100644 index 0000000..9910415 --- /dev/null +++ b/roles/chronyd/tasks/main.yml @@ -0,0 +1,24 @@ +--- +- name: Install chronyd + apt: + name: chrony + +- name: Configure chronyd + template: + src: "{{ item }}.j2" + dest: "/etc/chrony/{{ item }}" + owner: root + group: root + mode: u=rw,g=r,o= + loop: + - chrony.conf + - chrony.keys + notify: + - Restart chronyd + +- name: Enable and start chronyd + systemd: + name: chronyd.service + enabled: true + state: started +... diff --git a/roles/chronyd/templates/chrony.conf.j2 b/roles/chronyd/templates/chrony.conf.j2 new file mode 100644 index 0000000..ea994d8 --- /dev/null +++ b/roles/chronyd/templates/chrony.conf.j2 @@ -0,0 +1,23 @@ +{{ ansible_managed | comment }} + +{% for pool in chronyd__pools %} +pool {{ pool }} iburst +{% endfor %} + +keyfile {{ chronyd__key_file }} +dritfile {{ chronyd__drift_file }} +ntsdumpdir {{ chronyd__nts_dump_dir }} + +log tracking measurements statistics + +maxupdateskew {{ chronyd__max_update_skew | float }} + +{% if chronyd__rtcsync %} +rtcsync +{% endif %} + +leapsectz right/UTC + +{% for network in chronyd__allow_networks %} +allow {{ network | ipaddr }} +{% endfor %} diff --git a/roles/chronyd/templates/chrony.keys.j2 b/roles/chronyd/templates/chrony.keys.j2 new file mode 100644 index 0000000..5c02948 --- /dev/null +++ b/roles/chronyd/templates/chrony.keys.j2 @@ -0,0 +1 @@ +{{ ansible_managed | comment }}