chronyd: add role + playbook

playbooks/chronyd.yml

@@ -0,0 +1,16 @@
+#!/usr/bin/env ansible-playbook
+---
+- hosts:
+    - ntp-1.int.infra.auro.re
+  vars:
+    chronyd__allow_networks:
+      - 10.128.0.0/16
+      - 2a09:6840:128::/48
+    chronyd__pools:
+      - 0.pool.ntp.org
+      - 1.pool.ntp.org
+      - 2.pool.ntp.org
+      - 3.pool.ntp.org
+  roles:
+    - chronyd
+...

roles/chronyd/defaults/main.yml

@@ -0,0 +1,9 @@
+---
+chronyd__pools: []
+chronyd__key_file: /etc/chrony/chrony.keys
+chronyd__drift_file: /var/lib/chrony/chrony.drift
+chronyd__nts_dump_dir: /var/lib/chrony
+chronyd__max_update_skew: 100.0
+chronyd__rtcsync: true
+chronyd__allow_networks: []
+...

roles/chronyd/handlers/main.yml

@@ -0,0 +1,6 @@
+---
+- name: Restart chronyd
+  systemd:
+    name: chronyd.service
+    state: restarted
+...

roles/chronyd/tasks/main.yml

@@ -0,0 +1,24 @@
+---
+- name: Install chronyd
+  apt:
+    name: chrony
+
+- name: Configure chronyd
+  template:
+    src: "{{ item }}.j2"
+    dest: "/etc/chrony/{{ item }}"
+    owner: root
+    group: root
+    mode: u=rw,g=r,o=
+  loop:
+    - chrony.conf
+    - chrony.keys
+  notify:
+    - Restart chronyd
+
+- name: Enable and start chronyd
+  systemd:
+    name: chronyd.service
+    enabled: true
+    state: started
+...

roles/chronyd/templates/chrony.conf.j2

@@ -0,0 +1,23 @@
+{{ ansible_managed | comment }}
+
+{% for pool in chronyd__pools %}
+pool {{ pool }} iburst
+{% endfor %}
+
+keyfile {{ chronyd__key_file }}
+dritfile {{ chronyd__drift_file }}
+ntsdumpdir {{ chronyd__nts_dump_dir }}
+
+log tracking measurements statistics
+
+maxupdateskew {{ chronyd__max_update_skew | float }}
+
+{% if chronyd__rtcsync %}
+rtcsync
+{% endif %}
+
+leapsectz right/UTC
+
+{% for network in chronyd__allow_networks %}
+allow {{ network | ipaddr }}
+{% endfor %}

roles/chronyd/templates/chrony.keys.j2

@@ -0,0 +1 @@
+{{ ansible_managed | comment }}