NTP server #96

Merged
jeltz merged 3 commits from ntp into master 2022-08-25 23:16:51 +02:00
7 changed files with 80 additions and 0 deletions

1
hosts
View file

@ -89,6 +89,7 @@ dhcp-fleming.adm.auro.re
dhcp-fleming-backup.adm.auro.re dhcp-fleming-backup.adm.auro.re
dns-fleming.adm.auro.re dns-fleming.adm.auro.re
dns-fleming-backup.adm.auro.re dns-fleming-backup.adm.auro.re
ntp-1.int.infra.auro.re
prometheus-fleming.adm.auro.re prometheus-fleming.adm.auro.re
#prometheus-fleming-fo.adm.auro.re #prometheus-fleming-fo.adm.auro.re
radius-fleming.adm.auro.re radius-fleming.adm.auro.re

16
playbooks/chronyd.yml Executable file
View file

@ -0,0 +1,16 @@
#!/usr/bin/env ansible-playbook
---
- hosts:
- ntp-1.int.infra.auro.re
vars:
chronyd__allow_networks:
- 10.128.0.0/16
- 2a09:6840:128::/48
chronyd__pools:
- 0.pool.ntp.org
- 1.pool.ntp.org
- 2.pool.ntp.org
- 3.pool.ntp.org
roles:
- chronyd
...

View file

@ -0,0 +1,9 @@
---
chronyd__pools: []
chronyd__key_file: /etc/chrony/chrony.keys
chronyd__drift_file: /var/lib/chrony/chrony.drift
chronyd__nts_dump_dir: /var/lib/chrony
chronyd__max_update_skew: 100.0
chronyd__rtcsync: true
chronyd__allow_networks: []
...

View file

@ -0,0 +1,6 @@
---
- name: Restart chronyd
systemd:
name: chronyd.service
state: restarted
...

View file

@ -0,0 +1,24 @@
---
- name: Install chronyd
apt:
name: chrony
- name: Configure chronyd
template:
src: "{{ item }}.j2"
dest: "/etc/chrony/{{ item }}"
owner: root
group: root
mode: u=rw,g=r,o=
loop:
- chrony.conf
- chrony.keys
notify:
- Restart chronyd
- name: Enable and start chronyd
systemd:
name: chronyd.service
enabled: true
state: started
...

View file

@ -0,0 +1,23 @@
{{ ansible_managed | comment }}
{% for pool in chronyd__pools %}
pool {{ pool }} iburst
{% endfor %}
keyfile {{ chronyd__key_file }}
dritfile {{ chronyd__drift_file }}
ntsdumpdir {{ chronyd__nts_dump_dir }}
log tracking measurements statistics
maxupdateskew {{ chronyd__max_update_skew | float }}
{% if chronyd__rtcsync %}
rtcsync
{% endif %}
leapsectz right/UTC
{% for network in chronyd__allow_networks %}
allow {{ network | ipaddr }}
{% endfor %}

View file

@ -0,0 +1 @@
{{ ansible_managed | comment }}