commit 25f3e85c6437a11f1bd4a202ffc11dca666d8f0d Author: Adrien Date: Mon Oct 8 19:35:08 2018 +0200 Externalize role diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..e03d3cc --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,9 @@ +--- +chrony_ntpservers: + - 0.centos.pool.ntp.org + - 1.centos.pool.ntp.org + - 2.centos.pool.ntp.org + - 3.centos.pool.ntp.org +chrony_allowclients: false +#chrony_clients: +# - 192.168.0.0/24 diff --git a/handlers/main.yml b/handlers/main.yml new file mode 100644 index 0000000..5dcd0c8 --- /dev/null +++ b/handlers/main.yml @@ -0,0 +1,4 @@ +--- +- name: Restart chronyd + service: name="chronyd" state=restarted + diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..1859bf0 --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,24 @@ +--- +- name: Include vars for {{ ansible_os_family }} + include_vars: "{{ ansible_os_family }}.yml" + +- name: Install chrony packages + package: name="{{ chrony_packages_name }}" state=latest update_cache=yes + notify: Restart chronyd + +- name: Deploy chronyd configuration + template: src=chrony.conf.j2 dest=/etc/chrony.conf owner=root group=root mode=0644 + notify: Restart chronyd + +- name: Enable chronyd on boot + service: name=chronyd enabled=yes + +- name: Open Firewalld + firewalld: + service: ntp + permanent: true + state: enabled + immediate: true + zone: internal + when: + - chrony_allowclients diff --git a/templates/chrony.conf.j2 b/templates/chrony.conf.j2 new file mode 100644 index 0000000..a6c7152 --- /dev/null +++ b/templates/chrony.conf.j2 @@ -0,0 +1,59 @@ +# Use public servers from the pool.ntp.org project. +# Please consider joining the pool (http://www.pool.ntp.org/join.html). +{% for ntpserver in chrony_ntpservers %} +server {{ ntpserver }} iburst +{% endfor %} + +{% if chrony_clients is defined %} +# Ignore stratum in source selection. +stratumweight 0 + +{% endif %} +# Record the rate at which the system clock gains/losses time. +driftfile /var/lib/chrony/drift + +# Enable kernel synchronization of the real-time clock (RTC). +rtcsync + +# In first three updates step the system clock instead of slew +# if the adjustment is larger than 10 seconds. +makestep 10 3 + +# Enable hardware timestamping on all interfaces that support it. +#hwtimestamp * + +# Increase the minimum number of selectable sources required to adjust +# the system clock. +#minsources 2 + +# Allow NTP client access from local network. +{% if chrony_allowclients %} +{% for client in chrony_clients %} +allow {{ client }} +{% endfor %} +{% else %} +#allow 192.168/16 +{% endif %} + +# Listen for commands only on localhost. +bindcmdaddress 127.0.0.1 +bindcmdaddress ::1 +cmdallow 127.0.0.1 +cmdallow ::1 + +# Serve time even if not synchronized to a time source. +#local stratum 10 + +# Specify file containing keys for NTP authentication. +keyfile /etc/chrony.keys + +# Disable logging of client accesses. +#noclientlog + +# Send a message to syslog if a clock adjustment is larger than 0.5 seconds. +logchange 0.5 + +# Specify directory for log files. +logdir /var/log/chrony +# Select which information is logged. +#log measurements statistics tracking diff --git a/vars/RedHat.yml b/vars/RedHat.yml new file mode 100644 index 0000000..6bc8c6a --- /dev/null +++ b/vars/RedHat.yml @@ -0,0 +1,4 @@ +--- +chrony_packages_name: + - chrony +