Externalize role

defaults/main.yml

@@ -0,0 +1,9 @@
+---
+chrony_ntpservers:
+  - 0.centos.pool.ntp.org
+  - 1.centos.pool.ntp.org
+  - 2.centos.pool.ntp.org
+  - 3.centos.pool.ntp.org
+chrony_allowclients: false
+#chrony_clients:
+#  - 192.168.0.0/24

handlers/main.yml

@@ -0,0 +1,4 @@
+---
+- name: Restart chronyd
+  service: name="chronyd" state=restarted
+

tasks/main.yml

@@ -0,0 +1,24 @@
+---
+- name: Include vars for {{ ansible_os_family }}
+  include_vars: "{{ ansible_os_family }}.yml"
+
+- name: Install chrony packages
+  package: name="{{ chrony_packages_name }}" state=latest update_cache=yes
+  notify: Restart chronyd
+
+- name: Deploy chronyd configuration
+  template: src=chrony.conf.j2 dest=/etc/chrony.conf owner=root group=root mode=0644
+  notify: Restart chronyd
+
+- name: Enable chronyd on boot
+  service: name=chronyd enabled=yes
+
+- name: Open Firewalld
+  firewalld:
+    service: ntp
+    permanent: true
+    state: enabled
+    immediate: true
+    zone: internal
+  when:
+    - chrony_allowclients

templates/chrony.conf.j2

@@ -0,0 +1,59 @@
+# Use public servers from the pool.ntp.org project.
+# Please consider joining the pool (http://www.pool.ntp.org/join.html).
+{% for ntpserver in chrony_ntpservers %}
+server {{ ntpserver }} iburst
+{% endfor %}
+
+{% if chrony_clients is defined %}
+# Ignore stratum in source selection.
+stratumweight 0
+
+{% endif %}
+# Record the rate at which the system clock gains/losses time.
+driftfile /var/lib/chrony/drift
+
+# Enable kernel synchronization of the real-time clock (RTC).
+rtcsync
+
+# In first three updates step the system clock instead of slew
+# if the adjustment is larger than 10 seconds.
+makestep 10 3
+
+# Enable hardware timestamping on all interfaces that support it.
+#hwtimestamp *
+
+# Increase the minimum number of selectable sources required to adjust
+# the system clock.
+#minsources 2
+
+# Allow NTP client access from local network.
+{% if chrony_allowclients %}
+{% for client in chrony_clients %}
+allow {{ client }}
+{% endfor %}
+{% else %}
+#allow 192.168/16
+{% endif %}
+
+# Listen for commands only on localhost.
+bindcmdaddress 127.0.0.1
+bindcmdaddress ::1
+cmdallow 127.0.0.1
+cmdallow ::1
+
+# Serve time even if not synchronized to a time source.
+#local stratum 10
+
+# Specify file containing keys for NTP authentication.
+keyfile /etc/chrony.keys
+
+# Disable logging of client accesses.
+#noclientlog
+
+# Send a message to syslog if a clock adjustment is larger than 0.5 seconds.
+logchange 0.5
+
+# Specify directory for log files.
+logdir /var/log/chrony
+# Select which information is logged.
+#log measurements statistics tracking

vars/RedHat.yml

@@ -0,0 +1,4 @@
+---
+chrony_packages_name:
+  - chrony
+