diff options
| author | Christian Pointner <equinox@spreadspace.org> | 2020-11-28 00:57:39 +0100 |
|---|---|---|
| committer | Christian Pointner <equinox@spreadspace.org> | 2020-11-28 00:57:39 +0100 |
| commit | 638189b7050d25fce30bf3f7d7c9ac6bafa8a760 (patch) | |
| tree | 7dc42fc9049823a468e8f0163c419ace7041b201 | |
| parent | kubernetes/standalone: fix config hash annotation if role is included multipl... (diff) | |
| parent | core/ntp: add support for openbsd (diff) | |
Merge branch 'topic/core-ntp'
| -rw-r--r-- | dan/ele-dione.yml | 2 | ||||
| -rw-r--r-- | dan/ele-helene.yml | 2 | ||||
| -rw-r--r-- | inventory/host_vars/ele-dione.yml | 11 | ||||
| -rw-r--r-- | inventory/host_vars/ele-helene.yml | 7 | ||||
| -rw-r--r-- | inventory/host_vars/lw-dione.yml | 11 | ||||
| -rw-r--r-- | inventory/host_vars/lw-helene.yml | 5 | ||||
| -rw-r--r-- | roles/chrony/handlers/main.yml | 5 | ||||
| -rw-r--r-- | roles/chrony/templates/chrony.conf.j2 | 55 | ||||
| -rw-r--r-- | roles/core/ntp/defaults/main.yml (renamed from roles/chrony/defaults/main.yml) | 18 | ||||
| -rw-r--r-- | roles/core/ntp/handlers/main.yml | 20 | ||||
| -rw-r--r-- | roles/core/ntp/tasks/Debian_chrony.yml (renamed from roles/chrony/tasks/main.yml) | 0 | ||||
| -rw-r--r-- | roles/core/ntp/tasks/Debian_openntpd.yml | 11 | ||||
| -rw-r--r-- | roles/core/ntp/tasks/Debian_systemd-timesyncd.yml | 18 | ||||
| -rw-r--r-- | roles/core/ntp/tasks/OpenBSD_openntpd.yml | 6 | ||||
| -rw-r--r-- | roles/core/ntp/tasks/error.yml | 3 | ||||
| -rw-r--r-- | roles/core/ntp/tasks/main.yml | 14 | ||||
| -rw-r--r-- | roles/core/ntp/templates/chrony.conf.j2 | 56 | ||||
| -rw-r--r-- | roles/core/ntp/templates/openntpd.conf.j2 | 22 | ||||
| -rw-r--r-- | spreadspace/lw-dione.yml | 2 | ||||
| -rw-r--r-- | spreadspace/lw-helene.yml | 2 |
20 files changed, 187 insertions, 83 deletions
diff --git a/dan/ele-dione.yml b/dan/ele-dione.yml index fe6a0593..742598a8 100644 --- a/dan/ele-dione.yml +++ b/dan/ele-dione.yml @@ -7,6 +7,6 @@ - role: core/sshd - role: core/zsh - role: core/cpu-microcode + - role: core/ntp - role: core/admin-users - role: streaming/blackmagic/desktopvideo - - role: chrony diff --git a/dan/ele-helene.yml b/dan/ele-helene.yml index a18477b9..88fae823 100644 --- a/dan/ele-helene.yml +++ b/dan/ele-helene.yml @@ -7,9 +7,9 @@ - role: core/sshd - role: core/zsh - role: core/cpu-microcode + - role: core/ntp - role: core/admin-users - role: streaming/blackmagic/desktopvideo - - role: chrony post_tasks: ## this is needed for local rtmp proxy - name: install interface config for guest vlan diff --git a/inventory/host_vars/ele-dione.yml b/inventory/host_vars/ele-dione.yml index 1152e5cf..635ab2f8 100644 --- a/inventory/host_vars/ele-dione.yml +++ b/inventory/host_vars/ele-dione.yml @@ -39,13 +39,16 @@ kubelet_lvm: fs: ext4 -chrony_source_pools: +ntp_variant: chrony + +ntp_client: + pools: - name: at.pool.ntp.org options: iburst -chrony_hwtimestamp_interfaces: +ntp_hwtimestamp_interfaces: - name: "*" -chrony_server: +ntp_server: allow: - - "{{ network_zones.lan.prefix }}" + - "{{ network_zones.lan.prefix }}" diff --git a/inventory/host_vars/ele-helene.yml b/inventory/host_vars/ele-helene.yml index a5418e56..a753a35c 100644 --- a/inventory/host_vars/ele-helene.yml +++ b/inventory/host_vars/ele-helene.yml @@ -39,9 +39,12 @@ kubelet_lvm: fs: ext4 -chrony_source_servers: +ntp_variant: chrony + +ntp_client: + servers: - name: "{{ network_zones.lan.prefix | ipaddr(network_zones.lan.offsets['ele-dione']) | ipaddr('address') }}" options: iburst minpoll 1 maxpoll 3 polltarget 30 -chrony_hwtimestamp_interfaces: +ntp_hwtimestamp_interfaces: - name: "*" diff --git a/inventory/host_vars/lw-dione.yml b/inventory/host_vars/lw-dione.yml index 9b05f037..ce9016ca 100644 --- a/inventory/host_vars/lw-dione.yml +++ b/inventory/host_vars/lw-dione.yml @@ -40,13 +40,16 @@ kubelet_lvm: fs: ext4 -chrony_source_pools: +ntp_variant: chrony + +ntp_client: + pools: - name: at.pool.ntp.org options: iburst -chrony_hwtimestamp_interfaces: +ntp_hwtimestamp_interfaces: - name: "*" -chrony_server: +ntp_server: allow: - - "192.168.32.0/24" + - "192.168.32.0/24" diff --git a/inventory/host_vars/lw-helene.yml b/inventory/host_vars/lw-helene.yml index 6b68549b..16c89e76 100644 --- a/inventory/host_vars/lw-helene.yml +++ b/inventory/host_vars/lw-helene.yml @@ -40,9 +40,10 @@ kubelet_lvm: fs: ext4 -chrony_source_servers: +ntp_client: + servers: - name: "192.168.32.202" options: iburst minpoll 1 maxpoll 3 polltarget 30 -chrony_hwtimestamp_interfaces: +ntp_hwtimestamp_interfaces: - name: "*" diff --git a/roles/chrony/handlers/main.yml b/roles/chrony/handlers/main.yml deleted file mode 100644 index 08d878be..00000000 --- a/roles/chrony/handlers/main.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- name: restart chrony - service: - name: chrony - state: restarted diff --git a/roles/chrony/templates/chrony.conf.j2 b/roles/chrony/templates/chrony.conf.j2 deleted file mode 100644 index 62d45315..00000000 --- a/roles/chrony/templates/chrony.conf.j2 +++ /dev/null @@ -1,55 +0,0 @@ -### Global options - -cmdport 0 -keyfile /etc/chrony/chrony.keys -driftfile /var/lib/chrony/chrony.drift -logdir /var/log/chrony -maxupdateskew 100.0 -rtcsync -makestep 1 3 - -{% if chrony_hwtimestamp_interfaces is defined %} -{% for interface in chrony_hwtimestamp_interfaces %} -hwtimestamp {{ interface.name }}{% if 'options' in interface %} {{ interface.options }}{% endif %}{{ '' }} -{% endfor %} - -{% endif %} - -### Sources - -{% if chrony_source_servers is defined %} -{% for server in chrony_source_servers %} -server {{ server.name }}{% if 'options' in server %} {{ server.options }}{% endif %}{{ '' }} -{% endfor %} - -{% endif %} -{% if chrony_source_pools is defined %} -{% for pool in chrony_source_pools %} -pool {{ pool.name }}{% if 'options' in pool %} {{ pool.options }}{% endif %}{{ '' }} -{% endfor %} - -{% endif %} -{% if chrony_source_peers is defined %} -{% for peer in chrony_source_peers %} -peer {{ peer.name }}{% if 'options' in peer %} {{ peer.options }}{% endif %}{{ '' }} -{% endfor %} - -{% endif %} - - -{% if chrony_server is defined %} -### Server - -{% for rule in chrony_server.allow | default([]) %} -allow {{ rule }} -{% endfor %} -{% for rule in chrony_server.deny | default([]) %} -deny {{ rule }} -{% endfor %} -{% if 'bindaddress' in chrony_server %} -bindaddress {{ chrony_server.bind }} -{% endif %} -{% if 'port' in chrony_server %} - port {{ chrony_server.port }} -{% endif %} -{% endif %} diff --git a/roles/chrony/defaults/main.yml b/roles/core/ntp/defaults/main.yml index bec79d5f..08e0ca80 100644 --- a/roles/chrony/defaults/main.yml +++ b/roles/core/ntp/defaults/main.yml @@ -1,23 +1,27 @@ --- -# chrony_source_servers: +# ntp_variant: systemd-timesyncd +# ntp_variant: chrony +# ntp_variant: openntpd + + +# ntp_client: +# servers: # - name: ntp.example.com # options: iburst ... - -# chrony_source_pools: +# pools: # - name: pool.example.com # options: iburst .... - -# chrony_source_peers: +# peers: # - name: peer.example.com # options: iburst .... -# chrony_hwtimestamp_interfaces: +# ntp_hwtimestamp_interfaces: # - name: "*" # options: .... -# chrony_server: +# ntp_server: # allow: [] # deny: [] # bind: 0.0.0.0 diff --git a/roles/core/ntp/handlers/main.yml b/roles/core/ntp/handlers/main.yml new file mode 100644 index 00000000..fa1274e8 --- /dev/null +++ b/roles/core/ntp/handlers/main.yml @@ -0,0 +1,20 @@ +--- +- name: restart chrony + service: + name: chrony + state: restarted + +- name: restart systemd-timesyncd + service: + name: systemd-timesyncd + state: restarted + +- name: restart openntpd + service: + name: openntpd + state: restarted + +- name: restart ntpd + service: + name: ntpd + state: restarted diff --git a/roles/chrony/tasks/main.yml b/roles/core/ntp/tasks/Debian_chrony.yml index d220af30..d220af30 100644 --- a/roles/chrony/tasks/main.yml +++ b/roles/core/ntp/tasks/Debian_chrony.yml diff --git a/roles/core/ntp/tasks/Debian_openntpd.yml b/roles/core/ntp/tasks/Debian_openntpd.yml new file mode 100644 index 00000000..76f62646 --- /dev/null +++ b/roles/core/ntp/tasks/Debian_openntpd.yml @@ -0,0 +1,11 @@ +--- +- name: install openntpd + apt: + name: openntpd + state: present + +- name: install openntpd configuration + template: + src: openntpd.conf.j2 + dest: /etc/openntpd/ntpd.conf + notify: restart openntpd diff --git a/roles/core/ntp/tasks/Debian_systemd-timesyncd.yml b/roles/core/ntp/tasks/Debian_systemd-timesyncd.yml new file mode 100644 index 00000000..20a5f379 --- /dev/null +++ b/roles/core/ntp/tasks/Debian_systemd-timesyncd.yml @@ -0,0 +1,18 @@ +--- +- name: set ntp servers + when: + - ntp_client is defined + - "'servers' in ntp_client" + lineinfile: + path: /etc/systemd/timesyncd.conf + regexp: '^#?NTP=' + line: "NTP={{ ntp_client.servers | map(attribute='name') | join(' ') }}" + notify: restart systemd-timesyncd + +- name: un-set ntp servers + when: "ntp_client is not defined or 'servers' not in ntp_client" + lineinfile: + path: /etc/systemd/timesyncd.conf + regexp: '^#?NTP=' + line: "#NTP=" + notify: restart systemd-timesyncd diff --git a/roles/core/ntp/tasks/OpenBSD_openntpd.yml b/roles/core/ntp/tasks/OpenBSD_openntpd.yml new file mode 100644 index 00000000..947b23c4 --- /dev/null +++ b/roles/core/ntp/tasks/OpenBSD_openntpd.yml @@ -0,0 +1,6 @@ +--- +- name: install openntpd configuration + template: + src: openntpd.conf.j2 + dest: /etc/ntpd.conf + notify: restart ntpd diff --git a/roles/core/ntp/tasks/error.yml b/roles/core/ntp/tasks/error.yml new file mode 100644 index 00000000..84a1a198 --- /dev/null +++ b/roles/core/ntp/tasks/error.yml @@ -0,0 +1,3 @@ +--- +- fail: + msg: "ntp variant '{{ ntp_variant }}' is not supported on this platform" diff --git a/roles/core/ntp/tasks/main.yml b/roles/core/ntp/tasks/main.yml new file mode 100644 index 00000000..d8c619a9 --- /dev/null +++ b/roles/core/ntp/tasks/main.yml @@ -0,0 +1,14 @@ +--- +- name: load os/distrubtion/version specific tasks + when: ntp_variant is defined + vars: + params: + files: + - "{{ ansible_distribution_release }}_{{ ntp_variant }}.yml" + - "{{ ansible_distribution }}_{{ ntp_variant }}.yml" + - "{{ ansible_os_family }}_{{ ntp_variant }}.yml" + - "error.yml" + loop: "{{ q('first_found', params) }}" + loop_control: + loop_var: tasks_file + include_tasks: "{{ tasks_file }}" diff --git a/roles/core/ntp/templates/chrony.conf.j2 b/roles/core/ntp/templates/chrony.conf.j2 new file mode 100644 index 00000000..e404da18 --- /dev/null +++ b/roles/core/ntp/templates/chrony.conf.j2 @@ -0,0 +1,56 @@ +### Global options + +cmdport 0 +keyfile /etc/chrony/chrony.keys +driftfile /var/lib/chrony/chrony.drift +logdir /var/log/chrony +maxupdateskew 100.0 +rtcsync +makestep 1 3 +{% if ntp_hwtimestamp_interfaces is defined %} + +{% for interface in ntp_hwtimestamp_interfaces %} +hwtimestamp {{ interface.name }}{% if 'options' in interface %} {{ interface.options }}{% endif %}{{ '' }} +{% endfor %} +{% endif %} +{% if ntp_client is defined %} + + +### Client +{% if 'servers' in ntp_client %} + +{% for server in ntp_client.servers %} +server {{ server.name }}{% if 'options' in server %} {{ server.options }}{% endif %}{{ '' }} +{% endfor %} +{% endif %} +{% if 'pools' in ntp_client %} + +{% for pool in ntp_client.pools %} +pool {{ pool.name }}{% if 'options' in pool %} {{ pool.options }}{% endif %}{{ '' }} +{% endfor %} +{% endif %} +{% if 'peers' in ntp_client %} + +{% for peer in ntp_client.peers %} +peer {{ peer.name }}{% if 'options' in peer %} {{ peer.options }}{% endif %}{{ '' }} +{% endfor %} +{% endif %} +{% endif %} +{% if ntp_server is defined %} + + +### Server + +{% for rule in ntp_server.allow | default([]) %} +allow {{ rule }} +{% endfor %} +{% for rule in ntp_server.deny | default([]) %} +deny {{ rule }} +{% endfor %} +{% if 'bind' in ntp_server %} +bindaddress {{ ntp_server.bind }} +{% endif %} +{% if 'port' in ntp_server %} +port {{ ntp_server.port }} +{% endif %} +{% endif %} diff --git a/roles/core/ntp/templates/openntpd.conf.j2 b/roles/core/ntp/templates/openntpd.conf.j2 new file mode 100644 index 00000000..3e2204f6 --- /dev/null +++ b/roles/core/ntp/templates/openntpd.conf.j2 @@ -0,0 +1,22 @@ +{% if ntp_client is defined %} +### Client +{% if 'servers' in ntp_client %} + +{% for server in ntp_client.servers %} +server {{ server.name }}{% if 'options' in server %} {{ server.options }}{% endif %}{{ '' }} +{% endfor %} +{% endif %} +{% if 'pools' in ntp_client %} + +{% for pool in ntp_client.pools %} +servers {{ pool.name }}{% if 'options' in pool %} {{ pool.options }}{% endif %}{{ '' }} +{% endfor %} +{% endif %} +{% endif %} +{% if ntp_server is defined %} + + +### Server + +listen on {{ ntp_server.bind | default('*') }} +{% endif %} diff --git a/spreadspace/lw-dione.yml b/spreadspace/lw-dione.yml index f0a3ce59..edc2e97b 100644 --- a/spreadspace/lw-dione.yml +++ b/spreadspace/lw-dione.yml @@ -7,6 +7,6 @@ - role: core/sshd - role: core/zsh - role: core/cpu-microcode + - role: core/ntp - role: core/admin-users - role: streaming/blackmagic/desktopvideo - - role: chrony diff --git a/spreadspace/lw-helene.yml b/spreadspace/lw-helene.yml index 5b2afda3..cbf9f3b9 100644 --- a/spreadspace/lw-helene.yml +++ b/spreadspace/lw-helene.yml @@ -7,6 +7,6 @@ - role: core/sshd - role: core/zsh - role: core/cpu-microcode + - role: core/ntp - role: core/admin-users - role: streaming/blackmagic/desktopvideo - - role: chrony |