6 files changed, 115 insertions, 0 deletions

diff --git a/inventory/host_vars/ele-dione.yml b/inventory/host_vars/ele-dione.yml
index 5654d8c8..e6676a23 100644
--- a/inventory/host_vars/ele-dione.yml
+++ b/inventory/host_vars/ele-dione.yml
@@ -36,3 +36,15 @@ kubelet_lvm:
   lv: kubelet
   size: 10G
   fs: ext4
+
+
+chrony_source_pools:
+  - name: at.pool.ntp.org
+    options: iburst
+
+chrony_hwtimestamp_interfaces:
+  - name: "*"
+
+chrony_server:
+  allow:
+    - "{{ network_zones.lan.prefix }}"
diff --git a/inventory/host_vars/ele-helene.yml b/inventory/host_vars/ele-helene.yml
index 1d32bb9d..75868f2d 100644
--- a/inventory/host_vars/ele-helene.yml
+++ b/inventory/host_vars/ele-helene.yml
@@ -36,3 +36,11 @@ kubelet_lvm:
   lv: kubelet
   size: 10G
   fs: ext4
+
+
+chrony_source_servers:
+  - name: "{{ network_zones.lan.prefix | ipaddr(network_zones.lan.offsets['ele-dione']) | ipaddr('address') }}"
+    options: iburst minpoll 1 maxpoll 3 polltarget 30
+
+chrony_hwtimestamp_interfaces:
+  - name: "*"
diff --git a/roles/chrony/defaults/main.yml b/roles/chrony/defaults/main.yml
new file mode 100644
index 00000000..bec79d5f
--- /dev/null
+++ b/roles/chrony/defaults/main.yml
@@ -0,0 +1,24 @@
+---
+# chrony_source_servers:
+#   - name: ntp.example.com
+#     options: iburst ...
+
+# chrony_source_pools:
+#   - name: pool.example.com
+#     options: iburst ....
+
+# chrony_source_peers:
+#   - name: peer.example.com
+#     options: iburst ....
+
+
+# chrony_hwtimestamp_interfaces:
+#   - name: "*"
+#     options: ....
+
+
+# chrony_server:
+#   allow: []
+#   deny: []
+#   bind: 0.0.0.0
+#   port: 123
diff --git a/roles/chrony/handlers/main.yml b/roles/chrony/handlers/main.yml
new file mode 100644
index 00000000..08d878be
--- /dev/null
+++ b/roles/chrony/handlers/main.yml
@@ -0,0 +1,5 @@
+---
+- name: restart chrony
+  service:
+    name: chrony
+    state: restarted
diff --git a/roles/chrony/tasks/main.yml b/roles/chrony/tasks/main.yml
new file mode 100644
index 00000000..d220af30
--- /dev/null
+++ b/roles/chrony/tasks/main.yml
@@ -0,0 +1,11 @@
+---
+- name: install chrony
+  apt:
+    name: chrony
+    state: present
+
+- name: install chrony configuration
+  template:
+    src: chrony.conf.j2
+    dest: /etc/chrony/chrony.conf
+  notify: restart chrony
diff --git a/roles/chrony/templates/chrony.conf.j2 b/roles/chrony/templates/chrony.conf.j2
new file mode 100644
index 00000000..62d45315
--- /dev/null
+++ b/roles/chrony/templates/chrony.conf.j2
@@ -0,0 +1,55 @@
+### Global options
+
+cmdport 0
+keyfile /etc/chrony/chrony.keys
+driftfile /var/lib/chrony/chrony.drift
+logdir /var/log/chrony
+maxupdateskew 100.0
+rtcsync
+makestep 1 3
+
+{% if chrony_hwtimestamp_interfaces is defined %}
+{%   for interface in chrony_hwtimestamp_interfaces %}
+hwtimestamp {{ interface.name }}{% if 'options' in interface %} {{ interface.options }}{% endif %}{{ '' }}
+{%   endfor %}
+
+{% endif %}
+
+### Sources
+
+{% if chrony_source_servers is defined %}
+{%   for server in chrony_source_servers %}
+server {{ server.name }}{% if 'options' in server %} {{ server.options }}{% endif %}{{ '' }}
+{%   endfor %}
+
+{% endif %}
+{% if chrony_source_pools is defined %}
+{%   for pool in chrony_source_pools %}
+pool {{ pool.name }}{% if 'options' in pool %} {{ pool.options }}{% endif %}{{ '' }}
+{%   endfor %}
+
+{% endif %}
+{% if chrony_source_peers is defined %}
+{%   for peer in chrony_source_peers %}
+peer {{ peer.name }}{% if 'options' in peer %} {{ peer.options }}{% endif %}{{ '' }}
+{%   endfor %}
+
+{% endif %}
+
+
+{% if chrony_server is defined %}
+### Server
+
+{%   for rule in chrony_server.allow | default([]) %}
+allow {{ rule }}
+{%   endfor %}
+{%   for rule in chrony_server.deny | default([]) %}
+deny {{ rule }}
+{%   endfor %}
+{%   if 'bindaddress' in chrony_server %}
+bindaddress {{ chrony_server.bind }}
+{%   endif %}
+{%   if 'port' in chrony_server %}
+  port {{ chrony_server.port }}
+{%   endif %}
+{% endif %}