From: Arnaldo Hernandez Date: Thu, 27 Jun 2024 15:40:29 +0000 (-0500) Subject: Adding playbook and role to deploy ntp as a prerequisite. X-Git-Url: https://gerrit.o-ran-sc.org/r/gitweb?a=commitdiff_plain;h=104bd30e1a1c8fd94b3527bb5d56f39c8c53e718;p=pti%2Frtp.git Adding playbook and role to deploy ntp as a prerequisite. Issue-ID: INF-441 Change-Id: I1e8619bcef055e2ca31837badfe3fd2bf7fc0d84 Signed-off-by: Arnaldo Hernandez --- diff --git a/okd/playbooks/deploy_ntp.yml b/okd/playbooks/deploy_ntp.yml new file mode 100644 index 00000000..9b6d9da8 --- /dev/null +++ b/okd/playbooks/deploy_ntp.yml @@ -0,0 +1,9 @@ +--- +- name: Setup NTP + hosts: ntp_host + gather_facts: false + vars: + SETUP_NTP_SERVICE: "{{setup_ntp_service | default(false) | bool }}" + roles: + - role: setup_ntp + when: SETUP_NTP_SERVICE | bool diff --git a/okd/roles/setup_ntp/README.md b/okd/roles/setup_ntp/README.md new file mode 100644 index 00000000..244e3736 --- /dev/null +++ b/okd/roles/setup_ntp/README.md @@ -0,0 +1,3 @@ +# setup_ntp + +Deploys chrony \ No newline at end of file diff --git a/okd/roles/setup_ntp/defaults/main.yml b/okd/roles/setup_ntp/defaults/main.yml new file mode 100644 index 00000000..dff49bec --- /dev/null +++ b/okd/roles/setup_ntp/defaults/main.yml @@ -0,0 +1,10 @@ +--- +ntp_pool_servers: + - 0.us.pool.ntp.org + - 1.us.pool.ntp.org + - 2.us.pool.ntp.org + - 3.us.pool.ntp.org + +enable_logging: false + +ntp_server_allows: "{% if ntp_server_allow is defined %}{{ [ntp_server_allow] }}{% else %}{{ [] }}{% endif %}" diff --git a/okd/roles/setup_ntp/handlers/main.yml b/okd/roles/setup_ntp/handlers/main.yml new file mode 100644 index 00000000..d7676973 --- /dev/null +++ b/okd/roles/setup_ntp/handlers/main.yml @@ -0,0 +1,13 @@ +--- +- name: Restart chronyd + ansible.builtin.service: + name: chronyd + state: restarted + become: true + +- name: Start chronyd + ansible.builtin.service: + name: chronyd + state: started + enabled: true + become: true diff --git a/okd/roles/setup_ntp/tasks/main.yml b/okd/roles/setup_ntp/tasks/main.yml new file mode 100644 index 00000000..b89e5d08 --- /dev/null +++ b/okd/roles/setup_ntp/tasks/main.yml @@ -0,0 +1,31 @@ +--- +- name: Setup Chrony + become: true + block: + - name: Install Chrony + ansible.builtin.package: + name: chrony + state: present + + - name: Configure chrony + ansible.builtin.template: + src: chrony.conf.j2 + dest: /etc/chrony.conf + owner: root + group: root + mode: "0644" + notify: Restart chronyd + + - name: Start chrony + ansible.builtin.service: + name: chronyd + state: started + enabled: true + + - name: Allow incoming ntp traffic + ansible.posix.firewalld: + zone: public + service: ntp + permanent: true + state: enabled + immediate: true diff --git a/okd/roles/setup_ntp/templates/chrony.conf.j2 b/okd/roles/setup_ntp/templates/chrony.conf.j2 new file mode 100644 index 00000000..3a827545 --- /dev/null +++ b/okd/roles/setup_ntp/templates/chrony.conf.j2 @@ -0,0 +1,24 @@ +# {{ ansible_managed }} +driftfile /var/lib/chrony/drift +bindcmdaddress {{ ntp_server }} +bindcmdaddress 127.0.0.1 +bindcmdaddress ::1 +keyfile /etc/chrony.keys +local stratum 10 +rtcsync +makestep 1.0 3 +manual +{% if enable_logging %} +logdir /var/log/chrony +log measurements statistics tracking +{% endif %} + +allow 127.0.0.1 +{% for allow_server in ntp_server_allows %} +allow {{ allow_server }} +{% endfor %} + +server 127.0.0.1 +{% for item in ntp_pool_servers %} +server {{ item }} +{% endfor %}