From 104bd30e1a1c8fd94b3527bb5d56f39c8c53e718 Mon Sep 17 00:00:00 2001 From: Arnaldo Hernandez Date: Thu, 27 Jun 2024 10:40:29 -0500 Subject: [PATCH] Adding playbook and role to deploy ntp as a prerequisite. Issue-ID: INF-441 Change-Id: I1e8619bcef055e2ca31837badfe3fd2bf7fc0d84 Signed-off-by: Arnaldo Hernandez --- okd/playbooks/deploy_ntp.yml | 9 ++++++++ okd/roles/setup_ntp/README.md | 3 +++ okd/roles/setup_ntp/defaults/main.yml | 10 +++++++++ okd/roles/setup_ntp/handlers/main.yml | 13 ++++++++++++ okd/roles/setup_ntp/tasks/main.yml | 31 ++++++++++++++++++++++++++++ okd/roles/setup_ntp/templates/chrony.conf.j2 | 24 +++++++++++++++++++++ 6 files changed, 90 insertions(+) create mode 100644 okd/playbooks/deploy_ntp.yml create mode 100644 okd/roles/setup_ntp/README.md create mode 100644 okd/roles/setup_ntp/defaults/main.yml create mode 100644 okd/roles/setup_ntp/handlers/main.yml create mode 100644 okd/roles/setup_ntp/tasks/main.yml create mode 100644 okd/roles/setup_ntp/templates/chrony.conf.j2 diff --git a/okd/playbooks/deploy_ntp.yml b/okd/playbooks/deploy_ntp.yml new file mode 100644 index 00000000..9b6d9da8 --- /dev/null +++ b/okd/playbooks/deploy_ntp.yml @@ -0,0 +1,9 @@ +--- +- name: Setup NTP + hosts: ntp_host + gather_facts: false + vars: + SETUP_NTP_SERVICE: "{{setup_ntp_service | default(false) | bool }}" + roles: + - role: setup_ntp + when: SETUP_NTP_SERVICE | bool diff --git a/okd/roles/setup_ntp/README.md b/okd/roles/setup_ntp/README.md new file mode 100644 index 00000000..244e3736 --- /dev/null +++ b/okd/roles/setup_ntp/README.md @@ -0,0 +1,3 @@ +# setup_ntp + +Deploys chrony \ No newline at end of file diff --git a/okd/roles/setup_ntp/defaults/main.yml b/okd/roles/setup_ntp/defaults/main.yml new file mode 100644 index 00000000..dff49bec --- /dev/null +++ b/okd/roles/setup_ntp/defaults/main.yml @@ -0,0 +1,10 @@ +--- +ntp_pool_servers: + - 0.us.pool.ntp.org + - 1.us.pool.ntp.org + - 2.us.pool.ntp.org + - 3.us.pool.ntp.org + +enable_logging: false + +ntp_server_allows: "{% if ntp_server_allow is defined %}{{ [ntp_server_allow] }}{% else %}{{ [] }}{% endif %}" diff --git a/okd/roles/setup_ntp/handlers/main.yml b/okd/roles/setup_ntp/handlers/main.yml new file mode 100644 index 00000000..d7676973 --- /dev/null +++ b/okd/roles/setup_ntp/handlers/main.yml @@ -0,0 +1,13 @@ +--- +- name: Restart chronyd + ansible.builtin.service: + name: chronyd + state: restarted + become: true + +- name: Start chronyd + ansible.builtin.service: + name: chronyd + state: started + enabled: true + become: true diff --git a/okd/roles/setup_ntp/tasks/main.yml b/okd/roles/setup_ntp/tasks/main.yml new file mode 100644 index 00000000..b89e5d08 --- /dev/null +++ b/okd/roles/setup_ntp/tasks/main.yml @@ -0,0 +1,31 @@ +--- +- name: Setup Chrony + become: true + block: + - name: Install Chrony + ansible.builtin.package: + name: chrony + state: present + + - name: Configure chrony + ansible.builtin.template: + src: chrony.conf.j2 + dest: /etc/chrony.conf + owner: root + group: root + mode: "0644" + notify: Restart chronyd + + - name: Start chrony + ansible.builtin.service: + name: chronyd + state: started + enabled: true + + - name: Allow incoming ntp traffic + ansible.posix.firewalld: + zone: public + service: ntp + permanent: true + state: enabled + immediate: true diff --git a/okd/roles/setup_ntp/templates/chrony.conf.j2 b/okd/roles/setup_ntp/templates/chrony.conf.j2 new file mode 100644 index 00000000..3a827545 --- /dev/null +++ b/okd/roles/setup_ntp/templates/chrony.conf.j2 @@ -0,0 +1,24 @@ +# {{ ansible_managed }} +driftfile /var/lib/chrony/drift +bindcmdaddress {{ ntp_server }} +bindcmdaddress 127.0.0.1 +bindcmdaddress ::1 +keyfile /etc/chrony.keys +local stratum 10 +rtcsync +makestep 1.0 3 +manual +{% if enable_logging %} +logdir /var/log/chrony +log measurements statistics tracking +{% endif %} + +allow 127.0.0.1 +{% for allow_server in ntp_server_allows %} +allow {{ allow_server }} +{% endfor %} + +server 127.0.0.1 +{% for item in ntp_pool_servers %} +server {{ item }} +{% endfor %} -- 2.16.6