issue-183 - add chrony server/client playbooks

This commit is contained in:
Derek Page 2020-12-13 22:49:57 -05:00
parent 662060e18a
commit 5c50c36a69
8 changed files with 127 additions and 0 deletions

View File

@ -0,0 +1,3 @@
---
chrony_timeservers = ["chrony001.rockylinux.com", "chrony002.rockylinux.com"]

View File

@ -0,0 +1,4 @@
---
chrony_server = true
chrony_allow_cidr = "10.0.0.0/16"

View File

@ -22,3 +22,9 @@ build-a-box ansible_host=10.100.1.112
[ipsilon] [ipsilon]
idp001 ansible_host=10.100.x.x idp001 ansible_host=10.100.x.x
[chronyservers]
chronyd001 ansiblehost=10.100.3.110
chronyd002 ansiblehost=10.200.3.111
[chronyclients]
build-abox asnsiblehost=10.100.x.x

View File

@ -16,3 +16,9 @@
- name: regenerate_auditd_rules - name: regenerate_auditd_rules
command: /sbin/augenrules command: /sbin/augenrules
- name: reload_chrony
systemd:
name: "{{ chrony_service_name }}"
state: restarted
listen: "chrony service restart"

View File

@ -0,0 +1,11 @@
---
# Sets Up Chrony Server/Client
# Created: @derekmpage
# Kudos: @danielkubat @Darkbat91
- name: Rocky Chrony Runbook
hosts: all
become: true
tasks:
- name: Configure Chrony
import_tasks: tasks/chrony.yml

View File

@ -0,0 +1,26 @@
---
- name: Install chrony packages
yum:
name: "{{ chrony_packages }}"
state: present
- name: Fix permissions for chrony home directory
file:
path: "{{ chrony_homedir }}"
mode: 0750
state: directory
- name: Deploy configuration
template:
src: chrony.conf.j2
dest: "{{ chrony_config_file }}"
owner: "{{ chrony_owner }}"
group: "{{ chrony_group }}"
mode: "{{ chrony_mode }}"
notify: "chrony service restart"
- name: Manage the state of service
systemd:
name: "{{ chrony_service_name }}"
state: "{{ chrony_service_state }}"
enabled: "{{ chrony_service_enabled }}"

View File

@ -0,0 +1,37 @@
# Remote servers for client association.
{% for s in chrony_timeservers %}
server {{ s }} iburst {% if loop.first %}prefer{% endif %}
{% endfor %}
# Ignore stratum in source selection.
stratumweight 0
# Record the rate at which the system clock gains/losses time.
driftfile {{ chrony_homedir }}/drift
# Allow the system clock to be stepped in the first three updates
# if its offset is larger than 1.0 second.
makestep 1.0 3
# If chrony_server=true allow clients to connect
{% if chrony_server is sameas true %}
allow {{ chrony_allow_cidr }}
bindaddress 0.0.0.0
{% else %}
# Else If Client Deny NTP client access.
deny all
{% endif %}
# Allow cmdaccess for localhost only (monitoring sometimes requires this to be opened to mgmt interface)
bindcmdaddress 127.0.0.1
bindcmdaddress ::1
cmdallow
# Send a message to syslog if a clock adjustment is larger than 0.5 seconds.
logchange 0.5
# Specify directory for log files.
logdir {{ chrony_logdir }}
# Enable kernel synchronization of the real-time clock (RTC).
rtcsync

View File

@ -0,0 +1,34 @@
---
# default permissions
chrony_owner: root
chrony_group: root
chrony_mode: 0644
# packages to install
chrony_packages:
- chrony
# configuration files
chrony_config_file: /etc/chrony.conf
# chrony user homedir
chrony_homedir: /var/lib/chrony
# service definition
chrony_service_name: chronyd
# log file
chrony_log_file: /var/log/chrony
# service state
chrony_service_state: started
chrony_service_enabled: yes
# default internet timeservers to use
chrony_timeservers: []
- 0.pool.ntp.org
- 1.pool.ntp.org
- 2.pool.ntp.org
# is chrony ntp server - allows client connections
chrony_server: false