mirror of
https://github.com/rocky-linux/infrastructure
synced 2024-11-25 06:31:27 +00:00
issue-183 - add chrony server/client playbooks
This commit is contained in:
parent
662060e18a
commit
5c50c36a69
@ -0,0 +1,3 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
chrony_timeservers = ["chrony001.rockylinux.com", "chrony002.rockylinux.com"]
|
@ -0,0 +1,4 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
chrony_server = true
|
||||||
|
chrony_allow_cidr = "10.0.0.0/16"
|
@ -22,3 +22,9 @@ build-a-box ansible_host=10.100.1.112
|
|||||||
[ipsilon]
|
[ipsilon]
|
||||||
idp001 ansible_host=10.100.x.x
|
idp001 ansible_host=10.100.x.x
|
||||||
|
|
||||||
|
[chronyservers]
|
||||||
|
chronyd001 ansiblehost=10.100.3.110
|
||||||
|
chronyd002 ansiblehost=10.200.3.111
|
||||||
|
|
||||||
|
[chronyclients]
|
||||||
|
build-abox asnsiblehost=10.100.x.x
|
||||||
|
@ -16,3 +16,9 @@
|
|||||||
|
|
||||||
- name: regenerate_auditd_rules
|
- name: regenerate_auditd_rules
|
||||||
command: /sbin/augenrules
|
command: /sbin/augenrules
|
||||||
|
|
||||||
|
- name: reload_chrony
|
||||||
|
systemd:
|
||||||
|
name: "{{ chrony_service_name }}"
|
||||||
|
state: restarted
|
||||||
|
listen: "chrony service restart"
|
||||||
|
11
ansible/playbooks/init-rocky-chrony.yml
Normal file
11
ansible/playbooks/init-rocky-chrony.yml
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
---
|
||||||
|
# Sets Up Chrony Server/Client
|
||||||
|
# Created: @derekmpage
|
||||||
|
# Kudos: @danielkubat @Darkbat91
|
||||||
|
- name: Rocky Chrony Runbook
|
||||||
|
hosts: all
|
||||||
|
become: true
|
||||||
|
|
||||||
|
tasks:
|
||||||
|
- name: Configure Chrony
|
||||||
|
import_tasks: tasks/chrony.yml
|
26
ansible/playbooks/tasks/chrony.yml
Normal file
26
ansible/playbooks/tasks/chrony.yml
Normal file
@ -0,0 +1,26 @@
|
|||||||
|
---
|
||||||
|
- name: Install chrony packages
|
||||||
|
yum:
|
||||||
|
name: "{{ chrony_packages }}"
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Fix permissions for chrony home directory
|
||||||
|
file:
|
||||||
|
path: "{{ chrony_homedir }}"
|
||||||
|
mode: 0750
|
||||||
|
state: directory
|
||||||
|
|
||||||
|
- name: Deploy configuration
|
||||||
|
template:
|
||||||
|
src: chrony.conf.j2
|
||||||
|
dest: "{{ chrony_config_file }}"
|
||||||
|
owner: "{{ chrony_owner }}"
|
||||||
|
group: "{{ chrony_group }}"
|
||||||
|
mode: "{{ chrony_mode }}"
|
||||||
|
notify: "chrony service restart"
|
||||||
|
|
||||||
|
- name: Manage the state of service
|
||||||
|
systemd:
|
||||||
|
name: "{{ chrony_service_name }}"
|
||||||
|
state: "{{ chrony_service_state }}"
|
||||||
|
enabled: "{{ chrony_service_enabled }}"
|
37
ansible/playbooks/templates/etc/chrony.conf.j2
Normal file
37
ansible/playbooks/templates/etc/chrony.conf.j2
Normal file
@ -0,0 +1,37 @@
|
|||||||
|
# Remote servers for client association.
|
||||||
|
{% for s in chrony_timeservers %}
|
||||||
|
server {{ s }} iburst {% if loop.first %}prefer{% endif %}
|
||||||
|
{% endfor %}
|
||||||
|
|
||||||
|
# Ignore stratum in source selection.
|
||||||
|
stratumweight 0
|
||||||
|
|
||||||
|
# Record the rate at which the system clock gains/losses time.
|
||||||
|
driftfile {{ chrony_homedir }}/drift
|
||||||
|
|
||||||
|
# Allow the system clock to be stepped in the first three updates
|
||||||
|
# if its offset is larger than 1.0 second.
|
||||||
|
makestep 1.0 3
|
||||||
|
|
||||||
|
# If chrony_server=true allow clients to connect
|
||||||
|
{% if chrony_server is sameas true %}
|
||||||
|
allow {{ chrony_allow_cidr }}
|
||||||
|
bindaddress 0.0.0.0
|
||||||
|
{% else %}
|
||||||
|
# Else If Client Deny NTP client access.
|
||||||
|
deny all
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
# Allow cmdaccess for localhost only (monitoring sometimes requires this to be opened to mgmt interface)
|
||||||
|
bindcmdaddress 127.0.0.1
|
||||||
|
bindcmdaddress ::1
|
||||||
|
cmdallow
|
||||||
|
|
||||||
|
# Send a message to syslog if a clock adjustment is larger than 0.5 seconds.
|
||||||
|
logchange 0.5
|
||||||
|
|
||||||
|
# Specify directory for log files.
|
||||||
|
logdir {{ chrony_logdir }}
|
||||||
|
|
||||||
|
# Enable kernel synchronization of the real-time clock (RTC).
|
||||||
|
rtcsync
|
34
ansible/playbooks/vars/chrony.yml
Normal file
34
ansible/playbooks/vars/chrony.yml
Normal file
@ -0,0 +1,34 @@
|
|||||||
|
---
|
||||||
|
# default permissions
|
||||||
|
chrony_owner: root
|
||||||
|
chrony_group: root
|
||||||
|
chrony_mode: 0644
|
||||||
|
|
||||||
|
# packages to install
|
||||||
|
chrony_packages:
|
||||||
|
- chrony
|
||||||
|
|
||||||
|
# configuration files
|
||||||
|
chrony_config_file: /etc/chrony.conf
|
||||||
|
|
||||||
|
# chrony user homedir
|
||||||
|
chrony_homedir: /var/lib/chrony
|
||||||
|
|
||||||
|
# service definition
|
||||||
|
chrony_service_name: chronyd
|
||||||
|
|
||||||
|
# log file
|
||||||
|
chrony_log_file: /var/log/chrony
|
||||||
|
|
||||||
|
# service state
|
||||||
|
chrony_service_state: started
|
||||||
|
chrony_service_enabled: yes
|
||||||
|
|
||||||
|
# default internet timeservers to use
|
||||||
|
chrony_timeservers: []
|
||||||
|
- 0.pool.ntp.org
|
||||||
|
- 1.pool.ntp.org
|
||||||
|
- 2.pool.ntp.org
|
||||||
|
|
||||||
|
# is chrony ntp server - allows client connections
|
||||||
|
chrony_server: false
|
Loading…
Reference in New Issue
Block a user