Merge branch 'ntpsrv' into 'newinfra'

NTP client with timesyncd See merge request nounous/ansible!115
2020-11-29 16:50:48 +01:00 · 2020-11-29 16:50:48 +01:00 · c253fe9331
parent 60d7d55fd0 2cff6b4cfe
commit c253fe9331
5 changed files with 52 additions and 26 deletions
--- a/plays/ntp.yml
+++ b/plays/ntp.yml
@ -0,0 +1,7 @@
 #!/usr/bin/env ansible-playbook
 ---
 # NTP client is in root.yml
 - hosts: charybde.adm.crans.org
  roles:
    - ntp-server
--- a/roles/ntp-client/handlers/main.yml
+++ b/roles/ntp-client/handlers/main.yml
@ -0,0 +1,5 @@
 ---
 - name: Restart systemd-timesyncd
  service:
    name: systemd-timesyncd
    state: restarted
--- a/roles/ntp-client/tasks/main.yml
+++ b/roles/ntp-client/tasks/main.yml
@ -1,27 +1,18 @@
 ---
- name: Install NTP
+- name: Clean up ntp
  apt:
-    update_cache: true
+    state: absent
    name: ntp
    purge: true
  register: apt_result
  retries: 3
  until: apt_result is succeeded
-
+  when: inventory_hostname in ntp_servers
 - name: Configure NTP daemon
  lineinfile:
    path: /etc/default/ntp
    regexp: '^NTPD_OPTS'
    line: NTPD_OPTS='-g -x'
  check_mode: no
 - name: Configure NTP
-  template:
+  lineinfile:
-    src: ntp.conf.j2
+    path: /etc/systemd/timesyncd.conf
-    dest: /etc/ntp.conf
+    regexp: '^NTP='
-    mode: 0644
+    line: "NTP={{ ntp_servers | join(' ') }}"
-
+  notify: Restart systemd-timesyncd
- name: Start ntp service
+  when: inventory_hostname in ntp_servers
  systemd:
    name: ntp
    enabled: true
    state: started
--- a/roles/ntp-server/tasks/main.yml
+++ b/roles/ntp-server/tasks/main.yml
@ -0,0 +1,27 @@
 ---
 - name: Install NTP
  apt:
    update_cache: true
    name: ntp
  register: apt_result
  retries: 3
  until: apt_result is succeeded
 - name: Configure NTP daemon
  lineinfile:
    path: /etc/default/ntp
    regexp: '^NTPD_OPTS'
    line: NTPD_OPTS='-g -x'
  check_mode: no
 - name: Configure NTP
  template:
    src: ntp.conf.j2
    dest: /etc/ntp.conf
    mode: 0644
 - name: Start ntp service
  systemd:
    name: ntp
    enabled: true
    state: started
--- a/roles/ntp-server/templates/ntp.conf.j2
+++ b/roles/ntp-server/templates/ntp.conf.j2
@ -15,7 +15,6 @@ filegen peerstats file peerstats type day enable
 filegen clockstats file clockstats type day enable
 {% if inventory_hostname in ntp_servers %}
 # pool.ntp.org maps to about 1000 low-stratum NTP servers.  Your server will
 # pick a different set every time it starts up.  Please consider joining the
 # pool: <http://www.pool.ntp.org/join.html>
@ -23,12 +22,6 @@ pool 0.debian.pool.ntp.org iburst
 pool 1.debian.pool.ntp.org iburst
 pool 2.debian.pool.ntp.org iburst
 pool 3.debian.pool.ntp.org iburst
 {% else %}
 # You do need to talk to an NTP server or two (or three).
 {% for server in ntp_servers %}
 server {{ server }} iburst
 {% endfor %}
 {% endif %}
 # Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for
@ -50,6 +43,9 @@ restrict ::1
 # Needed for adding pool entries
 restrict source notrap nomodify noquery
 # Server on adm can sync
 restrict 172.16.10.0 mask 255.255.255.0 notrap nomodify
 # Clients from this (example!) subnet have unlimited access, but only if
 # cryptographically authenticated.
 #restrict 192.168.123.0 mask 255.255.255.0 notrust