Merge branch 'ntpsrv' into 'newinfra'

NTP client with timesyncd See merge request nounous/ansible!115
2020-11-29 16:50:48 +01:00 · 2020-11-29 16:50:48 +01:00 · c253fe9331
parent 60d7d55fd0 2cff6b4cfe
commit c253fe9331
5 changed files with 52 additions and 26 deletions
--- a/plays/ntp.yml
+++ b/plays/ntp.yml
@ -0,0 +1,7 @@
+#!/usr/bin/env ansible-playbook
+---
+# NTP client is in root.yml
+
+- hosts: charybde.adm.crans.org
+  roles:
+    - ntp-server
--- a/roles/ntp-client/handlers/main.yml
+++ b/roles/ntp-client/handlers/main.yml
@ -0,0 +1,5 @@
+---
+- name: Restart systemd-timesyncd
+  service:
+    name: systemd-timesyncd
+    state: restarted
--- a/roles/ntp-client/tasks/main.yml
+++ b/roles/ntp-client/tasks/main.yml
@ -1,27 +1,18 @@
 ---
- name: Install NTP
+- name: Clean up ntp
  apt:
-    update_cache: true
+    state: absent
    name: ntp
+    purge: true
  register: apt_result
  retries: 3
  until: apt_result is succeeded
-
- name: Configure NTP daemon
-  lineinfile:
-    path: /etc/default/ntp
-    regexp: '^NTPD_OPTS'
-    line: NTPD_OPTS='-g -x'
-  check_mode: no
+  when: inventory_hostname in ntp_servers

 - name: Configure NTP
-  template:
-    src: ntp.conf.j2
-    dest: /etc/ntp.conf
-    mode: 0644
-
- name: Start ntp service
-  systemd:
-    name: ntp
-    enabled: true
-    state: started
+  lineinfile:
+    path: /etc/systemd/timesyncd.conf
+    regexp: '^NTP='
+    line: "NTP={{ ntp_servers | join(' ') }}"
+  notify: Restart systemd-timesyncd
+  when: inventory_hostname in ntp_servers
--- a/roles/ntp-server/tasks/main.yml
+++ b/roles/ntp-server/tasks/main.yml
@ -0,0 +1,27 @@
+---
+- name: Install NTP
+  apt:
+    update_cache: true
+    name: ntp
+  register: apt_result
+  retries: 3
+  until: apt_result is succeeded
+
+- name: Configure NTP daemon
+  lineinfile:
+    path: /etc/default/ntp
+    regexp: '^NTPD_OPTS'
+    line: NTPD_OPTS='-g -x'
+  check_mode: no
+
+- name: Configure NTP
+  template:
+    src: ntp.conf.j2
+    dest: /etc/ntp.conf
+    mode: 0644
+
+- name: Start ntp service
+  systemd:
+    name: ntp
+    enabled: true
+    state: started
--- a/roles/ntp-server/templates/ntp.conf.j2
+++ b/roles/ntp-server/templates/ntp.conf.j2
@ -15,7 +15,6 @@ filegen peerstats file peerstats type day enable
 filegen clockstats file clockstats type day enable


-{% if inventory_hostname in ntp_servers %}
 # pool.ntp.org maps to about 1000 low-stratum NTP servers.  Your server will
 # pick a different set every time it starts up.  Please consider joining the
 # pool: <http://www.pool.ntp.org/join.html>
@ -23,12 +22,6 @@ pool 0.debian.pool.ntp.org iburst
 pool 1.debian.pool.ntp.org iburst
 pool 2.debian.pool.ntp.org iburst
 pool 3.debian.pool.ntp.org iburst
-{% else %}
-# You do need to talk to an NTP server or two (or three).
-{% for server in ntp_servers %}
-server {{ server }} iburst
-{% endfor %}
-{% endif %}


 # Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for
@ -50,6 +43,9 @@ restrict ::1
 # Needed for adding pool entries
 restrict source notrap nomodify noquery

+# Server on adm can sync
+restrict 172.16.10.0 mask 255.255.255.0 notrap nomodify
+
 # Clients from this (example!) subnet have unlimited access, but only if
 # cryptographically authenticated.
 #restrict 192.168.123.0 mask 255.255.255.0 notrust