Ansible/roles_timesync
1
0
Fork 0
Code Issues 3 Pull requests Releases Wiki Activity

Initial commit

Browse source
This commit is contained in:
Sven Velt 2017-11-30 15:28:28 +01:00
commit 9ea3d44011
10 changed files with 347 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

43
roles/timesync-disabled/tasks/main.yml Normal file
View file

@ -0,0 +1,43 @@
---
- name: Deinstall NTProtocol package(s)
package:
name: "{{ item }}"
state: absent
with_items:
- ntp
- ntpd
- chrony
- openntpd
- radioclk
- name: Look for /usr/bin/timedatectl command
stat:
path: /usr/bin/timedatectl
register: timedatectlcommand
- block:
- name: See if timesyncd is active
shell: 'timedatectl | grep "\(NTP enabled\|Network time on\):" | cut -d: -f 2 | grep -o "yes\|no\|n/a"'
changed_when: False
ignore_errors: True
register: timedatectl
- name: Disable timesyncd-NTProtocol
command: timedatectl set-ntp false
when: timedatectl|success and timedatectl.stdout == "yes"
- name: Stop/Disable timesyncd service
service:
name: systemd-timesyncd
enabled: False
state: stopped
when: timedatectl|success and timedatectl.stdout != "n/a"
when: timedatectlcommand.stat.exists == True

10
roles/timesync-enabled/defaults/main.yml Normal file
View file

@ -0,0 +1,10 @@
---
timesync_daemon: "ntp"
timesync_default_servers:
- 0.de.pool.ntp.org
- 1.de.pool.ntp.org
- 2.de.pool.ntp.org
- 3.de.pool.ntp.org

13
roles/timesync-enabled/handlers/main.yml Normal file
View file

@ -0,0 +1,13 @@
---
- name: Restart NTP
service:
name: ntp
state: restarted
- name: Restart systemd-timesyncd
service:
name: systemd-timesyncd
state: restarted

20
roles/timesync-enabled/tasks/main.yml Normal file
View file

@ -0,0 +1,20 @@
---
- name: Include each network variables if there is no host variable
include_vars: "vars/timesync_{{ ansible_default_ipv4.network }}.yml"
when: ansible_default_ipv4 and timesync_servers is not defined
- name: Set NTP server for machines without default gateway
set_fact:
timesync_servers: "{{ timesync_default_servers }}"
when: timesync_servers is not defined
- include: timesync_timesyncd.yml
when: timesync_daemon == "timesyncd"
- include: timesync_ntp.yml
when: timesync_daemon not in ["timesyncd", ]

23
roles/timesync-enabled/tasks/timesync_ntp.yml Normal file
View file

@ -0,0 +1,23 @@
- name: Install ntp daemon
package:
name: ntp
state: latest
- name: Template ntp.conf
template:
src: etc/ntp.conf.j2
dest: /etc/ntp.conf
owner: root
group: root
mode: 0644
backup: yes
notify: Restart NTP
- name: Enable NTP daemon
service:
name: ntp
enabled: True

24
roles/timesync-enabled/tasks/timesync_timesyncd.yml Normal file
View file

@ -0,0 +1,24 @@
---
- name: See if NTProtocol active
shell: 'timedatectl | grep "NTP synchronized:" | cut -d: -f 2 | grep -o "yes\|no"'
register: timedatectl
- name: Template configuration
template:
src: etc/systemd/timesyncd.conf.j2
dest: /etc/systemd/timesyncd.conf
notify: Restart systemd-timesyncd
- name: Activate NTProtocol
command: timedatectl set-ntp true
when: timedatectl.stdout == "no"
- name: Enable service
service:
name: systemd-timesyncd
enabled: True

26
roles/timesync-enabled/templates/etc/ntp.conf.j2 Normal file
View file

@ -0,0 +1,26 @@
### {{ ansible_managed }}
# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help
driftfile /var/lib/ntp/ntp.drift
# Enable statistics
statsdir /var/log/ntpstats/
statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable
# NTP server pool
{% for server in timesync_servers %}server {{ server }} iburst
{% endfor %}
# Access control configuration
# By default, exchange time with everybody, but don't allow configuration.
restrict -4 default kod notrap nomodify nopeer noquery
restrict -6 default kod notrap nomodify nopeer noquery
# Local users may interrogate the ntp server more closely.
restrict 127.0.0.1
restrict ::1

10
roles/timesync-enabled/templates/etc/systemd/timesyncd.conf.j2 Normal file
View file

@ -0,0 +1,10 @@
### {{ ansible_managed }}
# See timesyncd.conf(5) for details.
[Time]
NTP={% for server in timesync_servers %}{{ server }} {% endfor %}
{% if timesync_servers_fallback|default([]) %}FallbackNTP={% for server in timesync_servers_fallback %}{{ server }} {% endfor %}
{% else %}#FallbackNTP=
{% endif %}

20
roles/timesync-enabled/vars/timesync_192.168.0.0.yml Normal file
View file

@ -0,0 +1,20 @@
timesync_servers:
- ntp0.rrze.uni-erlangen.de
- ntp1.rrze.uni-erlangen.de
- ntp2.rrze.uni-erlangen.de
- ntp3.rrze.uni-erlangen.de
- ntp-gps.n-ix.net
- gps-1.m-online.net
- ntp.etech.haw-hamburg.de
- ptbtime1.ptb.de
- ptbtime2.ptb.de
- ptbtime3.ptb.de
- 0.debian.pool.ntp.org
- 1.debian.pool.ntp.org
- 2.debian.pool.ntp.org
- 3.debian.pool.ntp.org
- 0.de.pool.ntp.org
- 1.de.pool.ntp.org
- 2.de.pool.ntp.org
- 3.de.pool.ntp.org

158
timesync.yml Normal file
View file

@ -0,0 +1,158 @@
---
### Create groups
- hosts: all
tasks:
- group_by:
key: "virt_{{ ansible_virtualization_role }}"
- hosts: virt_guest
gather_facts: no
tasks:
- group_by:
key: "virtguest_{{ ansible_virtualization_type }}"
# Debugging only
- hosts: localhost
gather_facts: no
tasks:
- debug:
var: groups
### Hosts: Install/Configure NTP
- hosts:
- virt_NA
- virt_host
gather_facts: no
roles:
- timesync-enabled
### Container-Guests: Disable timesync!
- hosts:
- virtguest_docker
- virtguest_openvz
- virtguest_linuxvserver
- virtguest_lxc
- virtguest_lxc-libvirt
- virtguest_rkt
- virtguest_uml
- virtguest_systemd-nspawn
- virtguest_container-other
gather_facts: no
roles:
- timesync-disabled
### KVM-Guests:
# https://s19n.net/articles/2011/kvm_clock.html
- hosts:
- virtguest_kvm
gather_facts: no
pre_tasks:
- command: cat /sys/devices/system/clocksource/clocksource0/current_clocksource
register: clocksource
changed_when: False
# Fail if clocksource is NOT "kvm-clock"
- assert:
that:
- clocksource.stdout == "kvm-clock"
- debug: var=timesync_servers
roles:
- { role: timesync-disabled, when: clocksource.stdout == "kvm-clock" and timesync_servers is not defined }
- { role: timesync-enabled, when: clocksource.stdout != "kvm-clock" or timesync_servers is defined }
### VMware-Guests:
# Open-VM-Tools: https://blogs.vmware.com/vsphere/2015/09/open-vm-tools-ovt-the-future-of-vmware-tools-for-linux.html
- hosts:
- virtguest_VMware
gather_facts: no
pre_tasks:
- name: Get timesync status
command: vmware-toolbox-cmd timesync status
changed_when: False
register: vmwtbcmd_timesync
ignore_errors: True
- name: Install Open-VM-Tools
package:
name: open-vm-tools
state: present
when: vmwtbcmd_timesync|failed
- name: Get timesync status AGAIN
command: vmware-toolbox-cmd timesync status
changed_when: False
register: vmwtbcmd_timesync
- assert:
that:
- vmwtbcmd_timesync.stdout in ["Enabled", "Disabled"]
roles:
- { role: timesync-disabled, when: vmwtbcmd_timesync.stdout == "Disabled" }
- { role: timesync-enabled, when: vmwtbcmd_timesync.stdout == "Enabled"}
### Xen-Guests: https://wiki.xen.org/wiki/Xen_FAQ_DomU#How_can_i_synchronize_a_dom0_clock.3F
- hosts:
- virtguest_xen
gather_facts: no
pre_tasks:
- command: cat /proc/sys/xen/independent_wallclock
changed_when: False
register: independent_wallclock
- assert:
that:
- independent_wallclock.stdout == "1"
roles:
- timesync-enabled
### FIXME
- hosts:
- virtguest_RHEV
- virtguest_virtualbox
- virtguest_VirtualPC
- virtguest_parallels
- virtguest_powervm_lx86
- "virtguest_PR/SM_LPAR"
- virtguest_ibm_systemz
gather_facts: no
tasks:
- fail:
msg: "Not yet implemented"