Initial commit

roles/timesync-disabled/tasks/main.yml

@@ -0,0 +1,43 @@
+---
+- name: Deinstall NTProtocol package(s)
+  package:
+    name: "{{ item }}"
+    state: absent
+  with_items:
+    - ntp
+    - ntpd
+    - chrony
+    - openntpd
+    - radioclk
+
+
+- name: Look for /usr/bin/timedatectl command
+  stat:
+    path: /usr/bin/timedatectl
+  register: timedatectlcommand
+
+
+- block:
+
+  - name: See if timesyncd is active
+    shell: 'timedatectl | grep "\(NTP enabled\|Network time on\):" | cut -d: -f 2 | grep -o "yes\|no\|n/a"'
+    changed_when: False
+    ignore_errors: True
+    register: timedatectl
+
+
+  - name: Disable timesyncd-NTProtocol
+    command: timedatectl set-ntp false
+    when: timedatectl|success and timedatectl.stdout == "yes"
+
+
+  - name: Stop/Disable timesyncd service
+    service:
+      name: systemd-timesyncd
+      enabled: False
+      state: stopped
+    when: timedatectl|success and timedatectl.stdout != "n/a"
+
+  when: timedatectlcommand.stat.exists == True
+
+

roles/timesync-enabled/defaults/main.yml

@@ -0,0 +1,10 @@
+---
+timesync_daemon: "ntp"
+
+timesync_default_servers:
+  - 0.de.pool.ntp.org
+  - 1.de.pool.ntp.org
+  - 2.de.pool.ntp.org
+  - 3.de.pool.ntp.org
+
+

roles/timesync-enabled/handlers/main.yml

@@ -0,0 +1,13 @@
+---
+- name: Restart NTP
+  service:
+    name: ntp
+    state: restarted
+
+
+- name: Restart systemd-timesyncd
+  service:
+    name: systemd-timesyncd
+    state: restarted
+
+

roles/timesync-enabled/tasks/main.yml

@@ -0,0 +1,20 @@
+---
+- name: Include each network variables if there is no host variable
+  include_vars: "vars/timesync_{{ ansible_default_ipv4.network }}.yml"
+  when: ansible_default_ipv4 and timesync_servers is not defined
+
+
+- name: Set NTP server for machines without default gateway
+  set_fact:
+    timesync_servers: "{{ timesync_default_servers }}"
+  when: timesync_servers is not defined
+
+
+- include: timesync_timesyncd.yml
+  when: timesync_daemon == "timesyncd"
+
+
+- include: timesync_ntp.yml
+  when: timesync_daemon not in ["timesyncd", ]
+
+

roles/timesync-enabled/tasks/timesync_ntp.yml

@@ -0,0 +1,23 @@
+- name: Install ntp daemon
+  package:
+    name: ntp
+    state: latest
+
+
+- name: Template ntp.conf
+  template:
+    src: etc/ntp.conf.j2
+    dest: /etc/ntp.conf
+    owner: root
+    group: root
+    mode: 0644
+    backup: yes
+  notify: Restart NTP
+
+
+- name: Enable NTP daemon
+  service:
+    name: ntp
+    enabled: True
+
+

roles/timesync-enabled/tasks/timesync_timesyncd.yml

@@ -0,0 +1,24 @@
+---
+- name: See if NTProtocol active
+  shell: 'timedatectl | grep "NTP synchronized:" | cut -d: -f 2 | grep -o "yes\|no"'
+  register: timedatectl
+
+
+- name: Template configuration
+  template:
+    src: etc/systemd/timesyncd.conf.j2
+    dest: /etc/systemd/timesyncd.conf
+  notify: Restart systemd-timesyncd
+
+
+- name: Activate NTProtocol
+  command: timedatectl set-ntp true
+  when: timedatectl.stdout == "no"
+
+
+- name: Enable service
+  service:
+    name: systemd-timesyncd
+    enabled: True
+
+

roles/timesync-enabled/templates/etc/ntp.conf.j2

@@ -0,0 +1,26 @@
+### {{ ansible_managed }}
+
+# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help
+
+driftfile /var/lib/ntp/ntp.drift
+
+# Enable statistics
+statsdir /var/log/ntpstats/
+statistics loopstats peerstats clockstats
+filegen loopstats file loopstats type day enable
+filegen peerstats file peerstats type day enable
+filegen clockstats file clockstats type day enable
+
+# NTP server pool
+{% for server in timesync_servers %}server {{ server }} iburst
+{% endfor %}
+
+
+# Access control configuration
+# By default, exchange time with everybody, but don't allow configuration.
+restrict -4 default kod notrap nomodify nopeer noquery
+restrict -6 default kod notrap nomodify nopeer noquery
+# Local users may interrogate the ntp server more closely.
+restrict 127.0.0.1
+restrict ::1
+

roles/timesync-enabled/templates/etc/systemd/timesyncd.conf.j2

@@ -0,0 +1,10 @@
+### {{ ansible_managed }}
+
+# See timesyncd.conf(5) for details.
+
+[Time]
+NTP={% for server in timesync_servers %}{{ server }} {% endfor %}
+{% if timesync_servers_fallback|default([]) %}FallbackNTP={% for server in timesync_servers_fallback %}{{ server }} {% endfor %}
+{% else %}#FallbackNTP=
+{% endif %}
+

roles/timesync-enabled/vars/timesync_192.168.0.0.yml

@@ -0,0 +1,20 @@
+timesync_servers:
+  - ntp0.rrze.uni-erlangen.de
+  - ntp1.rrze.uni-erlangen.de
+  - ntp2.rrze.uni-erlangen.de
+  - ntp3.rrze.uni-erlangen.de
+  - ntp-gps.n-ix.net
+  - gps-1.m-online.net
+  - ntp.etech.haw-hamburg.de
+  - ptbtime1.ptb.de
+  - ptbtime2.ptb.de
+  - ptbtime3.ptb.de
+  - 0.debian.pool.ntp.org
+  - 1.debian.pool.ntp.org
+  - 2.debian.pool.ntp.org
+  - 3.debian.pool.ntp.org
+  - 0.de.pool.ntp.org
+  - 1.de.pool.ntp.org
+  - 2.de.pool.ntp.org
+  - 3.de.pool.ntp.org
+

timesync.yml

@@ -0,0 +1,158 @@
+---
+### Create groups
+- hosts: all
+
+  tasks:
+    - group_by:
+        key: "virt_{{ ansible_virtualization_role }}"
+
+
+- hosts: virt_guest
+
+  gather_facts: no
+
+  tasks:
+    - group_by:
+        key: "virtguest_{{ ansible_virtualization_type }}"
+
+
+# Debugging only
+- hosts: localhost
+
+  gather_facts: no
+
+  tasks:
+    - debug:
+        var: groups
+
+
+
+### Hosts: Install/Configure NTP
+- hosts:
+  - virt_NA
+  - virt_host
+
+  gather_facts: no
+
+  roles:
+    - timesync-enabled
+
+
+
+### Container-Guests: Disable timesync!
+- hosts:
+  - virtguest_docker
+  - virtguest_openvz
+  - virtguest_linuxvserver
+  - virtguest_lxc
+  - virtguest_lxc-libvirt
+  - virtguest_rkt
+  - virtguest_uml
+  - virtguest_systemd-nspawn
+  - virtguest_container-other
+
+  gather_facts: no
+
+  roles:
+    - timesync-disabled
+
+
+
+### KVM-Guests:
+# https://s19n.net/articles/2011/kvm_clock.html
+- hosts:
+  - virtguest_kvm
+
+  gather_facts: no
+
+  pre_tasks:
+
+    - command: cat /sys/devices/system/clocksource/clocksource0/current_clocksource
+      register: clocksource
+      changed_when: False
+
+    # Fail if clocksource is NOT "kvm-clock"
+    - assert:
+        that:
+          - clocksource.stdout == "kvm-clock"
+
+    - debug: var=timesync_servers
+
+  roles:
+    - { role: timesync-disabled, when: clocksource.stdout == "kvm-clock" and timesync_servers is not defined }
+    - { role: timesync-enabled, when: clocksource.stdout != "kvm-clock" or timesync_servers is defined }
+
+
+
+### VMware-Guests:
+# Open-VM-Tools: https://blogs.vmware.com/vsphere/2015/09/open-vm-tools-ovt-the-future-of-vmware-tools-for-linux.html
+- hosts:
+  - virtguest_VMware
+
+  gather_facts: no
+
+  pre_tasks:
+    - name: Get timesync status
+      command: vmware-toolbox-cmd timesync status
+      changed_when: False
+      register: vmwtbcmd_timesync
+      ignore_errors: True
+
+    - name: Install Open-VM-Tools
+      package:
+        name: open-vm-tools
+        state: present
+      when: vmwtbcmd_timesync|failed
+
+    - name: Get timesync status AGAIN
+      command: vmware-toolbox-cmd timesync status
+      changed_when: False
+      register: vmwtbcmd_timesync
+
+    - assert:
+        that:
+        - vmwtbcmd_timesync.stdout in ["Enabled", "Disabled"]
+
+  roles:
+    - { role: timesync-disabled, when: vmwtbcmd_timesync.stdout == "Disabled" }
+    - { role: timesync-enabled, when: vmwtbcmd_timesync.stdout == "Enabled"}
+
+
+
+### Xen-Guests: https://wiki.xen.org/wiki/Xen_FAQ_DomU#How_can_i_synchronize_a_dom0_clock.3F
+- hosts:
+  - virtguest_xen
+
+  gather_facts: no
+
+  pre_tasks:
+    - command: cat /proc/sys/xen/independent_wallclock
+      changed_when: False
+      register: independent_wallclock
+
+    - assert:
+        that:
+        - independent_wallclock.stdout == "1"
+
+  roles:
+    - timesync-enabled
+
+
+
+### FIXME
+- hosts:
+  - virtguest_RHEV
+  - virtguest_virtualbox
+  - virtguest_VirtualPC
+  - virtguest_parallels
+  - virtguest_powervm_lx86
+  - "virtguest_PR/SM_LPAR"
+  - virtguest_ibm_systemz
+
+  gather_facts: no
+
+  tasks:
+    - fail:
+        msg: "Not yet implemented"
+
+