out with the ntp, in with the chrony

2018-09-26 20:44:52 +00:00 · 2018-09-26 20:44:52 +00:00 · 0258bf95c7
commit 0258bf95c7
parent f5aca677c3
3 changed files with 79 additions and 1 deletions
--- a/roles/base/meta/main.yml
+++ b/roles/base/meta/main.yml
@ -1,5 +1,5 @@
 ---
 dependencies:
    - { role: basessh }
-    - { role: ntp }
+    - { role: chrony }
    - { role: dnf-automatic }
--- a/roles/chrony/tasks/main.yml
+++ b/roles/chrony/tasks/main.yml
@ -0,0 +1,27 @@
+- name: install chrony
+  package: name=chrony state=present
+  tags:
+  - chrony
+  - package
+  - base
+
+- name: install chrony.conf
+  template: src=chrony.conf.j2 dest=/etc/chrony.conf
+  tags:
+  - chrony
+  - config
+  - base
+
+- name: disable and stop ntp
+  service: name=ntp state=stopped enabled=no
+  tags:
+  - chrony
+  - service
+  - base
+
+- name: Start and enable chrony
+  service: name=chrony state=started enabled=yes
+  tags:
+  - ntp
+  - service
+  - base
--- a/roles/chrony/templates/chrony.conf.j2
+++ b/roles/chrony/templates/chrony.conf.j2
@ -0,0 +1,51 @@
+# setup our servers
+{% if datacenter == 'phx2' %}
+server bastion01.phx2.fedoraproject.org iburst
+server bastion02.phx2.fedoraproject.org iburst
+{% elif datacenter == 'cloud'  and not ansible_hostname.startswith('cloud-noc') %}
+server cloud-noc01.cloud.fedoraproject.org port 124
+{% else %}
+server 0.rhel.pool.ntp.org iburst
+server 1.rhel.pool.ntp.org iburst
+server 2.rhel.pool.ntp.org iburst
+server 3.rhel.pool.ntp.org iburst
+{% endif %}
+
+# Record the rate at which the system clock gains/losses time.
+driftfile /var/lib/chrony/drift
+
+# Allow the system clock to be stepped in the first three updates
+# if its offset is larger than 1 second.
+makestep 1.0 3
+
+# Enable kernel synchronization of the real-time clock (RTC).
+rtcsync
+
+# Enable hardware timestamping on all interfaces that support it.
+#hwtimestamp *
+
+# Increase the minimum number of selectable sources required to adjust
+# the system clock.
+minsources 1
+
+# Allow NTP client access from local network.
+{% if ansible_hostname.startswith('bastion') %}
+allow 10.0.0.0/16
+{% elif ansible_hostname.startswith('cloud-noc') %}
+allow 209.132.184.0/24
+{% endif %}
+
+# Serve time even if not synchronized to a time source.
+local stratum 10
+
+# Specify file containing keys for NTP authentication.
+keyfile /etc/chrony.keys
+
+# Get TAI-UTC offset and leap seconds from the system tz database.
+leapsectz right/UTC
+
+# Specify directory for log files.
+logdir /var/log/chrony
+
+# Select which information is logged.
+#log measurements statistics tracking