Merge pull request #1218 from mwoodson/chrony

new role: chrony so that servers can use ntp

roles/chrony/README.md

@@ -0,0 +1,31 @@
+Role Name
+=========
+
+A role to configure chrony as the ntp client
+
+Requirements
+------------
+
+
+Role Variables
+--------------
+
+chrony_ntp_servers: a list of ntp servers to use the chrony.conf file
+
+Dependencies
+------------
+
+roles/lib_timedatectl
+
+Example Playbook
+----------------
+
+License
+-------
+
+Apache 2.0
+
+Author Information
+------------------
+
+Openshift Operations

roles/chrony/defaults/main.yml

@@ -0,0 +1,2 @@
+---
+# defaults file for chrony

roles/chrony/handlers/main.yml

@@ -0,0 +1,5 @@
+---
+- name: Restart chronyd
+  service:
+    name: chronyd
+    state: restarted

roles/chrony/meta/main.yml

@@ -0,0 +1,18 @@
+---
+galaxy_info:
+  author: Openshift Operations
+  description: Configure chrony as an ntp server
+  company: Red Hat
+  license: Apache 2.0
+  min_ansible_version: 1.9.2
+  platforms:
+  - name: EL
+    versions:
+    - 7
+  - name: Fedora
+    versions:
+    - all
+  categories:
+  - system
+dependencies:
+- roles/lib_timedatectl

roles/chrony/tasks/main.yml

@@ -0,0 +1,30 @@
+---
+- name: remove ntp package
+  yum:
+    name: ntp
+    state: absent
+
+- name: ensure chrony package is installed
+  yum:
+    name: chrony
+    state: installed
+
+- name: Install /etc/chrony.conf
+  template:
+    src: chrony.conf.j2
+    dest: /etc/chrony.conf
+    owner: root
+    group: root
+    mode: 0644
+  notify:
+    - Restart chronyd
+
+- name: enabled timedatectl set-ntp yes
+  timedatectl:
+    ntp: True
+
+- name:
+  service:
+    name: chronyd
+    state: started
+    enabled: yes

roles/chrony/templates/chrony.conf.j2

@@ -0,0 +1,45 @@
+# Use public servers from the pool.ntp.org project.
+# Please consider joining the pool (http://www.pool.ntp.org/join.html).
+{% for server in chrony_ntp_servers %}
+server {{ server }} iburst
+{% endfor %}
+
+# Ignore stratum in source selection.
+stratumweight 0
+
+# Record the rate at which the system clock gains/losses time.
+driftfile /var/lib/chrony/drift
+
+# Enable kernel RTC synchronization.
+rtcsync
+
+# In first three updates step the system clock instead of slew
+# if the adjustment is larger than 10 seconds.
+makestep 10 3
+
+# Allow NTP client access from local network.
+#allow 192.168/16
+
+# Listen for commands only on localhost.
+bindcmdaddress 127.0.0.1
+bindcmdaddress ::1
+
+# Serve time even if not synchronized to any NTP server.
+#local stratum 10
+
+keyfile /etc/chrony.keys
+
+# Specify the key used as password for chronyc.
+commandkey 1
+
+# Generate command key if missing.
+generatecommandkey
+
+# Disable logging of client accesses.
+noclientlog
+
+# Send a message to syslog if a clock adjustment is larger than 0.5 seconds.
+logchange 0.5
+
+logdir /var/log/chrony
+#log measurements statistics tracking

roles/chrony/vars/main.yml

@@ -0,0 +1,2 @@
+---
+# vars file for chrony

roles/lib_timedatectl/library/timedatectl.py

@@ -0,0 +1,74 @@
+#!/usr/bin/env python
+'''
+    timedatectl ansible module
+
+    This module supports setting ntp enabled
+'''
+import subprocess
+
+
+
+
+def do_timedatectl(options=None):
+    ''' subprocess timedatectl '''
+
+    cmd = ['/usr/bin/timedatectl']
+    if options:
+        cmd += options.split()
+
+    proc = subprocess.Popen(cmd, stdin=None, stdout=subprocess.PIPE)
+    proc.wait()
+    return proc.stdout.read()
+
+def main():
+    ''' Ansible module for timedatectl
+    '''
+
+    module = AnsibleModule(
+        argument_spec=dict(
+            #state=dict(default='enabled', type='str'),
+            ntp=dict(default=True, type='bool'),
+        ),
+        #supports_check_mode=True
+    )
+
+    # do something
+    ntp_enabled = False
+
+    results = do_timedatectl()
+
+    for line in results.split('\n'):
+        if 'NTP enabled' in line:
+            if 'yes' in line:
+                ntp_enabled = True
+
+    ########
+    # Enable NTP
+    ########
+    if module.params['ntp']:
+        if ntp_enabled:
+            module.exit_json(changed=False, results="enabled", state="enabled")
+
+        # Enable it
+        # Commands to enable ntp
+        else:
+            results = do_timedatectl('set-ntp yes')
+            module.exit_json(changed=True, results="enabled", state="enabled", cmdout=results)
+
+    #########
+    # Disable NTP
+    #########
+    else:
+        if not ntp_enabled:
+            module.exit_json(changed=False, results="disabled", state="disabled")
+
+        results = do_timedatectl('set-ntp no')
+        module.exit_json(changed=True, results="disabled", state="disabled")
+
+    module.exit_json(failed=True, changed=False, results="Something went wrong", state="unknown")
+
+# Pylint is getting in the way of basic Ansible
+# pylint: disable=redefined-builtin,wildcard-import,unused-wildcard-import
+from ansible.module_utils.basic import *
+
+main()