ntp --> chrony (#28)

ntp-rolle in archiv syntax when richtig typo on+off playbook Doku vars doku server doku firewall server an client aktualisiert playbook server playbook base mit ausnahme server in inventory ntp_server ohne server geht rollen angelegt Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: mg/ansible#28 Co-Authored-By: mg <mg@noreply.git.mgrote.net> Co-Committed-By: mg <mg@noreply.git.mgrote.net>
2021-03-13 12:32:54 +01:00 · 2021-03-13 12:32:54 +01:00 · e37d354f2c
commit e37d354f2c
parent c46310b77a
23 changed files with 290 additions and 1 deletions
--- a/Archiv/mgrote.ntp/README.md
+++ b/Archiv/mgrote.ntp/README.md
--- a/Archiv/mgrote.ntp/defaults/main.yml
+++ b/Archiv/mgrote.ntp/defaults/main.yml
--- a/Archiv/mgrote.ntp/handlers/main.yml
+++ b/Archiv/mgrote.ntp/handlers/main.yml
--- a/Archiv/mgrote.ntp/tasks/main.yml
+++ b/Archiv/mgrote.ntp/tasks/main.yml
--- a/Archiv/mgrote.ntp/templates/ntp.conf.j2
+++ b/Archiv/mgrote.ntp/templates/ntp.conf.j2
--- a/group_vars/all.yml
+++ b/group_vars/all.yml
@ -5,6 +5,12 @@
    #------------------------------------------------------------------
    #-              This file is managed with ansible!                -
    #------------------------------------------------------------------
  ### mgrote.ntp_chrony_server
  ntp_chrony_timezone: "Europe/Berlin" # Zeitzone in der sich der Computer befindet
  ntp_chrony_servers: # welche Server sollen befragt werden
    - address: ntp-server.grote.lan
      options: iburst #optionaler parameter
  ntp_chrony_logging: false # logging an/aus
  ### mgrote.postfix
  postfix_absender_mailadresse: info@mgrote.net
  postfix_absender_passwort: "{{ lookup('keepass', 'postfix_absender_passwort', 'password') }}"
--- a/group_vars/ntpserver.yml
+++ b/group_vars/ntpserver.yml
@ -0,0 +1,30 @@
 ---
  ### oefenweb.ufw
  ufw_rules:
    - rule: allow
      to_port: 22
      protocol: tcp
      comment: 'ssh'
      from_ip: 192.168.2.0/24
    - rule: allow
      to_port: 123
      comment: 'ntp'
      from_ip: 192.168.2.0/24
  ### mgrote.ntp_chrony_server
  ntp_chrony_timezone: "Europe/Berlin" # Zeitzone in der sich der Computer befindet
  ntp_chrony_driftfile_directory: "/var/lib/chrony" # Ordner für das driftfile
  ntp_chrony_servers: # welche Server sollen befragt werden
    - address: ptbtime1.ptb.de
      options: iburst #optionaler parameter
    - address: ptbtime2.ptb.de
      options: iburst
    - address: ptbtime3.ptb.de
      options: iburst
    - address: time3.google.com
      options: iburst
    - address: ntp0.fau.de
      options: iburst
  ntp_chrony_user: _chrony # Nutzer + Gruppe für den Dienst
  ntp_chrony_group: _chrony # Nutzer + Gruppe für den Dienst
  ntp_chrony_logging: false # logging an/aus
  ntp_chrony_subnet_allow: 192.168.2.0/24 # welche Netze dürfen den Server befragen
--- a/6
+++ b/6
@ -16,6 +16,10 @@ all:
      hosts:
        pihole2-test.grote.lan:
        pihole2.grote.lan:
    ntpserver:
      hosts:
        ntp-server-test.grote.lan:
        ntp-server.grote.lan:
    acng:
      hosts:
        acng.grote.lan:
@ -70,6 +74,7 @@ all:
        pve4.grote.lan:
        gitea.grote.lan:
        pihole2.grote.lan:
        ntp-server.grote.lan:
    test:
      hosts:
        wireguard-test.grote.lan:
@ -84,3 +89,4 @@ all:
        pve4-test.grote.lan:
        gitea-test.grote.lan:
        pihole2-test.grote.lan:
        ntp-server-test.grote.lan:
--- a/playbooks/base/3_base.yml
+++ b/playbooks/base/3_base.yml
@ -1,6 +1,8 @@
 ---
  - hosts: all
    roles:
-      - { role: mgrote.ntp, tags: "ntp" }
+      - { role: mgrote.ntp_chrony_client,
          tags: "ntp",
          when: "not 'ntpserver' in group_names" }
      - { role: mgrote.restic, tags: "restic" }
      - { role: ryandaniels.create_users, tags: "user", become: yes }
--- a/playbooks/on-off/deinstall_ntp.yml
+++ b/playbooks/on-off/deinstall_ntp.yml
@ -0,0 +1,18 @@
 ---
 - hosts: all
  tasks:
    - name: ntp deinstallieren
      become: yes
      ansible.builtin.package:
        name: ntp
        state: absent
    - name: config file
      become: yes
      file:
        path: /etc/ntp.conf
        state: absent
    - name: config folder
      become: yes
      file:
        path: /var/lib/ntp
        state: absent
--- a/playbooks/service/ntp_server.yml
+++ b/playbooks/service/ntp_server.yml
@ -0,0 +1,4 @@
 ---
 - hosts: ntpserver
  roles:
      - { role: mgrote.ntp_chrony_server, tags: "ntp" }
--- a/roles/mgrote.ntp_chrony_client/README.md
+++ b/roles/mgrote.ntp_chrony_client/README.md
@ -0,0 +1,12 @@
 ## mgrote.ntp_chrony_client
 ### Beschreibung
 Installiert chrony als client.
 ### Funktioniert auf
 - [x] Ubuntu (>=18.04)
 - [ ] Debian
 - [x] ProxMox 6.1
 ### Variablen + Defaults
 see [defaults](./defaults/main.yml)
--- a/roles/mgrote.ntp_chrony_client/defaults/main.yml
+++ b/roles/mgrote.ntp_chrony_client/defaults/main.yml
@ -0,0 +1,9 @@
 ---
  ntp_chrony_timezone: "Europe/Berlin" # Zeitzone in der sich der Computer befindet
  ntp_chrony_driftfile_directory: "/var/lib/chrony" # Ordner für das driftfile
  ntp_chrony_servers: # welche Server sollen befragt werden
    - address: ptbtime1.ptb.de
      options: iburst #optionaler parameter
  ntp_chrony_user: _chrony # Nutzer + Gruppe für den Dienst
  ntp_chrony_group: _chrony # Nutzer + Gruppe für den Dienst
  ntp_chrony_logging: false
--- a/roles/mgrote.ntp_chrony_client/handlers/main.yml
+++ b/roles/mgrote.ntp_chrony_client/handlers/main.yml
@ -0,0 +1,6 @@
  - name: restart_chrony
    become: yes
    systemd:
      name: chrony
      enabled: yes
      state: restarted
--- a/roles/mgrote.ntp_chrony_client/tasks/main.yml
+++ b/roles/mgrote.ntp_chrony_client/tasks/main.yml
@ -0,0 +1,34 @@
 ---
  - name: install chrony packages
    become: yes
    ansible.builtin.package:
      name:
        - chrony
      state: present
  - name: copy chrony config
    become: yes
    ansible.builtin.template:
      src: chrony.conf.j2
      dest: /etc/chrony/chrony.conf
    notify: restart_chrony
  - name: copy logrotate config
    become: yes
    ansible.builtin.template:
      src: logrotate_chrony
      dest: /etc/logrotate.d/chrony
  - name: Create chrony driftfile folder
    become: yes
    file:
      state: directory
      path: "{{ ntp_chrony_driftfile_directory }}"
      mode: 0644
      owner: "{{ ntp_chrony_user }}"
      group: "{{ ntp_chrony_group }}"
  - name: set timezone to {{ ntp_chrony_timezone }}
    become: yes
    ansible.builtin.timezone:
      name: "{{ ntp_chrony_timezone }}"
--- a/roles/mgrote.ntp_chrony_client/templates/chrony.conf.j2
+++ b/roles/mgrote.ntp_chrony_client/templates/chrony.conf.j2
@ -0,0 +1,29 @@
 {{ file_header | default () }}
 # servers
 {% for item in ntp_chrony_servers %}
 server {{ item.address }} {{ item.options |default() }}
 {% endfor %}
 # keys
 keyfile /etc/chrony/chrony.keys
 # driftfile
 driftfile {{ ntp_chrony_driftfile_directory }}/chrony.drift
 {% if ntp_chrony_logging is sameas true %}
 # Logging
 log tracking measurements statistics
 logdir /var/log/chrony
 {% endif %}
 # Stop bad estimates upsetting machine clock.
 maxupdateskew 100.0
 # This directive enables kernel synchronisation (every 11 minutes) of the
 # real-time clock. Note that it can’t be used along with the 'rtcfile' directive.
 rtcsync
 # Step the system clock instead of slewing it if the adjustment is larger than
 # one second, but only in the first three clock updates.
 makestep 1 3
--- a/roles/mgrote.ntp_chrony_client/templates/logrotate_chrony
+++ b/roles/mgrote.ntp_chrony_client/templates/logrotate_chrony
@ -0,0 +1,15 @@
 /var/log/chrony/*.log {
    missingok
    nocreate
    rotate 4
    weekly
    compress
    missingok
    notifempty
    dateext
    dateyesterday
    sharedscripts
    postrotate
        /usr/bin/chronyc cyclelogs > /dev/null 2>&1 || true
    endscript
 }
--- a/roles/mgrote.ntp_chrony_server/README.md
+++ b/roles/mgrote.ntp_chrony_server/README.md
@ -0,0 +1,13 @@
 ## mgrote.ntp_chrony_server
 ### Beschreibung
 Installiert chrony als ntp-server.
 ### Funktioniert auf
 - [x] Ubuntu (>=18.04)
 - [ ] Debian
 - [ ] ProxMox 6.1
 ### Variablen + Defaults
 see [defaults](./defaults/main.yml)
--- a/roles/mgrote.ntp_chrony_server/defaults/main.yml
+++ b/roles/mgrote.ntp_chrony_server/defaults/main.yml
@ -0,0 +1,18 @@
 ---
  ntp_chrony_timezone: "Europe/Berlin" # Zeitzone in der sich der Computer befindet
  ntp_chrony_driftfile_directory: "/var/lib/chrony" # Ordner für das driftfile
  ntp_chrony_servers: # welche Server sollen befragt werden
    - address: ptbtime1.ptb.de
      options: iburst #optionaler parameter
    - address: ptbtime2.ptb.de
      options: iburst
    - address: ptbtime3.ptb.de
      options: iburst
    - address: time3.google.com
      options: iburst
    - address: ntp0.fau.de
      options: iburst
  ntp_chrony_user: _chrony # Nutzer + Gruppe für den Dienst
  ntp_chrony_group: _chrony # Nutzer + Gruppe für den Dienst
  ntp_chrony_logging: false # logging an/aus
  ntp_chrony_subnet_allow: 192.168.2.0/24 # welche Netze dürfen den Server befragen
--- a/roles/mgrote.ntp_chrony_server/handlers/main.yml
+++ b/roles/mgrote.ntp_chrony_server/handlers/main.yml
@ -0,0 +1,6 @@
  - name: restart_chrony
    become: yes
    systemd:
      name: chrony
      enabled: yes
      state: restarted
--- a/roles/mgrote.ntp_chrony_server/tasks/main.yml
+++ b/roles/mgrote.ntp_chrony_server/tasks/main.yml
@ -0,0 +1,34 @@
 ---
  - name: install chrony packages
    become: yes
    ansible.builtin.package:
      name:
        - chrony
      state: present
  - name: copy chrony config
    become: yes
    ansible.builtin.template:
      src: chrony.conf.j2
      dest: /etc/chrony/chrony.conf
    notify: restart_chrony
  - name: copy logrotate config
    become: yes
    ansible.builtin.template:
      src: logrotate_chrony
      dest: /etc/logrotate.d/chrony
  - name: Create chrony driftfile folder
    become: yes
    file:
      state: directory
      path: "{{ ntp_chrony_driftfile_directory }}"
      mode: 0644
      owner: "{{ ntp_chrony_user }}"
      group: "{{ ntp_chrony_group }}"
  - name: set timezone to {{ ntp_chrony_timezone }}
    become: yes
    ansible.builtin.timezone:
      name: "{{ ntp_chrony_timezone }}"
--- a/roles/mgrote.ntp_chrony_server/templates/chrony.conf.j2
+++ b/roles/mgrote.ntp_chrony_server/templates/chrony.conf.j2
@ -0,0 +1,32 @@
 {{ file_header | default () }}
 # servers
 {% for item in ntp_chrony_servers %}
 server {{ item.address }} {{ item.options |default() }}
 {% endfor %}
 # keys
 keyfile /etc/chrony/chrony.keys
 # driftfile
 driftfile {{ ntp_chrony_driftfile_directory }}/chrony.drift
 {% if ntp_chrony_logging is sameas true %}
 # Logging
 log tracking measurements statistics
 logdir /var/log/chrony
 {% endif %}
 # Stop bad estimates upsetting machine clock.
 maxupdateskew 100.0
 # This directive enables kernel synchronisation (every 11 minutes) of the
 # real-time clock. Note that it can’t be used along with the 'rtcfile' directive.
 rtcsync
 # Step the system clock instead of slewing it if the adjustment is larger than
 # one second, but only in the first three clock updates.
 makestep 1 3
 # chrony as ntp server
 allow {{ ntp_chrony_subnet_allow }}
--- a/roles/mgrote.ntp_chrony_server/templates/logrotate_chrony
+++ b/roles/mgrote.ntp_chrony_server/templates/logrotate_chrony
@ -0,0 +1,15 @@
 /var/log/chrony/*.log {
    missingok
    nocreate
    rotate 4
    weekly
    compress
    missingok
    notifempty
    dateext
    dateyesterday
    sharedscripts
    postrotate
        /usr/bin/chronyc cyclelogs > /dev/null 2>&1 || true
    endscript
 }