Abbau NTP-Server (#361)

Co-authored-by: Michael Grote <michael.grote@posteo.de>
Reviewed-on: mg/ansible#361
Co-authored-by: mg <michael.grote@posteo.de>
Co-committed-by: mg <michael.grote@posteo.de>

group_vars/all.yml

@@ -97,7 +97,7 @@
   ### mgrote.systemd-timesyncd
   ntp_timesyncd_timezone: "Europe/Berlin" # Zeitzone in der sich der Computer befindet
   ntp_timesyncd_servers: # welche Server sollen befragt werden
-    - ntp-server.grote.lan
+    - 192.168.2.1
   ntp_chrony_logging: false # logging an/aus
   ### mgrote.postfix
   postfix_absender_mailadresse: info@mgrote.net

group_vars/dnsmasq.yml

@@ -17,10 +17,6 @@
       from_ip: 0.0.0.0/0
   ### mgrote.restic
   restic_repository: "//192.168.2.36/restic"
-  ### mgrote.systemd-timesyncd
-  ntp_timesyncd_servers: # weil pihole den fqdn nicht auflösen kann
-    - address: pool.ntp.org
-      options: iburst #optionaler parameter
   ### mgrote.apt_manage_sources
   # wird leer gesetzt da dnsmasq NICHT den Router befragt und daher keine Lokalen Hostnamen abfragen kann
   manage_sources_apt_proxy: ""

group_vars/ntpserver.yml

@@ -1,62 +0,0 @@
----
-  ### oefenweb.ufw
-  ufw_rules:
-    - rule: allow
-      to_port: 22
-      protocol: tcp
-      comment: 'ssh'
-      from_ip: 0.0.0.0/0
-    - rule: allow
-      to_port: 123
-      comment: 'ntp'
-      from_ip: 192.168.2.0/24
-    - rule: allow
-      to_port: 4949
-      protocol: tcp
-      comment: 'munin'
-      from_ip: 192.168.2.144/24
-  ### mgrote.ntp_chrony_server
-  ntp_timesyncd_timezone: "Europe/Berlin" # Zeitzone in der sich der Computer befindet
-  ntp_chrony_driftfile_directory: "/var/lib/chrony" # Ordner für das driftfile
-  ntp_timesyncd_servers: # welche Server sollen befragt werden
-    - address: ptbtime1.ptb.de
-      options: iburst #optionaler parameter
-    - address: ptbtime2.ptb.de
-      options: iburst
-    - address: ptbtime3.ptb.de
-      options: iburst
-    - address: time3.google.com
-      options: iburst
-    - address: ntp0.fau.de
-      options: iburst
-  ntp_chrony_user: _chrony # Nutzer + Gruppe für den Dienst
-  ntp_chrony_group: _chrony # Nutzer + Gruppe für den Dienst
-  ntp_chrony_logging: false # logging an/aus
-  ntp_chrony_subnet_allow: 192.168.2.0/24 # welche Netze dürfen den Server befragen
-  ### mgrote.restic
-  munin_node_disabled_plugins:
-    - name: meminfo # zu hohe last
-    - name: hddtemp2 # ersetzt durch hddtemp_smartctl
-    - name: ntp # verursacht zu viele dns ptr request
-    - name: hddtempd # ersetzt durch hddtemp_smartctl
-    - name: ipmi_power # für pve2, leeres diagramm
-    - name: docker_images
-    - name: docker_status
-    - name: timesync
-  munin_node_plugins:
-    - name: chrony
-      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/chrony/chrony
-    - name: systemd_status
-      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/systemd_status
-    - name: lvm_
-      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/disk/lvm_
-      config: |
-        [lvm_*]
-        user root
-    - name: fail2ban
-      src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/fail2ban
-      config: |
-        [fail2ban]
-        env.client /usr/bin/fail2ban-client
-        env.config_dir /etc/fail2ban
-        user root

host_vars/pve2.grote.lan.yml

@@ -247,7 +247,7 @@
   ### mgrote.cv4pve-autosnap
   cv4pve_api_user: root@pam!cv4pve-autosnap
   cv4pve_api_token: "{{ lookup('keepass', 'cv4pve_api_token_pve2', 'password') }}"
-  cv4pve_vmid: all,-127,-112,-100,-116,-105
+  cv4pve_vmid: all,-127,-112,-116,-105
   cv4pve_keep_snapshots: 5
   cv4pve_dl_link: "https://github.com/Corsinvest/cv4pve-autosnap/releases/download/v1.10.0/cv4pve-autosnap-linux-x64.zip"
 

inventory

@@ -12,10 +12,6 @@ all:
       hosts:
         dnsmasq-test.grote.lan:
         dnsmasq.grote.lan:
-    ntpserver:
-      hosts:
-        ntp-server-test.grote.lan:
-        ntp-server.grote.lan:
     acng:
       hosts:
         acng.grote.lan:
@@ -60,7 +56,6 @@ all:
         pve2.grote.lan:
         gitea.grote.lan:
         dnsmasq.grote.lan:
-        ntp-server.grote.lan:
         docker7.grote.lan:
     test:
       hosts:
@@ -72,6 +67,5 @@ all:
         pve2-test2.grote.lan:
         gitea-test.grote.lan:
         dnsmasq-test.grote.lan:
-        ntp-server-test.grote.lan:
         fileserver2-test.grote.lan:
         bastelstube-gui.grote.lan:

playbooks/3_service/ntp_server.yml

@@ -1,4 +0,0 @@
----
-- hosts: ntpserver
-  roles:
-      - { role: mgrote.ntp_chrony_server, tags: "ntp" }

playbooks/base/ntp_client.yml

@@ -1,5 +1,4 @@
 ---
-  - hosts: all:!ntpserver
+  - hosts: all
     roles:
-      - { role: mgrote.systemd-timesyncd,
-          tags: "ntp"}
+      - { role: mgrote.systemd-timesyncd, tags: "ntp"}

roles/mgrote.systemd-timesyncd/handlers/main.yml

@@ -0,0 +1,7 @@
+---
+  - name: restart systemd-timesyncd.service
+    become: yes
+    systemd:
+      name: systemd-timesyncd
+      state: restarted
+    when: not ansible_facts['virtualization_type'] == "lxc"

roles/mgrote.systemd-timesyncd/tasks/main.yml

@@ -39,6 +39,7 @@
       mode: 0644
       owner: root
       group: root
+    notify: restart systemd-timesyncd.service
 
   - name: activate systemd-timesyncd service (not within containers like lxc)
     become: yes