From 41d7480acf1f5cf5d9c07ae30a08c8c20ef97405 Mon Sep 17 00:00:00 2001 From: Timo Makinen Date: Tue, 24 Jun 2025 16:04:53 +0000 Subject: [PATCH] chrony: Initial version of role --- roles/chrony/defaults/main.yml | 3 +++ roles/chrony/handlers/main.yml | 5 +++++ roles/chrony/tasks/main.yml | 20 ++++++++++++++++++++ roles/chrony/templates/chrony.conf.j2 | 24 ++++++++++++++++++++++++ 4 files changed, 52 insertions(+) create mode 100644 roles/chrony/defaults/main.yml create mode 100644 roles/chrony/handlers/main.yml create mode 100644 roles/chrony/tasks/main.yml create mode 100644 roles/chrony/templates/chrony.conf.j2 diff --git a/roles/chrony/defaults/main.yml b/roles/chrony/defaults/main.yml new file mode 100644 index 0000000..e682c96 --- /dev/null +++ b/roles/chrony/defaults/main.yml @@ -0,0 +1,3 @@ +--- +chrony_servers: + - time.foo.sh diff --git a/roles/chrony/handlers/main.yml b/roles/chrony/handlers/main.yml new file mode 100644 index 0000000..dfbde8e --- /dev/null +++ b/roles/chrony/handlers/main.yml @@ -0,0 +1,5 @@ +--- +- name: Restart chronyd + ansible.builtin.service: + name: chronyd + state: restarted diff --git a/roles/chrony/tasks/main.yml b/roles/chrony/tasks/main.yml new file mode 100644 index 0000000..9ddb27c --- /dev/null +++ b/roles/chrony/tasks/main.yml @@ -0,0 +1,20 @@ +--- +- name: Install packages + ansible.builtin.package: + name: chrony + state: installed + +- name: Create config + ansible.builtin.template: + dest: /etc/chrony.conf + src: chrony.conf.j2 + mode: "0644" + owner: root + group: "{{ ansible_wheel }}" + notify: Restart chronyd + +- name: Enable service + ansible.builtin.service: + name: chronyd + state: started + enabled: true diff --git a/roles/chrony/templates/chrony.conf.j2 b/roles/chrony/templates/chrony.conf.j2 new file mode 100644 index 0000000..ca80dc2 --- /dev/null +++ b/roles/chrony/templates/chrony.conf.j2 @@ -0,0 +1,24 @@ +# Remote servers +{% for server in chrony_servers %} +server {{ server }} iburst +{% endfor %} + +# Record the rate at which the system clock gains/losses time. +driftfile /var/lib/chrony/drift + +# Allow the system clock to be stepped in the first three updates +# if its offset is larger than 1 second. +makestep 1.0 3 + +# Enable kernel synchronization of the real-time clock (RTC). +rtcsync +{% if chrony_allow is defined %} + +# Allow NTP client access. +{% for allow in chrony_allow %} +allow {{ allow }} +{% endfor %} +{% endif %} + +# Get TAI-UTC offset and leap seconds from the system tz database. +leapsectz right/UTC