Configure ntp in the common role

Signed-off-by: Andrew Schoen <aschoen@redhat.com>

diff --git a/roles/common/handlers/main.yml b/roles/common/handlers/main.yml
new file mode 100644 (file)
index 0000000..6d96e57
--- /dev/null
+++ b/roles/common/handlers/main.yml
@@ -0,0 +1,5 @@
+---
+- name: restart ntp
+  service:
+    name: "{{ ntp_service_name }}" 
+    state: restarted

diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
index b69a359226b90843aa97fceaf32e40162151f320..547921f854fe5aa37b07a681e13b747720feb473 100644 (file)
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@@ -1,4 +1,9 @@
 ---
+- name: Include package type specific vars.
+  include_vars: "{{ ansible_pkg_mgr }}_systems.yml"
+  tags:
+    - vars
+
 # configure pip to use our mirror
 - include: pip.yml
 
@@ -10,6 +15,11 @@
     mode: 0755
     content: ubuntu hard nofile 16384
 
+# configure ntp
+- include: ntp.yml
+  tags:
+    - ntp-client
+
 # configure red hat specific things
 - include: setup-redhat.yml
   when: ansible_os_family == 'RedHat'

diff --git a/roles/common/tasks/ntp.yml b/roles/common/tasks/ntp.yml
new file mode 100644 (file)
index 0000000..6f4944a
--- /dev/null
+++ b/roles/common/tasks/ntp.yml
@@ -0,0 +1,22 @@
+---
+- name: Install ntp package on rpm based systems.
+  yum:
+    name: ntp
+    state: present
+  when: ansible_pkg_mgr  == "yum"
+
+- name: Install ntp package on deb based systems.
+  apt:
+    name: ntp
+    state: present
+  when: ansible_pkg_mgr  == "deb"
+
+- name: Create the ntp.conf file.
+  template:
+    src: ntp.conf
+    dest: /etc/ntp.conf
+    owner: root
+    group: root
+    mode: 0644
+  notify:
+    - restart ntp

diff --git a/roles/common/tasks/setup-redhat.yml b/roles/common/tasks/setup-redhat.yml
index cd8392e5ff1c1fb89eac3b6d70e752a4659c87f6..d132030ebe75d8f464c9403ebc2baec77270508d 100644 (file)
--- a/roles/common/tasks/setup-redhat.yml
+++ b/roles/common/tasks/setup-redhat.yml
@@ -1,6 +1,8 @@
 ---
 - name: Including version specific variables.
   include_vars: "rhel_{{ ansible_distribution_version }}.yml"
+  tags:
+    - vars
 
 - name: Setup local repo files.
   include: redhat/repos.yml

diff --git a/roles/common/templates/ntp.conf b/roles/common/templates/ntp.conf
new file mode 100644 (file)
index 0000000..df665bc
--- /dev/null
+++ b/roles/common/templates/ntp.conf
@@ -0,0 +1,77 @@
+#
+# {{ ansible_managed }}
+#
+# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help
+
+driftfile /var/lib/ntp/ntp.drift
+
+
+# Enable this if you want statistics to be logged.
+statsdir /var/log/ntpstats/
+
+statistics loopstats peerstats rawstats clockstats sysstats
+filegen loopstats file loopstats type day enable
+filegen peerstats file peerstats type day enable
+filegen rawstats file rawstats type day enable
+filegen clockstats file clockstats type day enable
+filegen sysstats file sysstats type day enable
+
+
+# You do need to talk to an NTP server or two (or three).
+#server ntp.your-provider.example
+
+# pool.ntp.org maps to about 1000 low-stratum NTP servers.  Your server will
+# pick a different set every time it starts up.  Please consider joining the
+# pool: <http://www.pool.ntp.org/join.html>
+
+#clock1 is currently an alias to public ntp servers, which are 20-50ms off from
+#our internal ones!
+
+# found this guy from http://www.pool.ntp.org/user/ask, ~2.5ms ping time
+#server tock.phyber.com iburst minpoll 4 maxpoll 7
+
+#server clock1.dreamhost.com iburst dynamic
+#server clock2.dreamhost.com iburst dynamic
+#server clock3.dreamhost.com iburst minpoll 4 maxpoll 7
+#server 0.debian.pool.ntp.org iburst dynamic
+#server 1.debian.pool.ntp.org iburst dynamic
+#server 2.debian.pool.ntp.org iburst dynamic
+#server 3.debian.pool.ntp.org iburst dynamic
+
+{% for server in ntp_servers %}
+server {{ server }}
+{% endfor %}
+
+
+# Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for
+# details.  The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions>
+# might also be helpful.
+#
+# Note that "restrict" applies to both servers and clients, so a configuration
+# that might be intended to block requests from certain clients could also end
+# up blocking replies from your own upstream servers.
+
+# By default, exchange time with everybody, but don't allow configuration.
+restrict -4 default kod notrap nomodify nopeer noquery
+restrict -6 default kod notrap nomodify nopeer noquery
+
+# Local users may interrogate the ntp server more closely.
+restrict 127.0.0.1
+restrict ::1
+
+# Clients from this (example!) subnet have unlimited access, but only if
+# cryptographically authenticated.
+#restrict 192.168.123.0 mask 255.255.255.0 notrust
+
+
+# If you want to provide time to your local subnet, change the next line.
+# (Again, the address is an example only.)
+#broadcast 192.168.123.255
+
+# If you want to listen to time broadcasts on your local subnet, de-comment the
+# next lines.  Please do this only if you trust everybody on the network!
+#disable auth
+#broadcastclient
+
+#Greater accuracy
+tinker step 0.025

diff --git a/roles/common/vars/apt_systems.yml b/roles/common/vars/apt_systems.yml
new file mode 100644 (file)
index 0000000..94d1b93
--- /dev/null
+++ b/roles/common/vars/apt_systems.yml
@@ -0,0 +1,2 @@
+---
+ntp_service_name: ntp

diff --git a/roles/common/vars/yum_systems.yml b/roles/common/vars/yum_systems.yml
new file mode 100644 (file)
index 0000000..2bc1b97
--- /dev/null
+++ b/roles/common/vars/yum_systems.yml
@@ -0,0 +1,2 @@
+---
+ntp_service_name: ntpd