[PATCH] Move ntp setup in a role

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

From: Michael Scherer <misc@xxxxxxxx>

Since base install ntp on all platforms, we can skip the vars
and place it by default (next step is to convert the
few playbooks duplicating the role)
---
 roles/base/files/ntp/step-tickers    |  7 -------
 roles/base/meta/main.yml             |  1 +
 roles/base/tasks/main.yml            | 21 ---------------------
 roles/base/templates/ntp/ntp.conf.j2 | 34 ----------------------------------
 roles/ntp/files/step-tickers         |  7 +++++++
 roles/ntp/tasks/main.yml             | 27 +++++++++++++++++++++++++++
 roles/ntp/templates/ntp.conf.j2      | 34 ++++++++++++++++++++++++++++++++++
 vars/CentOS.yml                      |  2 +-
 vars/Fedora.yml                      |  2 +-
 vars/RedHat.yml                      |  2 +-
 10 files changed, 72 insertions(+), 65 deletions(-)
 delete mode 100644 roles/base/files/ntp/step-tickers
 delete mode 100644 roles/base/templates/ntp/ntp.conf.j2
 create mode 100644 roles/ntp/files/step-tickers
 create mode 100644 roles/ntp/tasks/main.yml
 create mode 100644 roles/ntp/templates/ntp.conf.j2

diff --git a/roles/base/files/ntp/step-tickers b/roles/base/files/ntp/step-tickers
deleted file mode 100644
index d0fe7ab..0000000
--- a/roles/base/files/ntp/step-tickers
+++ /dev/null
@@ -1,7 +0,0 @@
-208.75.88.4
-216.93.242.12
-107.170.242.27
-108.166.189.70
-199.223.248.98
-# [loopback]
-127.127.1.0
diff --git a/roles/base/meta/main.yml b/roles/base/meta/main.yml
index 6ad8fad..afa39de 100644
--- a/roles/base/meta/main.yml
+++ b/roles/base/meta/main.yml
@@ -1,3 +1,4 @@
 ---
 dependencies:
+    - { role: ntp }
     - { role: dnf-automatic }
diff --git a/roles/base/tasks/main.yml b/roles/base/tasks/main.yml
index 5ddb308..3bb4bd8 100644
--- a/roles/base/tasks/main.yml
+++ b/roles/base/tasks/main.yml
@@ -300,27 +300,6 @@
 - name: Setup postfix
   include: postfix.yml
 
-- name: install ntp.conf
-  template: src=ntp/ntp.conf.j2 dest=/etc/ntp.conf
-  tags:
-  - ntp
-  - config
-  - base
-
-- name: install ntp step-tickers
-  copy: src=ntp/step-tickers dest=/etc/ntp/step-tickers
-  tags:
-  - ntp
-  - config
-  - base
-
-- name: Start ntpd
-  service: name=ntpd state=running enabled=true
-  tags:
-  - ntp
-  - service
-  - base
-
 #
 # This task installs some common scripts to /usr/local/bin
 # scripts are under roles/base/files/common-scripts
diff --git a/roles/base/templates/ntp/ntp.conf.j2 b/roles/base/templates/ntp/ntp.conf.j2
deleted file mode 100644
index e72371c..0000000
--- a/roles/base/templates/ntp/ntp.conf.j2
+++ /dev/null
@@ -1,34 +0,0 @@
-## Set up restrictions for services.
-restrict default kod nomodify notrap nopeer noquery
-restrict -6 default kod nomodify notrap nopeer noquery
-restrict 127.0.0.1 
-restrict -6 ::1
-
-# setup a set of servers that we all look at.
-# use servers from 1/2/3.rhel.pool.ntp.org as they are allowed out of the firewall
-# However, we need specific ip's to be allowed out from builders.
-{% if datacenter == 'phx2' and not inventory_hostname.startswith('bastion0') %}
-#
-# in phx2 we want to use bastion01 and bastion02 for ntp service
-# Unless we are bastion01/02, then we want to use the normal pool
-#
-server 10.5.126.12
-server 10.5.126.11
-{% else %}
-server 1.rhel.pool.ntp.org
-server 2.rhel.pool.ntp.org
-server 3.rhel.pool.ntp.org
-{% endif %}
-
-# [localhost]
-# Undisciplined Local Clock. This is a fake driver intended for backup
-# and when no outside source of synchronized time is available. 
-server 127.127.1.0     # local clock
-fudge  127.127.1.0 stratum 10  
-
-# Key file containing the keys and key identifiers used when operating
-# with symmetric key cryptography. 
-keys /etc/ntp/keys
-
-# Watch drift
-driftfile /var/lib/ntp/drift
diff --git a/roles/ntp/files/step-tickers b/roles/ntp/files/step-tickers
new file mode 100644
index 0000000..d0fe7ab
--- /dev/null
+++ b/roles/ntp/files/step-tickers
@@ -0,0 +1,7 @@
+208.75.88.4
+216.93.242.12
+107.170.242.27
+108.166.189.70
+199.223.248.98
+# [loopback]
+127.127.1.0
diff --git a/roles/ntp/tasks/main.yml b/roles/ntp/tasks/main.yml
new file mode 100644
index 0000000..809abc2
--- /dev/null
+++ b/roles/ntp/tasks/main.yml
@@ -0,0 +1,27 @@
+- name: install ntp
+  package: name=ntp state=present
+  tags:
+  - ntp
+  - package
+  - base
+
+- name: install ntp.conf
+  template: src=ntp.conf.j2 dest=/etc/ntp.conf
+  tags:
+  - ntp
+  - config
+  - base
+
+- name: install ntp step-tickers
+  copy: src=step-tickers dest=/etc/ntp/step-tickers
+  tags:
+  - ntp
+  - config
+  - base
+
+- name: Start ntpd
+  service: name=ntpd state=running enabled=true
+  tags:
+  - ntp
+  - service
+  - base
diff --git a/roles/ntp/templates/ntp.conf.j2 b/roles/ntp/templates/ntp.conf.j2
new file mode 100644
index 0000000..e72371c
--- /dev/null
+++ b/roles/ntp/templates/ntp.conf.j2
@@ -0,0 +1,34 @@
+## Set up restrictions for services.
+restrict default kod nomodify notrap nopeer noquery
+restrict -6 default kod nomodify notrap nopeer noquery
+restrict 127.0.0.1 
+restrict -6 ::1
+
+# setup a set of servers that we all look at.
+# use servers from 1/2/3.rhel.pool.ntp.org as they are allowed out of the firewall
+# However, we need specific ip's to be allowed out from builders.
+{% if datacenter == 'phx2' and not inventory_hostname.startswith('bastion0') %}
+#
+# in phx2 we want to use bastion01 and bastion02 for ntp service
+# Unless we are bastion01/02, then we want to use the normal pool
+#
+server 10.5.126.12
+server 10.5.126.11
+{% else %}
+server 1.rhel.pool.ntp.org
+server 2.rhel.pool.ntp.org
+server 3.rhel.pool.ntp.org
+{% endif %}
+
+# [localhost]
+# Undisciplined Local Clock. This is a fake driver intended for backup
+# and when no outside source of synchronized time is available. 
+server 127.127.1.0     # local clock
+fudge  127.127.1.0 stratum 10  
+
+# Key file containing the keys and key identifiers used when operating
+# with symmetric key cryptography. 
+keys /etc/ntp/keys
+
+# Watch drift
+driftfile /var/lib/ntp/drift
diff --git a/vars/CentOS.yml b/vars/CentOS.yml
index e32f53a..bd4c73c 100644
--- a/vars/CentOS.yml
+++ b/vars/CentOS.yml
@@ -1,6 +1,6 @@
 ---
 dist_tag: el{{ ansible_distribution_version[0] }}
-base_pkgs_inst: [ 'ntp' ]
+base_pkgs_inst: []
 base_pkgs_erase: ['firstboot-tui','bluez-utils', 'sendmail']
 service_disabled: []
 service_enabled: []
diff --git a/vars/Fedora.yml b/vars/Fedora.yml
index ad1434a..c985f44 100644
--- a/vars/Fedora.yml
+++ b/vars/Fedora.yml
@@ -1,6 +1,6 @@
 ---
 dist_tag: f{{ ansible_distribution_version }}
-base_pkgs_inst: ['iptables-services', 'ntp' ]
+base_pkgs_inst: ['iptables-services' ]
 base_pkgs_erase: ['firewalld', 'PackageKit*', 'sendmail', 'at']
 service_disabled: [ ]
 service_enabled: ['auditd']
diff --git a/vars/RedHat.yml b/vars/RedHat.yml
index e32f53a..bd4c73c 100644
--- a/vars/RedHat.yml
+++ b/vars/RedHat.yml
@@ -1,6 +1,6 @@
 ---
 dist_tag: el{{ ansible_distribution_version[0] }}
-base_pkgs_inst: [ 'ntp' ]
+base_pkgs_inst: []
 base_pkgs_erase: ['firstboot-tui','bluez-utils', 'sendmail']
 service_disabled: []
 service_enabled: []
-- 
1.8.3.1
_______________________________________________
infrastructure mailing list
infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
http://lists.fedoraproject.org/admin/lists/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
[Index of Archives]     [Fedora Development]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]

  Powered by Linux