From: Michael Scherer <misc@xxxxxxxx> Since base install ntp on all platforms, we can skip the vars and place it by default (next step is to convert the few playbooks duplicating the role) --- roles/base/files/ntp/step-tickers | 7 ------- roles/base/meta/main.yml | 1 + roles/base/tasks/main.yml | 21 --------------------- roles/base/templates/ntp/ntp.conf.j2 | 34 ---------------------------------- roles/ntp/files/step-tickers | 7 +++++++ roles/ntp/tasks/main.yml | 27 +++++++++++++++++++++++++++ roles/ntp/templates/ntp.conf.j2 | 34 ++++++++++++++++++++++++++++++++++ vars/CentOS.yml | 2 +- vars/Fedora.yml | 2 +- vars/RedHat.yml | 2 +- 10 files changed, 72 insertions(+), 65 deletions(-) delete mode 100644 roles/base/files/ntp/step-tickers delete mode 100644 roles/base/templates/ntp/ntp.conf.j2 create mode 100644 roles/ntp/files/step-tickers create mode 100644 roles/ntp/tasks/main.yml create mode 100644 roles/ntp/templates/ntp.conf.j2 diff --git a/roles/base/files/ntp/step-tickers b/roles/base/files/ntp/step-tickers deleted file mode 100644 index d0fe7ab..0000000 --- a/roles/base/files/ntp/step-tickers +++ /dev/null @@ -1,7 +0,0 @@ -208.75.88.4 -216.93.242.12 -107.170.242.27 -108.166.189.70 -199.223.248.98 -# [loopback] -127.127.1.0 diff --git a/roles/base/meta/main.yml b/roles/base/meta/main.yml index 6ad8fad..afa39de 100644 --- a/roles/base/meta/main.yml +++ b/roles/base/meta/main.yml @@ -1,3 +1,4 @@ --- dependencies: + - { role: ntp } - { role: dnf-automatic } diff --git a/roles/base/tasks/main.yml b/roles/base/tasks/main.yml index 5ddb308..3bb4bd8 100644 --- a/roles/base/tasks/main.yml +++ b/roles/base/tasks/main.yml @@ -300,27 +300,6 @@ - name: Setup postfix include: postfix.yml -- name: install ntp.conf - template: src=ntp/ntp.conf.j2 dest=/etc/ntp.conf - tags: - - ntp - - config - - base - -- name: install ntp step-tickers - copy: src=ntp/step-tickers dest=/etc/ntp/step-tickers - tags: - - ntp - - config - - base - -- name: Start ntpd - service: name=ntpd state=running enabled=true - tags: - - ntp - - service - - base - # # This task installs some common scripts to /usr/local/bin # scripts are under roles/base/files/common-scripts diff --git a/roles/base/templates/ntp/ntp.conf.j2 b/roles/base/templates/ntp/ntp.conf.j2 deleted file mode 100644 index e72371c..0000000 --- a/roles/base/templates/ntp/ntp.conf.j2 +++ /dev/null @@ -1,34 +0,0 @@ -## Set up restrictions for services. -restrict default kod nomodify notrap nopeer noquery -restrict -6 default kod nomodify notrap nopeer noquery -restrict 127.0.0.1 -restrict -6 ::1 - -# setup a set of servers that we all look at. -# use servers from 1/2/3.rhel.pool.ntp.org as they are allowed out of the firewall -# However, we need specific ip's to be allowed out from builders. -{% if datacenter == 'phx2' and not inventory_hostname.startswith('bastion0') %} -# -# in phx2 we want to use bastion01 and bastion02 for ntp service -# Unless we are bastion01/02, then we want to use the normal pool -# -server 10.5.126.12 -server 10.5.126.11 -{% else %} -server 1.rhel.pool.ntp.org -server 2.rhel.pool.ntp.org -server 3.rhel.pool.ntp.org -{% endif %} - -# [localhost] -# Undisciplined Local Clock. This is a fake driver intended for backup -# and when no outside source of synchronized time is available. -server 127.127.1.0 # local clock -fudge 127.127.1.0 stratum 10 - -# Key file containing the keys and key identifiers used when operating -# with symmetric key cryptography. -keys /etc/ntp/keys - -# Watch drift -driftfile /var/lib/ntp/drift diff --git a/roles/ntp/files/step-tickers b/roles/ntp/files/step-tickers new file mode 100644 index 0000000..d0fe7ab --- /dev/null +++ b/roles/ntp/files/step-tickers @@ -0,0 +1,7 @@ +208.75.88.4 +216.93.242.12 +107.170.242.27 +108.166.189.70 +199.223.248.98 +# [loopback] +127.127.1.0 diff --git a/roles/ntp/tasks/main.yml b/roles/ntp/tasks/main.yml new file mode 100644 index 0000000..809abc2 --- /dev/null +++ b/roles/ntp/tasks/main.yml @@ -0,0 +1,27 @@ +- name: install ntp + package: name=ntp state=present + tags: + - ntp + - package + - base + +- name: install ntp.conf + template: src=ntp.conf.j2 dest=/etc/ntp.conf + tags: + - ntp + - config + - base + +- name: install ntp step-tickers + copy: src=step-tickers dest=/etc/ntp/step-tickers + tags: + - ntp + - config + - base + +- name: Start ntpd + service: name=ntpd state=running enabled=true + tags: + - ntp + - service + - base diff --git a/roles/ntp/templates/ntp.conf.j2 b/roles/ntp/templates/ntp.conf.j2 new file mode 100644 index 0000000..e72371c --- /dev/null +++ b/roles/ntp/templates/ntp.conf.j2 @@ -0,0 +1,34 @@ +## Set up restrictions for services. +restrict default kod nomodify notrap nopeer noquery +restrict -6 default kod nomodify notrap nopeer noquery +restrict 127.0.0.1 +restrict -6 ::1 + +# setup a set of servers that we all look at. +# use servers from 1/2/3.rhel.pool.ntp.org as they are allowed out of the firewall +# However, we need specific ip's to be allowed out from builders. +{% if datacenter == 'phx2' and not inventory_hostname.startswith('bastion0') %} +# +# in phx2 we want to use bastion01 and bastion02 for ntp service +# Unless we are bastion01/02, then we want to use the normal pool +# +server 10.5.126.12 +server 10.5.126.11 +{% else %} +server 1.rhel.pool.ntp.org +server 2.rhel.pool.ntp.org +server 3.rhel.pool.ntp.org +{% endif %} + +# [localhost] +# Undisciplined Local Clock. This is a fake driver intended for backup +# and when no outside source of synchronized time is available. +server 127.127.1.0 # local clock +fudge 127.127.1.0 stratum 10 + +# Key file containing the keys and key identifiers used when operating +# with symmetric key cryptography. +keys /etc/ntp/keys + +# Watch drift +driftfile /var/lib/ntp/drift diff --git a/vars/CentOS.yml b/vars/CentOS.yml index e32f53a..bd4c73c 100644 --- a/vars/CentOS.yml +++ b/vars/CentOS.yml @@ -1,6 +1,6 @@ --- dist_tag: el{{ ansible_distribution_version[0] }} -base_pkgs_inst: [ 'ntp' ] +base_pkgs_inst: [] base_pkgs_erase: ['firstboot-tui','bluez-utils', 'sendmail'] service_disabled: [] service_enabled: [] diff --git a/vars/Fedora.yml b/vars/Fedora.yml index ad1434a..c985f44 100644 --- a/vars/Fedora.yml +++ b/vars/Fedora.yml @@ -1,6 +1,6 @@ --- dist_tag: f{{ ansible_distribution_version }} -base_pkgs_inst: ['iptables-services', 'ntp' ] +base_pkgs_inst: ['iptables-services' ] base_pkgs_erase: ['firewalld', 'PackageKit*', 'sendmail', 'at'] service_disabled: [ ] service_enabled: ['auditd'] diff --git a/vars/RedHat.yml b/vars/RedHat.yml index e32f53a..bd4c73c 100644 --- a/vars/RedHat.yml +++ b/vars/RedHat.yml @@ -1,6 +1,6 @@ --- dist_tag: el{{ ansible_distribution_version[0] }} -base_pkgs_inst: [ 'ntp' ] +base_pkgs_inst: [] base_pkgs_erase: ['firstboot-tui','bluez-utils', 'sendmail'] service_disabled: [] service_enabled: [] -- 1.8.3.1 _______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx http://lists.fedoraproject.org/admin/lists/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx