Create ntpserver role

author: Matthieu Saulnier <fantom@fedoraproject.org> 2014-07-05 15:09:53 +0200
committer: Matthieu Saulnier <fantom@fedoraproject.org> 2014-07-05 15:09:53 +0200
commit: 6bf9c2794efdf86c0f3526067eac1f36a9a7e0da (patch)
tree: 7362c51c8cfa4d4937e6d73b8881147cf75c7640 /roles
parent: 2036c3f8dad6b227c13c81f516d9326294c29ed0 (diff)
download: playbooks-ansible-6bf9c2794efdf86c0f3526067eac1f36a9a7e0da.tar.gz
playbooks-ansible-6bf9c2794efdf86c0f3526067eac1f36a9a7e0da.tar.xz
playbooks-ansible-6bf9c2794efdf86c0f3526067eac1f36a9a7e0da.zip
13 files changed, 158 insertions, 17 deletions
diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
index afaa4cb..cef53c1 100644
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@@ -1,4 +1,4 @@
-- name: Configutation démon SSH
+- name: Configuration démon SSH
   include: ssh.yml
 
 - name: Installation des fichiers RC
diff --git a/roles/common/tasks/pkgs.yml b/roles/common/tasks/pkgs.yml
index cbbd0cc..64f24b1 100644
--- a/roles/common/tasks/pkgs.yml
+++ b/roles/common/tasks/pkgs.yml
@@ -22,12 +22,6 @@
     - tar
     - at
 
-- name: Installation des paquets Centos
-  yum: name={{ item }} state=present
-  with_items:
-    - ntp
-  when: ansible_distribution == "CentOS"
-
 - name: Installation des paquets Fedora
   yum: name={{ item }} state=present
   with_items:
diff --git a/roles/common/tasks/services.yml b/roles/common/tasks/services.yml
index adc28a2..a497e89 100644
--- a/roles/common/tasks/services.yml
+++ b/roles/common/tasks/services.yml
@@ -1,14 +1,6 @@
 - name: Activation et démarrage du service postfix
   service: name=postfix state=started enabled=yes
 
-- name: Activation et démarrage du service Chronyd
-  service: name=chronyd state=started enabled=yes
-  when: ansible_distribution == "Fedora"
-
-- name: Activation et démarrage du service NTP
-  service: name=ntpd state=started enabled=yes
-  when: ansible_distribution == "CentOS"
-
 - name: Activation et démarrage du service Console Mouse Manager
   service: name=gpm state=started enabled=yes
 
diff --git a/roles/cozycloud/tasks/usr.yml b/roles/cozycloud/tasks/usr.yml
index 16da6ad..3a8f9f9 100644
--- a/roles/cozycloud/tasks/usr.yml
+++ b/roles/cozycloud/tasks/usr.yml
@@ -1,8 +1,8 @@
-- name: Create cozy users with home
+- name: Create cozy users with home directory
   user: name={{ item }} createhome=yes state=present
   with_items:
   - cozy-data-system
   - cozy-home
 
-- name: Create cozy users without home
+- name: Create cozy users without home directory
   user: name=cozy createhome=no state=present
diff --git a/roles/ntpserver/handlers/chrony.yml b/roles/ntpserver/handlers/chrony.yml
new file mode 100644
index 0000000..dc5e217
--- /dev/null
+++ b/roles/ntpserver/handlers/chrony.yml
@@ -0,0 +1,2 @@
+- name: restart chrony
+  service: name=chronyd state=restarted
diff --git a/roles/ntpserver/handlers/main.yml b/roles/ntpserver/handlers/main.yml
new file mode 100644
index 0000000..0427057
--- /dev/null
+++ b/roles/ntpserver/handlers/main.yml
@@ -0,0 +1,2 @@
+- include: ntp.yml
+- include: chrony.yml
diff --git a/roles/ntpserver/handlers/ntp.yml b/roles/ntpserver/handlers/ntp.yml
new file mode 100644
index 0000000..736af19
--- /dev/null
+++ b/roles/ntpserver/handlers/ntp.yml
@@ -0,0 +1,2 @@
+- name: restart ntp
+  service: name=ntpd state=restarted
diff --git a/roles/ntpserver/tasks/config.yml b/roles/ntpserver/tasks/config.yml
new file mode 100644
index 0000000..6dd888e
--- /dev/null
+++ b/roles/ntpserver/tasks/config.yml
@@ -0,0 +1,9 @@
+- name: Configuration du service NTP
+  template: src=ntp.conf.j2 dest=/etc/ntp.conf mode=644
+  notify: restart ntp
+  when: ansible_distribution == "CentOS"
+
+- name: Configuration du service Chrony
+  template: src=chrony.conf.j2 dest=/etc/chrony.conf mode=644
+  notify: restart chrony
+  when: ansible_distribution == "Fedora"
diff --git a/roles/ntpserver/tasks/main.yml b/roles/ntpserver/tasks/main.yml
new file mode 100644
index 0000000..dd7be41
--- /dev/null
+++ b/roles/ntpserver/tasks/main.yml
@@ -0,0 +1,8 @@
+- name: Installation des paquets
+  include: pkgs.yml
+
+- name: État des services
+  include: services.yml
+
+- name: Configuration des services
+  include: config.yml
diff --git a/roles/ntpserver/tasks/pkgs.yml b/roles/ntpserver/tasks/pkgs.yml
new file mode 100644
index 0000000..a07336d
--- /dev/null
+++ b/roles/ntpserver/tasks/pkgs.yml
@@ -0,0 +1,7 @@
+- name: Installation du paquet NTP
+  yum: name=ntp state=present
+  when: ansible_distribution == "CentOS"
+
+- name: Installation du paquet Chrony
+  yum: name=chrony state=present
+  when: ansible_distribution == "Fedora"
diff --git a/roles/ntpserver/tasks/services.yml b/roles/ntpserver/tasks/services.yml
new file mode 100644
index 0000000..d1b585f
--- /dev/null
+++ b/roles/ntpserver/tasks/services.yml
@@ -0,0 +1,7 @@
+- name: Activation et démarrage du service Chronyd
+  service: name=chronyd state=started enabled=yes
+  when: ansible_distribution == "Fedora"
+
+- name: Activation et démarrage du service NTP
+  service: name=ntpd state=started enabled=yes
+  when: ansible_distribution == "CentOS"
diff --git a/roles/ntpserver/templates/chrony.conf.j2 b/roles/ntpserver/templates/chrony.conf.j2
new file mode 100644
index 0000000..72a2055
--- /dev/null
+++ b/roles/ntpserver/templates/chrony.conf.j2
@@ -0,0 +1,56 @@
+# Use public servers from the pool.ntp.org project.
+# Please consider joining the pool (http://www.pool.ntp.org/join.html).
+{% if ansible_default_ipv6.address == "2a01:e35:2f76:7750::4" %}
+server 0.fedora.pool.ntp.org iburst
+server 1.fedora.pool.ntp.org iburst
+server 2.fedora.pool.ntp.org iburst
+server 3.fedora.pool.ntp.org iburst
+{% endif %}
+{% if ansible_default_ipv6.address != "2a01:e35:2f76:7750::4" %}
+server ntp1.casperlefantom.net iburst
+{% endif %}
+{% if ansible_default_ipv6.address != "2a00:c70:1:178:170:111:194:5000" and ansible_default_ipv6.address != "2a01:e35:2f76:7750::4" %}
+server ntp2.casperlefantom.net iburst
+{% endif %}
+
+# Ignore stratum in source selection.
+stratumweight 0
+
+# Record the rate at which the system clock gains/losses time.
+driftfile /var/lib/chrony/drift
+
+# Enable kernel RTC synchronization.
+rtcsync
+
+# In first three updates step the system clock instead of slew
+# if the adjustment is larger than 10 seconds.
+makestep 10 3
+
+# Allow NTP client access from local network.
+#allow 192.168/16
+allow
+
+# Listen for commands only on localhost.
+bindcmdaddress 127.0.0.1
+bindcmdaddress ::1
+
+# Serve time even if not synchronized to any NTP server.
+#local stratum 10
+
+keyfile /etc/chrony.keys
+
+# Specify the key used as password for chronyc.
+commandkey 1
+
+# Generate command key if missing.
+generatecommandkey
+
+# Disable logging of client accesses.
+#noclientlog
+
+# Send a message to syslog if a clock adjustment is larger than 0.5 seconds.
+logchange 0.5
+
+logdir /var/log/chrony
+#log measurements statistics tracking
+log measurements statistics tracking
diff --git a/roles/ntpserver/templates/ntp.conf.j2 b/roles/ntpserver/templates/ntp.conf.j2
new file mode 100644
index 0000000..830f7ea
--- /dev/null
+++ b/roles/ntpserver/templates/ntp.conf.j2
@@ -0,0 +1,62 @@
+# For more information about this file, see the man pages
+# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).
+
+driftfile /var/lib/ntp/drift
+
+# Permit time synchronization with our time source, but do not
+# permit the source to query or modify the service on this system.
+restrict default kod nomodify notrap nopeer noquery
+restrict -6 default kod nomodify notrap nopeer noquery
+
+# Permit all access over the loopback interface.  This could
+# be tightened as well, but to do so would effect some of
+# the administrative functions.
+restrict 127.0.0.1 
+restrict -6 ::1
+
+# Hosts on local network are less restricted.
+#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
+
+# Use public servers from the pool.ntp.org project.
+# Please consider joining the pool (http://www.pool.ntp.org/join.html).
+{% if ansible_default_ipv6.address == "2a01:e35:2f76:7750::4" %}
+server 0.centos.pool.ntp.org iburst
+server 1.centos.pool.ntp.org iburst
+server 2.centos.pool.ntp.org iburst
+server 3.centos.pool.ntp.org iburst
+{% endif %}
+{% if ansible_default_ipv6.address != "2a01:e35:2f76:7750::4" %}
+server ntp1.casperlefantom.net iburst
+{% endif %}
+{% if ansible_default_ipv6.address != "2a00:c70:1:178:170:111:194:5000" and ansible_default_ipv6.address != "2a01:e35:2f76:7750::4" %}
+server ntp2.casperlefantom.net iburst
+{% endif %}
+
+#broadcast 192.168.1.255 autokey        # broadcast server
+#broadcastclient                        # broadcast client
+#broadcast 224.0.1.1 autokey            # multicast server
+#multicastclient 224.0.1.1              # multicast client
+#manycastserver 239.255.254.254         # manycast server
+#manycastclient 239.255.254.254 autokey # manycast client
+
+# Enable public key cryptography.
+#crypto
+
+includefile /etc/ntp/crypto/pw
+
+# Key file containing the keys and key identifiers used when operating
+# with symmetric key cryptography. 
+keys /etc/ntp/keys
+
+# Specify the key identifiers which are trusted.
+#trustedkey 4 8 42
+
+# Specify the key identifier to use with the ntpdc utility.
+#requestkey 8
+
+# Specify the key identifier to use with the ntpq utility.
+#controlkey 8
+
+# Enable writing of statistics records.
+#statistics clockstats cryptostats loopstats peerstats
+statistics clockstats cryptostats loopstats peerstats
author	Matthieu Saulnier <fantom@fedoraproject.org>	2014-07-05 15:09:53 +0200
committer	Matthieu Saulnier <fantom@fedoraproject.org>	2014-07-05 15:09:53 +0200
commit	6bf9c2794efdf86c0f3526067eac1f36a9a7e0da (patch)
tree	7362c51c8cfa4d4937e6d73b8881147cf75c7640 /roles
parent	2036c3f8dad6b227c13c81f516d9326294c29ed0 (diff)
download	playbooks-ansible-6bf9c2794efdf86c0f3526067eac1f36a9a7e0da.tar.gz playbooks-ansible-6bf9c2794efdf86c0f3526067eac1f36a9a7e0da.tar.xz playbooks-ansible-6bf9c2794efdf86c0f3526067eac1f36a9a7e0da.zip