From 6bf9c2794efdf86c0f3526067eac1f36a9a7e0da Mon Sep 17 00:00:00 2001 From: Matthieu Saulnier Date: Sat, 5 Jul 2014 15:09:53 +0200 Subject: Create ntpserver role --- roles/common/tasks/main.yml | 2 +- roles/common/tasks/pkgs.yml | 6 ---- roles/common/tasks/services.yml | 8 ----- roles/cozycloud/tasks/usr.yml | 4 +-- roles/ntpserver/handlers/chrony.yml | 2 ++ roles/ntpserver/handlers/main.yml | 2 ++ roles/ntpserver/handlers/ntp.yml | 2 ++ roles/ntpserver/tasks/config.yml | 9 +++++ roles/ntpserver/tasks/main.yml | 8 +++++ roles/ntpserver/tasks/pkgs.yml | 7 ++++ roles/ntpserver/tasks/services.yml | 7 ++++ roles/ntpserver/templates/chrony.conf.j2 | 56 +++++++++++++++++++++++++++++ roles/ntpserver/templates/ntp.conf.j2 | 62 ++++++++++++++++++++++++++++++++ 13 files changed, 158 insertions(+), 17 deletions(-) create mode 100644 roles/ntpserver/handlers/chrony.yml create mode 100644 roles/ntpserver/handlers/main.yml create mode 100644 roles/ntpserver/handlers/ntp.yml create mode 100644 roles/ntpserver/tasks/config.yml create mode 100644 roles/ntpserver/tasks/main.yml create mode 100644 roles/ntpserver/tasks/pkgs.yml create mode 100644 roles/ntpserver/tasks/services.yml create mode 100644 roles/ntpserver/templates/chrony.conf.j2 create mode 100644 roles/ntpserver/templates/ntp.conf.j2 (limited to 'roles') diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml index afaa4cb..cef53c1 100644 --- a/roles/common/tasks/main.yml +++ b/roles/common/tasks/main.yml @@ -1,4 +1,4 @@ -- name: Configutation démon SSH +- name: Configuration démon SSH include: ssh.yml - name: Installation des fichiers RC diff --git a/roles/common/tasks/pkgs.yml b/roles/common/tasks/pkgs.yml index cbbd0cc..64f24b1 100644 --- a/roles/common/tasks/pkgs.yml +++ b/roles/common/tasks/pkgs.yml @@ -22,12 +22,6 @@ - tar - at -- name: Installation des paquets Centos - yum: name={{ item }} state=present - with_items: - - ntp - when: ansible_distribution == "CentOS" - - name: Installation des paquets Fedora yum: name={{ item }} state=present with_items: diff --git a/roles/common/tasks/services.yml b/roles/common/tasks/services.yml index adc28a2..a497e89 100644 --- a/roles/common/tasks/services.yml +++ b/roles/common/tasks/services.yml @@ -1,14 +1,6 @@ - name: Activation et démarrage du service postfix service: name=postfix state=started enabled=yes -- name: Activation et démarrage du service Chronyd - service: name=chronyd state=started enabled=yes - when: ansible_distribution == "Fedora" - -- name: Activation et démarrage du service NTP - service: name=ntpd state=started enabled=yes - when: ansible_distribution == "CentOS" - - name: Activation et démarrage du service Console Mouse Manager service: name=gpm state=started enabled=yes diff --git a/roles/cozycloud/tasks/usr.yml b/roles/cozycloud/tasks/usr.yml index 16da6ad..3a8f9f9 100644 --- a/roles/cozycloud/tasks/usr.yml +++ b/roles/cozycloud/tasks/usr.yml @@ -1,8 +1,8 @@ -- name: Create cozy users with home +- name: Create cozy users with home directory user: name={{ item }} createhome=yes state=present with_items: - cozy-data-system - cozy-home -- name: Create cozy users without home +- name: Create cozy users without home directory user: name=cozy createhome=no state=present diff --git a/roles/ntpserver/handlers/chrony.yml b/roles/ntpserver/handlers/chrony.yml new file mode 100644 index 0000000..dc5e217 --- /dev/null +++ b/roles/ntpserver/handlers/chrony.yml @@ -0,0 +1,2 @@ +- name: restart chrony + service: name=chronyd state=restarted diff --git a/roles/ntpserver/handlers/main.yml b/roles/ntpserver/handlers/main.yml new file mode 100644 index 0000000..0427057 --- /dev/null +++ b/roles/ntpserver/handlers/main.yml @@ -0,0 +1,2 @@ +- include: ntp.yml +- include: chrony.yml diff --git a/roles/ntpserver/handlers/ntp.yml b/roles/ntpserver/handlers/ntp.yml new file mode 100644 index 0000000..736af19 --- /dev/null +++ b/roles/ntpserver/handlers/ntp.yml @@ -0,0 +1,2 @@ +- name: restart ntp + service: name=ntpd state=restarted diff --git a/roles/ntpserver/tasks/config.yml b/roles/ntpserver/tasks/config.yml new file mode 100644 index 0000000..6dd888e --- /dev/null +++ b/roles/ntpserver/tasks/config.yml @@ -0,0 +1,9 @@ +- name: Configuration du service NTP + template: src=ntp.conf.j2 dest=/etc/ntp.conf mode=644 + notify: restart ntp + when: ansible_distribution == "CentOS" + +- name: Configuration du service Chrony + template: src=chrony.conf.j2 dest=/etc/chrony.conf mode=644 + notify: restart chrony + when: ansible_distribution == "Fedora" diff --git a/roles/ntpserver/tasks/main.yml b/roles/ntpserver/tasks/main.yml new file mode 100644 index 0000000..dd7be41 --- /dev/null +++ b/roles/ntpserver/tasks/main.yml @@ -0,0 +1,8 @@ +- name: Installation des paquets + include: pkgs.yml + +- name: État des services + include: services.yml + +- name: Configuration des services + include: config.yml diff --git a/roles/ntpserver/tasks/pkgs.yml b/roles/ntpserver/tasks/pkgs.yml new file mode 100644 index 0000000..a07336d --- /dev/null +++ b/roles/ntpserver/tasks/pkgs.yml @@ -0,0 +1,7 @@ +- name: Installation du paquet NTP + yum: name=ntp state=present + when: ansible_distribution == "CentOS" + +- name: Installation du paquet Chrony + yum: name=chrony state=present + when: ansible_distribution == "Fedora" diff --git a/roles/ntpserver/tasks/services.yml b/roles/ntpserver/tasks/services.yml new file mode 100644 index 0000000..d1b585f --- /dev/null +++ b/roles/ntpserver/tasks/services.yml @@ -0,0 +1,7 @@ +- name: Activation et démarrage du service Chronyd + service: name=chronyd state=started enabled=yes + when: ansible_distribution == "Fedora" + +- name: Activation et démarrage du service NTP + service: name=ntpd state=started enabled=yes + when: ansible_distribution == "CentOS" diff --git a/roles/ntpserver/templates/chrony.conf.j2 b/roles/ntpserver/templates/chrony.conf.j2 new file mode 100644 index 0000000..72a2055 --- /dev/null +++ b/roles/ntpserver/templates/chrony.conf.j2 @@ -0,0 +1,56 @@ +# Use public servers from the pool.ntp.org project. +# Please consider joining the pool (http://www.pool.ntp.org/join.html). +{% if ansible_default_ipv6.address == "2a01:e35:2f76:7750::4" %} +server 0.fedora.pool.ntp.org iburst +server 1.fedora.pool.ntp.org iburst +server 2.fedora.pool.ntp.org iburst +server 3.fedora.pool.ntp.org iburst +{% endif %} +{% if ansible_default_ipv6.address != "2a01:e35:2f76:7750::4" %} +server ntp1.casperlefantom.net iburst +{% endif %} +{% if ansible_default_ipv6.address != "2a00:c70:1:178:170:111:194:5000" and ansible_default_ipv6.address != "2a01:e35:2f76:7750::4" %} +server ntp2.casperlefantom.net iburst +{% endif %} + +# Ignore stratum in source selection. +stratumweight 0 + +# Record the rate at which the system clock gains/losses time. +driftfile /var/lib/chrony/drift + +# Enable kernel RTC synchronization. +rtcsync + +# In first three updates step the system clock instead of slew +# if the adjustment is larger than 10 seconds. +makestep 10 3 + +# Allow NTP client access from local network. +#allow 192.168/16 +allow + +# Listen for commands only on localhost. +bindcmdaddress 127.0.0.1 +bindcmdaddress ::1 + +# Serve time even if not synchronized to any NTP server. +#local stratum 10 + +keyfile /etc/chrony.keys + +# Specify the key used as password for chronyc. +commandkey 1 + +# Generate command key if missing. +generatecommandkey + +# Disable logging of client accesses. +#noclientlog + +# Send a message to syslog if a clock adjustment is larger than 0.5 seconds. +logchange 0.5 + +logdir /var/log/chrony +#log measurements statistics tracking +log measurements statistics tracking diff --git a/roles/ntpserver/templates/ntp.conf.j2 b/roles/ntpserver/templates/ntp.conf.j2 new file mode 100644 index 0000000..830f7ea --- /dev/null +++ b/roles/ntpserver/templates/ntp.conf.j2 @@ -0,0 +1,62 @@ +# For more information about this file, see the man pages +# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5). + +driftfile /var/lib/ntp/drift + +# Permit time synchronization with our time source, but do not +# permit the source to query or modify the service on this system. +restrict default kod nomodify notrap nopeer noquery +restrict -6 default kod nomodify notrap nopeer noquery + +# Permit all access over the loopback interface. This could +# be tightened as well, but to do so would effect some of +# the administrative functions. +restrict 127.0.0.1 +restrict -6 ::1 + +# Hosts on local network are less restricted. +#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap + +# Use public servers from the pool.ntp.org project. +# Please consider joining the pool (http://www.pool.ntp.org/join.html). +{% if ansible_default_ipv6.address == "2a01:e35:2f76:7750::4" %} +server 0.centos.pool.ntp.org iburst +server 1.centos.pool.ntp.org iburst +server 2.centos.pool.ntp.org iburst +server 3.centos.pool.ntp.org iburst +{% endif %} +{% if ansible_default_ipv6.address != "2a01:e35:2f76:7750::4" %} +server ntp1.casperlefantom.net iburst +{% endif %} +{% if ansible_default_ipv6.address != "2a00:c70:1:178:170:111:194:5000" and ansible_default_ipv6.address != "2a01:e35:2f76:7750::4" %} +server ntp2.casperlefantom.net iburst +{% endif %} + +#broadcast 192.168.1.255 autokey # broadcast server +#broadcastclient # broadcast client +#broadcast 224.0.1.1 autokey # multicast server +#multicastclient 224.0.1.1 # multicast client +#manycastserver 239.255.254.254 # manycast server +#manycastclient 239.255.254.254 autokey # manycast client + +# Enable public key cryptography. +#crypto + +includefile /etc/ntp/crypto/pw + +# Key file containing the keys and key identifiers used when operating +# with symmetric key cryptography. +keys /etc/ntp/keys + +# Specify the key identifiers which are trusted. +#trustedkey 4 8 42 + +# Specify the key identifier to use with the ntpdc utility. +#requestkey 8 + +# Specify the key identifier to use with the ntpq utility. +#controlkey 8 + +# Enable writing of statistics records. +#statistics clockstats cryptostats loopstats peerstats +statistics clockstats cryptostats loopstats peerstats -- cgit