117 lines
3.7 KiB
YAML
Executable File
117 lines
3.7 KiB
YAML
Executable File
---
|
|
|
|
# - name: merge custom vars
|
|
# block:
|
|
|
|
# - name: set role variable sources
|
|
# set_fact:
|
|
# role_info:
|
|
# role_defaults_file: "{{ role_path }}/defaults/main.yml"
|
|
# role_override_file: "{{ ansible_inventory_sources[0] | dirname }}/group_vars/{{ role_name }}.yml"
|
|
# vars_return: "placeholder"
|
|
|
|
# - set_fact:
|
|
# source_role: "{{ role_name }}"
|
|
|
|
# - name: run merge_vars role
|
|
# include_role:
|
|
# name: "merge_vars"
|
|
# vars:
|
|
# a_config_file: "{{ role_info['role_defaults_file'] }}"
|
|
# b_config_file: "{{ role_info['role_override_file'] }}"
|
|
# calling_role: "{{ source_role }}"
|
|
|
|
# - name: merge custom vars to vars[]
|
|
# set_fact:
|
|
# { "{{ entry }}": "{{ role_info['vars_return'][entry] }}" }
|
|
# loop: "{{ role_info['vars_return'] | list }}"
|
|
# loop_control:
|
|
# loop_var: entry
|
|
# when:
|
|
# - not role_info['vars_return'] == 'placeholder'
|
|
|
|
# - debug:
|
|
# msg:
|
|
# - "{{ vars['ntp'] }}"
|
|
# - "{{ vars['a'] }}"
|
|
|
|
# delegate_to: localhost
|
|
|
|
- name: get facts for localhost
|
|
ansible.builtin.setup:
|
|
delegate_to: localhost
|
|
delegate_facts: true
|
|
|
|
- name: test for clock skew
|
|
set_fact:
|
|
_clock_skew: True
|
|
when:
|
|
- (((hostvars[ansible_hostname]['ansible_date_time']['epoch_int'] | int) - (hostvars['localhost']['ansible_date_time']['epoch_int'] | int)) | abs) >86400
|
|
|
|
# manually set date on host where it differs from the localhost by more than 1 day, host must be able to validate ssl certs to download ntp packages
|
|
# test with:
|
|
# - date --set="2 year ago"
|
|
# - date --set="2 year"
|
|
- name: set host time to localhost time
|
|
ansible.builtin.command: date --set '@{{ hostvars['localhost']['ansible_date_time']['epoch_int'] }}'
|
|
when:
|
|
- _clock_skew is defined
|
|
|
|
- name: install ntp packages
|
|
ansible.builtin.package:
|
|
name:
|
|
- tzdata
|
|
- chrony
|
|
state: latest
|
|
|
|
- name: update package facts
|
|
ansible.builtin.package_facts:
|
|
manager: auto
|
|
strategy: all
|
|
|
|
- name: set timezone to Europe/London
|
|
community.general.timezone:
|
|
name: Europe/London
|
|
when:
|
|
- "'tzdata' in ansible_facts['packages']"
|
|
|
|
- name: set facts to render config as ntp client
|
|
set_fact:
|
|
_enable_ntp_servers: "{{ ['pool 0.europe.pool.ntp.org iburst prefer', 'pool 1.europe.pool.ntp.org', 'pool 2.europe.pool.ntp.org', 'pool 3.europe.pool.ntp.org'] }}"
|
|
|
|
- name: set facts to render config as ntp client with private ntp sources
|
|
set_fact:
|
|
_enable_ntp_servers: "{{ vars['groups']['ntpd'] | map('regex_replace', '$', suffix_domain) | map('regex_replace', '$', ' iburst prefer') | map('regex_replace', '^', 'server ') }}"
|
|
vars:
|
|
suffix_domain: ".{{ vars[config_namespace]['env']['cluster_domain'] }}"
|
|
when:
|
|
- vars['groups']['ntpd'] is defined
|
|
|
|
- name: set facts to render config as ntp server
|
|
set_fact:
|
|
_enable_ntp_server: true
|
|
_external_time_sources: "{{ ntp['external_time_sources'] }}"
|
|
_allow_network: "{{ _allow_network | default([]) + [cidr_range] }}"
|
|
loop: "{{ ntp['allow_network'] }}"
|
|
loop_control:
|
|
loop_var: entry
|
|
vars:
|
|
cidr_range: "{{ vars[config_namespace]['cluster_networks'][entry]['network'] }}/{{ (vars[config_namespace]['cluster_networks'][entry]['network'] + '/' + vars[config_namespace]['cluster_networks'][entry]['netmask']) | ansible.utils.ipaddr('prefix') }}"
|
|
when:
|
|
# - "'ntp_server' in hostvars[ansible_hostname]['group_names']"
|
|
- "'ntpd' in active_role_groups"
|
|
|
|
- name: configure chrony.conf
|
|
ansible.builtin.template:
|
|
src: templates/chrony.conf.j2
|
|
dest: /etc/chrony.conf
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
notify: restart_chronyd
|
|
|
|
- name: start chronyd service
|
|
ansible.builtin.service:
|
|
name: chronyd
|
|
state: started
|
|
enabled: true |