From: Michael Scherer <misc(a)zarb.org>
Since base install ntp on all platforms, we can skip the vars
and place it by default (next step is to convert the
few playbooks duplicating the role)
---
roles/base/files/ntp/step-tickers | 7 -------
roles/base/meta/main.yml | 1 +
roles/base/tasks/main.yml | 21 ---------------------
roles/base/templates/ntp/ntp.conf.j2 | 34 ----------------------------------
roles/ntp/files/step-tickers | 7 +++++++
roles/ntp/tasks/main.yml | 27 +++++++++++++++++++++++++++
roles/ntp/templates/ntp.conf.j2 | 34 ++++++++++++++++++++++++++++++++++
vars/CentOS.yml | 2 +-
vars/Fedora.yml | 2 +-
vars/RedHat.yml | 2 +-
10 files changed, 72 insertions(+), 65 deletions(-)
delete mode 100644 roles/base/files/ntp/step-tickers
delete mode 100644 roles/base/templates/ntp/ntp.conf.j2
create mode 100644 roles/ntp/files/step-tickers
create mode 100644 roles/ntp/tasks/main.yml
create mode 100644 roles/ntp/templates/ntp.conf.j2
diff --git a/roles/base/files/ntp/step-tickers b/roles/base/files/ntp/step-tickers
deleted file mode 100644
index d0fe7ab..0000000
--- a/roles/base/files/ntp/step-tickers
+++ /dev/null
@@ -1,7 +0,0 @@
-208.75.88.4
-216.93.242.12
-107.170.242.27
-108.166.189.70
-199.223.248.98
-# [loopback]
-127.127.1.0
diff --git a/roles/base/meta/main.yml b/roles/base/meta/main.yml
index 6ad8fad..afa39de 100644
--- a/roles/base/meta/main.yml
+++ b/roles/base/meta/main.yml
@@ -1,3 +1,4 @@
---
dependencies:
+ - { role: ntp }
- { role: dnf-automatic }
diff --git a/roles/base/tasks/main.yml b/roles/base/tasks/main.yml
index 5ddb308..3bb4bd8 100644
--- a/roles/base/tasks/main.yml
+++ b/roles/base/tasks/main.yml
@@ -300,27 +300,6 @@
- name: Setup postfix
include: postfix.yml
-- name: install ntp.conf
- template: src=ntp/ntp.conf.j2 dest=/etc/ntp.conf
- tags:
- - ntp
- - config
- - base
-
-- name: install ntp step-tickers
- copy: src=ntp/step-tickers dest=/etc/ntp/step-tickers
- tags:
- - ntp
- - config
- - base
-
-- name: Start ntpd
- service: name=ntpd state=running enabled=true
- tags:
- - ntp
- - service
- - base
-
#
# This task installs some common scripts to /usr/local/bin
# scripts are under roles/base/files/common-scripts
diff --git a/roles/base/templates/ntp/ntp.conf.j2 b/roles/base/templates/ntp/ntp.conf.j2
deleted file mode 100644
index e72371c..0000000
--- a/roles/base/templates/ntp/ntp.conf.j2
+++ /dev/null
@@ -1,34 +0,0 @@
-## Set up restrictions for services.
-restrict default kod nomodify notrap nopeer noquery
-restrict -6 default kod nomodify notrap nopeer noquery
-restrict 127.0.0.1
-restrict -6 ::1
-
-# setup a set of servers that we all look at.
-# use servers from
1/2/3.rhel.pool.ntp.org as they are allowed out of the firewall
-# However, we need specific ip's to be allowed out from builders.
-{% if datacenter == 'phx2' and not
inventory_hostname.startswith('bastion0') %}
-#
-# in phx2 we want to use bastion01 and bastion02 for ntp service
-# Unless we are bastion01/02, then we want to use the normal pool
-#
-server 10.5.126.12
-server 10.5.126.11
-{% else %}
-server
1.rhel.pool.ntp.org
-server
2.rhel.pool.ntp.org
-server
3.rhel.pool.ntp.org
-{% endif %}
-
-# [localhost]
-# Undisciplined Local Clock. This is a fake driver intended for backup
-# and when no outside source of synchronized time is available.
-server 127.127.1.0 # local clock
-fudge 127.127.1.0 stratum 10
-
-# Key file containing the keys and key identifiers used when operating
-# with symmetric key cryptography.
-keys /etc/ntp/keys
-
-# Watch drift
-driftfile /var/lib/ntp/drift
diff --git a/roles/ntp/files/step-tickers b/roles/ntp/files/step-tickers
new file mode 100644
index 0000000..d0fe7ab
--- /dev/null
+++ b/roles/ntp/files/step-tickers
@@ -0,0 +1,7 @@
+208.75.88.4
+216.93.242.12
+107.170.242.27
+108.166.189.70
+199.223.248.98
+# [loopback]
+127.127.1.0
diff --git a/roles/ntp/tasks/main.yml b/roles/ntp/tasks/main.yml
new file mode 100644
index 0000000..809abc2
--- /dev/null
+++ b/roles/ntp/tasks/main.yml
@@ -0,0 +1,27 @@
+- name: install ntp
+ package: name=ntp state=present
+ tags:
+ - ntp
+ - package
+ - base
+
+- name: install ntp.conf
+ template: src=ntp.conf.j2 dest=/etc/ntp.conf
+ tags:
+ - ntp
+ - config
+ - base
+
+- name: install ntp step-tickers
+ copy: src=step-tickers dest=/etc/ntp/step-tickers
+ tags:
+ - ntp
+ - config
+ - base
+
+- name: Start ntpd
+ service: name=ntpd state=running enabled=true
+ tags:
+ - ntp
+ - service
+ - base
diff --git a/roles/ntp/templates/ntp.conf.j2 b/roles/ntp/templates/ntp.conf.j2
new file mode 100644
index 0000000..e72371c
--- /dev/null
+++ b/roles/ntp/templates/ntp.conf.j2
@@ -0,0 +1,34 @@
+## Set up restrictions for services.
+restrict default kod nomodify notrap nopeer noquery
+restrict -6 default kod nomodify notrap nopeer noquery
+restrict 127.0.0.1
+restrict -6 ::1
+
+# setup a set of servers that we all look at.
+# use servers from
1/2/3.rhel.pool.ntp.org as they are allowed out of the firewall
+# However, we need specific ip's to be allowed out from builders.
+{% if datacenter == 'phx2' and not
inventory_hostname.startswith('bastion0') %}
+#
+# in phx2 we want to use bastion01 and bastion02 for ntp service
+# Unless we are bastion01/02, then we want to use the normal pool
+#
+server 10.5.126.12
+server 10.5.126.11
+{% else %}
+server
1.rhel.pool.ntp.org
+server
2.rhel.pool.ntp.org
+server
3.rhel.pool.ntp.org
+{% endif %}
+
+# [localhost]
+# Undisciplined Local Clock. This is a fake driver intended for backup
+# and when no outside source of synchronized time is available.
+server 127.127.1.0 # local clock
+fudge 127.127.1.0 stratum 10
+
+# Key file containing the keys and key identifiers used when operating
+# with symmetric key cryptography.
+keys /etc/ntp/keys
+
+# Watch drift
+driftfile /var/lib/ntp/drift
diff --git a/vars/CentOS.yml b/vars/CentOS.yml
index e32f53a..bd4c73c 100644
--- a/vars/CentOS.yml
+++ b/vars/CentOS.yml
@@ -1,6 +1,6 @@
---
dist_tag: el{{ ansible_distribution_version[0] }}
-base_pkgs_inst: [ 'ntp' ]
+base_pkgs_inst: []
base_pkgs_erase: ['firstboot-tui','bluez-utils', 'sendmail']
service_disabled: []
service_enabled: []
diff --git a/vars/Fedora.yml b/vars/Fedora.yml
index ad1434a..c985f44 100644
--- a/vars/Fedora.yml
+++ b/vars/Fedora.yml
@@ -1,6 +1,6 @@
---
dist_tag: f{{ ansible_distribution_version }}
-base_pkgs_inst: ['iptables-services', 'ntp' ]
+base_pkgs_inst: ['iptables-services' ]
base_pkgs_erase: ['firewalld', 'PackageKit*', 'sendmail',
'at']
service_disabled: [ ]
service_enabled: ['auditd']
diff --git a/vars/RedHat.yml b/vars/RedHat.yml
index e32f53a..bd4c73c 100644
--- a/vars/RedHat.yml
+++ b/vars/RedHat.yml
@@ -1,6 +1,6 @@
---
dist_tag: el{{ ansible_distribution_version[0] }}
-base_pkgs_inst: [ 'ntp' ]
+base_pkgs_inst: []
base_pkgs_erase: ['firstboot-tui','bluez-utils', 'sendmail']
service_disabled: []
service_enabled: []
--
1.8.3.1