NTP
This role was created to set the ntp server to "ntp.trifence.ch" and as fallback "ntp.3eck.net", set the timezone to Europe/Zurich and reloads the chrony service. The "ntp.trifence.ch" and "ntp.3eck.net" ntp serer are used prefered because they support nts, but to prevent a egg/chicken scenario with tls (which needs a more or less accurate time & date) we also use a second fallback cleartext ntp server --> time.ethz.ch
General
This role consists of four main steps:
- install chrony
- name: "install chrony"
ansible.builtin.package:
name: chrony
state: latest
become: true
- Copy chrony.conf template to /etc/chrony/
#Copy chrony.conf template file to /etc/chrony/
- name: "Copy chrony.conf template to /etc/chrony/chrony.conf
template:
src: chrony.conf
dest: /etc/chrony/chrony.conf
owner: root
group: root
mode: 0644
force: yes
become: true
- The chrony.conf template templates the following:
# First nts (tls secured) ntp server
server {{ ntp_primary_server }} iburst nts prefer
# Second nts (tls secured) ntp server
server {{ ntp_fallback_server }} iburst nts prefer
# Third ntp server, but without tls
server {{ ntp_secondary_fallback_server }} iburst
Set timezone to Europe/Zurich
- name: Set timezone to Europe/Zurich community.general.timezone: name: Europe/Zurich
Restart chrony.service
- name: "Restart chrony.service" ansible.builtin.systemd: name: chrony state: restarted
- or, for chrony < version 4 the chrony.conf template templates the following:
only ntp server, without tls, since it is only support > version 4.0
server {{ ntp_legacy_server }} iburst
#Set timezone to Europe/Zurich
- name: Set timezone to Europe/Zurich
community.general.timezone:
name: Europe/Zurich
#Restart chrony.service
- name: "Restart chrony.service"
ansible.builtin.systemd:
name: chrony
state: restarted
Dependencies
Role Dependencies
Package Dependencies
Role Variables
| Name | Type | Default value | Purpose | Comment | Role |
|---|---|---|---|---|---|
| ntp_conf | Boolean | false | If set to true, the ntp role will be executed (Opt-in) | - | ntp |
| ntp_primary_server | String | "ntp.trifence.ch" | Primary ntp server (nts) | time.ethz.ch does not support nts | ntp |
| ntp_fallback_server | String | "ntp.3eck.net" | Fallback ntp server (nts) | time.ethz.ch does not support nts | ntp |
| ntp_secondary_fallback_server | String | "time.ethz,ch" | Fallback ntp server (ntp (without tls)) | time.ethz.ch does not support nts, but we use a 3 cleartext server as fallback | ntp |
| ntp_legacy | Boolean | false | If set to true, the old/legacy config file for versions <4.0 will be templated | - | ntp |
| ntp_legacy_server | String | "time.ethz,ch" | legacy ntp server (ntp (without tls)) | time.ethz.ch does not support nts, but we use a cleartext server since chrony <version 4.0 does NOT support ntsecure | ntp |
| ntp_timezone | String | "Europe/Zurich" | Sets the timezone to Europe/Zurich, but can be changed to whatever you want | - | ntp |
Example Playbook
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
- hosts: servers
roles:
- { ntp: ntp, nts, time }
License
BSD
Author Information
Maintainer: Niels Dill, Niklaus Kappeler (chrony rewrite)
Support-Contact: s4d-linux-support@id.ethz.ch