Skip to content

Latest commit

 

History

History
127 lines (100 loc) · 7.81 KB

README.md

File metadata and controls

127 lines (100 loc) · 7.81 KB
Raw

Ansible Role jm1.cloudy.chrony

This role helps with configuring chrony from Ansible variables. For example, it allows to edit /etc/chrony.conf on Red Hat Enterprise Linux or /etc/chrony/chrony.conf and files in /etc/chrony/{conf,sources}.d/ on Debian. Variable chrony_config defines a list of tasks which will be run by this role. Each task calls an Ansible module similar to tasks in roles or playbooks except that only few keywords such as when are supported. For example, to allow NTP clients from a particular subnet to access a NTP server on Debian define variable chrony_config in group_vars or host_vars as such:

chrony_config:
- ansible.builtin.copy:
    content: |
      allow 192.168.158.0/24
    dest: /etc/chrony/conf.d/home.arpa.conf
    mode: u=rw,g=r,o=
    group: root
    owner: root

First, this role will install a chrony package which matches the distribution specified in variable distribution_id. Next, it will run all tasks listed in chrony_config. Once all tasks have finished and if anything has changed (and if chrony_service_state is not set to stopped), then chrony's service (set in chrony_service_name) is restarted to apply changes.

Tested OS images

Available on Ansible Galaxy in Collection jm1.cloudy.

Requirements

This role uses module(s) from collection jm1.ansible and collection jm1.pkg. To install these collections you may follow the steps described in README.md using the provided requirements.yml.

Variables

Name Default value Required Description
chrony_config [] false List of tasks to run 1 2 3, e.g. to configure /etc/chrony.conf or /etc/chrony/chrony.conf
chrony_service_enabled true false Whether the chrony service should start on boot
chrony_service_name depends on distribution_id false Name of the chrony service, e.g. chrony.service on Debian and chronyd.service on Red Hat Enterprise Linux
chrony_service_state started false State of the chrony service
distribution_id depends on operating system false List which uniquely identifies a distribution release, e.g. [ 'Debian', '10' ] for Debian 10 (Buster)

Dependencies

Name Description
jm1.pkg.setup Installs necessary software for module jm1.pkg.meta_pkg from collection jm1.pkg. This role is called automatically, manual execution is NOT required.

Example Playbook

- hosts: all
  become: true
  roles:
  - name: Manage chrony service
    role: jm1.cloudy.chrony
    tags: ["jm1.cloudy.chrony"]

For a complete example on how to use this role, refer to hosts lvrt-lcl-session-srv-400-okd-ipi-router, lvrt-lcl-session-srv-500-okd-abi-ha-router, lvrt-lcl-session-srv-600-okd-ipi-router or lvrt-lcl-session-srv-700-okd-sno-router from the provided examples inventory. The top-level README.md describes how this host can be provisioned with playbook playbooks/site.yml.

For instructions on how to run Ansible playbooks have look at Ansible's Getting Started Guide.

License

GNU General Public License v3.0 or later

See LICENSE.md to see the full text.

Author

Jakob Meng @jm1 (github, galaxy, web)

Footnotes

  1. Useful Ansible modules in this context could be blockinfile, copy, file, lineinfile and template.

  2. Tasks will be executed with jm1.ansible.execute_module which supports keyword when only.

  3. Tasks will be executed with jm1.ansible.execute_module which supports modules and action plugins only. Some Ansible modules such as ansible.builtin.meta and ansible.builtin.{include,import}_{playbook,role,tasks} are core features of Ansible, in fact not implemented as modules and thus cannot be called from jm1.ansible.execute_module. Doing so causes Ansible to raise errors such as MODULE FAILURE\nSee stdout/stderr for the exact error. In addition, Ansible does not support free-form parameters for arbitrary modules, so for example, change from - debug: msg="" to - debug: { msg: "" }.