A simple ansible role to deploy our basic packages and settings.
None.
Role variables are set and documented in defaults/main.yml.
None.
Non-default / local time servers are (currently) not supported by this role.
For systemd-timesyncd it is /etc/systemd/timesyncd.conf:
[Time]
NTP=ntp1.example.com ntp2.example.com ntp3.example.com ntp4.example.comFor ntp it is /etc/ntp.conf:
pool time.example.com iburst
or
server time.example.com iburst
We use iburst by default. I think this is OK. From ntp.conf(5):
iburst: When the server is unreachable, send a burst of six packets instead of the usual one. The packet spacing is normally 2 s; [...]
Use server instead of pool if no round-robin DNS is involved, though.
For chrony it is /etc/chrony/chrony.conf or a .conf file in /etc/chrony/chrony.d/ (if confdir is defined in /etc/chrony/chrony.conf (the default since Debian/bullseye and later)):
# Set NTP server which can be used as a time source, _prefer_ this source over sources without the prefer option and start with a burst of 4-8 requests in order to make the first update of the clock sooner (iburst)
server time.example.com prefer iburst
# Allow NTP client access from local network.
# allow 192.168.7.0/24
# Allow NTP client access from localhost (i.e. for Prometheus node_exporter)
allow 127/8
# Specify the location of the Samba ntp_signd socket when it is running as a Domain Controller (DC)
# ntpsigndsocket /var/lib/samba/ntp_signd
Which NTP Daemon?
We should favor chrony over ntp (from Choosing Between NTP Daemons):
Chrony should be preferred for all systems except for the systems that are managed or monitored by tools that do not support chrony, or the systems that have a hardware reference clock which cannot be used with chrony.
Further reading:
For this example we will assume you have defined a host group site in the inventory file hosts.
site-base.yml:
---
- hosts: site
roles:
- { role: jkirk.base }To run this playbook you would do ansible-playbook -i hosts site.yml
MIT
Darshaka Pathirana - https://synpro.solutions