├── .gitignore ├── .kitchen.yml ├── Gemfile ├── Gemfile.lock ├── LICENSE ├── README.md ├── defaults └── main.yml ├── handlers └── main.yml ├── meta └── main.yml ├── tasks ├── configure.yml ├── install.yml ├── main.yml └── service.yml ├── templates └── chrony.conf.j2 ├── test ├── integration │ ├── redhat │ │ ├── ansible │ │ │ └── default.yml │ │ └── serverspec │ │ │ └── default_spec.rb │ └── ubuntu │ │ ├── ansible │ │ └── default.yml │ │ └── serverspec │ │ └── default_spec.rb └── test.yml └── vars ├── debian.yml └── redhat.yml /.gitignore: -------------------------------------------------------------------------------- 1 | .bin/ 2 | .bundle/ 3 | .gems/ 4 | .kitchen 5 | -------------------------------------------------------------------------------- /.kitchen.yml: -------------------------------------------------------------------------------- 1 | --- 2 | driver: 3 | name: 'vagrant' 4 | 5 | provisioner: 6 | name: 'ansible_playbook' 7 | hosts: "localhost" 8 | require_ansible_repo: false 9 | require_ansible_omnibus: false 10 | require_ansible_source: false 11 | require_pip: true 12 | ansible_version: 'latest' 13 | ansible_verbose: true 14 | require_chef_for_busser: false 15 | require_ruby_for_busser: false 16 | ignore_paths_from_root: [".git",".idea",".kitchen", ".bin", ".kitchen.yml", ".gems", ".bundle"] 17 | 18 | verifier: 19 | name: 'serverspec' 20 | default_pattern: true 21 | 22 | platforms: 23 | - name: 'ubuntu-16.04' 24 | - name: 'centos-7' 25 | 26 | suites: 27 | - name: 'ubuntu' 28 | includes: 'ubuntu-16.04' 29 | - name: 'redhat' 30 | includes: 'centos-7' 31 | -------------------------------------------------------------------------------- /Gemfile: -------------------------------------------------------------------------------- 1 | source "https://rubygems.org" 2 | 3 | gem "test-kitchen" 4 | gem "kitchen-vagrant" 5 | gem "kitchen-ansible" 6 | gem "kitchen-verifier-serverspec" 7 | -------------------------------------------------------------------------------- /Gemfile.lock: -------------------------------------------------------------------------------- 1 | GEM 2 | remote: https://rubygems.org/ 3 | specs: 4 | builder (3.2.3) 5 | erubis (2.7.0) 6 | ffi (1.11.1) 7 | gssapi (1.2.0) 8 | ffi (>= 1.0.1) 9 | gyoku (1.3.1) 10 | builder (>= 2.1.2) 11 | httpclient (2.8.3) 12 | kitchen-ansible (0.48.1) 13 | net-ssh (>= 3) 14 | test-kitchen (~> 1.4) 15 | kitchen-vagrant (1.2.1) 16 | test-kitchen (~> 1.4) 17 | kitchen-verifier-serverspec (0.6.10) 18 | net-ssh (>= 3) 19 | test-kitchen (~> 1.4) 20 | little-plugger (1.1.4) 21 | logging (2.2.2) 22 | little-plugger (~> 1.1) 23 | multi_json (~> 1.10) 24 | mixlib-install (3.8.0) 25 | mixlib-shellout 26 | mixlib-versioning 27 | thor 28 | mixlib-shellout (2.3.2) 29 | mixlib-versioning (1.2.2) 30 | multi_json (1.12.2) 31 | net-scp (1.2.1) 32 | net-ssh (>= 2.6.5) 33 | net-ssh (4.2.0) 34 | net-ssh-gateway (1.3.0) 35 | net-ssh (>= 2.6.5) 36 | nori (2.6.0) 37 | rubyntlm (0.6.2) 38 | rubyzip (1.3.0) 39 | safe_yaml (1.0.4) 40 | test-kitchen (1.19.2) 41 | mixlib-install (~> 3.6) 42 | mixlib-shellout (>= 1.2, < 3.0) 43 | net-scp (~> 1.1) 44 | net-ssh (>= 2.9, < 5.0) 45 | net-ssh-gateway (~> 1.2) 46 | safe_yaml (~> 1.0) 47 | thor (~> 0.19, < 0.19.2) 48 | winrm (~> 2.0) 49 | winrm-elevated (~> 1.0) 50 | winrm-fs (~> 1.1.0) 51 | thor (0.19.1) 52 | winrm (2.2.3) 53 | builder (>= 2.1.2) 54 | erubis (~> 2.7) 55 | gssapi (~> 1.2) 56 | gyoku (~> 1.0) 57 | httpclient (~> 2.2, >= 2.2.0.2) 58 | logging (>= 1.6.1, < 3.0) 59 | nori (~> 2.0) 60 | rubyntlm (~> 0.6.0, >= 0.6.1) 61 | winrm-elevated (1.1.0) 62 | winrm (~> 2.0) 63 | winrm-fs (~> 1.0) 64 | winrm-fs (1.1.1) 65 | erubis (~> 2.7) 66 | logging (>= 1.6.1, < 3.0) 67 | rubyzip (~> 1.1) 68 | winrm (~> 2.0) 69 | 70 | PLATFORMS 71 | ruby 72 | 73 | DEPENDENCIES 74 | kitchen-ansible 75 | kitchen-vagrant 76 | kitchen-verifier-serverspec 77 | test-kitchen 78 | 79 | BUNDLED WITH 80 | 1.16.0.pre.3 81 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2017 InfluxData 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | Chrony 2 | ========= 3 | 4 | [![Ansible Galaxy](https://img.shields.io/badge/ansible--galaxy-influxdata.chrony-blue.svg)](https://galaxy.ansible.com/influxdata/chrony/) 5 | 6 | Manages the Chrony services on Linux. 7 | 8 | Chrony is a service for keeping your servers time in sync, similar to NTPd, see https://chrony.tuxfamily.org/ for more. 9 | 10 | _This role will use the AWS Time Sync server by default, see: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/set-time.html_ 11 | 12 | Requirements 13 | ------------ 14 | 15 | None, a Linux host only. 16 | 17 | Role Variables 18 | -------------- 19 | 20 | For a list of configuration variables available see the `defaults/main.yml` 21 | 22 | Example Usage 23 | ---------------- 24 | 25 | Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: 26 | 27 | - hosts: all 28 | roles: 29 | - { role: influxdata.chrony } 30 | 31 | License 32 | ------- 33 | 34 | MIT 35 | 36 | Author Information 37 | ------------------ 38 | 39 | This role is maintained by InfluxData, https://www.influxdata.com, we like time! 40 | -------------------------------------------------------------------------------- /defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | chrony_port: 123 3 | chrony_acquisitionport: 1123 4 | chrony_allow: 5 | chrony_service_enabled: 'yes' 6 | chrony_service_state: 'started' 7 | chrony_service_name: 'chrony' 8 | chrony_conf_file: '/etc/chrony/chrony.conf' 9 | chrony_keyfile: '/etc/chrony/chrony.keys' 10 | chrony_pool: # 2.debian.pool.ntp.org offline iburst 11 | # AWS Time Sync service default 12 | chrony_server: '169.254.169.123 prefer iburst' 13 | chrony_driftfile: '/var/lib/chrony/chrony.drift' 14 | chrony_log: 'tracking measurements statistics' 15 | chrony_logdir: '/var/log/chrony' 16 | chrony_maxupdateskew: 100.0 17 | chrony_dumpdir: '/var/lib/chrony' 18 | chrony_initstepslew: false 19 | chrony_initstepslew_threshold: 30 20 | chrony_initstepslew_servers: '169.254.169.123' 21 | -------------------------------------------------------------------------------- /handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: 'restart chrony' 3 | become: yes 4 | service: 5 | name: "{{ chrony_service_name }}" 6 | state: 'restarted' 7 | -------------------------------------------------------------------------------- /meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | galaxy_info: 3 | author: 'Paul Myjvec' 4 | description: 'Module to manage Chrony on Linux' 5 | license: 'license (MIT)' 6 | min_ansible_version: 2.3 7 | platforms: 8 | - name: 'Ubuntu' 9 | versions: 10 | - 'xenial' 11 | - 'zesty' 12 | - name: 'Debian' 13 | versions: 14 | - 'jessie' 15 | - 'stretch' 16 | - name: 'EL' 17 | versions: 18 | - '6' 19 | - '7' 20 | galaxy_tags: 21 | - 'chrony' 22 | - 'system' 23 | - 'ntp' 24 | - 'ntpd' 25 | - 'aws' 26 | - 'networking' 27 | - 'linux' 28 | - 'ubunu' 29 | - 'debian' 30 | - 'centos' 31 | dependencies: [] 32 | -------------------------------------------------------------------------------- /tasks/configure.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: 'Configure Chrony' 3 | become: yes 4 | template: 5 | src: 'chrony.conf.j2' 6 | dest: "{{ chrony_conf_file }}" 7 | notify: 'restart chrony' 8 | -------------------------------------------------------------------------------- /tasks/install.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: 'Install Chrony' 3 | become: yes 4 | package: 5 | name: 'chrony' 6 | state: 'present' 7 | tags: 8 | - 'chrony-install' 9 | - 'chrony' 10 | -------------------------------------------------------------------------------- /tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: 'include os-specific vars' 3 | include_vars: "{{ansible_os_family | lower }}.yml" 4 | tags: 5 | - 'chrony' 6 | - 'chrony-vars' 7 | 8 | - include: "install.yml" 9 | - include: "configure.yml" 10 | - include: "service.yml" 11 | -------------------------------------------------------------------------------- /tasks/service.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: 'Manage the chrony service' 3 | become: yes 4 | service: 5 | name: '{{ chrony_service_name }}' 6 | enabled: '{{ chrony_service_enabled }}' 7 | state: '{{ chrony_service_state }}' 8 | tags: 'chrony-service' 9 | -------------------------------------------------------------------------------- /templates/chrony.conf.j2: -------------------------------------------------------------------------------- 1 | # {{ ansible_managed }} 2 | # See https://chrony.tuxfamily.org/documentation.html for details on this file 3 | 4 | {% if chrony_port %} 5 | port {{ chrony_port }} 6 | {% endif %} 7 | 8 | {% if chrony_acquisitionport %} 9 | acquisitionport {{ chrony_acquisitionport }} 10 | {% endif %} 11 | 12 | {% if chrony_pool %} 13 | pool {{ chrony_pool }} 14 | {% endif %} 15 | 16 | {% if chrony_server %} 17 | server {{ chrony_server }} 18 | {% endif %} 19 | 20 | keyfile {{ chrony_keyfile }} 21 | commandkey 1 22 | 23 | driftfile {{ chrony_driftfile }} 24 | log {{ chrony_log }} 25 | logdir {{ chrony_logdir }} 26 | maxupdateskew {{ chrony_maxupdateskew }} 27 | dumponexit 28 | # Specify directory for dumping measurements. 29 | 30 | 31 | dumpdir {{ chrony_dumpdir }} 32 | {% if chrony_initstepslew %} 33 | initstepslew {{ chrony_initstepslew_threshold }} {{ chrony_initstepslew_servers }} 34 | {% endif %} 35 | 36 | # This directive lets 'chronyd' to serve time even if unsynchronised to any 37 | # NTP server. 38 | 39 | #local stratum 10 40 | 41 | {% if chrony_allow %} 42 | # This directive designates subnets (or nodes) from which NTP clients are allowed 43 | # to access to 'chronyd'. 44 | {% for block in chrony_allow %} 45 | allow {{ block }} 46 | {% endfor %} 47 | {% endif %} 48 | 49 | # This directive forces `chronyd' to send a message to syslog if it 50 | # makes a system clock adjustment larger than a threshold value in seconds. 51 | 52 | logchange 0.5 53 | 54 | # This directive defines an email address to which mail should be sent 55 | # if chronyd applies a correction exceeding a particular threshold to the 56 | # system clock. 57 | 58 | # mailonchange root@localhost 0.5 59 | 60 | # This directive tells 'chronyd' to parse the 'adjtime' file to find out if the 61 | # real-time clock keeps local time or UTC. It overrides the 'rtconutc' directive. 62 | 63 | hwclockfile /etc/adjtime 64 | 65 | # This directive enables kernel synchronisation (every 11 minutes) of the 66 | # real-time clock. Note that it can’t be used along with the 'rtcfile' directive. 67 | 68 | rtcsync 69 | 70 | -------------------------------------------------------------------------------- /test/integration/redhat/ansible/default.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: 'localhost' 3 | roles: 4 | - 'ansible-chrony' 5 | -------------------------------------------------------------------------------- /test/integration/redhat/serverspec/default_spec.rb: -------------------------------------------------------------------------------- 1 | require 'serverspec' 2 | 3 | set :backend, :exec 4 | 5 | describe file('/etc/chrony.conf') do 6 | it { should exist } 7 | it { should be_file } 8 | end 9 | 10 | describe service('chronyd') do 11 | it { should be_running } 12 | it { should be_enabled } 13 | end 14 | -------------------------------------------------------------------------------- /test/integration/ubuntu/ansible/default.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: 'localhost' 3 | roles: 4 | - 'ansible-chrony' 5 | -------------------------------------------------------------------------------- /test/integration/ubuntu/serverspec/default_spec.rb: -------------------------------------------------------------------------------- 1 | require 'serverspec' 2 | 3 | set :backend, :exec 4 | 5 | describe file('/etc/chrony/chrony.conf') do 6 | it { should exist } 7 | it { should be_file } 8 | end 9 | 10 | describe service('chrony') do 11 | it { should be_running } 12 | it { should be_enabled } 13 | end 14 | -------------------------------------------------------------------------------- /test/test.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: localhost 3 | roles: 4 | - 'chrony' 5 | -------------------------------------------------------------------------------- /vars/debian.yml: -------------------------------------------------------------------------------- 1 | --- 2 | -------------------------------------------------------------------------------- /vars/redhat.yml: -------------------------------------------------------------------------------- 1 | --- 2 | chrony_service_name: 'chronyd' 3 | chrony_driftfile: '/var/lib/chrony/drift' 4 | chrony_keyfile: '/etc/chrony/chrony.keys' 5 | chrony_conf_file: '/etc/chrony.conf' 6 | --------------------------------------------------------------------------------