Dustin C. Hatch
c300dc1b6c
I continually struggle with machines' (physical and virtual, even the Roku devices!) clocks getting out of sync. I have been putting off fixing this because I wanted to set up a Windows-compatible NTP server (i.e. on the domain controllers, with Kerberos signing), but there's really no reason to wait for that to fix the clocks on all the non-Windows machines, especially since there are exactly 0 Windows machines on the network right now. The *chrony* role and corresponding `chrony.yml` playbook are generic, configured via the `chrony_pools`, `chrony_servers`, and `chrony_allow` variables. The values for these variables will configure the firewall to act as an NTP server, synchronizing with the NTP pool on the Internet, while all other machines will synchronize with it. This allows machines on networks without Internet access to keep their clocks in sync.
36 lines
552 B
YAML
36 lines
552 B
YAML
- name: ensure chrony is installed
|
|
package:
|
|
name: chrony
|
|
state: present
|
|
tags:
|
|
- install
|
|
|
|
- name: ensure chrony is configured
|
|
template:
|
|
src: chrony.conf.j2
|
|
dest: /etc/chrony.conf
|
|
owner: root
|
|
group: root
|
|
mode: u=rw,go=r
|
|
notify:
|
|
- restart chrony
|
|
tags:
|
|
- config
|
|
|
|
- name: ensure chrony is enabled
|
|
service:
|
|
name: chronyd
|
|
enabled: true
|
|
tags:
|
|
- service
|
|
|
|
- name: flush_handlers
|
|
meta: flush_handlers
|
|
|
|
- name: ensure chrony is running
|
|
service:
|
|
name: chronyd
|
|
state: started
|
|
tags:
|
|
- service
|