Install and configure ntpd on a target host.
Minimum required ansible version is 1.9.
None.
ansible-galaxy install archf.ntpd
Basic usage is:
- hosts: all
roles:
- role: archf.ntpd
If you do not want a global installation, clone it into your roles_path
.
git clone git@github.com:archf/ansible-ntpd.git /path/to/roles_path
But I often add it as a submdule in a given playbook_dir
repository.
git submodule add git@github.com:archf/ansible-ntpd.git <playbook_dir>/roles/ntpd
As the role is not managed by Ansible Galaxy, you do not have to specify the github user account.
Basic usage is:
- hosts: all
roles:
- role: ntpd
Install and configure ntpd on rhel and debian hosts. This is only suitable for client-server mode. Target can either be a ntpd server or a ntpd client.
Settings above work well for simple ntp clients. See templates/ntp.conf.j2
for other defaults.
Variables are divided in three types.
The default vars section shows you which variables you may override in your ansible inventory. As a matter of fact, all variables should be defined there for explicitness, ease of documentation as well as overall role manageability.
The mandatory variables section contains variables that for several reasons do not fit into the default variables. As name implies, they must absolutely be defined in the inventory or else the role will fail. It is a good thing to avoid reach for these as much as possible and/or design the role with clear behavior when they're undefined.
The context variables are shown in section below hint you on how runtime context may affects role execution.
Role default variables from defaults/main.yml
.
# Enable/disable ntpd service.
ntpd_enabled: yes
# Stop/start ntpd service
ntpd_state: "started"
# Define ntpd sources. The [0-3].pool.ntp.org names point to a random set of
# servers that will change every hour.
ntpd_sources:
- 0.pool.ntp.org
- 1.pool.ntp.org
- 2.pool.ntp.org
- 3.pool.ntp.org
# Install (`present', `latest'), or remove (`absent') a package.
ntpd_pkg_state: latest
# Restrict statements within `ntpd_restrict` will relax defaults from
# configuration file template which are:
# *restrict -4 default limited kod nomodify notrap nopeer noquery
# *restrict -6 default limited kod nomodify notrap nopeer noquery
# By default, client hosts on local network are less restricted. Override this
# for more specifics needs. Elements of this list will be literally inserted
# into ntp.conf. You could define defaults for those for each of your dev,
# staging and production environnement and also create groups for your stratum
# servers.
ntpd_restrict:
- restrict 10.0.0.0 mask 255.0.0.0 nomodify notrap nopeer
- restrict 192.168.0.0 mask 255.255.0.0 nomodify notrap nopeer
- restrict 172.16.0.0 mask 255.240.0.0 nomodify notrap nopeer
# no stats logging
ntpd_log_stats: no
# undefined crypto settings
# ntpd_crypto: ''
None.
Those variables from vars/*.{yml,json}
are loaded dynamically during task
runtime using the include_vars
module.
Variables loaded from vars/Suse.yml
.
ntpd_pkgs:
- python-selinux
- ntp
ntpd_svc_name: ntp
# Deliberately left indefined.
# see https://bugzilla.novell.com/show_bug.cgi?id=542098
# ntpd_keysfile: "/etc/ntp.keys"
Variables loaded from vars/Debian.yml
.
ntpd_pkgs:
- ntp
ntpd_svc_name: ntp
ntpd_keysfile: "/etc/ntp/keys"
Variables loaded from vars/RedHat.yml
.
ntpd_pkgs:
- ntp
ntpd_svc_name: ntpd
ntpd_keysfile: "/etc/ntp/keys"
You want to contribute? Here's a wishlist:
- peer support?
- improve statistics configuration
Consider opening an issue to share your intent and avoid work duplication!
BSD.
Felix Archambault.
Please do not edit this file. This role README.md
was generated using the
'ansidoc' python tool available on pypi!
Installation:
pip3 install ansidoc
Basic usage:
Validate output by running a dry-run (will output result to stdout)
ansidoc --dry-run <rolepath>
Generate you role readme file. Will write a README.md
file under
<rolepath>/README.md
.
ansidoc <rolepath>
Also usable programatically from Sphinx.