summaryrefslogtreecommitdiffstats
path: root/roles/common/tasks
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2020-11-05 17:13:03 +0100
committerGuilhem Moulin <guilhem@fripost.org>2020-11-15 18:33:37 +0100
commite8e01842f4e578ec427dd8d6f5a5e40b498458af (patch)
treeb4fcd836afa59a11570d54ab2e55dceb99e98bfc /roles/common/tasks
parent6a7bf972fa2c054f1aef5465237343247959e313 (diff)
Change NTP client to systemd-timesyncd.
(Excluding our NTP master.) It's simpler, arguably more secure, and provides enough functionality when only simple client use-cases are desired. We allow outgoing connections to 123/udp also on NTP slaves so systemd-timesyncd can connect to the fallbacks NTP servers.
Diffstat (limited to 'roles/common/tasks')
-rw-r--r--roles/common/tasks/ntp.yml29
1 files changed, 22 insertions, 7 deletions
diff --git a/roles/common/tasks/ntp.yml b/roles/common/tasks/ntp.yml
index f9a01c8..60ffef9 100644
--- a/roles/common/tasks/ntp.yml
+++ b/roles/common/tasks/ntp.yml
@@ -1,15 +1,30 @@
-- name: Install ntp
- apt: pkg=ntp
+- name: Install/Remove ntp
+ # TODO bullseye: install new package 'systemd-timesyncd'
+ apt: pkg=ntp state={{ state }} purge=yes
+ vars:
+ state: "{{ ('NTP_master' in group_names) | ternary('present', 'absent') }}"
+
+- name: Create /etc/systemd/timesyncd.conf.d
+ file: path=/etc/systemd/timesyncd.conf.d
+ state=directory
+ owner=root group=root
+ mode=0755
+ when: "'NTP_master' not in group_names"
- name: Configure ntp
- template: src=etc/ntp.conf.j2
- dest=/etc/ntp.conf
+ template: src=etc/{{ conf }}.j2
+ dest=/etc/{{ conf }}
owner=root group=root
mode=0644
+ vars:
+ conf: "{{ ('NTP_master' in group_names) | ternary('ntp.conf', 'systemd/timesyncd.conf.d/fripost.conf') }}"
+ service: "{{ ('NTP_master' in group_names) | ternary('ntp', 'systemd-timesyncd') }}"
notify:
- - Restart ntp
+ - Restart {{ service }}
- meta: flush_handlers
-- name: Start ntp
- service: name=ntp state=started
+- name: Start and enable ntp
+ service: name={{ service }}.service state=started enabled=true
+ vars:
+ service: "{{ ('NTP_master' in group_names) | ternary('ntp', 'systemd-timesyncd') }}"