From e8e01842f4e578ec427dd8d6f5a5e40b498458af Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Thu, 5 Nov 2020 17:13:03 +0100 Subject: Change NTP client to systemd-timesyncd. (Excluding our NTP master.) It's simpler, arguably more secure, and provides enough functionality when only simple client use-cases are desired. We allow outgoing connections to 123/udp also on NTP slaves so systemd-timesyncd can connect to the fallbacks NTP servers. --- roles/common/tasks/ntp.yml | 29 ++++++++++++++++++++++------- 1 file changed, 22 insertions(+), 7 deletions(-) (limited to 'roles/common/tasks/ntp.yml') diff --git a/roles/common/tasks/ntp.yml b/roles/common/tasks/ntp.yml index f9a01c8..60ffef9 100644 --- a/roles/common/tasks/ntp.yml +++ b/roles/common/tasks/ntp.yml @@ -1,15 +1,30 @@ -- name: Install ntp - apt: pkg=ntp +- name: Install/Remove ntp + # TODO bullseye: install new package 'systemd-timesyncd' + apt: pkg=ntp state={{ state }} purge=yes + vars: + state: "{{ ('NTP_master' in group_names) | ternary('present', 'absent') }}" + +- name: Create /etc/systemd/timesyncd.conf.d + file: path=/etc/systemd/timesyncd.conf.d + state=directory + owner=root group=root + mode=0755 + when: "'NTP_master' not in group_names" - name: Configure ntp - template: src=etc/ntp.conf.j2 - dest=/etc/ntp.conf + template: src=etc/{{ conf }}.j2 + dest=/etc/{{ conf }} owner=root group=root mode=0644 + vars: + conf: "{{ ('NTP_master' in group_names) | ternary('ntp.conf', 'systemd/timesyncd.conf.d/fripost.conf') }}" + service: "{{ ('NTP_master' in group_names) | ternary('ntp', 'systemd-timesyncd') }}" notify: - - Restart ntp + - Restart {{ service }} - meta: flush_handlers -- name: Start ntp - service: name=ntp state=started +- name: Start and enable ntp + service: name={{ service }}.service state=started enabled=true + vars: + service: "{{ ('NTP_master' in group_names) | ternary('ntp', 'systemd-timesyncd') }}" -- cgit v1.2.3