Make the ntp pool configurable

10 år sedan · 6c3cee70f2
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@@ -32,20 +32,9 @@
 
				
				   apt: pkg=unattended-upgrades state=installed
			
 
				
				   when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
			
 
				
				 
			
 
				
				-- name: Install ntp
			
 
				
				-  apt: pkg=ntp state=installed
			
 
				
				-
			
 
				
				-- name: Configure ntp
			
 
				
				-  template: src=ntp.conf.j2 dest=/etc/ntp.conf
			
 
				
				-  notify:
			
 
				
				-    - restart ntp
			
 
				
				-
			
 
				
				 - name: Apticron email configuration
			
 
				
				   template: src=apticron.conf.j2 dest=/etc/apticron/apticron.conf
			
 
				
				 
			
 
				
				-- name: Ensure ntpd is running and enabled
			
 
				
				-  service: name=ntp state=started enabled=yes
			
 
				
				-
			
 
				
				 - name: Disable default Apache site
			
 
				
				   command: a2dissite 000-default removes=/etc/apache2/sites-enabled/000-default
			
 
				
				   notify: restart apache
			
@@ -59,3 +48,4 @@
 
				
				 - include: ssl.yml tags=ssl
			
 
				
				 - include: ufw.yml tags=ufw
			
 
				
				 - include: security.yml tags=security
			
 
				
				+- include: ntp.yml tags=ntp
			
--- a/roles/common/tasks/ntp.yml
+++ b/roles/common/tasks/ntp.yml
@@ -0,0 +1,14 @@
 
				
				+---
			
 
				
				+# Defines tasks applicable for NTP (Network Time Protocol)
			
 
				
				+
			
 
				
				+- name: Install ntp
			
 
				
				+  apt: pkg=ntp state=installed
			
 
				
				+
			
 
				
				+- name: Configure ntp
			
 
				
				+  template: src=ntp.conf.j2 dest=/etc/ntp.conf
			
 
				
				+  notify:
			
 
				
				+    - restart ntp
			
 
				
				+
			
 
				
				+- name: Ensure ntpd is running and enabled
			
 
				
				+  service: name=ntp state=started enabled=yes
			
 
				
				+
			
--- a/roles/common/templates/ntp.conf.j2
+++ b/roles/common/templates/ntp.conf.j2
@@ -10,11 +10,10 @@ filegen loopstats file loopstats type day enable
 
				
				 filegen peerstats file peerstats type day enable
			
 
				
				 filegen clockstats file clockstats type day enable
			
 
				
				 
			
 
				
				-# Use servers from the NTP Pool Project
			
 
				
				-server 0.north-america.pool.ntp.org
			
 
				
				-server 1.north-america.pool.ntp.org
			
 
				
				-server 2.north-america.pool.ntp.org
			
 
				
				-server 3.north-america.pool.ntp.org
			
 
				
				+# Use servers configured via Ansible
			
 
				
				+{% for server in ntp_servers %}
			
 
				
				+server {{ server }}
			
 
				
				+{% endfor %}
			
 
				
				 
			
 
				
				 # fallback
			
 
				
				 server tick.usno.navy.mil
			
--- a/vars/defaults.yml
+++ b/vars/defaults.yml
@@ -12,6 +12,20 @@ admin_email: "{{ main_user_name }}@{{ domain }}"
 
				
				 friendly_networks:
			
 
				
				   - ""
			
 
				
				 
			
 
				
				+# ntp
			
 
				
				+ntp_servers:
			
 
				
				+  # use nearby ntp servers by default
			
 
				
				+  - 0.pool.ntp.org
			
 
				
				+  - 1.pool.ntp.org
			
 
				
				+  - 2.pool.ntp.org
			
 
				
				+  - 3.pool.ntp.org
			
 
				
				+  # use servers tailored to the server location
			
 
				
				+  # See http://www.pool.ntp.org/en/use.html
			
 
				
				+  # - 0.north-america.pool.ntp.org
			
 
				
				+  # - 1.north-america.pool.ntp.org
			
 
				
				+  # - 2.north-america.pool.ntp.org
			
 
				
				+  # - 3.north-america.pool.ntp.org
			
 
				
				+
			
 
				
				 # database
			
 
				
				 db_admin_username: 'postgres'
			
 
				
				 # db_admin_password: (required)