๐Ÿ“— Ansible playbooks and roles for building an idempotent, interconnected and scalable infrastructure
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
ansible-playbooks/roles/ntp/tasks/main.yml

93 lines
1.8 KiB

2 years ago
- name: set ntp_cfg
set_fact:
ntp_cfg: "{{ ntp_default_config | d({}) | combine(ntp_config | d({}), recursive=true) }}"
- name: install chrony
include_tasks: tasks/install_packages.yml
vars:
package:
- chrony
- alpine: chrony-openrc
notify: restart chrony
- name: create user and group
include_tasks: tasks/create_user.yml
vars:
user:
name: "{{ ntp_user }}"
group: "{{ ntp_group }}"
- name: disable system clock control in conf.d
lineinfile:
path: /etc/conf.d/chronyd
regexp: '^ARGS='
line: 'ARGS="-x"'
notify: restart chrony
- name: create directories
file:
path: "{{ item }}"
state: directory
owner: "{{ ntp_user }}"
group: "{{ ntp_group }}"
loop:
- "{{ ntp_conf_dir }}"
- "{{ ntp_tls_dir }}"
- "{{ ntp_data_dir }}"
- name: template config file
template:
src: chrony.j2
dest: "{{ ntp_conf_dir }}/chrony.conf"
force: yes
mode: 0444
owner: "{{ ntp_user }}"
group: "{{ ntp_group }}"
lstrip_blocks: yes
notify: restart chrony
- name: deploy certs
include_role:
name: certs
vars:
common:
owner: "{{ ntp_user }}"
group: "{{ ntp_group }}"
post_hook: service chronyd restart
notify: restart chrony
certs:
- cert: "{{ ntp_tls_dir }}/ecc384.crt"
key: "{{ ntp_tls_dir }}/ecc384.key"
ecc: yes
- cert: "{{ ntp_tls_dir }}/rsa2048.crt"
key: "{{ ntp_tls_dir }}/rsa2048.key"
ecc: no
- name: flush handlers
meta: flush_handlers
- name: add directories to backup plan
include_role:
name: backup
vars:
function: add
backup_items:
- "{{ ntp_conf_dir }}"
- "{{ ntp_tls_dir }}"
- "{{ ntp_data_dir }}"
- name: enable and start chronyd
service:
name: chronyd
enabled: yes
state: started