Add chrony ansible role
Change-Id: I49503275a8b3700185ee0395d9beee7397f5fccf Implements: blueprint add-chrony-service
This commit is contained in:
parent
2d32083a27
commit
093d2828fc
@ -56,6 +56,16 @@ kolla_enable_sanity_swift: "{{ kolla_enable_sanity_checks }}"
|
|||||||
# recommended.
|
# recommended.
|
||||||
api_interface_address: "{{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] if orchestration_engine == 'ANSIBLE' else '0.0.0.0' }}"
|
api_interface_address: "{{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] if orchestration_engine == 'ANSIBLE' else '0.0.0.0' }}"
|
||||||
|
|
||||||
|
################
|
||||||
|
# Chrony options
|
||||||
|
################
|
||||||
|
# a list contains ntp servers
|
||||||
|
external_ntp_servers:
|
||||||
|
- 0.pool.ntp.org
|
||||||
|
- 1.pool.ntp.org
|
||||||
|
- 2.pool.ntp.org
|
||||||
|
- 3.pool.ntp.org
|
||||||
|
|
||||||
####################
|
####################
|
||||||
# Database options
|
# Database options
|
||||||
####################
|
####################
|
||||||
@ -273,6 +283,7 @@ enable_ceilometer: "no"
|
|||||||
enable_central_logging: "no"
|
enable_central_logging: "no"
|
||||||
enable_ceph: "no"
|
enable_ceph: "no"
|
||||||
enable_ceph_rgw: "no"
|
enable_ceph_rgw: "no"
|
||||||
|
enable_chrony: "no"
|
||||||
enable_cinder: "no"
|
enable_cinder: "no"
|
||||||
enable_cinder_backend_hnas_iscsi: "no"
|
enable_cinder_backend_hnas_iscsi: "no"
|
||||||
enable_cinder_backend_iscsi: "no"
|
enable_cinder_backend_iscsi: "no"
|
||||||
|
@ -17,6 +17,15 @@ localhost ansible_connection=local
|
|||||||
|
|
||||||
# You can explicitly specify which hosts run each project by updating the
|
# You can explicitly specify which hosts run each project by updating the
|
||||||
# groups in the sections below. Common services are grouped together.
|
# groups in the sections below. Common services are grouped together.
|
||||||
|
[chrony-server:children]
|
||||||
|
control
|
||||||
|
|
||||||
|
[chrony:children]
|
||||||
|
network
|
||||||
|
compute
|
||||||
|
storage
|
||||||
|
monitoring
|
||||||
|
|
||||||
[collectd:children]
|
[collectd:children]
|
||||||
compute
|
compute
|
||||||
|
|
||||||
|
@ -36,6 +36,16 @@ monitoring
|
|||||||
|
|
||||||
# You can explicitly specify which hosts run each project by updating the
|
# You can explicitly specify which hosts run each project by updating the
|
||||||
# groups in the sections below. Common services are grouped together.
|
# groups in the sections below. Common services are grouped together.
|
||||||
|
[chrony-server:children]
|
||||||
|
control
|
||||||
|
|
||||||
|
[chrony:children]
|
||||||
|
control
|
||||||
|
network
|
||||||
|
compute
|
||||||
|
storage
|
||||||
|
monitoring
|
||||||
|
|
||||||
[collectd:children]
|
[collectd:children]
|
||||||
compute
|
compute
|
||||||
|
|
||||||
|
22
ansible/roles/chrony/defaults/main.yml
Normal file
22
ansible/roles/chrony/defaults/main.yml
Normal file
@ -0,0 +1,22 @@
|
|||||||
|
---
|
||||||
|
project_name: "chrony"
|
||||||
|
|
||||||
|
chrony_services:
|
||||||
|
chrony:
|
||||||
|
container_name: "chrony"
|
||||||
|
group: "chrony"
|
||||||
|
image: "{{ chrony_image_full }}"
|
||||||
|
enabled: True
|
||||||
|
privileged: True
|
||||||
|
volumes:
|
||||||
|
- "{{ node_config_directory }}/chrony/:{{ container_config_directory }}/:ro"
|
||||||
|
- "/etc/localtime:/etc/localtime:ro"
|
||||||
|
- "kolla_logs:/var/log/kolla"
|
||||||
|
|
||||||
|
|
||||||
|
####################
|
||||||
|
# Docker
|
||||||
|
####################
|
||||||
|
chrony_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-chrony"
|
||||||
|
chrony_tag: "{{ openstack_release }}"
|
||||||
|
chrony_image_full: "{{ chrony_image }}:{{ chrony_tag }}"
|
12
ansible/roles/chrony/handlers/main.yml
Normal file
12
ansible/roles/chrony/handlers/main.yml
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
---
|
||||||
|
- name: Restart chrony container
|
||||||
|
vars:
|
||||||
|
service_name: "chrony"
|
||||||
|
service: "{{ chrony_services[service_name] }}"
|
||||||
|
kolla_docker:
|
||||||
|
action: "recreate_or_restart_container"
|
||||||
|
common_options: "{{ docker_common_options }}"
|
||||||
|
privileged: "{{ service.privileged }}"
|
||||||
|
name: "{{ service.container_name }}"
|
||||||
|
image: "{{ service.image }}"
|
||||||
|
volumes: "{{ service.volumes }}"
|
3
ansible/roles/chrony/meta/main.yml
Normal file
3
ansible/roles/chrony/meta/main.yml
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
---
|
||||||
|
dependencies:
|
||||||
|
- { role: common }
|
45
ansible/roles/chrony/tasks/config.yml
Normal file
45
ansible/roles/chrony/tasks/config.yml
Normal file
@ -0,0 +1,45 @@
|
|||||||
|
---
|
||||||
|
- name: Ensuring config directories exist
|
||||||
|
file:
|
||||||
|
path: "{{ node_config_directory }}/{{ item }}"
|
||||||
|
state: "directory"
|
||||||
|
recurse: yes
|
||||||
|
with_items:
|
||||||
|
- "chrony"
|
||||||
|
|
||||||
|
- name: Copying over config.json files for services
|
||||||
|
template:
|
||||||
|
src: "{{ item }}.json.j2"
|
||||||
|
dest: "{{ node_config_directory }}/{{ item }}/config.json"
|
||||||
|
with_items:
|
||||||
|
- "chrony"
|
||||||
|
notify:
|
||||||
|
- Restart chrony container
|
||||||
|
|
||||||
|
- name: Copying over chrony.conf
|
||||||
|
template:
|
||||||
|
src: "{{ item }}"
|
||||||
|
dest: "{{ node_config_directory }}/chrony/chrony.conf"
|
||||||
|
with_first_found:
|
||||||
|
- "{{ node_custom_config }}/chrony/{{ inventory_hostname }}/chrony.conf"
|
||||||
|
- "{{ node_custom_config }}/chrony/chrony.conf"
|
||||||
|
- "chrony.conf.j2"
|
||||||
|
notify:
|
||||||
|
- Restart chrony container
|
||||||
|
|
||||||
|
- name: Check chrony container
|
||||||
|
kolla_docker:
|
||||||
|
action: "compare_container"
|
||||||
|
common_options: "{{ docker_common_options }}"
|
||||||
|
name: "{{ item.value.container_name }}"
|
||||||
|
image: "{{ item.value.image }}"
|
||||||
|
privileged: "{{ item.value.privileged }}"
|
||||||
|
volumes: "{{ item.value.volumes }}"
|
||||||
|
when:
|
||||||
|
- inventory_hostname in groups[item.value.group]
|
||||||
|
- item.value.enabled | bool
|
||||||
|
- action != "genconfig"
|
||||||
|
with_dict: "{{ chrony_services }}"
|
||||||
|
notify:
|
||||||
|
- Restart chrony container
|
||||||
|
|
5
ansible/roles/chrony/tasks/deploy.yml
Normal file
5
ansible/roles/chrony/tasks/deploy.yml
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
---
|
||||||
|
- include: config.yml
|
||||||
|
|
||||||
|
- name: Flush handlers
|
||||||
|
meta: flush_handlers
|
2
ansible/roles/chrony/tasks/main.yml
Normal file
2
ansible/roles/chrony/tasks/main.yml
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
---
|
||||||
|
- include: "{{ action }}.yml"
|
3
ansible/roles/chrony/tasks/precheck.yml
Normal file
3
ansible/roles/chrony/tasks/precheck.yml
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
---
|
||||||
|
# TODO(Jeffrey4l), need check whether udp 123 port is used. But there is no
|
||||||
|
# module to do this now.
|
10
ansible/roles/chrony/tasks/pull.yml
Normal file
10
ansible/roles/chrony/tasks/pull.yml
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
---
|
||||||
|
- name: Pulling chrony images
|
||||||
|
kolla_docker:
|
||||||
|
action: "pull_image"
|
||||||
|
common_options: "{{ docker_common_options }}"
|
||||||
|
image: "{{ item.value.image }}"
|
||||||
|
when:
|
||||||
|
- inventory_hostname in groups[item.value.group]
|
||||||
|
- item.value.enabled | bool
|
||||||
|
with_dict: "{{ chrony_services }}"
|
1
ansible/roles/chrony/tasks/reconfigure.yml
Symbolic link
1
ansible/roles/chrony/tasks/reconfigure.yml
Symbolic link
@ -0,0 +1 @@
|
|||||||
|
deploy.yml
|
1
ansible/roles/chrony/tasks/upgrade.yml
Symbolic link
1
ansible/roles/chrony/tasks/upgrade.yml
Symbolic link
@ -0,0 +1 @@
|
|||||||
|
deploy.yml
|
38
ansible/roles/chrony/templates/chrony.conf.j2
Normal file
38
ansible/roles/chrony/templates/chrony.conf.j2
Normal file
@ -0,0 +1,38 @@
|
|||||||
|
{% for host in groups['chrony-server'] %}
|
||||||
|
{% if inventory_hostname != host %}
|
||||||
|
server {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }} iburst
|
||||||
|
{% endif %}
|
||||||
|
{% endfor %}
|
||||||
|
{% for ntp_server in external_ntp_servers %}
|
||||||
|
server {{ ntp_server }} iburst
|
||||||
|
{% endfor %}
|
||||||
|
|
||||||
|
keyfile /etc/chrony/chrony.keys
|
||||||
|
|
||||||
|
commandkey 1
|
||||||
|
|
||||||
|
driftfile /var/lib/chrony/chrony.drift
|
||||||
|
|
||||||
|
log tracking measurements statistics
|
||||||
|
logdir /var/log/kolla/chrony
|
||||||
|
|
||||||
|
maxupdateskew 100.0
|
||||||
|
|
||||||
|
dumponexit
|
||||||
|
|
||||||
|
dumpdir /var/lib/chrony
|
||||||
|
|
||||||
|
{% if inventory_hostname in groups['chrony-server'] %}
|
||||||
|
allow all
|
||||||
|
{% else %}
|
||||||
|
port 0
|
||||||
|
deny all
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
bindaddress {{ api_interface_address }}
|
||||||
|
|
||||||
|
logchange 0.5
|
||||||
|
|
||||||
|
hwclockfile /etc/adjtime
|
||||||
|
|
||||||
|
rtcsync
|
11
ansible/roles/chrony/templates/chrony.json.j2
Normal file
11
ansible/roles/chrony/templates/chrony.json.j2
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
{
|
||||||
|
"command": "/usr/sbin/chronyd -d -f /etc/chrony/chrony.conf",
|
||||||
|
"config_files": [
|
||||||
|
{
|
||||||
|
"source": "{{ container_config_directory }}/chrony.conf",
|
||||||
|
"dest": "/etc/chrony/chrony.conf",
|
||||||
|
"owner": "root",
|
||||||
|
"perm": "0644"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
@ -53,6 +53,16 @@
|
|||||||
- role: prechecks
|
- role: prechecks
|
||||||
when: action == "precheck"
|
when: action == "precheck"
|
||||||
|
|
||||||
|
- name: Apply role chrony
|
||||||
|
hosts:
|
||||||
|
- chrony-server
|
||||||
|
- chrony
|
||||||
|
serial: '{{ serial|default("0") }}'
|
||||||
|
roles:
|
||||||
|
- { role: chrony,
|
||||||
|
tags: chrony,
|
||||||
|
when: enable_chrony | bool }
|
||||||
|
|
||||||
- name: Apply role collectd
|
- name: Apply role collectd
|
||||||
hosts: collectd
|
hosts: collectd
|
||||||
serial: '{{ serial|default("0") }}'
|
serial: '{{ serial|default("0") }}'
|
||||||
|
@ -122,6 +122,7 @@ kolla_internal_vip_address: "10.10.10.254"
|
|||||||
#enable_central_logging: "no"
|
#enable_central_logging: "no"
|
||||||
#enable_ceph: "no"
|
#enable_ceph: "no"
|
||||||
#enable_ceph_rgw: "no"
|
#enable_ceph_rgw: "no"
|
||||||
|
#enable_chrony: "no"
|
||||||
#enable_cinder: "no"
|
#enable_cinder: "no"
|
||||||
#enable_cinder_backend_hnas_iscsi: "no"
|
#enable_cinder_backend_hnas_iscsi: "no"
|
||||||
#enable_cinder_backend_iscsi: "no"
|
#enable_cinder_backend_iscsi: "no"
|
||||||
|
Loading…
Reference in New Issue
Block a user