From 0709c37a884382e7d18045c95896291745908bc6 Mon Sep 17 00:00:00 2001 From: Ivan Garnizov Date: Fri, 9 Jun 2023 14:05:57 +0000 Subject: [PATCH 1/5] Timesync automated management for chrony or ntpd --- defaults/main.yml | 4 ++++ handlers/main.yml | 6 +++--- tasks/main.yml | 17 +++++++++++------ vars/Debian.yml | 2 +- vars/RedHat.yml | 1 + vars/main.yml | 25 +++++++++++++++++++++++++ 6 files changed, 45 insertions(+), 10 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index 6d6f78b..8922dd1 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -15,6 +15,10 @@ perfsonar_optional_packages: - perfsonar-toolkit-sysctl - perfsonar-toolkit-systemenv-testpoint +# You can change the default variables for different platforms to which clock synchronization service to use. +# Recognized options are { ntpd ,chrony } +timesync: ntpd + # List of NTP servers you want to use on your perfSONAR hosts # If empty, any already configured NTP server will not be changed # If you also install the 'perfsonar-toolkit-ntp' package below, the perfSONAR diff --git a/handlers/main.yml b/handlers/main.yml index fa8b2d1..8947fdf 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -1,12 +1,12 @@ --- # handlers file for perfsonar-testpoint -- name: restart ntp +- name: SvcRestart TimeSync service: - name: "{{ ntp_service }}" + name: "{{ timesyncsvc }}" state: restarted -- name: restart ssh +- name: SvcRestart SSH service: name: "{{ ssh_service }}" state: restarted diff --git a/tasks/main.yml b/tasks/main.yml index 34f4d4b..dfc34b1 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -18,6 +18,7 @@ - "{{ ansible_distribution }}.yml" - "{{ ansible_os_family }}.yml" + ##### # Configuration part: ps::config tag ##### @@ -30,16 +31,19 @@ regexp: '127\.0\..*[\s]+{{ ansible_fqdn }}[\s]+.*' # NTP is essential for good measurements -- name: Configure additional NTP servers +# Issue (item=chrony) => {"ansible_loop_var": "item", "changed": false, "item": "chrony", "msg": "Unable to start service chrony: Failed to start chrony.service: Unit chrony.service is masked.\n"} +# Solution remove package ntpd + +- name: Configure additional Time servers tags: [ 'ps::config' ] blockinfile: - path: /etc/ntp.conf + path: "{{ timesynchash[timesync][ansible_os_family]['cfg'] }}" block: | server {{ item.hostname }} iburst marker: "# {mark} ansible-role-perfsonar {{ item.name }}" with_items: "{{ perfsonar_ntp_servers }}" notify: - - restart ntp + - SvcRestart TimeSync - name: Disable ssh root access tags: [ 'ps::config' ] @@ -50,7 +54,7 @@ line: "PermitRootLogin no" when: perfsonar_disable_root_ssh notify: - - restart ssh + - SvcRestart SSH - name: Configure LS registration tags: [ 'ps::config' ] @@ -87,6 +91,7 @@ loop_control: loop_var: auth_interface + ##### # Verifying part: ps::running tag ##### @@ -104,8 +109,8 @@ name: "{{ item }}" state: started with_flattened: - - "{{ perfsonar_services }}" - - "{{ perfsonar_os_specific_services }}" + - "{{ perfsonar_services }}" + - "{{ perfsonar_os_specific_services }}" # Get some useful info out of the system - name: Check system status diff --git a/vars/Debian.yml b/vars/Debian.yml index 48cdd1d..1e9fecf 100644 --- a/vars/Debian.yml +++ b/vars/Debian.yml @@ -1,10 +1,10 @@ # variables specific to Debian OS family --- -# Default NTP service name: ntp # List of perfSONAR services to check are running on Debian hosts perfsonar_testpoint_os_specific_services: - apache2 - postgresql + - "{{ timesyncsvc }}" perfsonar_toolkit_config_daemon: perfsonar-toolkit-config-daemon diff --git a/vars/RedHat.yml b/vars/RedHat.yml index d27b8b0..eaa88cb 100644 --- a/vars/RedHat.yml +++ b/vars/RedHat.yml @@ -6,5 +6,6 @@ perfsonar_testpoint_os_specific_services: - httpd - postgresql-10 + - "{{ timesyncsvc }}" perfsonar_toolkit_config_daemon: perfsonar-configdaemon diff --git a/vars/main.yml b/vars/main.yml index 2b125c0..33bf1cf 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -4,9 +4,34 @@ # This means they cannot be overwritten in inventory or playbook. # See http://docs.ansible.com/ansible/latest/user_guide/playbooks_variables.html#variable-precedence-where-should-i-put-a-variable +# stays here, so that noone can just overwrite it +#Time synchronization #TODO +timesynchash: + chrony: + Debian: + pkg: chrony + svc: chrony + cfg: /etc/chrony/chrony.conf + RedHat: + pkg: chrony + svc: chronyd + cfg: /etc/chrony.conf + ntpd: + Debian: + pkg: ntp + svc: ntpd + cfg: /etc/ntp.conf + RedHat: + pkg: ntp + svc: ntpd + cfg: /etc/ntp.conf + # SSH daemon service ssh_service: sshd +# Time Sync service +timesyncsvc: "{{ timesynchash[timesync][ansible_os_family]['svc'] }}" + # List of perfSONAR services to check are running on a testpoint install perfsonar_testpoint_services: - pscheduler-scheduler From bc024bab872f9f388f18a433576c2d28119250c3 Mon Sep 17 00:00:00 2001 From: Ivan Garnizov Date: Fri, 9 Jun 2023 14:12:36 +0000 Subject: [PATCH 2/5] Timesync automated management for chrony or ntpd --- defaults/main.yml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index 8922dd1..06a033b 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -31,15 +31,15 @@ perfsonar_ntp_servers: [] # - { name: "NTP 4", hostname: 2.ch.pool.ntp.org } # - { name: "NTP 5", hostname: 3.ch.pool.ntp.org } -# You can change the default variables for different platforms to which clock synchronization service to use. -# You can use chrony/chronyd instead of ntp - -timesync_service: - Debian: ntp - RedHat: ntpd - default: ntp - -ntp_service: "{{ timesync_service[ansible_os_family] | default(timesync_service['default']) }}" +#Delete# # You can change the default variables for different platforms to which clock synchronization service to use. +#Delete# # You can use chrony/chronyd instead of ntp +#Delete# +#Delete# timesync_service: +#Delete# Debian: ntp +#Delete# RedHat: ntpd +#Delete# default: ntp +#Delete# +#Delete# ntp_service: "{{ timesync_service[ansible_os_family] | default(timesync_service['default']) }}" # Disable ssh root access perfsonar_disable_root_ssh: True From ce8c465eb8437b636f11ef0d9f439e183c8862f8 Mon Sep 17 00:00:00 2001 From: Ivan Garnizov Date: Fri, 9 Jun 2023 14:13:59 +0000 Subject: [PATCH 3/5] Timesync automated management for chrony or ntpd --- defaults/main.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index 06a033b..b3220f4 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -24,7 +24,8 @@ timesync: ntpd # If you also install the 'perfsonar-toolkit-ntp' package below, the perfSONAR # provided script will choose the closest NTP servers for you. perfsonar_ntp_servers: [] -#perfsonar_ntp_servers: + +#perfsonar_ntp_servers: # - { name: "NTP 1", hostname: ntp.switch.ch } # - { name: "NTP 2", hostname: 0.ch.pool.ntp.org } # - { name: "NTP 3", hostname: 1.ch.pool.ntp.org } @@ -33,12 +34,12 @@ perfsonar_ntp_servers: [] #Delete# # You can change the default variables for different platforms to which clock synchronization service to use. #Delete# # You can use chrony/chronyd instead of ntp -#Delete# +#Delete# #Delete# timesync_service: #Delete# Debian: ntp #Delete# RedHat: ntpd #Delete# default: ntp -#Delete# +#Delete# #Delete# ntp_service: "{{ timesync_service[ansible_os_family] | default(timesync_service['default']) }}" # Disable ssh root access From 91091560111f947a6c834e033dee2e76129b81d7 Mon Sep 17 00:00:00 2001 From: Ivan Garnizov Date: Fri, 9 Jun 2023 15:46:32 +0000 Subject: [PATCH 4/5] Timesync automated management for chrony or ntpd --- tasks/main.yml | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/tasks/main.yml b/tasks/main.yml index dfc34b1..3f8e481 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -8,7 +8,7 @@ - name: Gather facts to load OS information tags: [ 'ps::install', 'ps::running', 'ps::config' ] setup: - become: no + become: false - name: Load variables based on OS type tags: [ 'ps::install', 'ps::running', 'ps::config' ] @@ -19,6 +19,16 @@ - "{{ ansible_os_family }}.yml" +##### +# Install of additional packages: ps::install tag +##### + +- name: Install Time Synchronization Service + tags: [ 'ps::install' ] + package: + name: "{{ timesynchash[timesync][ansible_os_family]['pkg'] }}" + state: latest + ##### # Configuration part: ps::config tag ##### @@ -66,14 +76,14 @@ tags: [ 'ps::config' ] shell: psconfig remote list --agent pscheduler | tail -n +2 | jq -r .[].url register: psconfig_remotes - changed_when: False + changed_when: false # And list of configured remotes with archiving - name: Look at current psconfig remote list with configured archives tags: [ 'ps::config' ] shell: psconfig remote list --agent pscheduler | tail -n +2 | jq -r '.[] | select(."configure-archives"==true) | .url' register: psconfig_remotes_archives - changed_when: False + changed_when: false # The 2 lists are used in psconfig_remotes.yml - name: add/delete remote mesh configurations that have a valid URL and state @@ -124,7 +134,7 @@ register: pscheduler_troubleshoot until: pscheduler_troubleshoot is succeeded retries: 3 - changed_when: False + changed_when: false - name: Report pscheduler troubleshoot output tags: [ 'ps::running', 'ps::monitor' ] @@ -132,4 +142,3 @@ msg: - "{{ pscheduler_troubleshoot.stdout.replace('\n\n','\n').split('\n') }}" when: pscheduler_troubleshoot is defined - From 36401ba02ec707563c1438b749fe3463f5d5dd20 Mon Sep 17 00:00:00 2001 From: Ivan Garnizov Date: Fri, 9 Jun 2023 16:05:44 +0000 Subject: [PATCH 5/5] getting back to uniformity of service notation --- handlers/main.yml | 2 +- vars/Debian.yml | 2 +- vars/RedHat.yml | 2 +- vars/main.yml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/handlers/main.yml b/handlers/main.yml index 8947fdf..31facda 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -3,7 +3,7 @@ - name: SvcRestart TimeSync service: - name: "{{ timesyncsvc }}" + name: "{{ timesync_service }}" state: restarted - name: SvcRestart SSH diff --git a/vars/Debian.yml b/vars/Debian.yml index 1e9fecf..fec7651 100644 --- a/vars/Debian.yml +++ b/vars/Debian.yml @@ -5,6 +5,6 @@ perfsonar_testpoint_os_specific_services: - apache2 - postgresql - - "{{ timesyncsvc }}" + - "{{ timesync_service }}" perfsonar_toolkit_config_daemon: perfsonar-toolkit-config-daemon diff --git a/vars/RedHat.yml b/vars/RedHat.yml index eaa88cb..aedc5be 100644 --- a/vars/RedHat.yml +++ b/vars/RedHat.yml @@ -6,6 +6,6 @@ perfsonar_testpoint_os_specific_services: - httpd - postgresql-10 - - "{{ timesyncsvc }}" + - "{{ timesync_service }}" perfsonar_toolkit_config_daemon: perfsonar-configdaemon diff --git a/vars/main.yml b/vars/main.yml index 33bf1cf..ccb32bb 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -30,7 +30,7 @@ timesynchash: ssh_service: sshd # Time Sync service -timesyncsvc: "{{ timesynchash[timesync][ansible_os_family]['svc'] }}" +timesync_service: "{{ timesynchash[timesync][ansible_os_family]['svc'] }}" # List of perfSONAR services to check are running on a testpoint install perfsonar_testpoint_services: