opendev/system-config
Code Issues Proposed changes

Use systemd-timesyncd on Bionic

Browse Source 
There are long-standing issues with ntp start ordering w.r.t unbound
and being able to resolve DNS names.  Things have moved on to
systemd-timesyncd anyway.  Move the ntp start from the generic
locations to only apply to older distros, and use system-timesyncd on
Bionic.  Update testing.

Change-Id: I664539f93242e2c68d0cb1cf95c260f3bc03550d
This commit is contained in:
Ian Wienand 2019-06-14 10:21:36 +10:00
parent 0041f4f673
commit 482e1110f0
10 changed files with 62 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
playbooks/roles/base-server/defaults/main.yaml
View File

@ -7,7 +7,6 @@ base_packages:
- git - git
- logrotate - logrotate
- lvm2 - lvm2
- ntp
- openssh-server - openssh-server
- parted - parted
- rsync - rsync

23
playbooks/roles/base-server/tasks/Debian.yaml
View File

@ -1,3 +1,26 @@
# NOTE(ianw) There are ordering issues with this. Hopefully when
# we're bionic only we can just remove ntp
- name: Install NTP
when: ansible_distribution_version is version('18.04', '<')
block:
- name: Install ntp
package:
name: ntp
state: present
- name: Ensure NTP service is running
service:
name: ntp
enabled: yes
state: started
- name: Ensure systemd-timesyncd is running
service:
name: systemd-timesyncd
enabled: yes
state: started
when: ansible_distribution_version is version('18.04', '>=')
- name: Remove packages that make no sense for our servers - name: Remove packages that make no sense for our servers
package: package:
name: name:

11
playbooks/roles/base-server/tasks/RedHat.yaml
View File

@ -3,6 +3,17 @@
# the sync process can happen in ntpd. As a result, if ntpdate is not # the sync process can happen in ntpd. As a result, if ntpdate is not
# running, ntpd will start but fail to sync because of DNS is not properly # running, ntpd will start but fail to sync because of DNS is not properly
# setup. # setup.
#
# NOTE(ianw): NTP ordering is further broken on other distros too.
# The more supported path is probably chrony on RHEL-ish distros. On
# others, systemd-timesyncd. Leaving this alone, but centos8 era
# should reconsider.
- name: Ensure NTP service is running
service:
name: ntpd
enabled: yes
state: started
- name: Ensure ntpdate service is running - name: Ensure ntpdate service is running
service: service:
name: ntpdate name: ntpdate

13
playbooks/roles/base-server/tasks/Ubuntu.xenial.aarch64.yaml
View File

@ -1,3 +1,16 @@
# NOTE(ianw) There are ordering issues with this. Hopefully when
# we're bionic only we can just remove ntp
- name: Install ntp
package:
name: ntp
state: present
- name: Ensure NTP service is running
service:
name: ntp
enabled: yes
state: started
- name: Install HWE kernel for arm64 - name: Install HWE kernel for arm64
apt: apt:
name: linux-generic-hwe-16.04 name: linux-generic-hwe-16.04

6
playbooks/roles/base-server/tasks/main.yaml
View File

@ -58,12 +58,6 @@
src: bash-history.sh src: bash-history.sh
dest: /etc/profile.d/bash-history.sh dest: /etc/profile.d/bash-history.sh
- name: Ensure NTP service is running
service:
name: "{{ ntp_service_name }}"
enabled: yes
state: started
- name: Include OS-specific tasks - name: Include OS-specific tasks
include_tasks: "{{ lookup('first_found', file_list) }}" include_tasks: "{{ lookup('first_found', file_list) }}"
vars: vars:

1
playbooks/roles/base-server/vars/Debian.yaml
View File

@ -8,4 +8,3 @@ distro_packages:
- mailutils - mailutils
sftp_path: /usr/lib/openssh/sftp-server sftp_path: /usr/lib/openssh/sftp-server
ssh_service_name: ssh ssh_service_name: ssh
ntp_service_name: ntp

3
playbooks/roles/base-server/vars/RedHat.yaml
View File

@ -5,10 +5,11 @@ distro_packages:
# Utils in ntp-perl are included in Debian's ntp package; we # Utils in ntp-perl are included in Debian's ntp package; we
# add it here for consistency. See also # add it here for consistency. See also
# https://tickets.puppetlabs.com/browse/MODULES-3660 # https://tickets.puppetlabs.com/browse/MODULES-3660
- ntp
- ntp-perl - ntp-perl
- ntpdate - ntpdate
- vim-minimal - vim-minimal
- yum-cron - yum-cron
sftp_path: /usr/libexec/openssh/sftp-server sftp_path: /usr/libexec/openssh/sftp-server
ssh_service_name: sshd ssh_service_name: sshd
ntp_service_name: ntpd

1
playbooks/roles/base-server/vars/Ubuntu.trusty.yaml
View File

@ -8,4 +8,3 @@ distro_packages:
- mailutils - mailutils
sftp_path: /usr/lib/openssh/sftp-server sftp_path: /usr/lib/openssh/sftp-server
ssh_service_name: ssh ssh_service_name: ssh
ntp_service_name: ntp

1
playbooks/roles/base-server/vars/Ubuntu.xenial.yaml
View File

@ -13,4 +13,3 @@ distro_packages:
- python - python
sftp_path: /usr/lib/openssh/sftp-server sftp_path: /usr/lib/openssh/sftp-server
ssh_service_name: ssh ssh_service_name: ssh
ntp_service_name: ntp

8
testinfra/test_base.py
View File

@ -82,6 +82,7 @@ def test_ntp(host):
package = host.package("ntp") package = host.package("ntp")
assert package.is_installed assert package.is_installed
if host.system_info.codename != 'bionic':
if host.system_info.distribution in ['ubuntu', 'debian']: if host.system_info.distribution in ['ubuntu', 'debian']:
service = host.service("ntp") service = host.service("ntp")
else: else:
@ -89,6 +90,13 @@ def test_ntp(host):
assert service.is_running assert service.is_running
assert service.is_enabled assert service.is_enabled
else:
service = host.service('systemd-timesyncd')
assert service.is_running
cmd = host.run("timedatectl status")
assert 'systemd-timesyncd.service active: yes' in cmd.stdout
def test_snmp(host): def test_snmp(host):
service = host.service("snmpd") service = host.service("snmpd")