Use systemd-timesyncd on Bionic

There are long-standing issues with ntp start ordering w.r.t unbound and being able to resolve DNS names. Things have moved on to systemd-timesyncd anyway. Move the ntp start from the generic locations to only apply to older distros, and use system-timesyncd on Bionic. Update testing. Change-Id: I664539f93242e2c68d0cb1cf95c260f3bc03550d
2019-06-14 10:21:36 +10:00 · 2019-06-14 10:21:36 +10:00 · 482e1110f0
commit 482e1110f0
parent 0041f4f673
10 changed files with 62 additions and 16 deletions
--- a/playbooks/roles/base-server/defaults/main.yaml
+++ b/playbooks/roles/base-server/defaults/main.yaml
@ -7,7 +7,6 @@ base_packages:
  - git
  - logrotate
  - lvm2
-  - ntp
  - openssh-server
  - parted
  - rsync
--- a/playbooks/roles/base-server/tasks/Debian.yaml
+++ b/playbooks/roles/base-server/tasks/Debian.yaml
@ -1,3 +1,26 @@
+# NOTE(ianw) There are ordering issues with this.  Hopefully when
+# we're bionic only we can just remove ntp
+- name: Install NTP
+  when: ansible_distribution_version is version('18.04', '<')
+  block:
+    - name: Install ntp
+      package:
+        name: ntp
+        state: present
+
+    - name: Ensure NTP service is running
+      service:
+        name: ntp
+        enabled: yes
+        state: started
+
+- name: Ensure systemd-timesyncd is running
+  service:
+    name: systemd-timesyncd
+    enabled: yes
+    state: started
+  when: ansible_distribution_version is version('18.04', '>=')
+
 - name: Remove packages that make no sense for our servers
  package:
    name:
--- a/playbooks/roles/base-server/tasks/RedHat.yaml
+++ b/playbooks/roles/base-server/tasks/RedHat.yaml
@ -3,6 +3,17 @@
 # the sync process can happen in ntpd.  As a result, if ntpdate is not
 # running, ntpd will start but fail to sync because of DNS is not properly
 # setup.
+#
+# NOTE(ianw): NTP ordering is further broken on other distros too.
+# The more supported path is probably chrony on RHEL-ish distros.  On
+# others, systemd-timesyncd.  Leaving this alone, but centos8 era
+# should reconsider.
+- name: Ensure NTP service is running
+  service:
+    name: ntpd
+    enabled: yes
+    state: started
+
 - name: Ensure ntpdate service is running
  service:
    name: ntpdate
--- a/playbooks/roles/base-server/tasks/Ubuntu.xenial.aarch64.yaml
+++ b/playbooks/roles/base-server/tasks/Ubuntu.xenial.aarch64.yaml
@ -1,3 +1,16 @@
+# NOTE(ianw) There are ordering issues with this.  Hopefully when
+# we're bionic only we can just remove ntp
+- name: Install ntp
+  package:
+    name: ntp
+    state: present
+
+- name: Ensure NTP service is running
+  service:
+    name: ntp
+    enabled: yes
+    state: started
+
 - name: Install HWE kernel for arm64
  apt:
    name: linux-generic-hwe-16.04
--- a/playbooks/roles/base-server/tasks/main.yaml
+++ b/playbooks/roles/base-server/tasks/main.yaml
@ -58,12 +58,6 @@
    src: bash-history.sh
    dest: /etc/profile.d/bash-history.sh

- name: Ensure NTP service is running
-  service:
-    name: "{{ ntp_service_name }}"
-    enabled: yes
-    state: started
-
 - name: Include OS-specific tasks
  include_tasks: "{{ lookup('first_found', file_list) }}"
  vars:
--- a/playbooks/roles/base-server/vars/Debian.yaml
+++ b/playbooks/roles/base-server/vars/Debian.yaml
@ -8,4 +8,3 @@ distro_packages:
  - mailutils
 sftp_path: /usr/lib/openssh/sftp-server
 ssh_service_name: ssh
-ntp_service_name: ntp
--- a/playbooks/roles/base-server/vars/RedHat.yaml
+++ b/playbooks/roles/base-server/vars/RedHat.yaml
@ -5,10 +5,11 @@ distro_packages:
  # Utils in ntp-perl are included in Debian's ntp package; we
  # add it here for consistency.  See also
  # https://tickets.puppetlabs.com/browse/MODULES-3660
+  - ntp
  - ntp-perl
  - ntpdate
  - vim-minimal
  - yum-cron
 sftp_path: /usr/libexec/openssh/sftp-server
 ssh_service_name: sshd
-ntp_service_name: ntpd
+
--- a/playbooks/roles/base-server/vars/Ubuntu.trusty.yaml
+++ b/playbooks/roles/base-server/vars/Ubuntu.trusty.yaml
@ -8,4 +8,3 @@ distro_packages:
  - mailutils
 sftp_path: /usr/lib/openssh/sftp-server
 ssh_service_name: ssh
-ntp_service_name: ntp
--- a/playbooks/roles/base-server/vars/Ubuntu.xenial.yaml
+++ b/playbooks/roles/base-server/vars/Ubuntu.xenial.yaml
@ -13,4 +13,3 @@ distro_packages:
  - python
 sftp_path: /usr/lib/openssh/sftp-server
 ssh_service_name: ssh
-ntp_service_name: ntp
--- a/testinfra/test_base.py
+++ b/testinfra/test_base.py
@ -82,12 +82,20 @@ def test_ntp(host):
    package = host.package("ntp")
    assert package.is_installed

-    if host.system_info.distribution in ['ubuntu', 'debian']:
-        service = host.service("ntp")
+    if host.system_info.codename != 'bionic':
+        if host.system_info.distribution in ['ubuntu', 'debian']:
+            service = host.service("ntp")
+        else:
+            service = host.service("ntpd")
+        assert service.is_running
+        assert service.is_enabled
+
    else:
-        service = host.service("ntpd")
-    assert service.is_running
-    assert service.is_enabled
+        service = host.service('systemd-timesyncd')
+        assert service.is_running
+
+        cmd = host.run("timedatectl status")
+        assert 'systemd-timesyncd.service active: yes' in cmd.stdout


 def test_snmp(host):