Add chrony ansible role

Change-Id: I49503275a8b3700185ee0395d9beee7397f5fccf Implements: blueprint add-chrony-service
2016-10-24 15:16:24 +02:00 · 2016-10-24 15:16:24 +02:00 · 093d2828fc
parent 2d32083a27
commit 093d2828fc
17 changed files with 194 additions and 0 deletions
--- a/ansible/group_vars/all.yml
+++ b/ansible/group_vars/all.yml
@ -56,6 +56,16 @@ kolla_enable_sanity_swift: "{{ kolla_enable_sanity_checks }}"
 # recommended.
 api_interface_address:  "{{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] if orchestration_engine == 'ANSIBLE' else '0.0.0.0' }}"

+################
+# Chrony options
+################
+# a list contains ntp servers
+external_ntp_servers:
+  - 0.pool.ntp.org
+  - 1.pool.ntp.org
+  - 2.pool.ntp.org
+  - 3.pool.ntp.org
+
 ####################
 # Database options
 ####################
@ -273,6 +283,7 @@ enable_ceilometer: "no"
 enable_central_logging: "no"
 enable_ceph: "no"
 enable_ceph_rgw: "no"
+enable_chrony: "no"
 enable_cinder: "no"
 enable_cinder_backend_hnas_iscsi: "no"
 enable_cinder_backend_iscsi: "no"
--- a/ansible/inventory/all-in-one
+++ b/ansible/inventory/all-in-one
@ -17,6 +17,15 @@ localhost       ansible_connection=local

 # You can explicitly specify which hosts run each project by updating the
 # groups in the sections below. Common services are grouped together.
+[chrony-server:children]
+control
+
+[chrony:children]
+network
+compute
+storage
+monitoring
+
 [collectd:children]
 compute

--- a/ansible/inventory/multinode
+++ b/ansible/inventory/multinode
@ -36,6 +36,16 @@ monitoring

 # You can explicitly specify which hosts run each project by updating the
 # groups in the sections below. Common services are grouped together.
+[chrony-server:children]
+control
+
+[chrony:children]
+control
+network
+compute
+storage
+monitoring
+
 [collectd:children]
 compute

--- a/ansible/roles/chrony/defaults/main.yml
+++ b/ansible/roles/chrony/defaults/main.yml
@ -0,0 +1,22 @@
+---
+project_name: "chrony"
+
+chrony_services:
+  chrony:
+    container_name: "chrony"
+    group: "chrony"
+    image: "{{ chrony_image_full }}"
+    enabled: True
+    privileged: True
+    volumes:
+      - "{{ node_config_directory }}/chrony/:{{ container_config_directory }}/:ro"
+      - "/etc/localtime:/etc/localtime:ro"
+      - "kolla_logs:/var/log/kolla"
+
+
+####################
+# Docker
+####################
+chrony_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-chrony"
+chrony_tag: "{{ openstack_release }}"
+chrony_image_full: "{{ chrony_image }}:{{ chrony_tag }}"
--- a/ansible/roles/chrony/handlers/main.yml
+++ b/ansible/roles/chrony/handlers/main.yml
@ -0,0 +1,12 @@
+---
+- name: Restart chrony container
+  vars:
+    service_name: "chrony"
+    service: "{{ chrony_services[service_name] }}"
+  kolla_docker:
+    action: "recreate_or_restart_container"
+    common_options: "{{ docker_common_options }}"
+    privileged: "{{ service.privileged }}"
+    name: "{{ service.container_name }}"
+    image: "{{ service.image }}"
+    volumes: "{{ service.volumes }}"
--- a/ansible/roles/chrony/meta/main.yml
+++ b/ansible/roles/chrony/meta/main.yml
@ -0,0 +1,3 @@
+---
+dependencies:
+  - { role: common }
--- a/ansible/roles/chrony/tasks/config.yml
+++ b/ansible/roles/chrony/tasks/config.yml
@ -0,0 +1,45 @@
+---
+- name: Ensuring config directories exist
+  file:
+    path: "{{ node_config_directory }}/{{ item }}"
+    state: "directory"
+    recurse: yes
+  with_items:
+    - "chrony"
+
+- name: Copying over config.json files for services
+  template:
+    src: "{{ item }}.json.j2"
+    dest: "{{ node_config_directory }}/{{ item }}/config.json"
+  with_items:
+    - "chrony"
+  notify:
+    - Restart chrony container
+
+- name: Copying over chrony.conf
+  template:
+    src: "{{ item }}"
+    dest: "{{ node_config_directory }}/chrony/chrony.conf"
+  with_first_found:
+    - "{{ node_custom_config }}/chrony/{{ inventory_hostname }}/chrony.conf"
+    - "{{ node_custom_config }}/chrony/chrony.conf"
+    - "chrony.conf.j2"
+  notify:
+    - Restart chrony container
+
+- name: Check chrony container
+  kolla_docker:
+    action: "compare_container"
+    common_options: "{{ docker_common_options }}"
+    name: "{{ item.value.container_name }}"
+    image: "{{ item.value.image }}"
+    privileged: "{{ item.value.privileged }}"
+    volumes: "{{ item.value.volumes }}"
+  when:
+    - inventory_hostname in groups[item.value.group]
+    - item.value.enabled | bool
+    - action != "genconfig"
+  with_dict: "{{ chrony_services }}"
+  notify:
+    - Restart chrony container
+
--- a/ansible/roles/chrony/tasks/deploy.yml
+++ b/ansible/roles/chrony/tasks/deploy.yml
@ -0,0 +1,5 @@
+---
+- include: config.yml
+
+- name: Flush handlers
+  meta: flush_handlers
--- a/ansible/roles/chrony/tasks/main.yml
+++ b/ansible/roles/chrony/tasks/main.yml
@ -0,0 +1,2 @@
+---
+- include: "{{ action }}.yml"
--- a/ansible/roles/chrony/tasks/precheck.yml
+++ b/ansible/roles/chrony/tasks/precheck.yml
@ -0,0 +1,3 @@
+---
+# TODO(Jeffrey4l), need check whether udp 123 port is used. But there is no
+# module to do this now.
--- a/ansible/roles/chrony/tasks/pull.yml
+++ b/ansible/roles/chrony/tasks/pull.yml
@ -0,0 +1,10 @@
+---
+- name: Pulling chrony images
+  kolla_docker:
+    action: "pull_image"
+    common_options: "{{ docker_common_options }}"
+    image: "{{ item.value.image }}"
+  when:
+    - inventory_hostname in groups[item.value.group]
+    - item.value.enabled | bool
+  with_dict: "{{ chrony_services }}"
--- a/ansible/roles/chrony/tasks/reconfigure.yml
+++ b/ansible/roles/chrony/tasks/reconfigure.yml
@ -0,0 +1 @@
+deploy.yml
--- a/ansible/roles/chrony/tasks/upgrade.yml
+++ b/ansible/roles/chrony/tasks/upgrade.yml
@ -0,0 +1 @@
+deploy.yml
--- a/ansible/roles/chrony/templates/chrony.conf.j2
+++ b/ansible/roles/chrony/templates/chrony.conf.j2
@ -0,0 +1,38 @@
+{% for host in groups['chrony-server'] %}
+{% if inventory_hostname != host %}
+server {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }} iburst
+{% endif %}
+{% endfor %}
+{% for ntp_server in external_ntp_servers %}
+server {{ ntp_server }} iburst
+{% endfor %}
+
+keyfile /etc/chrony/chrony.keys
+
+commandkey 1
+
+driftfile /var/lib/chrony/chrony.drift
+
+log tracking measurements statistics
+logdir /var/log/kolla/chrony
+
+maxupdateskew 100.0
+
+dumponexit
+
+dumpdir /var/lib/chrony
+
+{% if inventory_hostname in groups['chrony-server'] %}
+allow all
+{% else %}
+port 0
+deny all
+{% endif %}
+
+bindaddress {{ api_interface_address }}
+
+logchange 0.5
+
+hwclockfile /etc/adjtime
+
+rtcsync
--- a/ansible/roles/chrony/templates/chrony.json.j2
+++ b/ansible/roles/chrony/templates/chrony.json.j2
@ -0,0 +1,11 @@
+{
+    "command": "/usr/sbin/chronyd -d -f /etc/chrony/chrony.conf",
+    "config_files": [
+        {
+            "source": "{{ container_config_directory }}/chrony.conf",
+            "dest": "/etc/chrony/chrony.conf",
+            "owner": "root",
+            "perm": "0644"
+        }
+    ]
+}
--- a/ansible/site.yml
+++ b/ansible/site.yml
@ -53,6 +53,16 @@
    - role: prechecks
      when: action == "precheck"

+- name: Apply role chrony
+  hosts:
+    - chrony-server
+    - chrony
+  serial: '{{ serial|default("0") }}'
+  roles:
+    - { role: chrony,
+        tags: chrony,
+        when: enable_chrony | bool }
+
 - name: Apply role collectd
  hosts: collectd
  serial: '{{ serial|default("0") }}'
--- a/etc/kolla/globals.yml
+++ b/etc/kolla/globals.yml
@ -122,6 +122,7 @@ kolla_internal_vip_address: "10.10.10.254"
 #enable_central_logging: "no"
 #enable_ceph: "no"
 #enable_ceph_rgw: "no"
+#enable_chrony: "no"
 #enable_cinder: "no"
 #enable_cinder_backend_hnas_iscsi: "no"
 #enable_cinder_backend_iscsi: "no"