From 3018199f0b57cbab35b06ab84292519ab374fb87 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rados=C5=82aw=20Piliszek?= <radoslaw.piliszek@gmail.com>
Date: Sun, 12 Jul 2020 10:33:24 +0200
Subject: [PATCH] Add timesync prechecks

If not running containerised chrony, we need to check that host
has its own means of system clock synchronization.

Change-Id: I31b3e9ed625d63a4bf82c674593522268c20ec4c
Partial-Bug: #1885689
---
 ansible/roles/prechecks/tasks/main.yml        |  4 ++++
 .../roles/prechecks/tasks/timesync_checks.yml | 24 +++++++++++++++++++
 .../timesync-prechecks-24d71d1ad7f8cad2.yaml  |  5 ++++
 3 files changed, 33 insertions(+)
 create mode 100644 ansible/roles/prechecks/tasks/timesync_checks.yml
 create mode 100644 releasenotes/notes/timesync-prechecks-24d71d1ad7f8cad2.yaml

diff --git a/ansible/roles/prechecks/tasks/main.yml b/ansible/roles/prechecks/tasks/main.yml
index 9f9de3caaa..fae4f9f03b 100644
--- a/ansible/roles/prechecks/tasks/main.yml
+++ b/ansible/roles/prechecks/tasks/main.yml
@@ -2,6 +2,10 @@
 - include_tasks: host_os_checks.yml
   when: prechecks_enable_host_os_checks | bool
 
+- include_tasks: timesync_checks.yml
+  when:
+    - not enable_chrony | bool
+
 - include_tasks: datetime_checks.yml
 
 - include_tasks: port_checks.yml
diff --git a/ansible/roles/prechecks/tasks/timesync_checks.yml b/ansible/roles/prechecks/tasks/timesync_checks.yml
new file mode 100644
index 0000000000..ba45d4d37d
--- /dev/null
+++ b/ansible/roles/prechecks/tasks/timesync_checks.yml
@@ -0,0 +1,24 @@
+---
+- name: Checking timedatectl status
+  become: true
+  command: timedatectl status
+  register: timedatectl_status
+  changed_when: false
+
+- name: Fail if no (S)NTP service is running
+  fail:
+    msg: >-
+      timedatectl does not see any (S)NTP service running.
+      Please ensure you have (S)NTP client working.
+  when:
+    - "'service: active' not in timedatectl_status.stdout"
+    # Ubuntu Bionic (18.04)
+    - "'service active: yes' not in timedatectl_status.stdout"
+
+- name: Fail if the clock is not synchronized
+  fail:
+    msg: >-
+      timedatectl sees the system clock as unsynchronized.
+      Please wait for synchronization.
+  when:
+    - "'synchronized: yes' not in timedatectl_status.stdout"
diff --git a/releasenotes/notes/timesync-prechecks-24d71d1ad7f8cad2.yaml b/releasenotes/notes/timesync-prechecks-24d71d1ad7f8cad2.yaml
new file mode 100644
index 0000000000..d60b91b345
--- /dev/null
+++ b/releasenotes/notes/timesync-prechecks-24d71d1ad7f8cad2.yaml
@@ -0,0 +1,5 @@
+---
+features:
+  - |
+    Adds timesync prechecks which run when containerised chrony is not enabled
+    to ensure the host has its system clock synchronized.