From 093d2828fc139130358c6a108321bb8a16e679e5 Mon Sep 17 00:00:00 2001 From: Jeffrey Zhang Date: Mon, 24 Oct 2016 15:16:24 +0200 Subject: [PATCH] Add chrony ansible role Change-Id: I49503275a8b3700185ee0395d9beee7397f5fccf Implements: blueprint add-chrony-service --- ansible/group_vars/all.yml | 11 +++++ ansible/inventory/all-in-one | 9 ++++ ansible/inventory/multinode | 10 +++++ ansible/roles/chrony/defaults/main.yml | 22 +++++++++ ansible/roles/chrony/handlers/main.yml | 12 +++++ ansible/roles/chrony/meta/main.yml | 3 ++ ansible/roles/chrony/tasks/config.yml | 45 +++++++++++++++++++ ansible/roles/chrony/tasks/deploy.yml | 5 +++ ansible/roles/chrony/tasks/main.yml | 2 + ansible/roles/chrony/tasks/precheck.yml | 3 ++ ansible/roles/chrony/tasks/pull.yml | 10 +++++ ansible/roles/chrony/tasks/reconfigure.yml | 1 + ansible/roles/chrony/tasks/upgrade.yml | 1 + ansible/roles/chrony/templates/chrony.conf.j2 | 38 ++++++++++++++++ ansible/roles/chrony/templates/chrony.json.j2 | 11 +++++ ansible/site.yml | 10 +++++ etc/kolla/globals.yml | 1 + 17 files changed, 194 insertions(+) create mode 100644 ansible/roles/chrony/defaults/main.yml create mode 100644 ansible/roles/chrony/handlers/main.yml create mode 100644 ansible/roles/chrony/meta/main.yml create mode 100644 ansible/roles/chrony/tasks/config.yml create mode 100644 ansible/roles/chrony/tasks/deploy.yml create mode 100644 ansible/roles/chrony/tasks/main.yml create mode 100644 ansible/roles/chrony/tasks/precheck.yml create mode 100644 ansible/roles/chrony/tasks/pull.yml create mode 120000 ansible/roles/chrony/tasks/reconfigure.yml create mode 120000 ansible/roles/chrony/tasks/upgrade.yml create mode 100644 ansible/roles/chrony/templates/chrony.conf.j2 create mode 100644 ansible/roles/chrony/templates/chrony.json.j2 diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml index 29a1fada4f..0e79d78421 100644 --- a/ansible/group_vars/all.yml +++ b/ansible/group_vars/all.yml @@ -56,6 +56,16 @@ kolla_enable_sanity_swift: "{{ kolla_enable_sanity_checks }}" # recommended. api_interface_address: "{{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] if orchestration_engine == 'ANSIBLE' else '0.0.0.0' }}" +################ +# Chrony options +################ +# a list contains ntp servers +external_ntp_servers: + - 0.pool.ntp.org + - 1.pool.ntp.org + - 2.pool.ntp.org + - 3.pool.ntp.org + #################### # Database options #################### @@ -273,6 +283,7 @@ enable_ceilometer: "no" enable_central_logging: "no" enable_ceph: "no" enable_ceph_rgw: "no" +enable_chrony: "no" enable_cinder: "no" enable_cinder_backend_hnas_iscsi: "no" enable_cinder_backend_iscsi: "no" diff --git a/ansible/inventory/all-in-one b/ansible/inventory/all-in-one index 5daa04f1a0..88a9db36f6 100644 --- a/ansible/inventory/all-in-one +++ b/ansible/inventory/all-in-one @@ -17,6 +17,15 @@ localhost ansible_connection=local # You can explicitly specify which hosts run each project by updating the # groups in the sections below. Common services are grouped together. +[chrony-server:children] +control + +[chrony:children] +network +compute +storage +monitoring + [collectd:children] compute diff --git a/ansible/inventory/multinode b/ansible/inventory/multinode index 129883e9de..3d9c819152 100644 --- a/ansible/inventory/multinode +++ b/ansible/inventory/multinode @@ -36,6 +36,16 @@ monitoring # You can explicitly specify which hosts run each project by updating the # groups in the sections below. Common services are grouped together. +[chrony-server:children] +control + +[chrony:children] +control +network +compute +storage +monitoring + [collectd:children] compute diff --git a/ansible/roles/chrony/defaults/main.yml b/ansible/roles/chrony/defaults/main.yml new file mode 100644 index 0000000000..a58934584c --- /dev/null +++ b/ansible/roles/chrony/defaults/main.yml @@ -0,0 +1,22 @@ +--- +project_name: "chrony" + +chrony_services: + chrony: + container_name: "chrony" + group: "chrony" + image: "{{ chrony_image_full }}" + enabled: True + privileged: True + volumes: + - "{{ node_config_directory }}/chrony/:{{ container_config_directory }}/:ro" + - "/etc/localtime:/etc/localtime:ro" + - "kolla_logs:/var/log/kolla" + + +#################### +# Docker +#################### +chrony_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-chrony" +chrony_tag: "{{ openstack_release }}" +chrony_image_full: "{{ chrony_image }}:{{ chrony_tag }}" diff --git a/ansible/roles/chrony/handlers/main.yml b/ansible/roles/chrony/handlers/main.yml new file mode 100644 index 0000000000..25930686d7 --- /dev/null +++ b/ansible/roles/chrony/handlers/main.yml @@ -0,0 +1,12 @@ +--- +- name: Restart chrony container + vars: + service_name: "chrony" + service: "{{ chrony_services[service_name] }}" + kolla_docker: + action: "recreate_or_restart_container" + common_options: "{{ docker_common_options }}" + privileged: "{{ service.privileged }}" + name: "{{ service.container_name }}" + image: "{{ service.image }}" + volumes: "{{ service.volumes }}" diff --git a/ansible/roles/chrony/meta/main.yml b/ansible/roles/chrony/meta/main.yml new file mode 100644 index 0000000000..6b4fff8fef --- /dev/null +++ b/ansible/roles/chrony/meta/main.yml @@ -0,0 +1,3 @@ +--- +dependencies: + - { role: common } diff --git a/ansible/roles/chrony/tasks/config.yml b/ansible/roles/chrony/tasks/config.yml new file mode 100644 index 0000000000..db6f1deec9 --- /dev/null +++ b/ansible/roles/chrony/tasks/config.yml @@ -0,0 +1,45 @@ +--- +- name: Ensuring config directories exist + file: + path: "{{ node_config_directory }}/{{ item }}" + state: "directory" + recurse: yes + with_items: + - "chrony" + +- name: Copying over config.json files for services + template: + src: "{{ item }}.json.j2" + dest: "{{ node_config_directory }}/{{ item }}/config.json" + with_items: + - "chrony" + notify: + - Restart chrony container + +- name: Copying over chrony.conf + template: + src: "{{ item }}" + dest: "{{ node_config_directory }}/chrony/chrony.conf" + with_first_found: + - "{{ node_custom_config }}/chrony/{{ inventory_hostname }}/chrony.conf" + - "{{ node_custom_config }}/chrony/chrony.conf" + - "chrony.conf.j2" + notify: + - Restart chrony container + +- name: Check chrony container + kolla_docker: + action: "compare_container" + common_options: "{{ docker_common_options }}" + name: "{{ item.value.container_name }}" + image: "{{ item.value.image }}" + privileged: "{{ item.value.privileged }}" + volumes: "{{ item.value.volumes }}" + when: + - inventory_hostname in groups[item.value.group] + - item.value.enabled | bool + - action != "genconfig" + with_dict: "{{ chrony_services }}" + notify: + - Restart chrony container + diff --git a/ansible/roles/chrony/tasks/deploy.yml b/ansible/roles/chrony/tasks/deploy.yml new file mode 100644 index 0000000000..dd26ecc34d --- /dev/null +++ b/ansible/roles/chrony/tasks/deploy.yml @@ -0,0 +1,5 @@ +--- +- include: config.yml + +- name: Flush handlers + meta: flush_handlers diff --git a/ansible/roles/chrony/tasks/main.yml b/ansible/roles/chrony/tasks/main.yml new file mode 100644 index 0000000000..b017e8b4ad --- /dev/null +++ b/ansible/roles/chrony/tasks/main.yml @@ -0,0 +1,2 @@ +--- +- include: "{{ action }}.yml" diff --git a/ansible/roles/chrony/tasks/precheck.yml b/ansible/roles/chrony/tasks/precheck.yml new file mode 100644 index 0000000000..39fe6b6486 --- /dev/null +++ b/ansible/roles/chrony/tasks/precheck.yml @@ -0,0 +1,3 @@ +--- +# TODO(Jeffrey4l), need check whether udp 123 port is used. But there is no +# module to do this now. diff --git a/ansible/roles/chrony/tasks/pull.yml b/ansible/roles/chrony/tasks/pull.yml new file mode 100644 index 0000000000..0b1a2b24f5 --- /dev/null +++ b/ansible/roles/chrony/tasks/pull.yml @@ -0,0 +1,10 @@ +--- +- name: Pulling chrony images + kolla_docker: + action: "pull_image" + common_options: "{{ docker_common_options }}" + image: "{{ item.value.image }}" + when: + - inventory_hostname in groups[item.value.group] + - item.value.enabled | bool + with_dict: "{{ chrony_services }}" diff --git a/ansible/roles/chrony/tasks/reconfigure.yml b/ansible/roles/chrony/tasks/reconfigure.yml new file mode 120000 index 0000000000..0412f92200 --- /dev/null +++ b/ansible/roles/chrony/tasks/reconfigure.yml @@ -0,0 +1 @@ +deploy.yml \ No newline at end of file diff --git a/ansible/roles/chrony/tasks/upgrade.yml b/ansible/roles/chrony/tasks/upgrade.yml new file mode 120000 index 0000000000..0412f92200 --- /dev/null +++ b/ansible/roles/chrony/tasks/upgrade.yml @@ -0,0 +1 @@ +deploy.yml \ No newline at end of file diff --git a/ansible/roles/chrony/templates/chrony.conf.j2 b/ansible/roles/chrony/templates/chrony.conf.j2 new file mode 100644 index 0000000000..53f0e848c5 --- /dev/null +++ b/ansible/roles/chrony/templates/chrony.conf.j2 @@ -0,0 +1,38 @@ +{% for host in groups['chrony-server'] %} +{% if inventory_hostname != host %} +server {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }} iburst +{% endif %} +{% endfor %} +{% for ntp_server in external_ntp_servers %} +server {{ ntp_server }} iburst +{% endfor %} + +keyfile /etc/chrony/chrony.keys + +commandkey 1 + +driftfile /var/lib/chrony/chrony.drift + +log tracking measurements statistics +logdir /var/log/kolla/chrony + +maxupdateskew 100.0 + +dumponexit + +dumpdir /var/lib/chrony + +{% if inventory_hostname in groups['chrony-server'] %} +allow all +{% else %} +port 0 +deny all +{% endif %} + +bindaddress {{ api_interface_address }} + +logchange 0.5 + +hwclockfile /etc/adjtime + +rtcsync diff --git a/ansible/roles/chrony/templates/chrony.json.j2 b/ansible/roles/chrony/templates/chrony.json.j2 new file mode 100644 index 0000000000..c0875524a6 --- /dev/null +++ b/ansible/roles/chrony/templates/chrony.json.j2 @@ -0,0 +1,11 @@ +{ + "command": "/usr/sbin/chronyd -d -f /etc/chrony/chrony.conf", + "config_files": [ + { + "source": "{{ container_config_directory }}/chrony.conf", + "dest": "/etc/chrony/chrony.conf", + "owner": "root", + "perm": "0644" + } + ] +} diff --git a/ansible/site.yml b/ansible/site.yml index c47a95e12c..22f8a94240 100644 --- a/ansible/site.yml +++ b/ansible/site.yml @@ -53,6 +53,16 @@ - role: prechecks when: action == "precheck" +- name: Apply role chrony + hosts: + - chrony-server + - chrony + serial: '{{ serial|default("0") }}' + roles: + - { role: chrony, + tags: chrony, + when: enable_chrony | bool } + - name: Apply role collectd hosts: collectd serial: '{{ serial|default("0") }}' diff --git a/etc/kolla/globals.yml b/etc/kolla/globals.yml index 3b8d3d5fd3..31b1b4db80 100644 --- a/etc/kolla/globals.yml +++ b/etc/kolla/globals.yml @@ -122,6 +122,7 @@ kolla_internal_vip_address: "10.10.10.254" #enable_central_logging: "no" #enable_ceph: "no" #enable_ceph_rgw: "no" +#enable_chrony: "no" #enable_cinder: "no" #enable_cinder_backend_hnas_iscsi: "no" #enable_cinder_backend_iscsi: "no"