From 4addf597cc033505144f2924bba666ea334f55a4 Mon Sep 17 00:00:00 2001 From: genofire Date: Fri, 23 Oct 2020 19:03:23 +0200 Subject: [PATCH] Install OpenNTPD on mail servers Fixes #14 --- ntp.yml | 8 ++ roles/openntpd/handlers/main.yml | 11 +++ roles/openntpd/tasks/main.yml | 84 +++++++++++++++++++ roles/openntpd/templates/ntpd.conf.j2 | 8 ++ .../openntpd/templates/openntpd-log/finish.j2 | 13 +++ roles/openntpd/templates/openntpd-log/run.j2 | 23 +++++ .../openntpd/templates/openntpd/data/check.j2 | 18 ++++ roles/openntpd/templates/openntpd/finish.j2 | 13 +++ roles/openntpd/templates/openntpd/run.j2 | 13 +++ roles/openntpd/vars/main.yml | 50 +++++++++++ 10 files changed, 241 insertions(+) create mode 100644 ntp.yml create mode 100644 roles/openntpd/handlers/main.yml create mode 100644 roles/openntpd/tasks/main.yml create mode 100644 roles/openntpd/templates/ntpd.conf.j2 create mode 100644 roles/openntpd/templates/openntpd-log/finish.j2 create mode 100644 roles/openntpd/templates/openntpd-log/run.j2 create mode 100644 roles/openntpd/templates/openntpd/data/check.j2 create mode 100644 roles/openntpd/templates/openntpd/finish.j2 create mode 100644 roles/openntpd/templates/openntpd/run.j2 create mode 100644 roles/openntpd/vars/main.yml diff --git a/ntp.yml b/ntp.yml new file mode 100644 index 0000000..9c8b356 --- /dev/null +++ b/ntp.yml @@ -0,0 +1,8 @@ +--- +- hosts: + - mail + + become: yes + + roles: + - openntpd diff --git a/roles/openntpd/handlers/main.yml b/roles/openntpd/handlers/main.yml new file mode 100644 index 0000000..ca459b4 --- /dev/null +++ b/roles/openntpd/handlers/main.yml @@ -0,0 +1,11 @@ +--- +- name: Reload s6-rc + service: + name: s6-rc + state: reloaded + +- name: Restart OpenNTPD + command: s6-svc -wR -T 5000 -t /run/service/openntpd + +- name: Restart OpenNTPD log + command: s6-svc -wR -T 5000 -t /run/service/openntpd-log diff --git a/roles/openntpd/tasks/main.yml b/roles/openntpd/tasks/main.yml new file mode 100644 index 0000000..87625ad --- /dev/null +++ b/roles/openntpd/tasks/main.yml @@ -0,0 +1,84 @@ +--- +- name: Install OpenNTPD + package: + name: openntpd + state: present + +- name: Add /var/log/openntpd to fstab + mount: + path: /var/log/openntpd + src: tmpfs + fstype: tmpfs + opts: 'rw,size={{ openntpd_log_size }},mode={{ openntpd_log_mode }},uid={{ openntpd_log_uid }},gid={{ openntpd_log_gid }},late' + state: mounted + +- name: Create OpenNTPD service directories + file: + path: '/etc/s6-rc/service/{{ item }}' + state: directory + owner: root + group: wheel + mode: 0755 + with_items: '{{ openntpd_service_dirs }}' + notify: + - Reload s6-rc + - Restart OpenNTPD log + - Restart OpenNTPD + +- name: Generate OpenNTPD service scripts + template: + dest: '/etc/s6-rc/service/{{ item }}' + src: '{{ item }}.j2' + mode: 0555 + owner: root + group: wheel + with_items: '{{ openntpd_service_scripts }}' + notify: + - Reload s6-rc + - Restart OpenNTPD log + - Restart OpenNTPD + +- name: Generate OpenNTPD service configuration + copy: + dest: '/etc/s6-rc/service/{{ item.name }}' + content: '{{ item.content }}' + mode: 0444 + owner: root + group: wheel + loop_control: + label: '{{ item.name }} = {{ item.content }}' + notify: + - Reload s6-rc + - Restart OpenNTPD log + - Restart OpenNTPD + with_items: '{{ openntpd_service_config }}' + +- name: Configure OpenNTPD + template: + dest: /usr/local/etc/ntpd.conf + src: ntpd.conf.j2 + mode: 0444 + owner: root + group: wheel + notify: + - Restart OpenNTPD + +- name: Flush handlers + meta: flush_handlers + +- name: Start OpenNTPD + command: fdmove -c 2 1 s6-rc -u -v 2 -t 15000 change openntpd + register: change + changed_when: change.stdout | length > 0 + +- name: Enable OpenNTPD + lineinfile: + path: /etc/s6-rc/service/enabled/contents + regexp: "^openntpd$" + line: openntpd + state: present + notify: + - Reload s6-rc + +- name: Flush handlers (again) + meta: flush_handlers diff --git a/roles/openntpd/templates/ntpd.conf.j2 b/roles/openntpd/templates/ntpd.conf.j2 new file mode 100644 index 0000000..c0fd516 --- /dev/null +++ b/roles/openntpd/templates/ntpd.conf.j2 @@ -0,0 +1,8 @@ +# {{ ansible_managed }} + +server 0.de.pool.ntp.org +server 1.de.pool.ntp.org +server 2.de.pool.ntp.org +server 3.de.pool.ntp.org + +constraints from "https://www.google.com" diff --git a/roles/openntpd/templates/openntpd-log/finish.j2 b/roles/openntpd/templates/openntpd-log/finish.j2 new file mode 100644 index 0000000..37c3bce --- /dev/null +++ b/roles/openntpd/templates/openntpd-log/finish.j2 @@ -0,0 +1,13 @@ +#!/usr/local/bin/execlineb -S2 +# {{ ansible_managed }} + +s6-envdir ./env +multisubstitute { + importas -i -u NAME NAME +} + +fdmove -c 1 2 +ifelse { test "${1}" -eq 0 } { + echo "${NAME}-log: Stopped." +} + echo "${NAME}-log: Failed with exit status (${1}, ${2})." diff --git a/roles/openntpd/templates/openntpd-log/run.j2 b/roles/openntpd/templates/openntpd-log/run.j2 new file mode 100644 index 0000000..1f9904f --- /dev/null +++ b/roles/openntpd/templates/openntpd-log/run.j2 @@ -0,0 +1,23 @@ +#!/usr/local/bin/execlineb +# {{ ansible_managed }} + +s6-envdir ./env +multisubstitute { + importas -i -u NAME NAME + importas -i -u USER USER + importas -i -u GROUP GROUP + importas -i -u MODE MODE + importas -i -u DIR DIR +} + +foreground { fdmove -c 1 2 echo "${NAME} log: Starting." } + +ifelse -n { install -d -o "${USER}" -g "${GROUP}" -m "${MODE}" "$DIR" } { + foreground { fdmove -c 1 2 echo "${NAME} log: Failed to create logging directory." } + false +} + +fdmove -c 2 1 + +s6-envuidgid $USER +s6-log -d 3 T $DIR diff --git a/roles/openntpd/templates/openntpd/data/check.j2 b/roles/openntpd/templates/openntpd/data/check.j2 new file mode 100644 index 0000000..7afcb8e --- /dev/null +++ b/roles/openntpd/templates/openntpd/data/check.j2 @@ -0,0 +1,18 @@ +#!/usr/local/bin/execlineb -P +# {{ ansible_managed }} + +s6-envdir ./env +multisubstitute { + importas -i -u NAME NAME +} + +ifelse { + redirfd -w 1 /dev/null + fdmove -c 2 1 + ntpctl -s status +} { + foreground { fdmove -c 1 2 echo "${NAME}: Ready." } + true +} + foreground { fdmove -c 1 2 echo "${NAME}: Poll." } + false diff --git a/roles/openntpd/templates/openntpd/finish.j2 b/roles/openntpd/templates/openntpd/finish.j2 new file mode 100644 index 0000000..00e3945 --- /dev/null +++ b/roles/openntpd/templates/openntpd/finish.j2 @@ -0,0 +1,13 @@ +#!/usr/local/bin/execlineb -S2 +# {{ ansible_managed }} + +s6-envdir ./env +multisubstitute { + importas -i -u NAME NAME +} + +fdmove -c 1 2 +ifelse { test "${1}" -eq 0 } { + echo "${NAME}: Stopped." +} + echo "${NAME}: Failed with exit status (${1}, ${2})." diff --git a/roles/openntpd/templates/openntpd/run.j2 b/roles/openntpd/templates/openntpd/run.j2 new file mode 100644 index 0000000..56c0fbf --- /dev/null +++ b/roles/openntpd/templates/openntpd/run.j2 @@ -0,0 +1,13 @@ +#!/usr/local/bin/execlineb -P +# {{ ansible_managed }} + +s6-envdir ./env +multisubstitute { + importas -i -u NAME NAME +} + +foreground { fdmove -c 1 2 echo "${NAME}: Starting." } +s6-notifyoncheck -d -w 100 -n 70 + +fdmove -c 2 1 +/usr/local/sbin/ntpd -d diff --git a/roles/openntpd/vars/main.yml b/roles/openntpd/vars/main.yml new file mode 100644 index 0000000..2525eba --- /dev/null +++ b/roles/openntpd/vars/main.yml @@ -0,0 +1,50 @@ +--- +openntpd_log_size: '32m' +openntpd_log_mode: '750' +openntpd_log_uid: '20000' +openntpd_log_gid: '20000' + +openntpd_service_dirs: + - openntpd + - openntpd/env + - openntpd/data + - openntpd-log + - openntpd-log/env + +openntpd_service_scripts: + - openntpd/run + - openntpd/finish + - openntpd/data/check + - openntpd-log/run + - openntpd-log/finish + +openntpd_service_config: + - name: openntpd/type + content: longrun + - name: openntpd/producer-for + content: openntpd-log + - name: openntpd/notification-fd + content: 3 + - name: openntpd/env/NAME + content: OpenNTPD + - name: openntpd/env/PATH + content: /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/root/bin + + - name: openntpd-log/type + content: longrun + - name: openntpd-log/notification-fd + content: 3 + - name: openntpd-log/consumer-for + content: openntpd + - name: openntpd-log/env/NAME + content: openntpd + - name: openntpd-log/env/PATH + content: /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/root/bin + - name: openntpd-log/env/MODE + content: '750' + - name: openntpd-log/env/USER + content: s6-log + - name: openntpd-log/env/GROUP + content: s6-log + - name: openntpd-log/env/DIR + content: /var/log/openntpd