ccchb
/
ansible
mirror of https://dev.ccchb.de/ccchb/ansible.git
3
0
Fork 0
Code Issues Releases Wiki Activity

Install OpenNTPD on mail servers 

Fixes #14
This commit is contained in:
genofire 2020-10-23 19:03:23 +02:00
parent 9110d9df82
commit 4addf597cc
10 changed files with 241 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
ntp.yml Normal file
View File

@ -0,0 +1,8 @@
---
- hosts:
- mail
become: yes
roles:
- openntpd

11
roles/openntpd/handlers/main.yml Normal file
View File

@ -0,0 +1,11 @@
---
- name: Reload s6-rc
service:
name: s6-rc
state: reloaded
- name: Restart OpenNTPD
command: s6-svc -wR -T 5000 -t /run/service/openntpd
- name: Restart OpenNTPD log
command: s6-svc -wR -T 5000 -t /run/service/openntpd-log

84
roles/openntpd/tasks/main.yml Normal file
View File

@ -0,0 +1,84 @@
---
- name: Install OpenNTPD
package:
name: openntpd
state: present
- name: Add /var/log/openntpd to fstab
mount:
path: /var/log/openntpd
src: tmpfs
fstype: tmpfs
opts: 'rw,size={{ openntpd_log_size }},mode={{ openntpd_log_mode }},uid={{ openntpd_log_uid }},gid={{ openntpd_log_gid }},late'
state: mounted
- name: Create OpenNTPD service directories
file:
path: '/etc/s6-rc/service/{{ item }}'
state: directory
owner: root
group: wheel
mode: 0755
with_items: '{{ openntpd_service_dirs }}'
notify:
- Reload s6-rc
- Restart OpenNTPD log
- Restart OpenNTPD
- name: Generate OpenNTPD service scripts
template:
dest: '/etc/s6-rc/service/{{ item }}'
src: '{{ item }}.j2'
mode: 0555
owner: root
group: wheel
with_items: '{{ openntpd_service_scripts }}'
notify:
- Reload s6-rc
- Restart OpenNTPD log
- Restart OpenNTPD
- name: Generate OpenNTPD service configuration
copy:
dest: '/etc/s6-rc/service/{{ item.name }}'
content: '{{ item.content }}'
mode: 0444
owner: root
group: wheel
loop_control:
label: '{{ item.name }} = {{ item.content }}'
notify:
- Reload s6-rc
- Restart OpenNTPD log
- Restart OpenNTPD
with_items: '{{ openntpd_service_config }}'
- name: Configure OpenNTPD
template:
dest: /usr/local/etc/ntpd.conf
src: ntpd.conf.j2
mode: 0444
owner: root
group: wheel
notify:
- Restart OpenNTPD
- name: Flush handlers
meta: flush_handlers
- name: Start OpenNTPD
command: fdmove -c 2 1 s6-rc -u -v 2 -t 15000 change openntpd
register: change
changed_when: change.stdout | length > 0
- name: Enable OpenNTPD
lineinfile:
path: /etc/s6-rc/service/enabled/contents
regexp: "^openntpd$"
line: openntpd
state: present
notify:
- Reload s6-rc
- name: Flush handlers (again)
meta: flush_handlers

8
roles/openntpd/templates/ntpd.conf.j2 Normal file
View File

@ -0,0 +1,8 @@
# {{ ansible_managed }}
server 0.de.pool.ntp.org
server 1.de.pool.ntp.org
server 2.de.pool.ntp.org
server 3.de.pool.ntp.org
constraints from "https://www.google.com"

13
roles/openntpd/templates/openntpd-log/finish.j2 Normal file
View File

@ -0,0 +1,13 @@
#!/usr/local/bin/execlineb -S2
# {{ ansible_managed }}
s6-envdir ./env
multisubstitute {
importas -i -u NAME NAME
}
fdmove -c 1 2
ifelse { test "${1}" -eq 0 } {
echo "${NAME}-log: Stopped."
}
echo "${NAME}-log: Failed with exit status (${1}, ${2})."

23
roles/openntpd/templates/openntpd-log/run.j2 Normal file
View File

@ -0,0 +1,23 @@
#!/usr/local/bin/execlineb
# {{ ansible_managed }}
s6-envdir ./env
multisubstitute {
importas -i -u NAME NAME
importas -i -u USER USER
importas -i -u GROUP GROUP
importas -i -u MODE MODE
importas -i -u DIR DIR
}
foreground { fdmove -c 1 2 echo "${NAME} log: Starting." }
ifelse -n { install -d -o "${USER}" -g "${GROUP}" -m "${MODE}" "$DIR" } {
foreground { fdmove -c 1 2 echo "${NAME} log: Failed to create logging directory." }
false
}
fdmove -c 2 1
s6-envuidgid $USER
s6-log -d 3 T $DIR

18
roles/openntpd/templates/openntpd/data/check.j2 Normal file
View File

@ -0,0 +1,18 @@
#!/usr/local/bin/execlineb -P
# {{ ansible_managed }}
s6-envdir ./env
multisubstitute {
importas -i -u NAME NAME
}
ifelse {
redirfd -w 1 /dev/null
fdmove -c 2 1
ntpctl -s status
} {
foreground { fdmove -c 1 2 echo "${NAME}: Ready." }
true
}
foreground { fdmove -c 1 2 echo "${NAME}: Poll." }
false

13
roles/openntpd/templates/openntpd/finish.j2 Normal file
View File

@ -0,0 +1,13 @@
#!/usr/local/bin/execlineb -S2
# {{ ansible_managed }}
s6-envdir ./env
multisubstitute {
importas -i -u NAME NAME
}
fdmove -c 1 2
ifelse { test "${1}" -eq 0 } {
echo "${NAME}: Stopped."
}
echo "${NAME}: Failed with exit status (${1}, ${2})."

13
roles/openntpd/templates/openntpd/run.j2 Normal file
View File

@ -0,0 +1,13 @@
#!/usr/local/bin/execlineb -P
# {{ ansible_managed }}
s6-envdir ./env
multisubstitute {
importas -i -u NAME NAME
}
foreground { fdmove -c 1 2 echo "${NAME}: Starting." }
s6-notifyoncheck -d -w 100 -n 70
fdmove -c 2 1
/usr/local/sbin/ntpd -d

50
roles/openntpd/vars/main.yml Normal file
View File

@ -0,0 +1,50 @@
---
openntpd_log_size: '32m'
openntpd_log_mode: '750'
openntpd_log_uid: '20000'
openntpd_log_gid: '20000'
openntpd_service_dirs:
- openntpd
- openntpd/env
- openntpd/data
- openntpd-log
- openntpd-log/env
openntpd_service_scripts:
- openntpd/run
- openntpd/finish
- openntpd/data/check
- openntpd-log/run
- openntpd-log/finish
openntpd_service_config:
- name: openntpd/type
content: longrun
- name: openntpd/producer-for
content: openntpd-log
- name: openntpd/notification-fd
content: 3
- name: openntpd/env/NAME
content: OpenNTPD
- name: openntpd/env/PATH
content: /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/root/bin
- name: openntpd-log/type
content: longrun
- name: openntpd-log/notification-fd
content: 3
- name: openntpd-log/consumer-for
content: openntpd
- name: openntpd-log/env/NAME
content: openntpd
- name: openntpd-log/env/PATH
content: /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/root/bin
- name: openntpd-log/env/MODE
content: '750'
- name: openntpd-log/env/USER
content: s6-log
- name: openntpd-log/env/GROUP
content: s6-log
- name: openntpd-log/env/DIR
content: /var/log/openntpd