Merge pull request #16 from roles-ansible/ntp

consider using ntpsec

README.md

@@ -38,6 +38,10 @@ ntp_servers:
 ntp_set_time_zone: false
 ntp_timezone: 'Europe/Berlin'
 
+# Leap seconds definition provided by tzdata
+ntp_leap: true
+ntp_leapfile: '/usr/share/zoneinfo/leap-seconds.list'
+
 # Enable or disable ntp statistics
 ntp_statistics: false
 
@@ -83,6 +87,9 @@ You can install it with this command:
 ansible-galaxy collection install -r requirements.yml --upgrade
 ```
 
+## Testing
+This role is tested on debian stable. It should work on other operating systems. Please Report issues if it does not work.
+
 ## Author Information
 
 + This role was created in 2018 by diodonfrost.

defaults/main.yml

@@ -20,10 +20,19 @@ ntp_servers:
 
 # Enable or disable ntp statistics
 ntp_statistics: false
+ntp_ntpstats_dir: '/var/log/ntpstats/'
+ntp_statistics_overview:
+  - 'clockstats'
+  - 'peerstats'
+  - 'loopstats'
 
 # optionally set timezone
 ntp_set_time_zone: false
 ntp_timezone: 'Europe/Berlin'
 
+# Leap seconds definition provided by tzdata
+ntp_leap: true
+ntp_leapfile: '/usr/share/zoneinfo/leap-seconds.list'
+
 # version check for this playbook (true is recomended)
 submodules_versioncheck: false

tasks/config.yml

@@ -8,3 +8,12 @@
     group: "{{ ntp_configfile_group }}"
     mode: 0644
   notify: "Restart ntp daemons on {{ ansible_system }}"
+
+- name: Create logging folder
+  become: true
+  ansible.builtin.file:
+    path: "{{ ntp_ntpstats_dir }}"
+    state: directory
+    mode: 0755
+    owner: "{{ ntp_user }}"
+  when: ntp_statistics | bool

tasks/packages/setup-Linux.yml

@@ -16,7 +16,13 @@
   when: ansible_os_family == "Gentoo"
   tags: 'skip_ansible_lint'
 
-- name: Install ntp daemon on Linux
+- name: Remove ntp legacy daemon on Linux
+  become: true
+  ansible.builtin.package:
+    name: "{{ ntp_package_absent }}"
+    state: absent
+
+- name: Install ntpsec daemon on Linux
   become: true
   ansible.builtin.package:
     name: "{{ ntp_package }}"

templates/ntp.conf.j2

@@ -1,13 +1,18 @@
-#####################################
-##                                 ##
-## THIS FILE IS MANAGED BY ANSIBLE ##
-##                                 ##
-##        It is about time         ##
-##                                 ##
-#####################################
-# > galaxy.ansible.com/do1jlr/ntp < #
+######################################################
+##                                                  ##
+##       THIS  FILE  IS  MANAGED  BY  ANSIBLE       ##
+##                                                  ##
+##                It is about time                  ##
+##                                                  ##
+######################################################
+# > galaxy.ansible.com/ui/repo/published/l3d/time/ < #
 driftfile {{ ntp_driftfile }}
 
+{% if ntp_leap %}
+# Leap seconds definition provided by tzdata
+leapfile {{ ntp_leapfile }}
+{% endif %}
+
 {% for restrict_ip in ntp_restrict %}
 restrict {{ restrict_ip }}
 {% endfor %}
@@ -17,5 +22,13 @@ server {{ pool_server }}
 {% endfor %}
 
 {% if ntp_statistics | bool %}
-statistics clockstats cryptostats loopstats peerstats
+statistics {{ ntp_statistics_overview | join(' ') }}
+
+# Enable this if you want statistics to be logged.
+statsdir {{ ntp_ntpstats_dir }}
+
+{%     for stat in ntp_statistics_overview %}
+filegen {{ stat }} file {{ stat }} type day enable
+{%     endfor %}
+
 {% endif %}

vars/Archlinux.yml → vars/ArchLinux.yml

@@ -1,8 +1,10 @@
 ---
-ntp_package: ntp
+ntp_package: 'ntpsec'
+ntp_package_absent: 'ntp'
 ntp_service: ntpd
+ntp_user: 'ntpsec'
 
-ntp_configfile: /etc/ntp.conf
+ntp_configfile: /etc/ntpsec/ntp.conf
 ntp_configfile_user: root
 ntp_configfile_group: root
 ntp_driftfile: /var/lib/ntp/drift

vars/Darwin.yml

@@ -1,6 +1,8 @@
 ---
-ntp_package:
+ntp_package: ntp
 ntp_service: ntp
+ntp_package_absent: []
+ntp_user: 'ntp'
 
 ntp_configfile: /private/etc/ntp.conf
 ntp_configfile_user: root

vars/Debian.yml

@@ -1,8 +1,10 @@
 ---
-ntp_package: ntp
-ntp_service: ntp
+ntp_package: 'ntpsec'
+ntp_package_absent: 'ntp'
+ntp_service: 'ntpsec'
+ntp_user: 'ntpsec'
 
-ntp_configfile: /etc/ntp.conf
+ntp_configfile: '/etc/ntpsec/ntp.conf'
 ntp_configfile_user: root
 ntp_configfile_group: root
 ntp_driftfile: /var/lib/ntp/drift

vars/FreeBSD.yml

@@ -1,6 +1,8 @@
 ---
 ntp_package: ntp
+ntp_package_absent: []
 ntp_service: ntpd
+ntp_user: 'ntp'
 
 ntp_configfile: /etc/ntp.conf
 ntp_configfile_user: root

vars/Gentoo.yml

@@ -1,6 +1,8 @@
 ---
 ntp_package: net-misc/ntp
+ntp_package_absent: []
 ntp_service: ntp-client
+ntp_user: 'ntp'
 
 ntp_configfile: /etc/ntp.conf
 ntp_configfile_user: root

vars/OpenBSD.yml

@@ -1,6 +1,8 @@
 ---
 ntp_package: ntp
+ntp_package_absent: []
 ntp_service: ntpd
+ntp_user: 'ntp'
 
 ntp_configfile: /etc/ntp.conf
 ntp_configfile_user: root

vars/RedHat.yml

@@ -1,6 +1,8 @@
 ---
 ntp_package: ntp
+ntp_package_absent: []
 ntp_service: ntpd
+ntp_user: 'ntp'
 
 ntp_configfile: /etc/ntp.conf
 ntp_configfile_user: root

vars/Suse.yml

@@ -1,6 +1,8 @@
 ---
 ntp_package: ntp
+ntp_package_absent: []
 ntp_service: ntpd
+ntp_user: 'ntp'
 
 ntp_configfile: /etc/ntp.conf
 ntp_configfile_user: root

vars/fallback.yml

@@ -1,6 +1,8 @@
 ---
 ntp_package: ntp
+ntp_package_absent: []
 ntp_service: ntp
+ntp_user: 'ntp'
 
 ntp_configfile: /etc/ntp.conf
 ntp_configfile_user: root

vars/main.yml

@@ -1,5 +1,5 @@
 ---
-playbook_version_number: 2060
+playbook_version_number: 2061
 ntp__playbook_version_path: 'role-ntp_chaos-bodensee_github.com.version'
 
 ntp__vars: