Adds support for configuring chrony (#575)

* Adds support for configuring chrony Chrony is already bundled in the generic cloud image so we just have to configure it. For this I am using an off the shelf role. I've chosen mrlesmithjr.chrony as it is also used in kayobe (so we can share development effort) * Add chrony to default inventory * Try and test with CI * Correct role name * Update bootstrap.yml * Address comments from code review --------- Co-authored-by: Steve Brasier <[email protected]>
stackhpc · Feb 20, 2025 · 673ef13 · 673ef13
1 parent d474a4f
commit 673ef13
Show file tree

Hide file tree

Showing 10 changed files with 49 additions and 1 deletion.
diff --git a/ansible/bootstrap.yml b/ansible/bootstrap.yml
@@ -52,6 +52,13 @@
     - import_role:
         name: proxy
 
+- hosts: chrony
+  tags: chrony
+  become: yes
+  tasks:
+    - import_role:
+        name: mrlesmithjr.chrony
+
 - hosts: cluster
   gather_facts: false
   become: yes

diff --git a/ansible/roles/compute_init/README.md b/ansible/roles/compute_init/README.md
@@ -43,6 +43,7 @@ it also requires an image build with the role name added to the
 | bootstrap.yml            | (wait for ansible-init) | Not relevant during boot        | n/a                 |
 | bootstrap.yml            | resolv_conf             | Fully supported                 | No                  |
 | bootstrap.yml            | etc_hosts               | Fully supported                 | No                  |
+| bootstrap.yml            | chrony                  | Fully supported                 | No                  |
 | bootstrap.yml            | proxy                   | None at present                 | No                  |
 | bootstrap.yml            | (/etc permissions)      | None required - use image build | No                  |
 | bootstrap.yml            | (ssh /home fix)         | None required - use image build | No                  |

diff --git a/ansible/roles/compute_init/files/compute-init.yml b/ansible/roles/compute_init/files/compute-init.yml
@@ -17,6 +17,7 @@
     enable_manila: "{{ os_metadata.meta.manila | default(false) | bool }}"
     enable_basic_users: "{{ os_metadata.meta.basic_users | default(false) | bool }}"
     enable_eessi: "{{ os_metadata.meta.eessi | default(false) | bool }}"
+    enable_chrony: "{{ os_metadata.meta.chrony | default(false) | bool }}"
 
     # TODO: "= role defaults" - could be moved to a vars_file: on play with similar precedence effects
     resolv_conf_nameservers: []
@@ -100,6 +101,11 @@
 
       # TODO: should /mnt/cluster now be UNMOUNTED to avoid future hang-ups?
 
+    - name: Run chrony role
+      ansible.builtin.include_role:
+        name: mrlesmithjr.chrony
+      when: enable_chrony | bool
+
     - name: Configure resolve.conf
       block:
         - name: Set nameservers in /etc/resolv.conf

diff --git a/ansible/roles/compute_init/tasks/install.yml b/ansible/roles/compute_init/tasks/install.yml
@@ -43,6 +43,8 @@
       dest: tasks/tuned.yml
     - src: ../../stackhpc.nfs/tasks/nfs-clients.yml
       dest: tasks/nfs-clients.yml
+    - src: ../../mrlesmithjr.chrony
+      dest: roles/
 
 - name: Add filter_plugins to ansible.cfg
   lineinfile:

diff --git a/docs/chrony.md b/docs/chrony.md
@@ -0,0 +1,21 @@
+# Chrony configuration
+
+Use variables from the [mrlesmithjr.chrony](https://github.com/mrlesmithjr/ansible-chrony) role.
+
+For example in: `environments/<environment>/inventory/group_vars/all/chrony`:
+
+```
+---
+chrony_ntp_servers:
+  - server: ntp-0.example.org
+    options:
+      - option: iburst
+      - option: minpoll
+        val: 8
+  - server: ntp-1.example.org
+    options:
+      - option: iburst
+      - option: minpoll
+        val: 8
+
+```
diff --git a/environments/.stackhpc/inventory/extra_groups b/environments/.stackhpc/inventory/extra_groups
@@ -24,6 +24,9 @@ cluster
 login
 compute
 
+[chrony:children]
+cluster
+
 [tuned:children]
 # Install tuned into fat image
 builder

diff --git a/environments/.stackhpc/tofu/main.tf b/environments/.stackhpc/tofu/main.tf
@@ -80,7 +80,7 @@ module "cluster" {
         standard: { # NB: can't call this default!
             nodes: ["compute-0", "compute-1"]
             flavor: var.other_node_flavor
-            compute_init_enable: ["compute", "etc_hosts", "nfs", "basic_users", "eessi", "tuned", "cacerts"]
+            compute_init_enable: ["compute", "chrony", "etc_hosts", "nfs", "basic_users", "eessi", "tuned", "cacerts"]
             ignore_image_changes: true
         }
         # Example of how to add another partition:

diff --git a/environments/common/inventory/groups b/environments/common/inventory/groups
@@ -168,3 +168,6 @@ extra_packages
 
 [cacerts]
 # Hosts to configure CA certificates and trusts on
+
+[chrony]
+# Hosts where crony configuration is applied. See docs/chrony.md for more details.
diff --git a/environments/common/layouts/everything b/environments/common/layouts/everything
@@ -113,3 +113,6 @@ builder
 
 [cacerts]
 # Hosts to configure CA certificates and trusts on
+
+[chrony]
+# Hosts where crony configuration is applied. See docs/chrony.md for more details.
diff --git a/requirements.yml b/requirements.yml
@@ -22,6 +22,8 @@ roles:
   - src: https://github.com/stackhpc/ansible-role-os-manila-mount.git
     name: stackhpc.os-manila-mount
     version: v25.1.1
+  - src: mrlesmithjr.chrony
+    version: v0.1.4
 
 collections:
   - name: containers.podman
-Original file line number
+Diff line change
@@ Expand Up / @@ -24,6 +24,9 @@ cluster @@
     login
     compute
+    [chrony:children]
+    cluster
     [tuned:children]
     # Install tuned into fat image
     builder
@@ Expand Down @@