diff --git a/ansible/bootstrap.yml b/ansible/bootstrap.yml index 32aa51f76..5a7137c5e 100644 --- a/ansible/bootstrap.yml +++ b/ansible/bootstrap.yml @@ -52,6 +52,13 @@ - import_role: name: proxy +- hosts: chrony + tags: chrony + become: yes + tasks: + - import_role: + name: mrlesmithjr.chrony + - hosts: cluster gather_facts: false become: yes diff --git a/ansible/roles/compute_init/README.md b/ansible/roles/compute_init/README.md index e11835483..e19b3dade 100644 --- a/ansible/roles/compute_init/README.md +++ b/ansible/roles/compute_init/README.md @@ -43,6 +43,7 @@ it also requires an image build with the role name added to the | bootstrap.yml | (wait for ansible-init) | Not relevant during boot | n/a | | bootstrap.yml | resolv_conf | Fully supported | No | | bootstrap.yml | etc_hosts | Fully supported | No | +| bootstrap.yml | chrony | Fully supported | No | | bootstrap.yml | proxy | None at present | No | | bootstrap.yml | (/etc permissions) | None required - use image build | No | | bootstrap.yml | (ssh /home fix) | None required - use image build | No | diff --git a/ansible/roles/compute_init/files/compute-init.yml b/ansible/roles/compute_init/files/compute-init.yml index 79db0fc89..90a5cfa86 100644 --- a/ansible/roles/compute_init/files/compute-init.yml +++ b/ansible/roles/compute_init/files/compute-init.yml @@ -17,6 +17,7 @@ enable_manila: "{{ os_metadata.meta.manila | default(false) | bool }}" enable_basic_users: "{{ os_metadata.meta.basic_users | default(false) | bool }}" enable_eessi: "{{ os_metadata.meta.eessi | default(false) | bool }}" + enable_chrony: "{{ os_metadata.meta.chrony | default(false) | bool }}" # TODO: "= role defaults" - could be moved to a vars_file: on play with similar precedence effects resolv_conf_nameservers: [] @@ -100,6 +101,11 @@ # TODO: should /mnt/cluster now be UNMOUNTED to avoid future hang-ups? + - name: Run chrony role + ansible.builtin.include_role: + name: mrlesmithjr.chrony + when: enable_chrony | bool + - name: Configure resolve.conf block: - name: Set nameservers in /etc/resolv.conf diff --git a/ansible/roles/compute_init/tasks/install.yml b/ansible/roles/compute_init/tasks/install.yml index b7228d540..37017b7f8 100644 --- a/ansible/roles/compute_init/tasks/install.yml +++ b/ansible/roles/compute_init/tasks/install.yml @@ -43,6 +43,8 @@ dest: tasks/tuned.yml - src: ../../stackhpc.nfs/tasks/nfs-clients.yml dest: tasks/nfs-clients.yml + - src: ../../mrlesmithjr.chrony + dest: roles/ - name: Add filter_plugins to ansible.cfg lineinfile: diff --git a/docs/chrony.md b/docs/chrony.md new file mode 100644 index 000000000..0d6f8b100 --- /dev/null +++ b/docs/chrony.md @@ -0,0 +1,21 @@ +# Chrony configuration + +Use variables from the [mrlesmithjr.chrony](https://github.com/mrlesmithjr/ansible-chrony) role. + +For example in: `environments//inventory/group_vars/all/chrony`: + +``` +--- +chrony_ntp_servers: + - server: ntp-0.example.org + options: + - option: iburst + - option: minpoll + val: 8 + - server: ntp-1.example.org + options: + - option: iburst + - option: minpoll + val: 8 + +``` diff --git a/environments/.stackhpc/inventory/extra_groups b/environments/.stackhpc/inventory/extra_groups index a59354acd..3c1ebe225 100644 --- a/environments/.stackhpc/inventory/extra_groups +++ b/environments/.stackhpc/inventory/extra_groups @@ -24,6 +24,9 @@ cluster login compute +[chrony:children] +cluster + [tuned:children] # Install tuned into fat image builder diff --git a/environments/.stackhpc/tofu/main.tf b/environments/.stackhpc/tofu/main.tf index 4a27cbf7a..d53c30788 100644 --- a/environments/.stackhpc/tofu/main.tf +++ b/environments/.stackhpc/tofu/main.tf @@ -80,7 +80,7 @@ module "cluster" { standard: { # NB: can't call this default! nodes: ["compute-0", "compute-1"] flavor: var.other_node_flavor - compute_init_enable: ["compute", "etc_hosts", "nfs", "basic_users", "eessi", "tuned", "cacerts"] + compute_init_enable: ["compute", "chrony", "etc_hosts", "nfs", "basic_users", "eessi", "tuned", "cacerts"] ignore_image_changes: true } # Example of how to add another partition: diff --git a/environments/common/inventory/groups b/environments/common/inventory/groups index ad9e1cd22..7fd73511d 100644 --- a/environments/common/inventory/groups +++ b/environments/common/inventory/groups @@ -168,3 +168,6 @@ extra_packages [cacerts] # Hosts to configure CA certificates and trusts on + +[chrony] +# Hosts where crony configuration is applied. See docs/chrony.md for more details. diff --git a/environments/common/layouts/everything b/environments/common/layouts/everything index 10c45c0a1..5b325f108 100644 --- a/environments/common/layouts/everything +++ b/environments/common/layouts/everything @@ -113,3 +113,6 @@ builder [cacerts] # Hosts to configure CA certificates and trusts on + +[chrony] +# Hosts where crony configuration is applied. See docs/chrony.md for more details. diff --git a/requirements.yml b/requirements.yml index 3eff9168e..34a436453 100644 --- a/requirements.yml +++ b/requirements.yml @@ -22,6 +22,8 @@ roles: - src: https://github.com/stackhpc/ansible-role-os-manila-mount.git name: stackhpc.os-manila-mount version: v25.1.1 + - src: mrlesmithjr.chrony + version: v0.1.4 collections: - name: containers.podman