From 838b6737fb2caabcda181745955eb1680ff9468e Mon Sep 17 00:00:00 2001 From: Will Szumski Date: Thu, 13 Feb 2025 10:06:54 +0000 Subject: [PATCH 1/6] Adds support for configuring chrony Chrony is already bundled in the generic cloud image so we just have to configure it. For this I am using an off the shelf role. I've chosen mrlesmithjr.chrony as it is also used in kayobe (so we can share development effort) --- ansible/bootstrap.yml | 8 ++++++ ansible/roles/compute_init/README.md | 1 + .../roles/compute_init/files/compute-init.yml | 5 ++++ ansible/roles/compute_init/tasks/install.yml | 2 ++ docs/configuration.md | 25 +++++++++++++++++++ requirements.yml | 2 ++ 6 files changed, 43 insertions(+) create mode 100644 docs/configuration.md diff --git a/ansible/bootstrap.yml b/ansible/bootstrap.yml index 32aa51f76..096d66e0f 100644 --- a/ansible/bootstrap.yml +++ b/ansible/bootstrap.yml @@ -52,6 +52,14 @@ - import_role: name: proxy +- hosts: chrony + gather_facts: false + tags: chrony + become: yes + tasks: + - import_role: + name: chrony + - hosts: cluster gather_facts: false become: yes diff --git a/ansible/roles/compute_init/README.md b/ansible/roles/compute_init/README.md index 6926e6e0a..ad2d1a284 100644 --- a/ansible/roles/compute_init/README.md +++ b/ansible/roles/compute_init/README.md @@ -40,6 +40,7 @@ it also requires an image build with the role name added to the | bootstrap.yml | (wait for ansible-init) | Not relevant during boot | n/a | | bootstrap.yml | resolv_conf | Fully supported | No | | bootstrap.yml | etc_hosts | Fully supported | No | +| bootstrap.yml | chrony | Fully supported | No | | bootstrap.yml | proxy | None at present | No | | bootstrap.yml | (/etc permissions) | None required - use image build | No | | bootstrap.yml | (ssh /home fix) | None required - use image build | No | diff --git a/ansible/roles/compute_init/files/compute-init.yml b/ansible/roles/compute_init/files/compute-init.yml index 79db0fc89..2771ff06e 100644 --- a/ansible/roles/compute_init/files/compute-init.yml +++ b/ansible/roles/compute_init/files/compute-init.yml @@ -17,6 +17,7 @@ enable_manila: "{{ os_metadata.meta.manila | default(false) | bool }}" enable_basic_users: "{{ os_metadata.meta.basic_users | default(false) | bool }}" enable_eessi: "{{ os_metadata.meta.eessi | default(false) | bool }}" + enable_chrony: "{{ os_metadata.meta.chrony | default(false) | bool }}" # TODO: "= role defaults" - could be moved to a vars_file: on play with similar precedence effects resolv_conf_nameservers: [] @@ -100,6 +101,10 @@ # TODO: should /mnt/cluster now be UNMOUNTED to avoid future hang-ups? + - name: Run chrony role + ansible.builtin.include_role: + name: mrlesmithjr.chrony + - name: Configure resolve.conf block: - name: Set nameservers in /etc/resolv.conf diff --git a/ansible/roles/compute_init/tasks/install.yml b/ansible/roles/compute_init/tasks/install.yml index b7228d540..37017b7f8 100644 --- a/ansible/roles/compute_init/tasks/install.yml +++ b/ansible/roles/compute_init/tasks/install.yml @@ -43,6 +43,8 @@ dest: tasks/tuned.yml - src: ../../stackhpc.nfs/tasks/nfs-clients.yml dest: tasks/nfs-clients.yml + - src: ../../mrlesmithjr.chrony + dest: roles/ - name: Add filter_plugins to ansible.cfg lineinfile: diff --git a/docs/configuration.md b/docs/configuration.md new file mode 100644 index 000000000..975061e80 --- /dev/null +++ b/docs/configuration.md @@ -0,0 +1,25 @@ +# Configuration + +This page provides configuration snippets for various services. + +## Chrony + +Use variables from the [mrlesmithjr.chrony](https://github.com/mrlesmithjr/ansible-chrony) role. + +For example in: `environments//inventory/group_vars/all/chrony`: + +``` +--- +chrony_ntp_servers: + - server: ntp-0.example.org + options: + - option: iburst + - option: minpoll + val: 8 + - server: ntp-1.example.org + options: + - option: iburst + - option: minpoll + val: 8 + +``` diff --git a/requirements.yml b/requirements.yml index 3eff9168e..34a436453 100644 --- a/requirements.yml +++ b/requirements.yml @@ -22,6 +22,8 @@ roles: - src: https://github.com/stackhpc/ansible-role-os-manila-mount.git name: stackhpc.os-manila-mount version: v25.1.1 + - src: mrlesmithjr.chrony + version: v0.1.4 collections: - name: containers.podman From faaa619d84993820995694d59ae049c9b7d76996 Mon Sep 17 00:00:00 2001 From: Will Szumski Date: Fri, 14 Feb 2025 09:34:40 +0000 Subject: [PATCH 2/6] Add chrony to default inventory --- environments/common/inventory/groups | 3 +++ environments/common/layouts/everything | 3 +++ 2 files changed, 6 insertions(+) diff --git a/environments/common/inventory/groups b/environments/common/inventory/groups index ad9e1cd22..2b71a85a0 100644 --- a/environments/common/inventory/groups +++ b/environments/common/inventory/groups @@ -168,3 +168,6 @@ extra_packages [cacerts] # Hosts to configure CA certificates and trusts on + +[chrony] +# Hosts where crony configuration is applied. See docs/configuration.md#Chrony for more details. diff --git a/environments/common/layouts/everything b/environments/common/layouts/everything index c5d9a0471..b3877136c 100644 --- a/environments/common/layouts/everything +++ b/environments/common/layouts/everything @@ -114,3 +114,6 @@ builder [cacerts] # Hosts to configure CA certificates and trusts on + +[chrony] +# Hosts where crony configuration is applied. See docs/configuration.md#Chrony for more details. From bbde177ecf9fe76332a8832887c163729d3c81da Mon Sep 17 00:00:00 2001 From: Will Szumski Date: Fri, 14 Feb 2025 09:48:51 +0000 Subject: [PATCH 3/6] Try and test with CI --- ansible/roles/compute_init/files/compute-init.yml | 1 + environments/.stackhpc/inventory/extra_groups | 3 +++ environments/.stackhpc/tofu/main.tf | 2 +- 3 files changed, 5 insertions(+), 1 deletion(-) diff --git a/ansible/roles/compute_init/files/compute-init.yml b/ansible/roles/compute_init/files/compute-init.yml index 2771ff06e..90a5cfa86 100644 --- a/ansible/roles/compute_init/files/compute-init.yml +++ b/ansible/roles/compute_init/files/compute-init.yml @@ -104,6 +104,7 @@ - name: Run chrony role ansible.builtin.include_role: name: mrlesmithjr.chrony + when: enable_chrony | bool - name: Configure resolve.conf block: diff --git a/environments/.stackhpc/inventory/extra_groups b/environments/.stackhpc/inventory/extra_groups index 7b5bd7359..b3571c875 100644 --- a/environments/.stackhpc/inventory/extra_groups +++ b/environments/.stackhpc/inventory/extra_groups @@ -24,6 +24,9 @@ cluster login compute +[chrony:children] +cluster + [tuned:children] # Install tuned into fat image builder diff --git a/environments/.stackhpc/tofu/main.tf b/environments/.stackhpc/tofu/main.tf index 4a27cbf7a..d53c30788 100644 --- a/environments/.stackhpc/tofu/main.tf +++ b/environments/.stackhpc/tofu/main.tf @@ -80,7 +80,7 @@ module "cluster" { standard: { # NB: can't call this default! nodes: ["compute-0", "compute-1"] flavor: var.other_node_flavor - compute_init_enable: ["compute", "etc_hosts", "nfs", "basic_users", "eessi", "tuned", "cacerts"] + compute_init_enable: ["compute", "chrony", "etc_hosts", "nfs", "basic_users", "eessi", "tuned", "cacerts"] ignore_image_changes: true } # Example of how to add another partition: From 562d51cd2b4c54e4418de08a9d6036fd9bc5ac04 Mon Sep 17 00:00:00 2001 From: Will Szumski Date: Fri, 14 Feb 2025 09:50:27 +0000 Subject: [PATCH 4/6] Correct role name --- ansible/bootstrap.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/bootstrap.yml b/ansible/bootstrap.yml index 096d66e0f..fa1373a64 100644 --- a/ansible/bootstrap.yml +++ b/ansible/bootstrap.yml @@ -58,7 +58,7 @@ become: yes tasks: - import_role: - name: chrony + name: mrlesmithjr.chrony - hosts: cluster gather_facts: false From 7b2cc74cb86f20fa217e3d7b8f947dc503e9e92d Mon Sep 17 00:00:00 2001 From: Will Szumski Date: Fri, 14 Feb 2025 09:58:14 +0000 Subject: [PATCH 5/6] Update bootstrap.yml --- ansible/bootstrap.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/ansible/bootstrap.yml b/ansible/bootstrap.yml index fa1373a64..5a7137c5e 100644 --- a/ansible/bootstrap.yml +++ b/ansible/bootstrap.yml @@ -53,7 +53,6 @@ name: proxy - hosts: chrony - gather_facts: false tags: chrony become: yes tasks: From c00db19a9759efcc011f5419989f3bc168657ddd Mon Sep 17 00:00:00 2001 From: Will Szumski Date: Thu, 20 Feb 2025 10:46:02 +0000 Subject: [PATCH 6/6] Address comments from code review --- docs/{configuration.md => chrony.md} | 6 +----- environments/common/inventory/groups | 2 +- environments/common/layouts/everything | 2 +- 3 files changed, 3 insertions(+), 7 deletions(-) rename docs/{configuration.md => chrony.md} (82%) diff --git a/docs/configuration.md b/docs/chrony.md similarity index 82% rename from docs/configuration.md rename to docs/chrony.md index 975061e80..0d6f8b100 100644 --- a/docs/configuration.md +++ b/docs/chrony.md @@ -1,8 +1,4 @@ -# Configuration - -This page provides configuration snippets for various services. - -## Chrony +# Chrony configuration Use variables from the [mrlesmithjr.chrony](https://github.com/mrlesmithjr/ansible-chrony) role. diff --git a/environments/common/inventory/groups b/environments/common/inventory/groups index 2b71a85a0..7fd73511d 100644 --- a/environments/common/inventory/groups +++ b/environments/common/inventory/groups @@ -170,4 +170,4 @@ extra_packages # Hosts to configure CA certificates and trusts on [chrony] -# Hosts where crony configuration is applied. See docs/configuration.md#Chrony for more details. +# Hosts where crony configuration is applied. See docs/chrony.md for more details. diff --git a/environments/common/layouts/everything b/environments/common/layouts/everything index e4e3183c2..5b325f108 100644 --- a/environments/common/layouts/everything +++ b/environments/common/layouts/everything @@ -115,4 +115,4 @@ builder # Hosts to configure CA certificates and trusts on [chrony] -# Hosts where crony configuration is applied. See docs/configuration.md#Chrony for more details. +# Hosts where crony configuration is applied. See docs/chrony.md for more details.