diff --git a/playbooks/roles/base-server/defaults/main.yaml b/playbooks/roles/base-server/defaults/main.yaml index 84abd845ae..49996d0a2d 100644 --- a/playbooks/roles/base-server/defaults/main.yaml +++ b/playbooks/roles/base-server/defaults/main.yaml @@ -7,7 +7,6 @@ base_packages: - git - logrotate - lvm2 - - ntp - openssh-server - parted - rsync diff --git a/playbooks/roles/base-server/tasks/Debian.yaml b/playbooks/roles/base-server/tasks/Debian.yaml index 8857e4211c..94ca0dac75 100644 --- a/playbooks/roles/base-server/tasks/Debian.yaml +++ b/playbooks/roles/base-server/tasks/Debian.yaml @@ -1,3 +1,26 @@ +# NOTE(ianw) There are ordering issues with this. Hopefully when +# we're bionic only we can just remove ntp +- name: Install NTP + when: ansible_distribution_version is version('18.04', '<') + block: + - name: Install ntp + package: + name: ntp + state: present + + - name: Ensure NTP service is running + service: + name: ntp + enabled: yes + state: started + +- name: Ensure systemd-timesyncd is running + service: + name: systemd-timesyncd + enabled: yes + state: started + when: ansible_distribution_version is version('18.04', '>=') + - name: Remove packages that make no sense for our servers package: name: diff --git a/playbooks/roles/base-server/tasks/RedHat.yaml b/playbooks/roles/base-server/tasks/RedHat.yaml index 174fd7c333..1b7eec027e 100644 --- a/playbooks/roles/base-server/tasks/RedHat.yaml +++ b/playbooks/roles/base-server/tasks/RedHat.yaml @@ -3,6 +3,17 @@ # the sync process can happen in ntpd. As a result, if ntpdate is not # running, ntpd will start but fail to sync because of DNS is not properly # setup. +# +# NOTE(ianw): NTP ordering is further broken on other distros too. +# The more supported path is probably chrony on RHEL-ish distros. On +# others, systemd-timesyncd. Leaving this alone, but centos8 era +# should reconsider. +- name: Ensure NTP service is running + service: + name: ntpd + enabled: yes + state: started + - name: Ensure ntpdate service is running service: name: ntpdate diff --git a/playbooks/roles/base-server/tasks/Ubuntu.xenial.aarch64.yaml b/playbooks/roles/base-server/tasks/Ubuntu.xenial.aarch64.yaml index dbccb4cf57..351a33bee2 100644 --- a/playbooks/roles/base-server/tasks/Ubuntu.xenial.aarch64.yaml +++ b/playbooks/roles/base-server/tasks/Ubuntu.xenial.aarch64.yaml @@ -1,3 +1,16 @@ +# NOTE(ianw) There are ordering issues with this. Hopefully when +# we're bionic only we can just remove ntp +- name: Install ntp + package: + name: ntp + state: present + +- name: Ensure NTP service is running + service: + name: ntp + enabled: yes + state: started + - name: Install HWE kernel for arm64 apt: name: linux-generic-hwe-16.04 diff --git a/playbooks/roles/base-server/tasks/main.yaml b/playbooks/roles/base-server/tasks/main.yaml index c4f4f7c330..7c78ad2818 100644 --- a/playbooks/roles/base-server/tasks/main.yaml +++ b/playbooks/roles/base-server/tasks/main.yaml @@ -58,12 +58,6 @@ src: bash-history.sh dest: /etc/profile.d/bash-history.sh -- name: Ensure NTP service is running - service: - name: "{{ ntp_service_name }}" - enabled: yes - state: started - - name: Include OS-specific tasks include_tasks: "{{ lookup('first_found', file_list) }}" vars: diff --git a/playbooks/roles/base-server/vars/Debian.yaml b/playbooks/roles/base-server/vars/Debian.yaml index bc89370a3c..a83321a046 100644 --- a/playbooks/roles/base-server/vars/Debian.yaml +++ b/playbooks/roles/base-server/vars/Debian.yaml @@ -8,4 +8,3 @@ distro_packages: - mailutils sftp_path: /usr/lib/openssh/sftp-server ssh_service_name: ssh -ntp_service_name: ntp diff --git a/playbooks/roles/base-server/vars/RedHat.yaml b/playbooks/roles/base-server/vars/RedHat.yaml index ce56b09ccf..5e5718069e 100644 --- a/playbooks/roles/base-server/vars/RedHat.yaml +++ b/playbooks/roles/base-server/vars/RedHat.yaml @@ -5,10 +5,11 @@ distro_packages: # Utils in ntp-perl are included in Debian's ntp package; we # add it here for consistency. See also # https://tickets.puppetlabs.com/browse/MODULES-3660 + - ntp - ntp-perl - ntpdate - vim-minimal - yum-cron sftp_path: /usr/libexec/openssh/sftp-server ssh_service_name: sshd -ntp_service_name: ntpd + diff --git a/playbooks/roles/base-server/vars/Ubuntu.trusty.yaml b/playbooks/roles/base-server/vars/Ubuntu.trusty.yaml index f88022c010..36b9475e0b 100644 --- a/playbooks/roles/base-server/vars/Ubuntu.trusty.yaml +++ b/playbooks/roles/base-server/vars/Ubuntu.trusty.yaml @@ -8,4 +8,3 @@ distro_packages: - mailutils sftp_path: /usr/lib/openssh/sftp-server ssh_service_name: ssh -ntp_service_name: ntp diff --git a/playbooks/roles/base-server/vars/Ubuntu.xenial.yaml b/playbooks/roles/base-server/vars/Ubuntu.xenial.yaml index f6ea54757c..2d13214ec1 100644 --- a/playbooks/roles/base-server/vars/Ubuntu.xenial.yaml +++ b/playbooks/roles/base-server/vars/Ubuntu.xenial.yaml @@ -13,4 +13,3 @@ distro_packages: - python sftp_path: /usr/lib/openssh/sftp-server ssh_service_name: ssh -ntp_service_name: ntp diff --git a/testinfra/test_base.py b/testinfra/test_base.py index 0256961529..8560afcd41 100644 --- a/testinfra/test_base.py +++ b/testinfra/test_base.py @@ -82,12 +82,20 @@ def test_ntp(host): package = host.package("ntp") assert package.is_installed - if host.system_info.distribution in ['ubuntu', 'debian']: - service = host.service("ntp") + if host.system_info.codename != 'bionic': + if host.system_info.distribution in ['ubuntu', 'debian']: + service = host.service("ntp") + else: + service = host.service("ntpd") + assert service.is_running + assert service.is_enabled + else: - service = host.service("ntpd") - assert service.is_running - assert service.is_enabled + service = host.service('systemd-timesyncd') + assert service.is_running + + cmd = host.run("timedatectl status") + assert 'systemd-timesyncd.service active: yes' in cmd.stdout def test_snmp(host):