Overview

I already have a configured and working chrony on my management server. Now i would like to assure this management server to be the one and only time source for all hosts in my lab and that the timezone on the servers are set correctly.
As the hosts are quite old and sometimes might loose their bios information completely, i added some steps to assure time is set correctly no matter how much server time and real time differ.

configuring timezone, ntp, and hwclock

You do not find to much variables and to much fancy voodoo inside this playbook to keep things simple.

In the playbook you will also find some changes on the local firewall of the management server. This needed to be done, so the clients can reach the master time server.

Please note the following grouping:

  • manager – only the management host (recognized  as not being part of the DCs) (has the ip address 172.16.20.1)
  • servers – all servers in my datacenter(s), except the management host
# cat /etc/ansible/ntp_playbook.yml 
# ntp playbook - first attempt

- hosts: manager
  tasks:
  - name: allow ntp through firewall
    shell: firewall-cmd --add-service=ntp --permanent

  - name: firewall reload
    shell: firewall-cmd --reload

  - name: Make sure Chrony is started up
    service: name=chronyd state=running enabled=yes
    tags: chrony
 
- hosts: servers
  tasks:
  - name: set timezone
    shell: timedatectl set-timezone Europe/Berlin

  - name: Install NTP
    yum: name=ntp state=installed 
    tags: ntp
 
  - name: Copy over the NTP configuration
    template: src=./templates/ntp.conf dest=/etc/ntp.conf
    notify:
    - restart ntpd
    tags: ntp
 
  - name: Make sure NTP is stopped
    service: name=ntpd state=stopped enabled=yes
    tags: ntp
 
  - name: Sync time initialy
    shell: ntpdate 172.16.20.1
    tags: ntp

  - name: Make sure NTP is started up
    service: name=ntpd state=running enabled=yes
    tags: ntp

  - name: Sync hwclock
    shell: hwclock -w
    tags: ntp

  handlers:
  - name: restart ntpd
    service: name=ntpd state=restarted

For this to work we need the source ntp.conf file (here you find a version without any comments):

# cat /etc/ansible/templates/ntp.conf
driftfile /var/lib/ntp/drift

restrict default nomodify notrap nopeer noquery

restrict 127.0.0.1 
restrict ::1

server 172.16.20.1 iburst

includefile /etc/ntp/crypto/pw

keys /etc/ntp/keys

disable monitor

And the command to run this playbook:

# ansible-playbook /etc/ansible/ntp_playbook.yml

Conclusion

All servers now run in the same timezone, they have their  ntp server configured correctly and activated. The hw clock was adjusted, so that boot messages are recorded with reasonable time stamps as well.