8.3.4. NTP

Current time server (NTP) is based on Chrony.

8.3.4.1. Important instructions before configuration

In case of a need, to force time synchronization on client side, use:

chronyc -a makestep

In case you need to test the server from a client without using local configuration, use:

chronyd -q 'server my_ntp_server_hostname_or_ip iburst'

8.3.4.2. Enable NTP on a network

The role will make the NTP server listen on services_ip address of the management network, or on any ip4 defined under ntp key in services, and allow queries on the whole related subnet/prefix:

networks:
  net-admin:
    subnet: 10.10.0.0
    prefix: 16
    dns_server: true
    services_ip: 10.10.0.1

Or:

networks:
  net-admin:
    subnet: 10.10.0.0
    prefix: 16
    dns_server: true
    services:
      ntp:
        - hostname: mgt1
          ip4: 10.10.0.1

As described in main services documentation page, services:ntp will precedence services_ip if both are set.

8.3.4.3. Configuration

8.3.4.3.1. Server or client

When deploying the time role on a node or a group of nodes, you need to specify if you wish to install a server or a client.

To do so, set variable time_profile to either server or client. This variable can be set in the inventory itself, or in the playbook.

For example, in the playbook of a management server node:

- role: bluebanquise.infrastructure.time
  vars:
    time_profile: server

And in the playbook of a non management server node, so a client node:

- role: bluebanquise.infrastructure.time
  vars:
    time_profile: client

8.3.4.3.2. Time zone

By default, role will use the time_time_zone or bb_time_zone variables to get time zone to be set on the target system. Default is Europe/Brussels. Please set this value according to your cluster localization.

Note that variable time_time_zone will precedence global variable bb_time_zone if set.

Note

To get the full list of supported time zones of your system, use command timedatectl list-timezones.

8.3.4.3.3. Allowed networks

By default, the role will scan target host inventory network_interfaces list, and allow access to all management networks connected to the host.

It is possible to allow more networks by using the time_additional_networks_allowed list. Allowed networks must be provided as subnet/prefix format:

time_additional_networks_allowed:
  - 10.10.0.0/16
  - 172.16.1.0/24

8.3.4.3.4. External time servers and pools

It is possible to configure external time sources for clients or servers using dedicated variables:

time_external_pools:
  - pool.ntp.org
time_external_servers:
  - 0.pool.ntp.org
  - 1.pool.ntp.org

pools and servers are mutually exclusive. If you define both, the role will default to pools to write the Chrony configuration.

Not that by defining these external resources, role will not add binding to local servers.

It is possible to not install any time server but simply bind clients to an external pool/server using this method (but at the cost of bandwith usage).