Search

Chapter 29. Configuring time synchronization by using the RHEL system role

download PDF

With the timesync RHEL system role, you can manage time synchronization on multiple target machines on RHEL using Red Hat Ansible Automation Platform.

29.1. The timesync RHEL system role

You can manage time synchronization on multiple target machines using the timesync RHEL system role.

The timesync role installs and configures an NTP or PTP implementation to operate as an NTP client or PTP replica in order to synchronize the system clock with NTP servers or grandmasters in PTP domains.

Note that using the timesync role also facilitates the Migrating to chrony, because you can use the same playbook on all versions of Red Hat Enterprise Linux starting with RHEL 6 regardless of whether the system uses ntp or chrony to implement the NTP protocol.

  • /usr/share/ansible/roles/rhel-system-roles.timesync/README.md file
  • /usr/share/doc/rhel-system-roles/timesync/ directory

29.2. Applying the timesync RHEL system role for a single pool of servers

The following example shows how to apply the timesync role in a situation with just one pool of servers.

Warning

The timesync role replaces the configuration of the given or detected provider service on the managed host. Previous settings are lost, even if they are not specified in the role variables. The only preserved setting is the choice of provider if the timesync_ntp_provider variable is not defined.

Prerequisites

Procedure

  1. Create a playbook file, for example ~/playbook.yml, with the following content:

    ---
    - name: Manage time synchronization
      hosts: managed-node-01.example.com
      roles:
        - rhel-system-roles.timesync
      vars:
        timesync_ntp_servers:
          - hostname: 2.rhel.pool.ntp.org
            pool: yes
            iburst: yes
  2. Validate the playbook syntax:

    $ ansible-playbook --syntax-check ~/playbook.yml

    Note that this command only validates the syntax and does not protect against a wrong but valid configuration.

  3. Run the playbook:

    $ ansible-playbook ~/playbook.yml

Additional resources

  • /usr/share/ansible/roles/rhel-system-roles.timesync/README.md file
  • /usr/share/doc/rhel-system-roles/timesync/ directory

29.3. Applying the timesync RHEL system role on client servers

You can use the timesync role to enable Network Time Security (NTS) on NTP clients. Network Time Security (NTS) is an authentication mechanism specified for Network Time Protocol (NTP). It verifies that NTP packets exchanged between the server and client are not altered.

Warning

The timesync role replaces the configuration of the given or detected provider service on the managed host. Previous settings are lost even if they are not specified in the role variables. The only preserved setting is the choice of provider if the timesync_ntp_provider variable is not defined.

Prerequisites

  • You have prepared the control node and the managed nodes.
  • You are logged in to the control node as a user who can run playbooks on the managed nodes.
  • The account you use to connect to the managed nodes has sudo permissions on them.
  • The chrony NTP provider version is 4.0 or later.

Procedure

  1. Create a playbook file, for example ~/playbook.yml, with the following content:

    ---
    - name: Enable Network Time Security on NTP clients
      hosts: managed-node-01.example.com
      roles:
        - rhel-system-roles.timesync
      vars:
        timesync_ntp_servers:
          - hostname: ptbtime1.ptb.de
            iburst: yes
            nts: yes

    ptbtime1.ptb.de is an example of a public server. You may want to use a different public server or your own server.

  2. Validate the playbook syntax:

    $ ansible-playbook --syntax-check ~/playbook.yml

    Note that this command only validates the syntax and does not protect against a wrong but valid configuration.

  3. Run the playbook:

    $ ansible-playbook ~/playbook.yml

Verification

  1. Perform a test on the client machine:

    # chronyc -N authdata
    
    Name/IP address         Mode KeyID Type KLen Last Atmp  NAK Cook CLen
    =====================================================================
    ptbtime1.ptb.de         NTS     1   15  256  157    0    0    8  100
  2. Check that the number of reported cookies is larger than zero.

Additional resources

  • /usr/share/ansible/roles/rhel-system-roles.timesync/README.md file
  • /usr/share/doc/rhel-system-roles/timesync/ directory
Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.