Questo contenuto non è disponibile nella lingua selezionata.
Chapter 21. Configuring time synchronization by using the timesync RHEL System Role
With the timesync
RHEL System Role, you can manage time synchronization on multiple target machines on RHEL using Red Hat Ansible Automation Platform.
21.1. The timesync
RHEL System Role
You can manage time synchronization on multiple target machines using the timesync
RHEL System Role.
The timesync
role installs and configures an NTP or PTP implementation to operate as an NTP client or PTP replica in order to synchronize the system clock with NTP servers or grandmasters in PTP domains.
Note that using the timesync
role also facilitates the migration to chrony, because you can use the same playbook on all versions of Red Hat Enterprise Linux starting with RHEL 6 regardless of whether the system uses ntp
or chrony
to implement the NTP protocol.
21.2. Applying the timesync
System Role for a single pool of servers
The following example shows how to apply the timesync
role in a situation with just one pool of servers.
The timesync
role replaces the configuration of the given or detected provider service on the managed host. Previous settings are lost, even if they are not specified in the role variables. The only preserved setting is the choice of provider if the timesync_ntp_provider
variable is not defined.
Prerequisites
- The Ansible Core package is installed on the control machine.
-
You have the
rhel-system-roles
package installed on the system from which you want to run the playbook. -
You have an inventory file which lists the systems on which you want to deploy
timesync
System Role.
Procedure
Create a new
playbook.yml
file with the following content:--- - hosts: timesync-test vars: timesync_ntp_servers: - hostname: 2.rhel.pool.ntp.org pool: yes iburst: yes roles: - rhel-system-roles.timesync
Optional: Verify playbook syntax.
# ansible-playbook --syntax-check playbook.yml
Run the playbook on your inventory file:
# ansible-playbook -i inventory_file /path/to/file/playbook.yml
21.3. Applying the timesync
System Role on client servers
You can use the timesync
role to enable Network Time Security (NTS) on NTP clients. Network Time Security (NTS) is an authentication mechanism specified for Network Time Protocol (NTP). It verifies that NTP packets exchanged between the server and client are not altered.
The timesync
role replaces the configuration of the given or detected provider service on the managed host. Previous settings are lost even if they are not specified in the role variables. The only preserved setting is the choice of provider if the timesync_ntp_provider
variable is not defined.
Prerequisites
-
You do not have to have Red Hat Ansible Automation Platform installed on the systems on which you want to deploy the
timesync
solution. -
You have the
rhel-system-roles
package installed on the system from which you want to run the playbook. -
You have an inventory file which lists the systems on which you want to deploy the
timesync
System Role. -
The
chrony
NTP provider version is 4.0 or later.
Procedure
Create a
playbook.yml
file with the following content:--- - hosts: timesync-test vars: timesync_ntp_servers: - hostname: ptbtime1.ptb.de iburst: yes nts: yes roles: - rhel-system-roles.timesync
ptbtime1.ptb.de
is an example of public server. You may want to use a different public server or your own server.Optional: Verify playbook syntax.
# ansible-playbook --syntax-check playbook.yml
Run the playbook on your inventory file:
# ansible-playbook -i inventory_file /path/to/file/playbook.yml
Verification
Perform a test on the client machine:
# chronyc -N authdata Name/IP address Mode KeyID Type KLen Last Atmp NAK Cook CLen ===================================================================== ptbtime1.ptb.de NTS 1 15 256 157 0 0 8 100
- Check that the number of reported cookies is larger than zero.
Additional resources
-
chrony.conf(5)
man page
21.4. timesync
System Roles variables
You can pass the following variable to the timesync
role:
-
timesync_ntp_servers
:
Role variable settings | Description |
---|---|
hostname: host.example.com | Hostname or address of the server |
minpoll: number | Minimum polling interval. Default: 6 |
maxpoll: number | Maximum polling interval. Default: 10 |
iburst: yes | Flag enabling fast initial synchronization. Default: no |
pool: yes | Flag indicating that each resolved address of the hostname is a separate NTP server. Default: no |
nts: yes | Flag to enable Network Time Security (NTS). Default: no. Supported only with chrony >= 4.0. |
Additional resources
-
For a detailed reference on
timesync
role variables, install the rhel-system-roles package, and see the README.md or README.html files in the/usr/share/doc/rhel-system-roles/timesync
directory.