Red Hat SummitChapter 21. Configuring time synchronization by using the timesync RHEL System Role
With the timesync RHEL System Role, you can manage time synchronization on multiple target machines on RHEL using Red Hat Ansible Automation Platform.
21.1. The timesync RHEL System Role
You can manage time synchronization on multiple target machines using the timesync RHEL System Role.
The timesync role installs and configures an NTP or PTP implementation to operate as an NTP client or PTP replica in order to synchronize the system clock with NTP servers or grandmasters in PTP domains.
Note that using the timesync role also facilitates the migration to chrony, because you can use the same playbook on all versions of Red Hat Enterprise Linux starting with RHEL 6 regardless of whether the system uses ntp or chrony to implement the NTP protocol.
21.2. Applying the timesync System Role for a single pool of servers
The following example shows how to apply the timesync role in a situation with just one pool of servers.
The timesync role replaces the configuration of the given or detected provider service on the managed host. Previous settings are lost, even if they are not specified in the role variables. The only preserved setting is the choice of provider if the timesync_ntp_provider variable is not defined.
Prerequisites
- The Ansible Core package is installed on the control machine.
-
You have the
rhel-system-rolespackage installed on the system from which you want to run the playbook. -
You have an inventory file which lists the systems on which you want to deploy
timesyncSystem Role.
Procedure
Create a new
playbook.ymlfile with the following content:--- - hosts: timesync-test vars: timesync_ntp_servers: - hostname: 2.rhel.pool.ntp.org pool: yes iburst: yes roles: - rhel-system-roles.timesyncOptional: Verify playbook syntax.
# ansible-playbook --syntax-check playbook.ymlRun the playbook on your inventory file:
# ansible-playbook -i inventory_file /path/to/file/playbook.yml
21.3. Applying the timesync System Role on client servers
You can use the timesync role to enable Network Time Security (NTS) on NTP clients. Network Time Security (NTS) is an authentication mechanism specified for Network Time Protocol (NTP). It verifies that NTP packets exchanged between the server and client are not altered.
The timesync role replaces the configuration of the given or detected provider service on the managed host. Previous settings are lost even if they are not specified in the role variables. The only preserved setting is the choice of provider if the timesync_ntp_provider variable is not defined.
Prerequisites
-
You do not have to have Red Hat Ansible Automation Platform installed on the systems on which you want to deploy the
timesyncsolution. -
You have the
rhel-system-rolespackage installed on the system from which you want to run the playbook. -
You have an inventory file which lists the systems on which you want to deploy the
timesyncSystem Role. -
The
chronyNTP provider version is 4.0 or later.
Procedure
Create a
playbook.ymlfile with the following content:--- - hosts: timesync-test vars: timesync_ntp_servers: - hostname: ptbtime1.ptb.de iburst: yes nts: yes roles: - rhel-system-roles.timesyncptbtime1.ptb.deis an example of public server. You may want to use a different public server or your own server.Optional: Verify playbook syntax.
# ansible-playbook --syntax-check playbook.ymlRun the playbook on your inventory file:
# ansible-playbook -i inventory_file /path/to/file/playbook.yml
Verification
Perform a test on the client machine:
# chronyc -N authdata Name/IP address Mode KeyID Type KLen Last Atmp NAK Cook CLen ===================================================================== ptbtime1.ptb.de NTS 1 15 256 157 0 0 8 100- Check that the number of reported cookies is larger than zero.
21.4. timesync System Roles variables
You can pass the following variable to the timesync role:
-
timesync_ntp_servers:
| Role variable settings | Description |
|---|---|
| hostname: host.example.com | Hostname or address of the server |
| minpoll: number | Minimum polling interval. Default: 6 |
| maxpoll: number | Maximum polling interval. Default: 10 |
| iburst: yes | Flag enabling fast initial synchronization. Default: no |
| pool: yes | Flag indicating that each resolved address of the hostname is a separate NTP server. Default: no |
| nts: yes | Flag to enable Network Time Security (NTS). Default: no. Supported only with chrony >= 4.0. |
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}