From a7639824bd02c156c7351572c9c654989b5e4c50 Mon Sep 17 00:00:00 2001
From: Gary Leung <87762948+hungfaileung@users.noreply.github.com>
Date: Tue, 31 Jan 2023 14:51:47 +0000
Subject: [PATCH] Install and configure Chrony (#119)

---
 _dependencies/defaults/main.yml |  8 +++++-
 config/handlers/main.yml        |  8 ++++++
 config/tasks/chrony.yml         | 43 +++++++++++++++++++++++++++++++++
 config/tasks/main.yml           |  4 +++
 4 files changed, 62 insertions(+), 1 deletion(-)
 create mode 100644 config/tasks/chrony.yml

diff --git a/_dependencies/defaults/main.yml b/_dependencies/defaults/main.yml
index cd318863..18d30da7 100644
--- a/_dependencies/defaults/main.yml
+++ b/_dependencies/defaults/main.yml
@@ -29,4 +29,10 @@ wait_for_dns: true
 canary_tidy_on_success: false
 
 # External DNS server for lookups when using external IPs (the default AWS resolver will resolve the VPC IPs)
-external_dns_resolver: "8.8.8.8"
\ No newline at end of file
+external_dns_resolver: "8.8.8.8"
+
+# Whether to install chrony (ntp client)
+chrony_install: yes
+
+# NTP servers for chrony
+ntp_servers: "{{ ['169.254.169.123 prefer iburst minpoll 4 maxpoll 4'] if cluster_vars.type == 'aws' else ['metadata.google.internal'] if cluster_vars.type == 'gcp' else ['pool.ntp.org'] }}"
diff --git a/config/handlers/main.yml b/config/handlers/main.yml
index fafd18e7..b76d16d6 100644
--- a/config/handlers/main.yml
+++ b/config/handlers/main.yml
@@ -14,3 +14,11 @@
     name: metricbeat
     state: restarted
     enabled: yes
+
+
+- name: Chrony | Restart and enable chrony
+  become: yes
+  service:
+    name: chronyd
+    state: restarted
+    enabled: yes
\ No newline at end of file
diff --git a/config/tasks/chrony.yml b/config/tasks/chrony.yml
new file mode 100644
index 00000000..766d6782
--- /dev/null
+++ b/config/tasks/chrony.yml
@@ -0,0 +1,43 @@
+---
+
+- name: Chrony | Install and Configure - Ubuntu
+  block:
+    - name: Chrony | Ubuntu install
+      become: yes
+      apt:
+        name: chrony
+        update_cache: yes
+        state: present
+  when: ansible_os_family == "Debian"
+
+- name: Chrony | Install and Configure - CentOS
+  block:
+    - name: Chrony | CentOS install
+      become: yes
+      yum:
+        name: chrony
+        state: present
+  when: ansible_os_family == "RedHat"
+
+- name: Configure Chrony
+  become: yes
+  copy:
+    dest: "/etc/{% if ansible_os_family == 'Debian'%}chrony/{% endif %}chrony.conf"
+    backup: yes
+    content: |-
+      {% for ntp_server in ntp_servers %}
+      server {{ ntp_server }}
+      {% endfor %}
+
+      {% if ansible_os_family == 'RedHat' %}
+      keyfile /etc/chrony.keys
+      {% else %}
+      keyfile /etc/chrony/chrony.keys
+      {% endif %}
+
+      driftfile /var/lib/chrony/chrony.drift
+      logdir /var/log/chrony
+      rtcsync
+      makestep 1 3
+  notify:
+    - Chrony | Restart and enable chrony
diff --git a/config/tasks/main.yml b/config/tasks/main.yml
index d5180dc8..2029f55d 100644
--- a/config/tasks/main.yml
+++ b/config/tasks/main.yml
@@ -85,6 +85,10 @@
   include_tasks: cloud_agents.yml
   when: (cloud_agent is defined and cloud_agent)
 
+- name: Install chrony (NTP client)
+  include_tasks: chrony.yml
+  when: chrony_install|bool
+
 - name: Update packages (when pkgupdate is defined)
   include_tasks: pkgupdate.yml
   when: pkgupdate is defined and (pkgupdate == 'always' or (pkgupdate == 'onCreate' and inventory_hostname in (hostvars['localhost'].cluster_hosts_created | json_query('[].hostname'))))