Configure your Chrony daemon with an Ansible playbook

Image by Alexas_Fotos from Pixabay
Chrony is a Network Time Protocol (NTP) daemon and a replacement for the ntpd (Network Time Protocol daemon) that's standard on most *nix systems. Chrony is a newer implementation of the NTP that usually updates time faster and is more accurate than ntpd.
In this example, you've set all necessary settings in your /etc/chrony.conf
, and now you want to use this configuration on all your hosts. You can turn the configuration file into an Ansible template and deploy it.
Create a playbook
Assuming that your /etc/chrony.conf
looks similar to the following:
server 192.168.0.1 iburst
server 192.168.0.2 iburst
stratumweight 0
driftfile /var/lib/chrony/drift
rtcsync
makestep 10 3
bindcmdaddress 127.0.0.1
bindcmdaddress ::1
keyfile /etc/chrony.keys
commandkey 1
generatecommandkey
noclientlog
logchange 0.5
logdir /var/log/chrony
To deploy this configuration to other hosts using Ansible, copy this file to /some/full/path/chrony.conf.j2
on your Ansible control node. Then you can use the following playbook to deploy it to all your managed hosts.
---
- hosts: all
tasks:
- name: make sure chronyd is installed
yum:
name: chrony
state: latest
update_cache: yes
- name: deploy chrony.conf template
template:
src: /some/full/path/chrony.conf.j2
dest: /etc/chrony.conf
owner: root
group: root
mode: 0644
backup: yes
- name: Restart chronyd
service:
name: chronyd
state: restarted
This playbook first makes sure that chrony
is installed. That's important because you won't have a /etc/chrony.conf
if the service is missing. The second task uses the Ansible template module to deploy your configuration to your hosts. In this example, it copies the exact file to the hosts and sets owner and permission settings. It makes a backup from an existing file before replacing it. And last but not least, the service restarts to make sure the desired configuration file will be used.
Wrap up
Of course, you could use a cron job to run this playbook, once a day or every 30 minutes, for example, to be sure any changes to the file get reset to your desired configuration. You can do this for any system service or configuration file on your systems where consistency is required among all hosts.
[ Need more on Ansible? Take a free technical overview course from Red Hat. Ansible Essentials: Simplicity in Automation Technical Overview. ]




Jörg Kastning
Jörg has been a Sysadmin for over ten years now. His fields of operation include Virtualization (VMware), Linux System Administration and Automation (RHEL), Firewalling (Forcepoint), and Loadbalancing (F5). More about me