Merge branch 'Alphix-ntp-fixes'

debops · Jan 11, 2023 · beb6300 · beb6300
2 parents eea3870 + 794286d
commit beb6300
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 7 deletions.
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
@@ -264,6 +264,16 @@ General
   :command:`nginx` should be able to resolve upstream services specified via
   DNS names at startup.
 
+:ref:`debops.ntp` role
+''''''''''''''''''''''
+
+- The default NTP daemon used on hosts with the :command:`systemd` service
+  manager will be :command:`systemd-timesyncd`. Existing systems with
+  a different NTP server should not be affected by this change.
+
+- The role should better detect Linux Container environment and not try to
+  install an NTP daemon inside of a container.
+
 :ref:`debops.pki` role
 ''''''''''''''''''''''
 

diff --git a/ansible/roles/ntp/defaults/main.yml b/ansible/roles/ntp/defaults/main.yml
@@ -25,11 +25,14 @@
 # If ``True``, role will install and configure an NTP daemon. The daemon is not
 # required in containerized environments, where the host takes care for setting
 # time accurately.
-ntp__daemon_enabled: '{{ "True" if (ntp__daemon | d() and
-                                    ((ansible_system_capabilities_enforced | d()) | bool and
-                                      "cap_sys_time" in ansible_system_capabilities) or
-                                     not (ansible_system_capabilities_enforced | d(True)) | bool)
-                                else "False" }}'
+ntp__daemon_enabled: '{{ "True"
+                         if (ntp__daemon | d(False) and
+                             not (ansible_virtualization_role | d("") == "guest" and
+                                  ansible_virtualization_type | d("")
+                                    in ["container", "lxc"]) and
+                             not (ansible_system_capabilities_enforced | d(True) and
+                                  "cap_sys_time" not in ansible_system_capabilities))
+                         else "False" }}'
 
                                                                    # ]]]
 # .. envvar:: ntp__daemon [[[
@@ -48,8 +51,7 @@ ntp__daemon_enabled: '{{ "True" if (ntp__daemon | d() and
 ntp__daemon: '{{ (ansible_local.ntp.daemon
                   if (ansible_local.ntp.daemon | d())
                   else ("systemd-timesyncd"
-                        if (ansible_distribution == "Ubuntu" and
-                            ansible_service_mgr == "systemd")
+                        if (ansible_service_mgr == "systemd")
                         else "openntpd")) }}'
 
                                                                    # ]]]
@@ -131,6 +133,9 @@ ntp__base_packages:
   - '{{ "chrony" if (ntp__daemon == "chrony") else [] }}'
   - '{{ "ntp" if (ntp__daemon == "ntpd") else [] }}'
   - '{{ "openntpd" if (ntp__daemon == "openntpd") else [] }}'
+  - '{{ "systemd-timesyncd" if (ntp__daemon == "systemd-timesyncd" and
+                                ansible_distribution_release
+                                not in ["stretch", "buster"]) else [] }}'
   - '{{ "ntpdate" if (ntp__daemon == "ntpdate") else [] }}'
 
 
@@ -149,6 +154,7 @@ ntp__purge_packages:
   - '{{ "chrony" if (ntp__daemon != "chrony") else [] }}'
   - '{{ "ntp" if (ntp__daemon not in ["ntpd", "openntpd"]) else [] }}'
   - '{{ "openntpd" if (ntp__daemon != "openntpd") else [] }}'
+  - '{{ "systemd-timesyncd" if (ntp__daemon != "systemd-timesyncd") else [] }}'
   - '{{ "ntpdate" if (ntp__daemon != "ntpdate" and
                       not ntp__ignore_ntpdate | bool) else [] }}'
                                                                    # ]]]