You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
While volunteering at my local community radio station rabe I found myself writing a smallish wrapper role to to the linux-system-roles/timesync role to automate our deploy on a FreeIPA based domain.
Similar to what ipa-client-install does I found the DNS SRV records to be a handy way to get to the needed information. At the core of my PoC role is the following:
- name: "Find ntp servers in SRV records"set_fact:
rabe_ntp_servers: "{{ lookup('dig', '_ntp._udp.' + rabe_int_domain + './SRV', 'flat=0') | json_query('[*].target') }}"
- name: "Format dns results for linux-system-roles.timesync"set_fact:
rabe_lsr_timesync_ntp_servers: "{{rabe_lsr_timesync_ntp_servers|default([]) + [ {'hostname': item, 'iburst':true} ] }}"with_items: "{{ rabe_ntp_servers }}"
- name: "Configure ntp using galaxy role and variables from dns"include_role:
name: linux-system-roles.timesyncvars:
ntp_servers: "{{ rabe_lsr_timesync_ntp_servers }}"
After having implemented that I started thinking of adding full discovery based on ansible_fqdn by doing a lookup on the _kerberos TXT record to form the actual lookup.
Would this be a feature that you would welcome in a pull request? I was thinking that the feature would off by default but easily activated by using an ipa=true var.
I'm not sure if PTP is relevant to this case. I am planning our own PTP rollout but it seems to have it's own discovery protocols that are semi standardized. Any input on howto PTP are gladly appreciated and I'd add what's needed to an eventual IPA support PR.
I'd like to add this feature to your upstream repo. Let me know if you're ok with that and I'll refactor my code intro something PR worthy.
Thanks for coding what seems to be the most complete timesync module in the galaxy 😜
Lucas
The text was updated successfully, but these errors were encountered:
Would it make sense to support a new variable in the server specification for DNS SRV? Or maybe just specify _ntp._udp.* names as hostnames and let the role translate them to addresses?
Ideally, I think SRV records should be handled by the NTP implementations and the role wouldn't have to know anything about that.
Also, there is some support for SRV records in the Fedora/RHEL/CentOS packages of chrony (in /usr/libexec/chrony-helper), which uses systemd timers to periodically refresh the address. The role could possible use that too.
Hi linux-system-roles community
While volunteering at my local community radio station rabe I found myself writing a smallish wrapper role to to the linux-system-roles/timesync role to automate our deploy on a FreeIPA based domain.
Similar to what ipa-client-install does I found the DNS SRV records to be a handy way to get to the needed information. At the core of my PoC role is the following:
After having implemented that I started thinking of adding full discovery based on
ansible_fqdn
by doing a lookup on the_kerberos
TXT record to form the actual lookup.Would this be a feature that you would welcome in a pull request? I was thinking that the feature would off by default but easily activated by using an
ipa=true
var.I'm not sure if PTP is relevant to this case. I am planning our own PTP rollout but it seems to have it's own discovery protocols that are semi standardized. Any input on howto PTP are gladly appreciated and I'd add what's needed to an eventual IPA support PR.
I'd like to add this feature to your upstream repo. Let me know if you're ok with that and I'll refactor my code intro something PR worthy.
Thanks for coding what seems to be the most complete timesync module in the galaxy 😜
Lucas
The text was updated successfully, but these errors were encountered: