Update to 2021-12-01 19:13

roles/ntp_client/defaults/main.yml

@@ -0,0 +1,10 @@
+---
+# NTP Settings
+ntp_src_ip: []
+ntp_port: 123
+ntp_servers:
+  - 0.centos.pool.ntp.org
+  - 1.centos.pool.ntp.org
+  - 2.centos.pool.ntp.org
+  - 3.centos.pool.ntp.org
+...

roles/ntp_client/handlers/main.yml

@@ -0,0 +1,7 @@
+---
+
+- name: restart ntpd
+  service: name={{ ntp_ntpd_service }} state=restarted
+
+- name: restart chrony
+  service: name={{ ntp_chrony_service }} state=restarted

roles/ntp_client/tasks/main.yml

@@ -0,0 +1,53 @@
+---
+
+- include_vars: "{{ item }}"
+  with_first_found:
+    - vars/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml
+    - vars/{{ ansible_os_family }}-{{ ansible_distribution_major_version }}.yml
+    - vars/{{ ansible_distribution }}.yml
+    - vars/{{ ansible_os_family }}.yml
+  tags: ntp
+
+- name: Check if systemd-timesyncd is available
+  stat: path=/lib/systemd/systemd-timesyncd
+  register: systemd_timesyncd
+  tags: ntp
+
+- name: Disable systemd-timesyncd
+  service: name=systemd-timesyncd state=stopped enabled=False
+  when: systemd_timesyncd.stat.exists
+  tags: ntp
+
+- name: Install Chrony
+  package: name=chrony
+  tags: ntp
+
+- name: Deploy chrony configuration
+  template: src=chrony.conf.j2 dest={{ ntp_chrony_conf }}
+  notify: restart chrony
+  tags: ntp
+
+  # Always close port, it's only used as a server on samba DC, where port 123 is opened
+  # by the samba role
+- name: Handle ntpd port
+  iptables_raw:
+    name: ntpd_port
+    state: absent
+  when: iptables_manage | default(True)
+  tags: ntp
+
+- name: Check if ntpd is installed
+  stat: path=/lib/systemd/system/{{ ntp_ntpd_service }}.service
+  register: ntp_unit
+  tags: ntp
+
+  # If ntpd is installed, stop and disable it
+- name: Handle ntpd service
+  service: name={{ ntp_ntpd_service }} state=stopped enabled=False
+  when: ntp_unit.stat.exists
+  tags: ntp
+
+- name: Start and enable chrony
+  service: name={{ ntp_chrony_service }} state=started enabled=True
+  tags: ntp
+

roles/ntp_client/templates/chrony.conf.j2

@@ -0,0 +1,12 @@
+{% for server in ntp_servers %}
+server {{ server }} iburst
+{% endfor %}
+keyfile {{ ntp_chrony_keyfile }}
+driftfile /var/lib/chrony/drift
+makestep 1.0 3
+rtcsync
+{% if samba_role is defined and samba_role in ['dc','rodc'] %}
+# Running Samba DC
+ntpsigndsocket /var/lib/samba/ntp_signd
+allow all
+{% endif %}

roles/ntp_client/vars/Debian-10.yml

@@ -0,0 +1,6 @@
+---
+
+ntp_ntpd_service: ntp
+ntp_chrony_service: chrony
+ntp_chrony_conf: /etc/chrony/chrony.conf
+ntp_chrony_keyfile: /etc/chrony/chrony.keys

roles/ntp_client/vars/Debian-11.yml

@@ -0,0 +1,6 @@
+---
+
+ntp_ntpd_service: ntp
+ntp_chrony_service: chrony
+ntp_chrony_conf: /etc/chrony/chrony.conf
+ntp_chrony_keyfile: /etc/chrony/chrony.keys

roles/ntp_client/vars/Debian-8.yml

@@ -0,0 +1,6 @@
+---
+
+ntp_ntpd_service: ntp
+ntp_chrony_service: chrony
+ntp_chrony_conf: /etc/chrony/chrony.conf
+ntp_chrony_keyfile: /etc/chrony/chrony.keys

roles/ntp_client/vars/Debian-9.yml

@@ -0,0 +1,6 @@
+---
+
+ntp_ntpd_service: ntp
+ntp_chrony_service: chrony
+ntp_chrony_conf: /etc/chrony/chrony.conf
+ntp_chrony_keyfile: /etc/chrony/chrony.keys

roles/ntp_client/vars/RedHat-7.yml

@@ -0,0 +1,6 @@
+---
+
+ntp_ntpd_service: ntpd
+ntp_chrony_service: chronyd
+ntp_chrony_conf: /etc/chrony.conf
+ntp_chrony_keyfile: /etc/chrony.keys

roles/ntp_client/vars/RedHat-8.yml

@@ -0,0 +1,6 @@
+---
+
+ntp_ntpd_service: ntpd
+ntp_chrony_service: chronyd
+ntp_chrony_conf: /etc/chrony.conf
+ntp_chrony_keyfile: /etc/chrony.keys

roles/ntp_client/vars/Ubuntu-20.yml

@@ -0,0 +1,6 @@
+---
+
+ntp_ntpd_service: ntp
+ntp_chrony_service: chrony
+ntp_chrony_conf: /etc/chrony/chrony.conf
+ntp_chrony_keyfile: /etc/chrony/chrony.keys