Chapter 26. Configuring time synchronization by using the timesync RHEL system role
With the timesync RHEL system role, you can manage time synchronization on multiple target machines on RHEL using Red Hat Ansible Automation Platform.
26.1. The timesync RHEL system role
You can manage time synchronization on multiple target machines using the timesync RHEL system role.
The timesync role installs and configures an NTP or PTP implementation to operate as an NTP client or PTP replica in order to synchronize the system clock with NTP servers or grandmasters in PTP domains.
Note that using the timesync role also facilitates the Migrating to chrony, because you can use the same playbook on all versions of Red Hat Enterprise Linux starting with RHEL 6 regardless of whether the system uses ntp or chrony to implement the NTP protocol.
-
/usr/share/ansible/roles/rhel-system-roles.timesync/README.mdfile -
/usr/share/doc/rhel-system-roles/timesync/directory
26.2. Variables of the timesync system role
You can pass the following variable to the timesync role:
-
timesync_ntp_servers:
| Role variable settings | Description |
|---|---|
| hostname: host.example.com | Hostname or address of the server |
| minpoll: number | Minimum polling interval. Default: 6 |
| maxpoll: number | Maximum polling interval. Default: 10 |
| iburst: yes | Flag enabling fast initial synchronization. Default: no |
| pool: yes | Flag indicating that each resolved address of the hostname is a separate NTP server. Default: no |
| nts: yes | Flag to enable Network Time Security (NTS). Default: no. Supported only with chrony >= 4.0. |
Additional resources
-
/usr/share/ansible/roles/rhel-system-roles.timesync/README.mdfile -
/usr/share/doc/rhel-system-roles/timesync/directory
26.3. Applying the timesync system role for a single pool of servers
The following example shows how to apply the timesync role in a situation with just one pool of servers.
The timesync role replaces the configuration of the given or detected provider service on the managed host. Previous settings are lost, even if they are not specified in the role variables. The only preserved setting is the choice of provider if the timesync_ntp_provider variable is not defined.
Prerequisites
- You have prepared the control node and the managed nodes.
- You are logged in to the control node as a user who can run playbooks on the managed nodes.
-
The account you use to connect to the managed nodes has
sudopermissions on them.
Procedure
Create a playbook file, for example
~/playbook.yml, with the following content:--- - name: Manage time synchronization hosts: managed-node-01.example.com roles: - rhel-system-roles.timesync vars: timesync_ntp_servers: - hostname: 2.rhel.pool.ntp.org pool: yes iburst: yesValidate the playbook syntax:
$ ansible-playbook --syntax-check ~/playbook.ymlNote that this command only validates the syntax and does not protect against a wrong but valid configuration.
Run the playbook:
$ ansible-playbook ~/playbook.yml
Additional resources
-
/usr/share/ansible/roles/rhel-system-roles.timesync/README.mdfile -
/usr/share/doc/rhel-system-roles/timesync/directory
26.4. Applying the timesync system role on client servers
You can use the timesync role to enable Network Time Security (NTS) on NTP clients. Network Time Security (NTS) is an authentication mechanism specified for Network Time Protocol (NTP). It verifies that NTP packets exchanged between the server and client are not altered.
The timesync role replaces the configuration of the given or detected provider service on the managed host. Previous settings are lost even if they are not specified in the role variables. The only preserved setting is the choice of provider if the timesync_ntp_provider variable is not defined.
Prerequisites
- You have prepared the control node and the managed nodes.
- You are logged in to the control node as a user who can run playbooks on the managed nodes.
-
The account you use to connect to the managed nodes has
sudopermissions on them. -
The
chronyNTP provider version is 4.0 or later.
Procedure
Create a playbook file, for example
~/playbook.yml, with the following content:--- - name: Enable Network Time Security on NTP clients hosts: managed-node-01.example.com roles: - rhel-system-roles.timesync vars: timesync_ntp_servers: - hostname: ptbtime1.ptb.de iburst: yes nts: yesptbtime1.ptb.deis an example of a public server. You may want to use a different public server or your own server.Validate the playbook syntax:
$ ansible-playbook --syntax-check ~/playbook.ymlNote that this command only validates the syntax and does not protect against a wrong but valid configuration.
Run the playbook:
$ ansible-playbook ~/playbook.yml
Verification
Perform a test on the client machine:
# chronyc -N authdata Name/IP address Mode KeyID Type KLen Last Atmp NAK Cook CLen ===================================================================== ptbtime1.ptb.de NTS 1 15 256 157 0 0 8 100- Check that the number of reported cookies is larger than zero.
Additional resources
-
/usr/share/ansible/roles/rhel-system-roles.timesync/README.mdfile -
/usr/share/doc/rhel-system-roles/timesync/directory
