From 30b2cbf179448d2761af53494a694f4ce986d623 Mon Sep 17 00:00:00 2001 From: Bartek Grzybowski Date: Tue, 26 Mar 2019 16:10:10 +0100 Subject: Support time synchronization on hosts This change introduces functionality to synchronize infra/kube nodes' clock with external NTP authority. Configuring external time source is optional, however default behaviour will be to setup NTP time source on infra-node and sync kube-nodes clock with it. It's also possible to setup custom time zone. Change-Id: I725ce9a306da1977628b6c03d5ff10fca77fb3b0 Issue-ID: OOM-1710 Signed-off-by: Bartek Grzybowski --- ansible/group_vars/all.yml | 9 +++++++ ansible/infrastructure.yml | 2 ++ ansible/roles/chrony/defaults/main.yml | 16 ++++++++++++ ansible/roles/chrony/handlers/main.yml | 5 ++++ ansible/roles/chrony/tasks/main.yml | 26 +++++++++++++++++++ ansible/roles/chrony/templates/chrony.conf.j2 | 22 ++++++++++++++++ docs/InstallGuide.rst | 36 ++++++++++++++++++++++++--- 7 files changed, 113 insertions(+), 3 deletions(-) create mode 100644 ansible/roles/chrony/defaults/main.yml create mode 100644 ansible/roles/chrony/handlers/main.yml create mode 100644 ansible/roles/chrony/tasks/main.yml create mode 100644 ansible/roles/chrony/templates/chrony.conf.j2 diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml index 1dc938fd..f9d6726f 100755 --- a/ansible/group_vars/all.yml +++ b/ansible/group_vars/all.yml @@ -147,3 +147,12 @@ application_post_install_role: # openStackDomain: "Default" # openStackUserName: "admin" # openStackEncryptedPassword: "f7920677e15e2678b0f33736189e8965" + +# Optional time synchronisation settings +# timesync: +# servers: +# - +# - <...> +# - +# slewclock: false +# timezone: diff --git a/ansible/infrastructure.yml b/ansible/infrastructure.yml index 18290ae4..74a7b68b 100644 --- a/ansible/infrastructure.yml +++ b/ansible/infrastructure.yml @@ -8,6 +8,7 @@ - name: Setup infrastructure servers hosts: infrastructure roles: + - chrony - certificates - docker - dns @@ -18,6 +19,7 @@ - name: Setup base for Kubernetes nodes hosts: kubernetes roles: + - chrony - docker tasks: - include_role: diff --git a/ansible/roles/chrony/defaults/main.yml b/ansible/roles/chrony/defaults/main.yml new file mode 100644 index 00000000..af433dac --- /dev/null +++ b/ansible/roles/chrony/defaults/main.yml @@ -0,0 +1,16 @@ +--- +timesync: {} +chrony: + servers: "{{ timesync.servers | default([hostvars[groups.infrastructure[0]].cluster_ip]) }}" # chronyd's NTP servers + slewclock: "{{ timesync.slewclock | default(false) }}" # chronyd's makestep property + timezone: "{{ timesync.timezone | default('Universal') }}" # Timezone name according to tz database + makestep: '1 -1' + maxjitter: 10 # Max allowed jitter if using infra as time source as it may by unstable due to pretending stratum 1 time source + initstepslew: 30 + conf: + RedHat: + config_file: /etc/chrony.conf + driftfile: /var/lib/chrony/drift + Debian: + config_file: /etc/chrony/chrony.conf + driftfile: /var/lib/chrony/chrony.drift diff --git a/ansible/roles/chrony/handlers/main.yml b/ansible/roles/chrony/handlers/main.yml new file mode 100644 index 00000000..80ab9fa9 --- /dev/null +++ b/ansible/roles/chrony/handlers/main.yml @@ -0,0 +1,5 @@ +--- +- name: Restart chronyd + systemd: + name: chronyd + state: restarted diff --git a/ansible/roles/chrony/tasks/main.yml b/ansible/roles/chrony/tasks/main.yml new file mode 100644 index 00000000..69a11587 --- /dev/null +++ b/ansible/roles/chrony/tasks/main.yml @@ -0,0 +1,26 @@ +--- +- name: Check if server mode + set_fact: + chrony_mode: 'server' + when: "'infrastructure' in group_names and timesync.servers is not defined" + +- name: Check if client mode + set_fact: + chrony_mode: 'client' + when: "timesync.servers is defined or 'infrastructure' not in group_names" + +- name: "Upload chronyd {{ chrony_mode }} configuration" + template: + src: "chrony.conf.j2" + dest: "{{ chrony['conf'][ansible_os_family]['config_file'] }}" + notify: Restart chronyd + +- name: Ensure chronyd is enabled/running + systemd: + name: chronyd + state: started + enabled: true + +- name: Setup timezone + timezone: + name: "{{ chrony.timezone }}" diff --git a/ansible/roles/chrony/templates/chrony.conf.j2 b/ansible/roles/chrony/templates/chrony.conf.j2 new file mode 100644 index 00000000..3bfb4e40 --- /dev/null +++ b/ansible/roles/chrony/templates/chrony.conf.j2 @@ -0,0 +1,22 @@ +{% if chrony_mode == 'server' %} +local stratum 1 +allow +{% elif chrony_mode == 'client' %} +{% for tserver in chrony.servers %} +server {{ tserver }} iburst +{% endfor %} +{% if chrony.slewclock == false %} +{# Step the time by default #} +makestep {{ chrony.makestep }} +{% else %} +{# Slew the clock but step at boot time if time error larger than 30 seconds #} +initstepslew {{ chrony.initstepslew }}{% for tserver in chrony.servers %} {{ tserver }}{% endfor %} + +{% endif %} +{% if timesync.servers is not defined %} +maxjitter {{ chrony.maxjitter }} +{% endif %} +{% endif %} +driftfile {{ chrony['conf'][ansible_os_family]['driftfile'] }} +rtcsync +logdir /var/log/chrony diff --git a/docs/InstallGuide.rst b/docs/InstallGuide.rst index e91c7bd7..fb292fb3 100644 --- a/docs/InstallGuide.rst +++ b/docs/InstallGuide.rst @@ -122,7 +122,7 @@ Change the current directory to the ``'ansible'``:: You can see multiple files and directories inside - this is the *offline-installer*. It is implemented as a set of ansible playbooks. -If you created the ``'sw'`` package according to the *Build Guide* then you should had have the ``'application'`` directory populated with at least the following files: +If you created the ``'sw'`` package according to the *Build Guide* then you should have had the ``'application'`` directory populated with at least the following files: - ``application_configuration.yml`` - ``hosts.yml`` @@ -250,6 +250,7 @@ Here, we will be interested in the following variables: - ``app_data_path`` - ``aux_data_path`` - ``app_name`` +- ``timesync`` ``'resource_dir'``, ``'resources_filename'`` and ``'aux_resources_filename'`` must correspond to the file paths on the *resource-host* (variable ``'resource_host'``), which is in our case the *install-server*. @@ -259,14 +260,43 @@ The ``'resource_dir'`` should be set to ``'/data'``, ``'resources_filename'`` to **NOTE:** As we mentioned in `Installer packages`_ - the auxiliary package is not mandatory and we will not utilize it in here either. -The last variable ``'app_name'`` should be short and descriptive. We will set it simply to: ``onap``. +The ``'app_name'`` variable should be short and descriptive. We will set it simply to: ``onap``. -It can look all together something like this:: +The ``'timesync'`` variable is optional and controls synchronisation of the system clock on hosts. It should be configured only if a custom NTP server is available and needed. Such a time authority should be on a host reachable from all installation nodes. If this setting is not provided then the default behavior is to setup NTP daemon on infra-node and sync all kube-nodes' time with it. + +If you wish to provide your own NTP servers configure their IPs as follows:: + + timesync: + servers: + - + - <...> + - + +Another time adjustment related variables are ``'timesync.slewclock'`` and ``'timesync.timezone'`` . +First one can have value of ``'true'`` or ``'false'`` (default). It controls whether (in case of big time difference compared to server) time should be adjusted gradually by slowing down or speeding up the clock as required (``'true'``) or in one step (``'false'``):: + + timesync: + slewclock: true + +Second one controls time zone setting on host. It's value should be time zone name according to tz database names with ``'Universal'`` being the default one:: + + timesync. + timezone: UTC + +``'timesync.servers'``, ``'timesync.slewclock'`` and ``'timesync.timezone'`` settings can be used independently. + +Final configuration can resemble the following:: resources_dir: /data resources_filename: offline-onap-3.0.1-resources.tar app_data_path: /opt/onap app_name: onap + timesync: + servers: + - 192.168.0.1 + - 192.168.0.2 + slewclock: true + timezone: UTC .. _oooi_installguide_config_ssh: -- cgit 1.2.3-korg