Adds support for configuring chrony (#575)

jovial · sjpb · web-flow · commit 673ef131e1b2 · 2025-02-20T11:35:56.000Z
* Adds support for configuring chrony

Chrony is already bundled in the generic cloud image so we just have to
configure it. For this I am using an off the shelf role. I've chosen
mrlesmithjr.chrony as it is also used in kayobe (so we can share
development effort)

* Add chrony to default inventory

* Try and test with CI

* Correct role name

* Update bootstrap.yml

* Address comments from code review

---------

Co-authored-by: Steve Brasier &lt;33413598+sjpb@users.noreply.github.com&gt;
diff --git a/ansible/bootstrap.yml b/ansible/bootstrap.yml
@@ -52,6 +52,13 @@
     - import_role:
         name: proxy
 
+- hosts: chrony
+  tags: chrony
+  become: yes
+  tasks:
+    - import_role:
+        name: mrlesmithjr.chrony
+
 - hosts: cluster
   gather_facts: false
   become: yes
diff --git a/ansible/roles/compute_init/README.md b/ansible/roles/compute_init/README.md
@@ -43,6 +43,7 @@ it also requires an image build with the role name added to the
 | bootstrap.yml            | (wait for ansible-init) | Not relevant during boot        | n/a                 |
 | bootstrap.yml            | resolv_conf             | Fully supported                 | No                  |
 | bootstrap.yml            | etc_hosts               | Fully supported                 | No                  |
+| bootstrap.yml            | chrony                  | Fully supported                 | No                  |
 | bootstrap.yml            | proxy                   | None at present                 | No                  |
 | bootstrap.yml            | (/etc permissions)      | None required - use image build | No                  |
 | bootstrap.yml            | (ssh /home fix)         | None required - use image build | No                  |
diff --git a/ansible/roles/compute_init/files/compute-init.yml b/ansible/roles/compute_init/files/compute-init.yml
@@ -17,6 +17,7 @@
     enable_manila: "{{ os_metadata.meta.manila | default(false) | bool }}"
     enable_basic_users: "{{ os_metadata.meta.basic_users | default(false) | bool }}"
     enable_eessi: "{{ os_metadata.meta.eessi | default(false) | bool }}"
+    enable_chrony: "{{ os_metadata.meta.chrony | default(false) | bool }}"
 
     # TODO: "= role defaults" - could be moved to a vars_file: on play with similar precedence effects
     resolv_conf_nameservers: []
@@ -100,6 +101,11 @@
 
       # TODO: should /mnt/cluster now be UNMOUNTED to avoid future hang-ups?
 
+    - name: Run chrony role
+      ansible.builtin.include_role:
+        name: mrlesmithjr.chrony
+      when: enable_chrony | bool
+
     - name: Configure resolve.conf
       block:
         - name: Set nameservers in /etc/resolv.conf
diff --git a/ansible/roles/compute_init/tasks/install.yml b/ansible/roles/compute_init/tasks/install.yml
@@ -43,6 +43,8 @@
       dest: tasks/tuned.yml
     - src: ../../stackhpc.nfs/tasks/nfs-clients.yml
       dest: tasks/nfs-clients.yml
+    - src: ../../mrlesmithjr.chrony
+      dest: roles/
 
 - name: Add filter_plugins to ansible.cfg
   lineinfile:
diff --git a/docs/chrony.md b/docs/chrony.md
@@ -0,0 +1,21 @@
+# Chrony configuration
+
+Use variables from the [mrlesmithjr.chrony](https://github.com/mrlesmithjr/ansible-chrony) role.
+
+For example in: `environments/<environment>/inventory/group_vars/all/chrony`:
+
+```
+---
+chrony_ntp_servers:
+  - server: ntp-0.example.org
+    options:
+      - option: iburst
+      - option: minpoll
+        val: 8
+  - server: ntp-1.example.org
+    options:
+      - option: iburst
+      - option: minpoll
+        val: 8
+
+```
diff --git a/environments/.stackhpc/inventory/extra_groups b/environments/.stackhpc/inventory/extra_groups
@@ -24,6 +24,9 @@ cluster
 login
 compute
 
+[chrony:children]
+cluster
+
 [tuned:children]
 # Install tuned into fat image
 builder
diff --git a/environments/.stackhpc/tofu/main.tf b/environments/.stackhpc/tofu/main.tf
@@ -80,7 +80,7 @@ module "cluster" {
         standard: { # NB: can't call this default!
             nodes: ["compute-0", "compute-1"]
             flavor: var.other_node_flavor
-            compute_init_enable: ["compute", "etc_hosts", "nfs", "basic_users", "eessi", "tuned", "cacerts"]
+            compute_init_enable: ["compute", "chrony", "etc_hosts", "nfs", "basic_users", "eessi", "tuned", "cacerts"]
             ignore_image_changes: true
         }
         # Example of how to add another partition:
diff --git a/environments/common/inventory/groups b/environments/common/inventory/groups
@@ -168,3 +168,6 @@ extra_packages
 
 [cacerts]
 # Hosts to configure CA certificates and trusts on
+
+[chrony]
+# Hosts where crony configuration is applied. See docs/chrony.md for more details.
diff --git a/environments/common/layouts/everything b/environments/common/layouts/everything
@@ -113,3 +113,6 @@ builder
 
 [cacerts]
 # Hosts to configure CA certificates and trusts on
+
+[chrony]
+# Hosts where crony configuration is applied. See docs/chrony.md for more details.
diff --git a/requirements.yml b/requirements.yml
@@ -22,6 +22,8 @@ roles:
   - src: https://github.com/stackhpc/ansible-role-os-manila-mount.git
     name: stackhpc.os-manila-mount
     version: v25.1.1
+  - src: mrlesmithjr.chrony
+    version: v0.1.4
 
 collections:
   - name: containers.podman

Original file line number	Diff line number	Diff line change
`@@ -80,7 +80,7 @@ module "cluster" {`
`80`	`80`	`standard: { # NB: can't call this default!`
`81`	`81`	`nodes: ["compute-0", "compute-1"]`
`82`	`82`	`flavor: var.other_node_flavor`
`83`		`- compute_init_enable: ["compute", "etc_hosts", "nfs", "basic_users", "eessi", "tuned", "cacerts"]`
	`83`	`+ compute_init_enable: ["compute", "chrony", "etc_hosts", "nfs", "basic_users", "eessi", "tuned", "cacerts"]`
`84`	`84`	`ignore_image_changes: true`
`85`	`85`	`}`
`86`	`86`	`# Example of how to add another partition:`