geerlingguy / ansible-role-ntp Goto Github PK

View Code? Open in Web Editor NEW

304.0 22.0 235.0 110 KB

Ansible Role - NTP

Home Page: https://galaxy.ansible.com/geerlingguy/ntp/

License: MIT License

Jinja 100.00%

ansible role ntp time time-server synchronization

ansible-role-ntp's Introduction

Ansible Role: NTP

Installs NTP on Linux.

Requirements

None.

Role Variables

Available variables are listed below, along with default values (see defaults/main.yml):

ntp_enabled: true

Whether to start the ntpd service and enable it at system boot. On many virtual machines that run inside a container (like OpenVZ or VirtualBox), it's recommended you don't run the NTP daemon, since the host itself should be set to synchronize time for all its child VMs.

ntp_timezone: Etc/UTC

Set the timezone for your server.

ntp_package: ntp

The package to install which provides NTP functionality. The default is ntp for most platforms, or chrony on RHEL/CentOS 7 and later.

ntp_daemon: [various]

The default NTP daemon should be correct for your distribution, but there are some cases where you may want to override the default, e.g. if you're running ntp on newer versions of RHEL/CentOS.

ntp_config_file: /etc/ntp.conf

The path to the NTP configuration file. The default is /etc/ntp.conf for most platforms, or /etc/chrony.conf on RHEL/CentOS 7 and later.

ntp_manage_config: false

Set to true to allow this role to manage the NTP configuration file (/etc/ntp.conf).

ntp_driftfile: [various]

The default NTP driftfile should be correct for your distribution, but there are some cases where you may want to override the default.

ntp_area: ''

Set the NTP Pool Area to use. Defaults to none, which uses the worldwide pool.

ntp_servers:
  - "0{{ '.' + ntp_area if ntp_area else '' }}.pool.ntp.org iburst"
  - "1{{ '.' + ntp_area if ntp_area else '' }}.pool.ntp.org iburst"
  - "2{{ '.' + ntp_area if ntp_area else '' }}.pool.ntp.org iburst"
  - "3{{ '.' + ntp_area if ntp_area else '' }}.pool.ntp.org iburst"

Specify the NTP servers you'd like to use. Only takes effect if you allow this role to manage NTP's configuration, by setting ntp_manage_config to True.

ntp_restrict:
  - "127.0.0.1"
  - "::1"

Restrict NTP access to these hosts; loopback only, by default.

ntp_cron_handler_enabled: false

Whether to restart the cron daemon after the timezone has changed.

ntp_tinker_panic: true

Enable tinker panic, which is useful when running NTP in a VM.

Dependencies

None.

Example Playbook

- hosts: all
  roles:
    - geerlingguy.ntp

Inside vars/main.yml:

ntp_timezone: America/Chicago

License

MIT / BSD

Author Information

This role was created in 2014 by Jeff Geerling, author of Ansible for DevOps.

ansible-role-ntp's People

Contributors

Stargazers

Watchers

Forkers

nbz4live evadeflow kadecole luminum-solutions ingenium-ids ax2d yfix dbpeng vinodpanicker albanandrieu netivism vviles fliespl ksnehalakshmi shelleg support-capensis hanej ravishivt lukaszkorecki toddmdavenport psaavedra nexcess inquartik kami911 imjustmatthew javnav biffhero geanttechnology arineng pipisco semopuri alexeymhv fredfellman tyouno1 neneko-kun malavolti surechembl jbarajas opsta vaizard sddeepak02 daddymess solval net2grid cloudposse-archives nudgesoftware oussemos doxic selyx afrinic zaneware louloudakis free6k gmarkey kilimanjar kietnguyen-oro lazzurs victorhahncastell kolcak 514amir dev-zero amal-j robertzsiak wschoeneberg data-licious itev mahesh223 jasonshrepo bsmeding fredericve publish-interactive jpfork cardanoumbrella open-io nintal joebutler99 damianmetal krispayne nomosphere rajkiran616 jakkampudinaresh cdyangzhenyu arvato-o-a sergefocus rajasomisetty nefeli frankscholten topiaruss jagdishmane jefg60 miksonx thephoenixriseth fcannini daihu jseguillon poocy jagdevops1 ienliven torrentalle kajoca

ansible-role-ntp's Issues

Conflict with chronyd with CentOS 7

Sorry, I'm not too certain if this is a reasonable request or not... anyway, whenever I use this role to set up a CentOS 7 system, ntpd fails to start because, by default, chronyd is enabled (and I would rather still use ntp). Do you have any plans to add functionality that would disable chronyd? Or is this beyond the scope of your role?

Issues with Malformed output discovered from systemd

Hi @geerlingguy,

First off, thanks for some amazing roles.

I'm having issues running this role on Ubuntu 20.04 hosts with Malformed output discovered from systemd list-unit-files: accounts-daemon.service enabled enabled being the error.

Not sure what that would be, but the time and timezone seems to be correct anyway 😀. Thoughts?

Thanks!

PLAY [linux.ubuntu] ****************************************************************************************************

TASK [Gathering Facts] *************************************************************************************************
ok: [ansible-master.corp.nasa.gov]
ok: [worker2.corp.nasa.gov]
ok: [worker1.corp.nasa.gov]

TASK [geerlingguy.ntp : Include OS-specific variables.] ****************************************************************
ok: [ansible-master.corp.nasa.gov]
ok: [worker1.corp.nasa.gov]
ok: [worker2.corp.nasa.gov]

TASK [geerlingguy.ntp : Include OS-Release specific variables on RHEL 6.] **********************************************
skipping: [ansible-master.corp.nasa.gov]
skipping: [worker1.corp.nasa.gov]
skipping: [worker2.corp.nasa.gov]

TASK [geerlingguy.ntp : Set the ntp_driftfile variable.] ***************************************************************
ok: [ansible-master.corp.nasa.gov]
ok: [worker1.corp.nasa.gov]
ok: [worker2.corp.nasa.gov]

TASK [geerlingguy.ntp : Set the ntp_package variable.] *****************************************************************
ok: [ansible-master.corp.nasa.gov]
ok: [worker1.corp.nasa.gov]
ok: [worker2.corp.nasa.gov]

TASK [geerlingguy.ntp : Set the ntp_config_file variable.] *************************************************************
ok: [ansible-master.corp.nasa.gov]
ok: [worker1.corp.nasa.gov]
ok: [worker2.corp.nasa.gov]

TASK [geerlingguy.ntp : Set the ntp_daemon variable.] ******************************************************************
ok: [ansible-master.corp.nasa.gov]
ok: [worker1.corp.nasa.gov]
ok: [worker2.corp.nasa.gov]

TASK [geerlingguy.ntp : Ensure NTP package is installed.] **************************************************************
ok: [ansible-master.corp.nasa.gov]
ok: [worker2.corp.nasa.gov]
ok: [worker1.corp.nasa.gov]

TASK [geerlingguy.ntp : Ensure tzdata package is installed (Linux).] ***************************************************
ok: [ansible-master.corp.nasa.gov]
ok: [worker1.corp.nasa.gov]
ok: [worker2.corp.nasa.gov]

TASK [geerlingguy.ntp : include_tasks] *********************************************************************************
skipping: [ansible-master.corp.nasa.gov]
skipping: [worker1.corp.nasa.gov]
skipping: [worker2.corp.nasa.gov]

TASK [geerlingguy.ntp : Set timezone.] *********************************************************************************
ok: [ansible-master.corp.nasa.gov]
ok: [worker2.corp.nasa.gov]
ok: [worker1.corp.nasa.gov]

TASK [geerlingguy.ntp : Populate service facts.] ***********************************************************************
fatal: [ansible-master.corp.nasa.gov]: FAILED! => {"changed": false, "msg": "Malformed output discovered from systemd list-unit-files: accounts-daemon.service                enabled         enabled      "}
fatal: [worker2.corp.nasa.gov]: FAILED! => {"changed": false, "msg": "Malformed output discovered from systemd list-unit-files: accounts-daemon.service                enabled         enabled      "}
fatal: [worker1.corp.nasa.gov]: FAILED! => {"changed": false, "msg": "Malformed output discovered from systemd list-unit-files: accounts-daemon.service                enabled         enabled      "}

PLAY RECAP *************************************************************************************************************
ansible-master.corp.nasa.gov        : ok=13   changed=1    unreachable=0    failed=1    skipped=3    rescued=0    ignored=0
worker1.corp.nasa.gov        : ok=13   changed=1    unreachable=0    failed=1    skipped=3    rescued=0    ignored=0
worker2.corp.nasa.gov          : ok=13   changed=1    unreachable=0    failed=1    skipped=3    rescued=0    ignored=0

Handle /etc/timezone on Debian systems

Hi,

thanks for sharing this role!

It works perfectly fine, but I found that although the time is set correctly the timezone is not updated on /etc/timezone.

Any reason not to do so?

I found that on a Ubuntu 16.04 server.

Use the base NTP installed on FreeBSD systems

FreeBSD by default comes with NTP installed in the base system. For most installations there would not be a need to install NTP from the ports tree. This PR allows this to become the default setup on FreeBSD.

PR: #101

NTP service not working when Debian 11 VM restarts

I decided to open an issue since other users may be having the same when installing NTP with this role.

Restarted VM shows status failed on systemctl status ntp.

Logs from boot journalctl -b -u ntp:

-- Journal begins at Sun 2022-12-04 14:33:50 UTC, ends at Sun 2023-01-15 14:05:35 UTC. --
Jan 14 18:55:39 login systemd[1]: Starting Network Time Service...
Jan 14 18:55:39 login ntpd[357]: ntpd [email protected] Wed Sep 23 11:46:38 UTC 2020 (1): Starting
Jan 14 18:55:39 login ntpd[357]: Command line: /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 107:111
Jan 14 18:55:39 login ntpd[357]: ----------------------------------------------------
Jan 14 18:55:39 login ntpd[357]: ntp-4 is maintained by Network Time Foundation,
Jan 14 18:55:39 login ntpd[357]: Inc. (NTF), a non-profit 501(c)(3) public-benefit
Jan 14 18:55:39 login ntpd[357]: corporation.  Support and training for ntp-4 are
Jan 14 18:55:39 login ntpd[357]: available at https://www.nwtime.org/support
Jan 14 18:55:39 login ntpd[357]: ----------------------------------------------------
Jan 14 18:55:39 login ntpd[375]: proto: precision = 0.100 usec (-23)
Jan 14 18:55:39 login ntpd[375]: basedate set to 2020-09-11
Jan 14 18:55:39 login ntpd[375]: gps base set to 2020-09-13 (week 2123)
Jan 14 18:55:39 login ntpd[375]: leapsecond file ('/usr/share/zoneinfo/leap-seconds.list'): good hash signature
Jan 14 18:55:39 login ntpd[375]: leapsecond file ('/usr/share/zoneinfo/leap-seconds.list'): loaded, expire=2023-06-28T00:00:00Z last=2017>
Jan 14 18:55:39 login ntpd[375]: Listen and drop on 0 v6wildcard [::]:123
Jan 14 18:55:39 login ntpd[375]: Listen and drop on 1 v4wildcard 0.0.0.0:123
Jan 14 18:55:39 login ntpd[375]: Listen normally on 2 lo 127.0.0.1:123
Jan 14 18:55:39 login ntpd[375]: Listen normally on 3 lo [::1]:123
Jan 14 18:55:39 login ntpd[375]: bind(20) AF_INET6 fe80::5054:ff:fe38:9dbe%2#123 flags 0x11 failed: Cannot assign requested address
Jan 14 18:55:39 login ntpd[375]: unable to create socket on ens3 (4) for fe80::5054:ff:fe38:9dbe%2#123
Jan 14 18:55:39 login ntpd[375]: failed to init interface for address fe80::5054:ff:fe38:9dbe%2
Jan 14 18:55:39 login ntpd[375]: Listening on routing socket on fd #20 for interface updates
Jan 14 18:55:39 login ntpd[375]: kernel reports TIME_ERROR: 0x41: Clock Unsynchronized
Jan 14 18:55:39 login ntpd[375]: kernel reports TIME_ERROR: 0x41: Clock Unsynchronized
Jan 14 18:55:39 login systemd[1]: Started Network Time Service.

Any ideas what may cause this?

Set ntp upstream server

Add support for specifying upstream NTP servers (as a list) in the ntp.conf file.

This is useful for large datacenters which have a local NTP machine.

ntp_servers: [ ntp1.local.domain, ntp2.local.domain, ntp3.local.domain, ]

Idempotence issues

For some reason when I provision a box the first time I run molecule idempotence (or I would imagine the second time it is provisioned) the role is not idempotent and provides the following error:

ERROR: Idempotence test failed because of the following tasks:

[default] => geerlingguy-ntp-1.5.1 : Generate ntp.conf file

After this has happened once this role is then idempotent until the box is reprovisioned from scracth again. Any idea why this would be happening?

Problem with `Disable systemd-timesyncd` Task on systems without systemd-timesyncd

While running this role on Freebsd I get the below error.

TASK [geerlingguy.ansible-role-ntp : Disable systemd-timesyncd if it's running but ntp is enabled.] ********************************************************************************************************************************************************
fatal: [testserver]: FAILED! => {"msg": "The conditional check '\"systemd-timesyncd.service\" in services' failed. The error was: error while evaluating conditional (\"systemd-timesyncd.service\" in services): Unable to look up a name or access an attribute in template string ({% if \"systemd-timesyncd.service\" in services %} True {% else %} False {% endif %}).\nMake sure your variable name does not contain invalid characters like '-': argument of type 'AnsibleUndefined' is not iterable\n\nThe error appears to be in '/usr/home/manager/ansible/roles/geerlingguy.ansible-role-ntp/tasks/main.yml': line 55, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n- name: Disable systemd-timesyncd if it's running but ntp is enabled.\n  ^ here\n"}

The Disable systemd-timesyncd task should not be run on systems that don't have systemd-timesyncd installed.

I have a fix by excluding FreeBSD in a conditional check. Example here: master...kadecole:fix-systemd-timesyncd-for-freebsd

Please let me know if you would like this PR or if you have a different way you would like to deal with excluding this Task on certain systems.

There is no package 'ntp' in CentOS8

Just downloaded the role from galaxy, and when including in playbook I get the following error:

TASK [geerlingguy.ntp : Ensure NTP-related packages are installed.] 
*************************************************************************************************************************************************************************
fatal: [10.55.0.151]: FAILED! => {"changed": false, "failures": ["No package ntp available."], "msg": "Failed to install some of the specified packages", "rc": 1, "results": []}

This can be confirmed by interactively trying from the shell:

[root@sandbox~]# dnf search ntp
Last metadata expiration check: 0:45:28 ago on Tue 11 Feb 2020 01:39:31 PM EET.
====================================== Name & Summary Matched: ntp ======================================
nagios-plugins-ntp.x86_64 : Nagios Plugin - check_ntp
ntpstat.noarch : Utility to print NTP synchronization status
python3-ntplib.noarch : Python 3 module that offers a simple interface to query NTP servers
=========================================== Name Matched: ntp ===========================================
fontpackages-filesystem.noarch : Directories used by font packages
fontpackages-filesystem.noarch : Directories used by font packages
========================================= Summary Matched: ntp ==========================================
chrony.x86_64 : An NTP client/server
chrony.x86_64 : An NTP client/server
argparse-manpage.noarch : Build manual page from Python ArgumentParser object
python3-argparse-manpage.noarch : Build manual page from Python 3 ArgumentParser object
[root@sandbox~]#

Installed repos are default and EPEL.

Edit: This is listed as a change in official EL8 documentation here

Tests failing during service task

Just noticed this:

TASK [role_under_test : Ensure NTP is stopped and disabled as configured.] *****
fatal: [localhost]: FAILED! => {"changed": false, "failed": true, "msg": "Could not find the requested service ntpd: cannot disable"}

It looks like ansible/ansible-modules-core#915 strikes again...

Allow overriding default restrictions

Use case: CIS security guidelines require a specific list of restrictions for IPv4 and IPv6

restrict -4 default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery

NTP keeps soliciting with the Pool Servers

In Debian 10 after switching from server to pool directive in /etc/ntp.conf the NTP Client keeps to "Soliciting pool server".
My Monitoring informed me, that NTP "found 4 peers, but none is suitable".
This issue is fixed in Pull Request #84.
After applying the solution mentioned in the PR NTP was working fine.

Bare variable evaluation deprecation in ansible 2.8

[DEPRECATION WARNING]: evaluating ntp_enabled as a bare variable, this behaviour will go away and you might need to add |bool to the expression in the future. Also see CONDITIONAL_BARE_VARS configuration toggle.. This feature will be removed in version 2.12. Deprecation warnings can be disabled by setting
deprecation_warnings=False in ansible.cfg.

[DEPRECATION WARNING]: evaluating ntp_manage_config as a bare variable, this behaviour will go away and you might need to add |bool to the expression in the future. Also see CONDITIONAL_BARE_VARS configuration toggle.. This feature will be removed in version 2.12. Deprecation warnings can be disabled by setting
deprecation_warnings=False in ansible.cfg.

This warning is thrown by the Ensure NTP is running and enabled as configured. & Generate ntp.conf file tasks in ansible 2.8 (currently unreleased dev).

Problem with task: Populate service facts

When running the role on Ubuntu 20.04 it gets stuck on Populate service facts

PLAY [localhost] ********************************************************************************************************************************************************************************

TASK [Gathering Facts] **************************************************************************************************************************************************************************
ok: [localhost]

TASK [geerlingguy.ntp : Include OS-specific variables.] *****************************************************************************************************************************************
ok: [localhost]

TASK [geerlingguy.ntp : Set the ntp_driftfile variable.] ****************************************************************************************************************************************
ok: [localhost]

TASK [geerlingguy.ntp : Set the ntp_package variable.] ******************************************************************************************************************************************
ok: [localhost]

TASK [geerlingguy.ntp : Set the ntp_config_file variable.] **************************************************************************************************************************************
ok: [localhost]

TASK [geerlingguy.ntp : Set the ntp_daemon variable.] *******************************************************************************************************************************************
ok: [localhost]

TASK [geerlingguy.ntp : Ensure NTP package is installed.] ***************************************************************************************************************************************
ok: [localhost]

TASK [geerlingguy.ntp : Ensure tzdata package is installed (Linux).] ****************************************************************************************************************************
ok: [localhost]

TASK [geerlingguy.ntp : Set timezone.] **********************************************************************************************************************************************************
ok: [localhost]

TASK [geerlingguy.ntp : Populate service facts.] ************************************************************************************************************************************************
fatal: [localhost]: FAILED! => {"changed": false, "msg": "Malformed output discovered from systemd list-unit-files: accounts-daemon.service                enabled         enabled      "}

PLAY RECAP **************************************************************************************************************************************************************************************
localhost                  : ok=9    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0

/etc/lsb-release

DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=20.04
DISTRIB_CODENAME=focal
DISTRIB_DESCRIPTION="Ubuntu 20.04.3 LTS"

Ansible version

ansible 2.9.6
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/home/ubuntu/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3/dist-packages/ansible
  executable location = /usr/bin/ansible
  python version = 3.8.10 (default, Sep 28 2021, 16:10:42) [GCC 9.3.0]

update README.md - timezone variable

I think the readme is outdated, there is no vars/main.yml anymore and the ntp_timezone variable is defined in defaults/main.yml

Inside vars/main.yml:
ntp_timezone: America/Chicago

Handler execution error.

AWS AMI Builder - CIS: RUNNING HANDLER [geerlingguy.ntp : restart ntp] ********************************
AWS AMI Builder - CIS: ·[0;31mfatal: [127.0.0.1]: FAILED! => {"changed": false, "failed": true, "msg": "ntpd error: only one user option allowed\nntpd - NTP daemon program - Ver. 4.2.8p12\nUsage: ntpd [ - [] | --[{=| }] ]... \\n\t\t[ ... ]\nTry 'ntpd --help' for more information.\n"}·[0m

Make geerlingguy.ntp inject_facts_as_vars friendly

Setting inject_facts_as_vars = False is considered safer because a compromised host cannot inject facts into variables. However, the code fails when this is set:

{"msg": "The task includes an option with an undefined variable. The error was: 'ansible_os_family' is undefined\n\nThe error appears to be in '/root/.ansible/roles/geerlingguy.ntp/tasks/main.yml': line 2, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n---\n- name: Include OS-specific variables.\n  ^ here\n"}

Since using ansible_os_family only works when inject_facts_as_vars = True and ansible_facts['os_family'] works regardless of the setting of inject_facts_as_vars, wouldn't it be sensible to systematically use the ansible_facts[*] syntax ?

no action detected in task

I am a noob in ansible land (but I like it). I'm just trying to set up a simple app server. Got to the point of running my playbook, which has been used in a deploy before except for minor edits by me.

Here's the roles in my playbook:

roles:
     - geerlingguy.git
     - {role: franklinkim.ufw, tags: ufw}
     - {role: franklinkim.users, tags: user }
     - franklinkim.sudo
     - {role: zzet.rbenv, become: yes, tags: rbenv}
     - geerlingguy.nodejs
     - {role: geerlingguy.passenger, tags: nginx}
     - {role: ANXS.postgresql, tags: pg}
     - geerlingguy.ntp
     - nickjj.fail2ban
     - kamaln7.swapfile

here's the error:

[WARNING]: While constructing a mapping from /home/mark/Documents/work/klinikker-
KDK_V2/klinikker/provisioning/group_vars/klinikker.yml, line 2, column 1, found a duplicate dict key (apt_upgrade).  Using last
defined value only.

ERROR! no action detected in task

The error appears to have been in '/etc/ansible/roles/geerlingguy.ntp/tasks/main.yml': line 19, column 3, but may
be elsewhere in the file depending on the exact syntax problem.

The offending line appears to be:


- name: Set timezone
  ^ here

Looking at main.yml I can't tell if it's incorrect or not. I doubt it.

Missing dot in ntp pool

ntp_servers:
  - "0{{ ntp_area }}.pool.ntp.org iburst"
  - "1{{ ntp_area }}.pool.ntp.org iburst"
  - "2{{ ntp_area }}.pool.ntp.org iburst"
- "3{{ ntp_area }}.pool.ntp.org iburst"

according this doc it should be:

http://www.pool.ntp.org/zone/nl

	   server 0.nl.pool.ntp.org
	   server 1.nl.pool.ntp.org
	   server 2.nl.pool.ntp.org
	   server 3.nl.pool.ntp.org

instead of

server 0nl.pool.ntp.org iburst
server 1nl.pool.ntp.org iburst
server 2nl.pool.ntp.org iburst
server 3nl.pool.ntp.org iburst

Add handler to restart crond if timezone is changed.

As per https://docs.ansible.com/ansible/timezone_module.html#synopsis, it is recommended to restart crond if the timezone is changed.

Does not update apt cache

If this module is run on a server with an out of date apt cache it will fail to install the ntp package.

include: deprecated

@geerlingguy:

[DEPRECATION WARNING]: The use of 'include' for tasks has been deprecated. Use 'import_tasks' for static inclusions or
'include_tasks' for dynamic inclusions. This feature will be removed in a future release. Deprecation warnings can be
disabled by setting deprecation_warnings=False in ansible.cfg.
[DEPRECATION WARNING]: include is kept for backwards compatibility but usage is discouraged. The module documentation details
 page may explain more about this rationale.. This feature will be removed in a future release. Deprecation warnings can be
disabled by setting deprecation_warnings=False in ansible.cfg.

ansible-role-ntp/tasks/main.yml

Line 16 in 6a15884

- include: clock-rhel-6.yml

CentOS: Unable to enable service ntpd: Failed to execute operation: Interactive authentication required

Describe the bug

fatal: [fra1-centos-001]: FAILED! => {
    "changed": false,
    "invocation": {
        "module_args": {
            "daemon_reload": false,
            "enabled": true,
            "force": null,
            "masked": null,
            "name": "ntpd",
            "no_block": false,
            "state": "started",
            "user": false
        }
    },
    "msg": "Unable to enable service ntpd: Failed to execute operation: Interactive authentication required.\n"
}

Installation method/version

Ansible Galaxy, role version: 1.6.0

ansible 2.6.1

  config file = /home/tobias/.ansible.cfg
  configured module search path = [u'/home/tobias/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.5 (default, Jul 13 2018, 13:06:57) [GCC 4.8.5 20150623 (Red Hat 4.8.5-28)]

Targetted hosts
Concerns the following OS(es):

CentOS

Expected behavior
The ansible script is supposed to not crash =P

Additional context
no configuration changes.. it's right out of the box kind of.

restart rsyslog

after adjust the servers times, its essential execute a restart on syslog.
service rsyslog restart (ubuntu)

Error running after restoring a VM snapshot

Not sure if it's just me or what, but after restoring a VirtualBox VM snapshot, I get the following error when trying to run my Ansible playbook:

TASK [geerlingguy.ntp : Ensure NTP-related packages are installed.] *********************************************************************************************
 [WARNING]: Updating cache and auto-installing missing dependency: python-apt

fatal: [virtualbox]: FAILED! => {"changed": false, "cmd": "apt-get update", "msg": "E: Release file for http://us.archive.ubuntu.com/ubuntu/dists/bionic-updates/InRelease is not valid yet (invalid for another 46d 2h 17min 1s). Updates for this repository will not be applied...

This fatal error seems to be due to the VM system clock being out of date (since it's the exact time when the snapshot was originally made). Syncing the system clock on the VM resolves this issue. However, it seems strange to have to do that manually, since this role is supposed to handle clock syncing.

Later I realized installing python-apt on the restored snapshot before running my Ansible playbook resolves the issue; geerlingguy.ntp and the rest of the roles in my playbook run successfully.

I'm pretty new to Ansible (and VMs in general), so my apologies if this is a stupid question/issue.

latest release?

Could you create a new release please? The ntp_area feature does not seem to be included in version 1.4.1.

unnecessary variable definiton for redhat

Hi Jeff, thanks for your hard work and maintaining so many ansible roles!

I found something in this role, one variable ( ntp_driftfile ) is not necessary in RedHat.yml:

cat roles/galaxy/geerlingguy.ntp/vars/RedHat.yml
---
__ntp_daemon: chronyd
ntp_tzdata_package: tzdata
__ntp_package: chrony
__ntp_config_file: /etc/chrony.conf
ntp_driftfile: /var/lib/ntp/drift
ntp_cron_daemon: crond

For Redhat 7+ is only chrony relevant and in the chrony template file there is no variable "ntp_driftfile" :

cat roles/galaxy/geerlingguy.ntp/templates/chrony.conf.j2
...
# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift
...

it would also has the wrong value :)

I am happy to do a PR if we are on the same page?
thanks!

Config failure with non-default ntp_timezone on docker-ubuntu1604-ansible

After #32 was merged, I started seeing the following failure when ntp_timezone was set to a non-default value:

TASK [ansible-role-ntp : Set timezone] *****************************************
fatal: [localhost]: FAILED! => {"changed": false, "failed": true, "msg": "Error message:\nstill not desired state, though changes have made\nOther message(s):\nAdded 1 line and deleted 1 line(s) on /etc/timezone"}

A functional test that changes the timezone and then examines the output of date will produce the error on the named Docker image. I don't know what other images are affected.

I'm still new to Ansible, but this strikes me as a bug in the upstream timezone module. At least, I don't see anything obviously wrong with the PR. If that's the case, the best we can probably do is to revert it until upstream is fixed.

default value of ntp_timezone should be Etc/UTC

The default value for the ntp_timezone variable is set to America/Chicago in defaults/main.yml.

I would suggest using ntp_timezone: Etc/UTC as the default.

Etc/UTC is the default value for most server installations (et least for official Ubuntu images in AWS, also Rackspace and Linode Ubuntu installations) .
IMHO, Etc/UTC is also the most frequently used value from global point of view (a sysadmin having servers in multiple timezones).

chrony.conf.j2 doesn't use ntp_restrict variable

The chrony.conf.j2 template contains the following section that should allow other clients to connect:

# Allow NTP client access from local network.
#allow 192.168.0.0/16

The commented out line should be replaced with a for each in ntp_restrict loop. The following command should make the necessary change.

sed -i 's|#allow 192.168.0.0/16|{% for item in ntp_restrict %}\nallow {{ item }}\n{% endfor %}|g' chrony.conf.j2

fatal: [server]: FAILED! => {"changed": false, "msg": "No package matching 'ntp' is available"}

Hi, I got the following error message when using this role:

TASK [geerlingguy.ntp : Ensure NTP package is installed.] *********************************************************************************************************************************************************
fatal: [server]: FAILED! => {"changed": false, "msg": "No package matching 'ntp' is available"}

I solved that by manually updating the package manager cache with the apt update command. However should it be done as part of the role?
I know we can automatically do that by passing update_cache: yes to the module apt but not sure how to manage that with the general package manager module that you are using.

Question: No support for Fedora / dnf?

New to Ansible (coming from puppet) and thus also to this module. Trying to do a debian Stretch and Fedora 25 of ntp using this module. However getting an error when doing the F25:

fatal: [nuc.schafroth]: FAILED! => {"changed": false, "failed": true, "module_stderr": "Shared connection to nuc.schafroth closed.\r\n", "module_stdout": "Traceback (most recent call last):\r\n File "/tmp/ansible_gaZGxt/ansible_module_yum.py", line 25, in \r\n import yum\r\nImportError: No module named yum\r\n", "msg": "MODULE FAILURE"}

I can't find any reference to yum in the module itself, and since install using package did seem to work, I am wondering what I could be doing wrong

And I did see that Fedora is not listed in OSes.

Failure to change timezone on geerlingguy/docker-ubuntu1604-ansible

This role, when applied to your ubuntu1604 Docker container, completes successfully but doesn't actually change the time zone. To reproduce, simply choose a non-default timezone (I used ntp_timezone: 'America/Denver'), login to the container, and run date.

root@54e6e2583399:/etc# date
Fri Jun  9 03:07:03 UTC 2017

The problem is the /etc/localtime symlink that the role creates:

lrwxrwxrwx 1 root root     34 Jun  9 03:02 localtime -> /usr/share/zoneinfo/America/Denver

That's all fine, except that /usr/share/zoneinfo doesn't exist. You must first install the tzdata package. So, simple fix.

I don't know how many other Docker and/or VM images are affected by this. A functional test would really help here.

Install fails.

Hello. I tried to download this through Ansible-Galaxy but it is failing ?

# ansible-galaxy install geerlingguy.ntp
- downloading role 'ntp', owned by geerlingguy
- downloading role from https://github.com/geerlingguy/ansible-role-ntp/archive/1.0.4.tar.gz
- extracting geerlingguy.ntp to /etc/ansible/roles/geerlingguy.ntp
- error: the specified role geerlingguy.ntp appears to already exist. Use --force to replace it.
- geerlingguy.ntp was NOT installed successfully.
- you can use --ignore-errors to skip failed roles.

custom config options in conf

Hello!
I'd like to ask to add posibility to add custom config option to ntp/chrony.conf .

Option to use systemd systemd-timesyncd

TLDR
apt-get purge ntp
systemctl restart systemd-timesyncd.service
systemctl status systemd-timesyncd.service

https://lathama.net/Using_systemd_timesyn_on_Debian_Stretch

Error on Debian on first check_mode run

Hello,

This role fails on Debian when playing the following tasks in check_mode on a fresh server :

- name: Ensure NTP is running and enabled as configured.
  service:
    name: "{{ ntp_daemon }}"
    state: started
    enabled: true
  when: ntp_enabled | bool

- name: Ensure NTP is stopped and disabled as configured.
  service:
    name: "{{ ntp_daemon }}"
    state: stopped
    enabled: false
  when: not (ntp_enabled | bool)

with the following error message :

fatal: [xxx]: FAILED! => {"changed": false, "msg": "Could not find the requested service ntp: host"}

because ntp is not installed and therefore the systemd service state check fails.

I suggest adding the following line to these tasks to ignore check_mode errors :

  ignore_errors: "{{ ansible_check_mode }}"

Add support for Rocky linux

Role currently fails as it is unable to locate Rocky.yml

{
  "ansible_facts": {},
  "ansible_included_var_files": [],
  "changed": false,
  "message": "Could not find or access 'Rocky.yml'\nSearched in:\n\t/home/user/.ansible/roles/geerlingguy.ntp/vars/Rocky.yml\n\t/home/user/.ansible/roles/geerlingguy.ntp/Rocky.yml\n\t/home/user/.ansible/roles/geerlingguy.ntp/tasks/vars/Rocky.yml\n\t/home/user/.ansible/roles/geerlingguy.ntp/tasks/Rocky.yml\n\t/home/user/ansible/vars/Rocky.yml\n\t/home/user/ansible/Rocky.yml on the Ansible Controller.\nIf you are using a module and expect the file to exist on the remote, see the remote_src option"
}

Stale issues #108 #117 were not merged

Generate config file before starting/stopping the service

The config file is generated/deployed after the service is started.

Is it not better to move the task "Ensure NTP is running and enabled as configured." to the end of task.yml?

Stopping/disabling the service before deploying might make sense. but if the config file contains an error the service start will fail and the playbook will not reach the point where the config file is updated.
And if the default file contains incorrect values starting it before the file is reconfigured might trigger undesired changes to the system time.

Problems on Ubuntu 20.04

I am trying to use this role from within the Packer ansible provisioner, and running into problems:

2020-10-04T15:25:29-07:00:     vsphere-iso: TASK [geerlingguy.ntp : Populate service facts.] *******************************
2020-10-04T15:25:29-07:00:     vsphere-iso: task path: /var/lib/go-agent/pipelines/ubuntu-20.04-amd64-base/ansible/roles/geerlingguy.ntp/tasks/main.yml:52
2020-10-04T15:25:29-07:00:     vsphere-iso: <127.0.0.1> ESTABLISH SSH CONNECTION FOR USER: sysman
2020-10-04T15:25:29-07:00:     vsphere-iso: <127.0.0.1> SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o Port=40124 -o 'IdentityFile="/tmp/ansible-key963601233"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="sysman"' -o ConnectTimeout=10 '-o IdentitiesOnly=yes' -o ControlPath=/var/go/.ansible/cp/cc7b86b188 127.0.0.1 '/bin/sh -c '"'"'echo ~sysman && sleep 0'"'"''
2020-10-04T15:25:29-07:00:     vsphere-iso: <127.0.0.1> (0, '/home/sysman\n', 'OpenSSH_7.2p2 Ubuntu-4ubuntu2.10, OpenSSL 1.0.2g  1 Mar 2016\r\ndebug1: Reading configuration data /var/go/.ssh/config\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 19: Applying options for *\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 12194\r\ndebug3: mux_client_request_session: session request sent\r\ndebug1: mux_client_request_session: master session id: 2\r\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 0\r\n')
2020-10-04T15:25:29-07:00:     vsphere-iso: <127.0.0.1> ESTABLISH SSH CONNECTION FOR USER: sysman
2020-10-04T15:25:29-07:00:     vsphere-iso: <127.0.0.1> SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o Port=40124 -o 'IdentityFile="/tmp/ansible-key963601233"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="sysman"' -o ConnectTimeout=10 '-o IdentitiesOnly=yes' -o ControlPath=/var/go/.ansible/cp/cc7b86b188 127.0.0.1 '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo /home/sysman/.ansible/tmp/ansible-tmp-1601850329.46-104735892147766 `" && echo ansible-tmp-1601850329.46-104735892147766="` echo /home/sysman/.ansible/tmp/ansible-tmp-1601850329.46-104735892147766 `" ) && sleep 0'"'"''
2020-10-04T15:25:29-07:00:     vsphere-iso: <127.0.0.1> (0, 'ansible-tmp-1601850329.46-104735892147766=/home/sysman/.ansible/tmp/ansible-tmp-1601850329.46-104735892147766\n', 'OpenSSH_7.2p2 Ubuntu-4ubuntu2.10, OpenSSL 1.0.2g  1 Mar 2016\r\ndebug1: Reading configuration data /var/go/.ssh/config\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 19: Applying options for *\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 12194\r\ndebug3: mux_client_request_session: session request sent\r\ndebug1: mux_client_request_session: master session id: 2\r\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 0\r\n')
2020-10-04T15:25:29-07:00:     vsphere-iso: Using module file /usr/local/lib/python2.7/dist-packages/ansible/modules/system/service_facts.py
2020-10-04T15:25:29-07:00:     vsphere-iso: <127.0.0.1> PUT /var/go/.ansible/tmp/ansible-local-12183aLkODI/tmp9mUgtN TO /home/sysman/.ansible/tmp/ansible-tmp-1601850329.46-104735892147766/AnsiballZ_service_facts.py
2020-10-04T15:25:29-07:00:     vsphere-iso: <127.0.0.1> SSH: EXEC scp -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o Port=40124 -o 'IdentityFile="/tmp/ansible-key963601233"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="sysman"' -o ConnectTimeout=10 -o ControlPath=/var/go/.ansible/cp/cc7b86b188 /var/go/.ansible/tmp/ansible-local-12183aLkODI/tmp9mUgtN '[127.0.0.1]:/home/sysman/.ansible/tmp/ansible-tmp-1601850329.46-104735892147766/AnsiballZ_service_facts.py'
2020-10-04T15:25:29-07:00:     vsphere-iso: <127.0.0.1> (0, '', 'Executing: program /usr/bin/ssh host 127.0.0.1, user (unspecified), command scp -v -t /home/sysman/.ansible/tmp/ansible-tmp-1601850329.46-104735892147766/AnsiballZ_service_facts.py\nOpenSSH_7.2p2 Ubuntu-4ubuntu2.10, OpenSSL 1.0.2g  1 Mar 2016\r\ndebug1: Reading configuration data /var/go/.ssh/config\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 19: Applying options for *\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 12194\r\nSending file modes: C0600 103569 tmp9mUgtN\ndebug3: mux_client_request_session: session request sent\r\ndebug1: mux_client_request_session: master session id: 2\r\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 0\r\n')
2020-10-04T15:25:29-07:00:     vsphere-iso: <127.0.0.1> ESTABLISH SSH CONNECTION FOR USER: sysman
2020-10-04T15:25:29-07:00:     vsphere-iso: <127.0.0.1> SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o Port=40124 -o 'IdentityFile="/tmp/ansible-key963601233"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="sysman"' -o ConnectTimeout=10 '-o IdentitiesOnly=yes' -o ControlPath=/var/go/.ansible/cp/cc7b86b188 127.0.0.1 '/bin/sh -c '"'"'chmod u+x /home/sysman/.ansible/tmp/ansible-tmp-1601850329.46-104735892147766/ /home/sysman/.ansible/tmp/ansible-tmp-1601850329.46-104735892147766/AnsiballZ_service_facts.py && sleep 0'"'"''
2020-10-04T15:25:29-07:00:     vsphere-iso: <127.0.0.1> (0, '', 'OpenSSH_7.2p2 Ubuntu-4ubuntu2.10, OpenSSL 1.0.2g  1 Mar 2016\r\ndebug1: Reading configuration data /var/go/.ssh/config\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 19: Applying options for *\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 12194\r\ndebug3: mux_client_request_session: session request sent\r\ndebug1: mux_client_request_session: master session id: 2\r\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 0\r\n')
2020-10-04T15:25:29-07:00:     vsphere-iso: <127.0.0.1> ESTABLISH SSH CONNECTION FOR USER: sysman
2020-10-04T15:25:29-07:00:     vsphere-iso: <127.0.0.1> SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o Port=40124 -o 'IdentityFile="/tmp/ansible-key963601233"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="sysman"' -o ConnectTimeout=10 '-o IdentitiesOnly=yes' -o ControlPath=/var/go/.ansible/cp/cc7b86b188 -tt 127.0.0.1 '/bin/sh -c '"'"'sudo -H -S -n  -u root /bin/sh -c '"'"'"'"'"'"'"'"'echo BECOME-SUCCESS-sdlduqpbswkaazmcvavgovalwbnivdki ; /usr/bin/python3 /home/sysman/.ansible/tmp/ansible-tmp-1601850329.46-104735892147766/AnsiballZ_service_facts.py'"'"'"'"'"'"'"'"' && sleep 0'"'"''
2020-10-04T15:25:31-07:00:     vsphere-iso: <127.0.0.1> (1, 'BECOME-SUCCESS-sdlduqpbswkaazmcvavgovalwbnivdki\n\n{"msg": "Malformed output discovered from systemd list-unit-files: accounts-daemon.service                enabled         enabled      ", "failed": true, "exception": "  File \\"/tmp/ansible_service_facts_payload_b5j0md21/__main__.py\\", line 216, in gather_services\\n    service_name, status_val = line.split()\\n", "invocation": {"module_args": {}}}\n', "OpenSSH_7.2p2 Ubuntu-4ubuntu2.10, OpenSSL 1.0.2g  1 Mar 2016\r\ndebug1: Reading configuration data /var/go/.ssh/config\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 19: Applying options for *\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 12194\r\ndebug3: mux_client_request_session: session request sent\r\ndebug1: mux_client_request_session: master session id: 2\r\n/home/sysman/.ansible/tmp/ansible-tmp-1601850329.46-104735892147766/AnsiballZ_service_facts.py:18: DeprecationWarning: the imp module is deprecated in favour of importlib; see the module's documentation for alternative uses\n  import imp\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 1\r\nShared connection to 127.0.0.1 closed.\r\n")
2020-10-04T15:25:31-07:00:     vsphere-iso: <127.0.0.1> Failed to connect to the host via ssh: OpenSSH_7.2p2 Ubuntu-4ubuntu2.10, OpenSSL 1.0.2g  1 Mar 2016
2020-10-04T15:25:31-07:00:     vsphere-iso: debug1: Reading configuration data /var/go/.ssh/config
2020-10-04T15:25:31-07:00:     vsphere-iso: debug1: Reading configuration data /etc/ssh/ssh_config
2020-10-04T15:25:31-07:00:     vsphere-iso: debug1: /etc/ssh/ssh_config line 19: Applying options for *
2020-10-04T15:25:31-07:00:     vsphere-iso: debug1: auto-mux: Trying existing master
2020-10-04T15:25:31-07:00:     vsphere-iso: debug2: fd 3 setting O_NONBLOCK
2020-10-04T15:25:31-07:00:     vsphere-iso: debug2: mux_client_hello_exchange: master version 4
2020-10-04T15:25:31-07:00:     vsphere-iso: debug3: mux_client_forwards: request forwardings: 0 local, 0 remote
2020-10-04T15:25:31-07:00:     vsphere-iso: debug3: mux_client_request_session: entering
2020-10-04T15:25:31-07:00:     vsphere-iso: debug3: mux_client_request_alive: entering
2020-10-04T15:25:31-07:00:     vsphere-iso: debug3: mux_client_request_alive: done pid = 12194
2020-10-04T15:25:31-07:00:     vsphere-iso: debug3: mux_client_request_session: session request sent
2020-10-04T15:25:31-07:00:     vsphere-iso: debug1: mux_client_request_session: master session id: 2
2020-10-04T15:25:31-07:00:     vsphere-iso: /home/sysman/.ansible/tmp/ansible-tmp-1601850329.46-104735892147766/AnsiballZ_service_facts.py:18: DeprecationWarning: the imp module is deprecated in favour of importlib; see the module's documentation for alternative uses
2020-10-04T15:25:31-07:00:     vsphere-iso:   import imp
2020-10-04T15:25:31-07:00:     vsphere-iso: debug3: mux_client_read_packet: read header failed: Broken pipe
2020-10-04T15:25:31-07:00:     vsphere-iso: debug2: Received exit status from master 1
2020-10-04T15:25:31-07:00:     vsphere-iso: Shared connection to 127.0.0.1 closed.
2020-10-04T15:25:31-07:00:     vsphere-iso: <127.0.0.1> ESTABLISH SSH CONNECTION FOR USER: sysman
2020-10-04T15:25:31-07:00:     vsphere-iso: <127.0.0.1> SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o Port=40124 -o 'IdentityFile="/tmp/ansible-key963601233"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="sysman"' -o ConnectTimeout=10 '-o IdentitiesOnly=yes' -o ControlPath=/var/go/.ansible/cp/cc7b86b188 127.0.0.1 '/bin/sh -c '"'"'rm -f -r /home/sysman/.ansible/tmp/ansible-tmp-1601850329.46-104735892147766/ > /dev/null 2>&1 && sleep 0'"'"''
2020-10-04T15:25:31-07:00:     vsphere-iso: <127.0.0.1> (0, '', 'OpenSSH_7.2p2 Ubuntu-4ubuntu2.10, OpenSSL 1.0.2g  1 Mar 2016\r\ndebug1: Reading configuration data /var/go/.ssh/config\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 19: Applying options for *\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 12194\r\ndebug3: mux_client_request_session: session request sent\r\ndebug1: mux_client_request_session: master session id: 2\r\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 0\r\n')
2020-10-04T15:25:31-07:00:     vsphere-iso: The full traceback is:
2020-10-04T15:25:31-07:00:     vsphere-iso:   File "/tmp/ansible_service_facts_payload_b5j0md21/__main__.py", line 216, in gather_services
2020-10-04T15:25:31-07:00:     vsphere-iso:     service_name, status_val = line.split()
2020-10-04T15:25:31-07:00:     vsphere-iso: fatal: [default]: FAILED! => {
2020-10-04T15:25:31-07:00:     vsphere-iso:     "changed": false,
2020-10-04T15:25:31-07:00:     vsphere-iso:     "invocation": {
2020-10-04T15:25:31-07:00:     vsphere-iso:         "module_args": {}
2020-10-04T15:25:31-07:00:     vsphere-iso:     },
2020-10-04T15:25:31-07:00:     vsphere-iso:     "msg": "Malformed output discovered from systemd list-unit-files: accounts-daemon.service                enabled         enabled      "
2020-10-04T15:25:31-07:00:     vsphere-iso: }
2020-10-04T15:25:31-07:00:     vsphere-iso:
2020-10-04T15:25:31-07:00:     vsphere-iso: RUNNING HANDLER [geerlingguy.ntp : restart cron] *******************************
2020-10-04T15:25:31-07:00:     vsphere-iso: task path: /var/lib/go-agent/pipelines/ubuntu-20.04-amd64-base/ansible/roles/geerlingguy.ntp/handlers/main.yml:8
2020-10-04T15:25:31-07:00:     vsphere-iso:
2020-10-04T15:25:31-07:00:     vsphere-iso: PLAY RECAP *********************************************************************
2020-10-04T15:25:31-07:00:     vsphere-iso: default                    : ok=13   changed=2    unreachable=0    failed=1    skipped=3    rescued=0    ignored=0
2020-10-04T15:25:31-07:00:     vsphere-iso:

The requirements.yml file looks like this:

---
- name: geerlingguy.pip
- name: open-vm-tools
  src: ssh://[email protected]:7999/ai/open-vm-tools.git
  version: last_known_good
  scm: git
- name: geerlingguy.ntp

The playbook.yml file looks like this:

---
- hosts: all
  become: true
  roles:
    - role: geerlingguy.pip
      vars:
        - pip_package: python3-pip
        - pip_executable: pip3
    - role: open-vm-tools
    - role: geerlingguy.ntp

If I remove the role from my Packer job, deploy the template and create a VM from it, and then run this role against a VM cloned from that template it seems to work.

update README.md - missing community.general in Requirements

I think the readme is outdated, there is no "community.general" in Requirements.

When I try to ansible-lint a playbook using geerlingguy/ntp, I get the following error :

../../../../home/runner/.cache/ansible-compat/70d583/roles/geerlingguy.ntp/tasks/main.yml:36:3: syntax-check: couldn't resolve module/action 'timezone'. This often indicates a misspelling, missing collection, or incorrect module path.

in tasks/main :

- name: Set timezone.
  timezone:
    name: "{{ ntp_timezone }}"
  notify: restart cron

Indeed, the timezone command does not exist unless you install community.general, according to this doc : https://docs.ansible.com/ansible/latest/collections/community/general/timezone_module.html

Support set custom ntp server from local network

Hello
Please add support set custom ntp server from local network - not public ntp server
Thanks

it doesn't work as a role dependencies in another role

here the error:

ERROR! no action detected in task. This often indicates a misspelled module name, or incorrect module path.

The error appears to have been in '/vagrant/ansible/roles/vendor/geerlingguy.ntp/tasks/main.yml': line 13, column 3, but may
be elsewhere in the file depending on the exact syntax problem.

The offending line appears to be:


- name: Set timezone
  ^ here


The error appears to have been in '/vagrant/ansible/roles/vendor/geerlingguy.ntp/tasks/main.yml': line 13, column 3, but may
be elsewhere in the file depending on the exact syntax problem.

The offending line appears to be:


- name: Set timezone
  ^ here

Ansible failed to complete successfully. Any error output should be
visible above. Please fix these errors and try again.

this is the meta/default.yml e.g.:

---

dependencies:
  - role: geerlingguy.ntp

CentOS 6 servers report error "cannot read configuration file /etc/sysconfig/clock for name"

So, I thought I might be running into an issue related to ansible/ansible#25819, but now that I've been expanding my reach and testing on a number of different servers, it seems like any CentOS 6 minimal install ends up not having a /etc/sysconfig/clock file. So this role fails on all those servers for some reason...

It might be best to just create that file if it doesn't exist, with the contents ZONE="{{ ntp_timezone }}", but only on CentOS 6?

ansible_managed tag causes ntp restart every run

Hi!

This library has been working great for me to manage my ntp configs; thanks for writing it. There's one thing that's annoying me - that is on every run ntp is restarted because of the inclusion of the ansible_managed tag in the top of the file, which has a different timestamp, and so different file contents every time ansible is run:

ansible-role-ntp/templates/ntp.conf.j2

Line 1 in 1420529

# {{ ansible_managed }}

Would you accept a PR which removes ansible_managed from that line and instead adds a simple unchanging comment that the file is managed by Ansible?

additional operating system for the role

Hi Jeff, I am maintaining a lot of hypervisor hosts and they are a bit different to normal operating systems. In that case, it's XCP-ng, which is an (awesome) fork of XenServer and Xenserver sits on top of centos.
My problem is that when you check for 'ansible_os_family' my Server will not give you back 'RedHat' it will tell you that it is "ansible_os_family": "XCP-ng",

at the moment I've fixed that like:

  roles:
    # role to manage ntp/chrony
    - role: geerlingguy.ntp
      vars:
        ansible_os_family: 'RedHat'

but I would like to bring the XCP-ng OS in your role. it is actually an centos7 so it needs exactly the variable file which RedHat is using:

that should do the trick:

- name: Include OS-specific variables for XCP-ng.
  include_vars: RedHat.yml
  when:
    - ansible_os_family == 'XCP-ng'

so we don't need another File in the vars directory with the same values like RedHat.yml

I am happy to do a PR if that's the way you prefer or do you have a better idea?
thanks!

Setting local time fails with Permission Denied

PLAY [all] *********************************************************************

TASK [setup] *******************************************************************
ok: [testing]

TASK [geerlingguy.ntp : Include OS-specific variables.] ************************
ok: [testing]

TASK [geerlingguy.ntp : Set the correct timezone.] *****************************
fatal: [testing]: FAILED! => {"changed": false, "failed": true, "gid": 0, "group": "root", "mode": "0644", "msg": "Error while replacing: [Errno 13] Permission denied", "owner": "root", "path": "/etc/localtime", "size": 118, "state": "file", "uid": 0}

Playbook:

---
- hosts: all
  roles:
    - { role: geerlingguy.ntp,
        ntp_enabled: true,
        ntp_timezone: Etc/UTC,
        ntp_servers: [
          server 0.amazon.pool.ntp.org iburst
          server 1.amazon.pool.ntp.org iburst,
          server 2.amazon.pool.ntp.org iburst,
          server 3.amazon.pool.ntp.org iburst
        ],
        tags: ["provision"]
      }

Config:

[defaults]
remote_user=ubuntu

[ssh_connection]
ssh_args = -o ForwardAgent=yes

Typo in ntp_servers array

ntp_servers:

"0{{ ntp_area }}.pool.ntp.org iburst"
"1{{ ntp_area }}.pool.ntp.org iburst"
"2{{ ntp_area }}.pool.ntp.org iburst"
"3{{ ntp_area }}.pool.ntp.org iburst"

should be:

ntp_servers:

"0.{{ ntp_area }}.pool.ntp.org iburst"
"1.{{ ntp_area }}.pool.ntp.org iburst"
"2.{{ ntp_area }}.pool.ntp.org iburst"
"3.{{ ntp_area }}.pool.ntp.org iburst"

See : http://support.ntp.org/bin/view/Servers/NTPPoolServers

Ubuntu: Destination /etc not writable

Describe the bug
When trying to run the installation script, the operations fails with this stacktrace..

fatal: [fra1-ubuntu-001]: FAILED! => {
    "changed": false,
    "checksum": "535c7503a89685c0955d0f825bb5e563bba3490a",
    "diff": [],
    "invocation": {
        "module_args": {
            "_original_basename": "ntp.conf.j2",
            "attributes": null,
            "backup": false,
            "checksum": "535c7503a89685c0955d0f825bb5e563bba3490a",
            "content": null,
            "delimiter": null,
            "dest": "/etc/ntp.conf",
            "directory_mode": null,
            "follow": false,
            "force": true,
            "group": null,
            "local_follow": null,
            "mode": null,
            "owner": null,
            "regexp": null,
            "remote_src": null,
            "selevel": null,
            "serole": null,
            "setype": null,
            "seuser": null,
            "src": "/home/tobias/.ansible/tmp/ansible-tmp-1532006594.8-189544530093692/source",
            "unsafe_writes": null,
            "validate": null
        }
    },
    "msg": "Destination /etc not writable"
}