External-Mirrors/kubespray
2
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2026-01-09 15:02:08 -03:30
Code Issues Packages Projects Releases Wiki Activity
kubespray/roles/kubernetes/preinstall/tasks/0081-ntp-configurations.yml
Bas e80087df93
Fix for #12435 - setting timezone under SELinux. (#12436) 
Signed-off-by: Bas Meijer <bas.meijer@enexis.nl>
2025-12-24 16:40:31 +05:30

107 lines
2.5 KiB
YAML
Raw Blame History

---
- name: Disable systemd-timesyncd
service:
name: systemd-timesyncd.service
enabled: false
state: stopped
failed_when: false
- name: Set fact NTP settings
set_fact:
# noqa: jinja[spacing]
ntp_config_file: >-
{% if ntp_package == "ntp" -%}
/etc/ntp.conf
{%- elif ntp_package == "ntpsec" -%}
/etc/ntpsec/ntp.conf
{%- elif ansible_os_family in ['RedHat', 'Suse'] -%}
/etc/chrony.conf
{%- else -%}
/etc/chrony/chrony.conf
{%- endif -%}
# noqa: jinja[spacing]
ntp_service_name: >-
{% if ntp_package == "chrony" -%}
chronyd
{%- elif ansible_os_family in ["Flatcar", "Flatcar Container Linux by Kinvolk", "RedHat", "Suse"] -%}
ntpd
{%- else -%}
ntp
{%- endif %}
- name: Generate NTP configuration file.
template:
src: "{{ ntp_config_file | basename }}.j2"
dest: "{{ ntp_config_file }}"
mode: "0644"
notify: Preinstall | restart ntp
when:
- ntp_manage_config
- name: Stop the NTP Deamon For Sync Immediately # `ntpd -gq`,`chronyd -q` requires the ntp daemon stop
service:
name: "{{ ntp_service_name }}"
state: stopped
when:
- ntp_force_sync_immediately
- name: Force Sync NTP Immediately
# noqa: jinja[spacing]
command: >-
timeout -k 60s 60s
{% if ntp_package == "chrony" -%}
chronyd -q
{%- else -%}
ntpd -gq
{%- endif -%}
when:
- ntp_force_sync_immediately
- name: Ensure NTP service is started and enabled
service:
name: "{{ ntp_service_name }}"
state: started
enabled: true
- name: Ensure tzdata package
package:
name:
- tzdata
state: present
when:
- ntp_timezone
- not is_fedora_coreos
- not ansible_os_family in ["Flatcar", "Flatcar Container Linux by Kinvolk"]
- name: Gather selinux facts
ansible.builtin.setup:
gather_subset: selinux
when:
- ntp_timezone
- ansible_os_family == "RedHat"
- name: Put SELinux in permissive mode, logging actions that would be blocked.
ansible.posix.selinux:
policy: targeted
state: permissive
when:
- ntp_timezone
- ansible_os_family == "RedHat"
- ansible_facts.selinux.mode == 'enforcing'
- name: Set ntp_timezone
community.general.timezone:
name: "{{ ntp_timezone }}"
when:
- ntp_timezone
- name: Re-enable SELinux
ansible.posix.selinux:
policy: targeted
state: "{{ preinstall_selinux_state }}"
when:
- ntp_timezone
- ansible_os_family == "RedHat"
- ansible_facts.selinux.status == 'enabled'
Reference in New Issue View Git Blame Copy Permalink