✨ feat: Add Chrony support for all components

roles/chrony/defaults/main.yml

@@ -0,0 +1,17 @@
+---
+chrony_confdir: '/etc/chrony/conf.d'
+chrony_sourcedir_dhcp: '/run/chrony-dhcp'
+chrony_sourcedir: '/etc/chrony/sources.d'
+chrony_conf_file: '/etc/chrony/chrony.conf'
+chrony_keyfile: '/etc/chrony/chrony.keys'
+chrony_pool:
+  'ntp.ubuntu.com': 'iburst maxsources 4'
+  '0.ubuntu.ppol.ntp.org': 'iburst maxsources 1'
+  '1.ubuntu.pool.ntp.org': 'iburst maxsources 1'
+  '2.ubuntu.pool.ntp.org': 'iburst maxsources 2'
+chrony_driftfile: '/var/lib/chrony/chrony.drift'
+chrony_ntsdumpdir: '/var/lib/chrony'
+chrony_logdir: '/var/log/chrony'
+chrony_maxupdateskew: '100.0'
+chrony_maxstep: '1 3'
+chrony_leapsectz: 'right/UTC'

roles/chrony/handlers/main.yml

@@ -0,0 +1,5 @@
+---
+- name: Restart chronyd
+  ansible.builtin.service:
+    name: chronyd
+    state: restarted

roles/chrony/tasks/main.yml

@@ -0,0 +1,33 @@
+---
+- name: Install chrony for time synchronization
+  ansible.builtin.apt:
+    name: chrony
+    state: present
+    install_recommends: false
+  tags:
+    - chrony
+    - package
+
+- name: Configure chrony from template
+  ansible.builtin.template:
+    src: chrony.conf.j2
+    dest: /etc/chrony.conf
+    owner: root
+    group: root
+    mode: 0644
+    backup: yes
+  notify:
+    - Restart chronyd
+  tags:
+    - chrony
+    - configuration
+
+- name: 'Manage the chrony service'
+  become: yes
+  service:
+    name: chronyd
+    enabled: true
+    state: started
+  tags:
+    - chrony
+    - systemd

roles/chrony/templates/chrony.conf.j2

@@ -0,0 +1,66 @@
+#########
+# DO NOT EDIT THIS FILE
+# Managed by Ansible
+######
+
+# Welcome to the chrony configuration file. See chrony.conf(5) for more
+# information about usable directives.
+
+# Include configuration files found in {{ chrony_confdir }}.
+confdir {{ chrony_confdir }}
+
+# This will use (up to):
+# - 4 sources from ntp.ubuntu.com which some are ipv6 enabled
+# - 2 sources from 2.ubuntu.pool.ntp.org which is ipv6 enabled as well
+# - 1 source from [01].ubuntu.pool.ntp.org each (ipv4 only atm)
+# This means by default, up to 6 dual-stack and up to 2 additional IPv4-only
+# sources will be used.
+# At the same time it retains some protection against one of the entries being
+# down (compare to just using one of the lines). See (LP: #1754358) for the
+# discussion.
+#
+# About using servers from the NTP Pool Project in general see (LP: #104525).
+# Approved by Ubuntu Technical Board on 2011-02-08.
+# See http://www.pool.ntp.org/join.html for more information.
+{% for (key, value) in chrony_pool.items() %}
+    pool {{ key }}  {{ value }}
+{% endfor %}
+
+# Use time sources from DHCP.
+sourcedir {{ chrony_sourcedir_dhcp }}
+
+# Use NTP sources found in {{ chrony_sourcedir }}.
+sourcedir {{ chrony_sourcedir }}
+
+# This directive specify the location of the file containing ID/key pairs for
+# NTP authentication.
+keyfile {{ chrony_keyfile }}
+
+# This directive specify the file into which chronyd will store the rate
+# information.
+driftfile {{ chrony_driftfile }}
+
+# Save NTS keys and cookies.
+ntsdumpdir {{ chrony_ntsdumpdir }}
+
+# Uncomment the following line to turn logging on.
+#log tracking measurements statistics
+
+# Log files location.
+logdir {{ chrony_logdir }}
+
+# Stop bad estimates upsetting machine clock.
+maxupdateskew {{ chrony_maxupdateskew }}
+
+# This directive enables kernel synchronisation (every 11 minutes) of the
+# real-time clock. Note that it can’t be used along with the 'rtcfile' directive.
+rtcsync
+
+# Step the system clock instead of slewing it if the adjustment is larger than
+# one second, but only in the first three clock updates.
+makestep {{ chrony_maxstep }}
+
+# Get TAI-UTC offset and leap seconds from the system tz database.
+# This directive must be commented out when using time sources serving
+# leap-smeared time.
+leapsectz {{ chrony_leapsectz }}