Chapter 16

handlers セクション

y_mrok
y_mrok
2021.10.24に更新
このチャプターの目次

説明

この章の説明はこのリンクをクリックしてください。

演習問題

Q. 管理対象ノード marutamachi を NTP サーバーとして構成してください。

  • 基本タスク
    1. パッケージ chrony ( クローニー ) をインストール
    2. ファイル「 chrony.txt 」を設定ファイル「 /etc/chrony.conf 」に上書きコピー
      • ファイルをコピーするタスク ( の一部 )
      ansible.builtin.copy:
        src: "./chrony.txt"         # コピー元 ( コントロールノード ) のファイルのパス
        dest: "/etc/chrony.conf"    # コピー先 ( 管理対象ノード ) のファイルのパス
        owner: root                 # コピーした後のファイルのオーナー
        group: root                 # コピーした後のファイルのグループ
        mode: 0644                  # コピーした後のファイルのモード -rw-r--r--
        force: yes                  # コピー先に同名のファイルが存在していたら上書きコピー
        backup: yes                 # コピー先に同名のファイルが存在してたらバックアップする
      
      • 「 chrony.txt 」ファイルの内容
      # Use public servers from the pool.ntp.org project.
      # Please consider joining the pool (http://www.pool.ntp.org/join.html).
      #pool 2.centos.pool.ntp.org iburst
      pool ntp.nict.jp iburst
      
      # Record the rate at which the system clock gains/losses time.
      driftfile /var/lib/chrony/drift
      
      # Allow the system clock to be stepped in the first three updates
      # if its offset is larger than 1 second.
      makestep 1.0 3
      
      # Enable kernel synchronization of the real-time clock (RTC).
      rtcsync
      
      # Enable hardware timestamping on all interfaces that support it.
      #hwtimestamp *
      
      # Increase the minimum number of selectable sources required to adjust
      # the system clock.
      #minsources 2
      
      # Allow NTP client access from local network.
      #allow 192.168.0.0/16
      allow 192.168.111.0/16
      
      # Serve time even if not synchronized to a time source.
      #local stratum 10
      
      # Specify file containing keys for NTP authentication.
      keyfile /etc/chrony.keys
      
      # Get TAI-UTC offset and leap seconds from the system tz database.
      leapsectz right/UTC
      
      # Specify directory for log files.
      logdir /var/log/chrony
      
      # Select which information is logged.
      #log measurements statistics tracking
      ```  3. パッケージ firewalld をインストール
      
    3. firewalld.service を起動
    4. ファイアウォールに NTP port (123/udp) 用の穴あけ
  • パッケージ chrony をインストールしたか、設定ファイルを上書きコピーした場合のタスク
    1. chronyd.service を再起動 (restarted)
  • インベントリーファイルの内容
    hosts.yml
    ---
    all:
      hosts:
        marutamachi:
    
    group_vars/all.yml
    ---
    ansible_user: vagrant
    ansible_password: vagrant
    
    host_vars/marutamachi.yml
    ---
    ansible_host: 192.168.111.101
    
  • 構成後の動作確認の実行ログ
    y_mrok@ctrl:~/code/exam9$ ansible all -i hosts.yml -a "chronyc sources"
    marutamachi | CHANGED | rc=0 >>
    210 Number of sources = 4
    MS Name/IP address         Stratum Poll Reach LastRx Last sample               
    ===============================================================================
    ^- ntp-b3.nict.go.jp             1   6    17    64  +1339us[+1594us] +/-   11ms
    ^- ntp-a2.nict.go.jp             1   6    37     0  -2518us[-2518us] +/-   13ms
    ^* ntp-k1.nict.jp                1   6    37     0    +15us[ +359us] +/- 7331us
    ^- ntp-b2.nict.go.jp             1   6    37     0    -64us[  -64us] +/-   12ms
    y_mrok@ctrl:~/code/exam9$ 
    y_mrok@ctrl:~/code/exam9$ ansible all -i hosts.yml -a "chronyc sources -v"
    marutamachi | CHANGED | rc=0 >>
    210 Number of sources = 4
    
      .-- Source mode  '^' = server, '=' = peer, '#' = local clock.
     / .- Source state '*' = current synced, '+' = combined , '-' = not combined,
    | /   '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
    ||                                                 .- xxxx [ yyyy ] +/- zzzz
    ||      Reachability register (octal) -.           |  xxxx = adjusted offset,
    ||      Log2(Polling interval) --.      |          |  yyyy = measured offset,
    ||                                \     |          |  zzzz = estimated error.
    ||                                 |    |           \
    MS Name/IP address         Stratum Poll Reach LastRx Last sample               
    ===============================================================================
    ^- ntp-b3.nict.go.jp             1   6    37     6   +199us[ +199us] +/-   11ms
    ^- ntp-a2.nict.go.jp             1   6    37     6  -2518us[-2518us] +/-   13ms
    ^* ntp-k1.nict.jp                1   6    37     6    +15us[ +359us] +/- 7331us
    ^- ntp-b2.nict.go.jp             1   6    37     6    -64us[  -64us] +/-   12ms
    y_mrok@ctrl:~/code/exam9$ 
    
解答
install_chrony.yml
---
- name: Configure the NTP server.
  hosts: all
  gather_facts: no
  become: yes

  tasks:
    - name: Install the package chrony.
      ansible.builtin.dnf:
        name: chrony
        state: present
      notify:
        - restart chrony service

    - name: Overwrite and copy the file "chrony.txt" into the configuration file "/etc/chrony.conf".
      ansible.builtin.copy:
        src: "./chrony.txt"
        dest: "/etc/chrony.conf"
        owner: root
        group: root
        mode: 0644
        force: yes
        backup: yes
      notify:
        - restart chrony service

    - name: Install firewalld.
      ansible.builtin.dnf:
        name: firewalld
        state: present
  
    - name: Start "firewalld.service".
      ansible.builtin.systemd:
        name: firewalld.service
        enabled: yes
        state: started

    - name: Drill a hole for the ntp port.
      ansible.posix.firewalld:
        port: 123/udp
        permanent: yes
        immediate: yes
        state: enabled

  handlers:
    - name: Restart chrony.service.
      ansible.builtin.systemd:
        name: chronyd.service
        state: restarted
      listen:
        - restart chrony service
y_mrok@ctrl:~/code/chap16$ ansible-playbook -i hosts.yml install_chrony.yml 

PLAY [Configure the NTP server.] *********************************************************************************************************************

TASK [Install the package chrony.] *******************************************************************************************************************
ok: [marutamachi]

TASK [Overwrite and copy the file "chrony.txt" into the configuration file "/etc/chrony.conf".] ******************************************************
changed: [marutamachi]

TASK [Install firewalld.] ****************************************************************************************************************************
ok: [marutamachi]

TASK [Start "firewalld.service".] ********************************************************************************************************************
changed: [marutamachi]

TASK [Drill a hole for the ntp port.] ****************************************************************************************************************
changed: [marutamachi]

RUNNING HANDLER [Restart chrony.service.] ************************************************************************************************************
changed: [marutamachi]

PLAY RECAP *******************************************************************************************************************************************
marutamachi                : ok=6    changed=4    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   

y_mrok@ctrl:~/code/chap16$ 

冪等性を確認

y_mrok@ctrl:~/code/chap16$ ansible-playbook -i hosts.yml install_chrony.yml 

PLAY [Configure the NTP server.] *********************************************************************************************************************

TASK [Install the package chrony.] *******************************************************************************************************************
ok: [marutamachi]

TASK [Overwrite and copy the file "chrony.txt" into the configuration file "/etc/chrony.conf".] ******************************************************
ok: [marutamachi]

TASK [Install firewalld.] ****************************************************************************************************************************
ok: [marutamachi]

TASK [Start "firewalld.service".] ********************************************************************************************************************
ok: [marutamachi]

TASK [Drill a hole for the ntp port.] ****************************************************************************************************************
ok: [marutamachi]

PLAY RECAP *******************************************************************************************************************************************
marutamachi                : ok=5    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   

y_mrok@ctrl:~/code/chap16$ 

動作確認

y_mrok@ctrl:~/code/chap16$ ansible all -i hosts.yml -a "chronyc sources"
marutamachi | CHANGED | rc=0 >>
210 Number of sources = 4
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^- ntp-b2.nict.go.jp             1   6    37    13  -6286us[-6286us] +/-   11ms
^- ntp-a3.nict.go.jp             1   6    37    14    -34ms[  -34ms] +/-   36ms
^- ntp-b3.nict.go.jp             1   6    37    14  -6117us[-6117us] +/-   10ms
^* ntp-a2.nict.go.jp             1   6    37    14   -685us[+4287us] +/-   17ms
y_mrok@ctrl:~/code/chap16$ ansible all -i hosts.yml -a "chronyc sources -v"
marutamachi | CHANGED | rc=0 >>
210 Number of sources = 4

  .-- Source mode  '^' = server, '=' = peer, '#' = local clock.
 / .- Source state '*' = current synced, '+' = combined , '-' = not combined,
| /   '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
||                                                 .- xxxx [ yyyy ] +/- zzzz
||      Reachability register (octal) -.           |  xxxx = adjusted offset,
||      Log2(Polling interval) --.      |          |  yyyy = measured offset,
||                                \     |          |  zzzz = estimated error.
||                                 |    |           \
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^- ntp-b2.nict.go.jp             1   6    37    25  -6286us[-6286us] +/-   11ms
^- ntp-a3.nict.go.jp             1   6    37    26    -34ms[  -34ms] +/-   36ms
^- ntp-b3.nict.go.jp             1   6    37    26  -6117us[-6117us] +/-   10ms
^* ntp-a2.nict.go.jp             1   6    37    26   -685us[+4287us] +/-   17ms
y_mrok@ctrl:~/code/chap16$ 

Windows パソコンでタイムサーバーに管理対象ノード marutamachi を指定した結果