Chapter 16

handlers セクション

y_mrok

2021.10.24に更新

このチャプターの目次

説明
演習問題

説明

この章の説明はこのリンクをクリックしてください。

演習問題

Q. 管理対象ノード marutamachi を NTP サーバーとして構成してください。

基本タスク

パッケージ chrony ( クローニー ) をインストール

ファイル「 chrony.txt 」を設定ファイル「 /etc/chrony.conf 」に上書きコピー

ファイルをコピーするタスク ( の一部 )

ansible.builtin.copy:
  src: "./chrony.txt"         # コピー元 ( コントロールノード ) のファイルのパス
  dest: "/etc/chrony.conf"    # コピー先 ( 管理対象ノード ) のファイルのパス
  owner: root                 # コピーした後のファイルのオーナー
  group: root                 # コピーした後のファイルのグループ
  mode: 0644                  # コピーした後のファイルのモード -rw-r--r--
  force: yes                  # コピー先に同名のファイルが存在していたら上書きコピー
  backup: yes                 # コピー先に同名のファイルが存在してたらバックアップする

「 chrony.txt 」ファイルの内容

# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#pool 2.centos.pool.ntp.org iburst
pool ntp.nict.jp iburst

# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift

# Allow the system clock to be stepped in the first three updates
# if its offset is larger than 1 second.
makestep 1.0 3

# Enable kernel synchronization of the real-time clock (RTC).
rtcsync

# Enable hardware timestamping on all interfaces that support it.
#hwtimestamp *

# Increase the minimum number of selectable sources required to adjust
# the system clock.
#minsources 2

# Allow NTP client access from local network.
#allow 192.168.0.0/16
allow 192.168.111.0/16

# Serve time even if not synchronized to a time source.
#local stratum 10

# Specify file containing keys for NTP authentication.
keyfile /etc/chrony.keys

# Get TAI-UTC offset and leap seconds from the system tz database.
leapsectz right/UTC

# Specify directory for log files.
logdir /var/log/chrony

# Select which information is logged.
#log measurements statistics tracking
```  3. パッケージ firewalld をインストール

firewalld.service を起動
ファイアウォールに NTP port (123/udp) 用の穴あけ

パッケージ chrony をインストールしたか、設定ファイルを上書きコピーした場合のタスク
1. chronyd.service を再起動 (restarted)

インベントリーファイルの内容

hosts.yml
---
all:
  hosts:
    marutamachi:

group_vars/all.yml
---
ansible_user: vagrant
ansible_password: vagrant

host_vars/marutamachi.yml
---
ansible_host: 192.168.111.101

構成後の動作確認の実行ログ

y_mrok@ctrl:~/code/exam9$ ansible all -i hosts.yml -a "chronyc sources"
marutamachi | CHANGED | rc=0 >>
210 Number of sources = 4
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^- ntp-b3.nict.go.jp             1   6    17    64  +1339us[+1594us] +/-   11ms
^- ntp-a2.nict.go.jp             1   6    37     0  -2518us[-2518us] +/-   13ms
^* ntp-k1.nict.jp                1   6    37     0    +15us[ +359us] +/- 7331us
^- ntp-b2.nict.go.jp             1   6    37     0    -64us[  -64us] +/-   12ms
y_mrok@ctrl:~/code/exam9$ 
y_mrok@ctrl:~/code/exam9$ ansible all -i hosts.yml -a "chronyc sources -v"
marutamachi | CHANGED | rc=0 >>
210 Number of sources = 4

  .-- Source mode  '^' = server, '=' = peer, '#' = local clock.
 / .- Source state '*' = current synced, '+' = combined , '-' = not combined,
| /   '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
||                                                 .- xxxx [ yyyy ] +/- zzzz
||      Reachability register (octal) -.           |  xxxx = adjusted offset,
||      Log2(Polling interval) --.      |          |  yyyy = measured offset,
||                                \     |          |  zzzz = estimated error.
||                                 |    |           \
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^- ntp-b3.nict.go.jp             1   6    37     6   +199us[ +199us] +/-   11ms
^- ntp-a2.nict.go.jp             1   6    37     6  -2518us[-2518us] +/-   13ms
^* ntp-k1.nict.jp                1   6    37     6    +15us[ +359us] +/- 7331us
^- ntp-b2.nict.go.jp             1   6    37     6    -64us[  -64us] +/-   12ms
y_mrok@ctrl:~/code/exam9$

解答

install_chrony.yml
---
- name: Configure the NTP server.
  hosts: all
  gather_facts: no
  become: yes

  tasks:
    - name: Install the package chrony.
      ansible.builtin.dnf:
        name: chrony
        state: present
      notify:
        - restart chrony service

    - name: Overwrite and copy the file "chrony.txt" into the configuration file "/etc/chrony.conf".
      ansible.builtin.copy:
        src: "./chrony.txt"
        dest: "/etc/chrony.conf"
        owner: root
        group: root
        mode: 0644
        force: yes
        backup: yes
      notify:
        - restart chrony service

    - name: Install firewalld.
      ansible.builtin.dnf:
        name: firewalld
        state: present
  
    - name: Start "firewalld.service".
      ansible.builtin.systemd:
        name: firewalld.service
        enabled: yes
        state: started

    - name: Drill a hole for the ntp port.
      ansible.posix.firewalld:
        port: 123/udp
        permanent: yes
        immediate: yes
        state: enabled

  handlers:
    - name: Restart chrony.service.
      ansible.builtin.systemd:
        name: chronyd.service
        state: restarted
      listen:
        - restart chrony service

y_mrok@ctrl:~/code/chap16$ ansible-playbook -i hosts.yml install_chrony.yml 

PLAY [Configure the NTP server.] *********************************************************************************************************************

TASK [Install the package chrony.] *******************************************************************************************************************
ok: [marutamachi]

TASK [Overwrite and copy the file "chrony.txt" into the configuration file "/etc/chrony.conf".] ******************************************************
changed: [marutamachi]

TASK [Install firewalld.] ****************************************************************************************************************************
ok: [marutamachi]

TASK [Start "firewalld.service".] ********************************************************************************************************************
changed: [marutamachi]

TASK [Drill a hole for the ntp port.] ****************************************************************************************************************
changed: [marutamachi]

RUNNING HANDLER [Restart chrony.service.] ************************************************************************************************************
changed: [marutamachi]

PLAY RECAP *******************************************************************************************************************************************
marutamachi                : ok=6    changed=4    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   

y_mrok@ctrl:~/code/chap16$

冪等性を確認

y_mrok@ctrl:~/code/chap16$ ansible-playbook -i hosts.yml install_chrony.yml 

PLAY [Configure the NTP server.] *********************************************************************************************************************

TASK [Install the package chrony.] *******************************************************************************************************************
ok: [marutamachi]

TASK [Overwrite and copy the file "chrony.txt" into the configuration file "/etc/chrony.conf".] ******************************************************
ok: [marutamachi]

TASK [Install firewalld.] ****************************************************************************************************************************
ok: [marutamachi]

TASK [Start "firewalld.service".] ********************************************************************************************************************
ok: [marutamachi]

TASK [Drill a hole for the ntp port.] ****************************************************************************************************************
ok: [marutamachi]

PLAY RECAP *******************************************************************************************************************************************
marutamachi                : ok=5    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   

y_mrok@ctrl:~/code/chap16$

動作確認

y_mrok@ctrl:~/code/chap16$ ansible all -i hosts.yml -a "chronyc sources"
marutamachi | CHANGED | rc=0 >>
210 Number of sources = 4
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^- ntp-b2.nict.go.jp             1   6    37    13  -6286us[-6286us] +/-   11ms
^- ntp-a3.nict.go.jp             1   6    37    14    -34ms[  -34ms] +/-   36ms
^- ntp-b3.nict.go.jp             1   6    37    14  -6117us[-6117us] +/-   10ms
^* ntp-a2.nict.go.jp             1   6    37    14   -685us[+4287us] +/-   17ms
y_mrok@ctrl:~/code/chap16$ ansible all -i hosts.yml -a "chronyc sources -v"
marutamachi | CHANGED | rc=0 >>
210 Number of sources = 4

  .-- Source mode  '^' = server, '=' = peer, '#' = local clock.
 / .- Source state '*' = current synced, '+' = combined , '-' = not combined,
| /   '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
||                                                 .- xxxx [ yyyy ] +/- zzzz
||      Reachability register (octal) -.           |  xxxx = adjusted offset,
||      Log2(Polling interval) --.      |          |  yyyy = measured offset,
||                                \     |          |  zzzz = estimated error.
||                                 |    |           \
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^- ntp-b2.nict.go.jp             1   6    37    25  -6286us[-6286us] +/-   11ms
^- ntp-a3.nict.go.jp             1   6    37    26    -34ms[  -34ms] +/-   36ms
^- ntp-b3.nict.go.jp             1   6    37    26  -6117us[-6117us] +/-   10ms
^* ntp-a2.nict.go.jp             1   6    37    26   -685us[+4287us] +/-   17ms
y_mrok@ctrl:~/code/chap16$

Windows パソコンでタイムサーバーに管理対象ノード marutamachi を指定した結果