Support multi local chrony servers
In the old implementation, if there is no external ntp server, only one local chrony server is supported. If multi chrony-server is configured, chrony client can not sync with them. In the new implementation * use VIP to connect chrony-server, which ensure multi local chrony servers are supported. * chrony servers depend on VIP. So chrony-server group should be the same with haproxy group. * prevent chrony client sync from itself. * Change owner to chrony:kolla for chrony log folder * fix keysfile path * use chrony user for centos and ubuntu image * fix permission issue for /var/lib/chrony folder Closes-Bug: #1705200 Change-Id: I6e85fda9824b5ddc7a96895425c5932a3566c27e
This commit is contained in:
parent
eab8efe166
commit
72ee7dac7c
@ -21,7 +21,7 @@ localhost ansible_connection=local
|
||||
# You can explicitly specify which hosts run each project by updating the
|
||||
# groups in the sections below. Common services are grouped together.
|
||||
[chrony-server:children]
|
||||
control
|
||||
haproxy
|
||||
|
||||
[chrony:children]
|
||||
network
|
||||
|
@ -41,7 +41,7 @@ monitoring
|
||||
# You can explicitly specify which hosts run each project by updating the
|
||||
# groups in the sections below. Common services are grouped together.
|
||||
[chrony-server:children]
|
||||
control
|
||||
haproxy
|
||||
|
||||
[chrony:children]
|
||||
control
|
||||
|
@ -1,13 +1,16 @@
|
||||
{% for host in groups['chrony-server'] %}
|
||||
{% if inventory_hostname != host %}
|
||||
server {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }} iburst
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
{% set keyfile = '/etc/chrony.keys' if kolla_base_distro in ['centos', 'oraclelinux', 'redhat'] else '/etc/chrony/chrony.keys' %}
|
||||
|
||||
server {{ kolla_internal_vip_address }} iburst
|
||||
{# NOTE(jeffrey4l): external_ntp_servers may be None here #}
|
||||
{% if external_ntp_servers %}
|
||||
{% for ntp_server in external_ntp_servers %}
|
||||
server {{ ntp_server }} iburst
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
|
||||
keyfile /etc/chrony/chrony.keys
|
||||
user chrony
|
||||
|
||||
keyfile {{ keyfile }}
|
||||
|
||||
commandkey 1
|
||||
|
||||
@ -26,13 +29,16 @@ dumpdir /var/lib/chrony
|
||||
|
||||
{% if inventory_hostname in groups['chrony-server'] %}
|
||||
allow all
|
||||
# prevent chrony sync from self
|
||||
deny {{ kolla_internal_vip_address }}
|
||||
deny {{ api_interface_address }}
|
||||
local stratum 10
|
||||
{% else %}
|
||||
port 0
|
||||
deny all
|
||||
{% endif %}
|
||||
|
||||
bindaddress {{ api_interface_address }}
|
||||
bindaddress {{ kolla_internal_vip_address }}
|
||||
|
||||
logchange 0.5
|
||||
|
||||
|
@ -7,5 +7,17 @@
|
||||
"owner": "chrony",
|
||||
"perm": "0600"
|
||||
}
|
||||
],
|
||||
"permissions": [
|
||||
{
|
||||
"path": "/var/log/kolla/chrony",
|
||||
"owner": "chrony:kolla",
|
||||
"recurse": true
|
||||
},
|
||||
{
|
||||
"path": "/var/lib/chrony",
|
||||
"owner": "chrony:chrony",
|
||||
"recurse": true
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -0,0 +1,6 @@
|
||||
---
|
||||
upgrade:
|
||||
- |
|
||||
chrony server high available is implemented. And it depends on VIP now.
|
||||
chrony-server group is moved to network node in default and must be the
|
||||
same with haproxy group.
|
Loading…
Reference in New Issue
Block a user