mirror of https://github.com/easzlab/kubeasz.git
rewrite chrony installation
parent
2ea25dd600
commit
1b07f1b26e
|
@ -8,9 +8,9 @@
|
||||||
|
|
||||||
项目中选定一个节点(`groups.chrony[0]`)作为集群内部其他节点的时间同步源,而这个节点本身从公网源同步;当然如果整个集群都无法访问公网,那么请手动校准这个节点的时间后,仍旧可以作为内部集群的时间源服务器。
|
项目中选定一个节点(`groups.chrony[0]`)作为集群内部其他节点的时间同步源,而这个节点本身从公网源同步;当然如果整个集群都无法访问公网,那么请手动校准这个节点的时间后,仍旧可以作为内部集群的时间源服务器。
|
||||||
|
|
||||||
- 配置 chrony server,详见roles/chrony/templates/server-*.conf.j2
|
- 配置 chrony server,详见roles/chrony/templates/server.conf.j2
|
||||||
|
|
||||||
- 配置 chrony client,详见roles/chrony/templates/client-*.conf.j2
|
- 配置 chrony client,详见roles/chrony/templates/client.conf.j2
|
||||||
|
|
||||||
## `kubeasz` 集成安装
|
## `kubeasz` 集成安装
|
||||||
|
|
||||||
|
@ -18,68 +18,10 @@
|
||||||
- [可选] 修改 clusters/${cluster_name}/config.yml 中的相关配置
|
- [可选] 修改 clusters/${cluster_name}/config.yml 中的相关配置
|
||||||
-执行命令安装 `ezctl setup ${cluster_name} 01`
|
-执行命令安装 `ezctl setup ${cluster_name} 01`
|
||||||
|
|
||||||
## 验证配置
|
## 验证安装
|
||||||
|
|
||||||
- 在 chrony server 检查时间源信息,默认配置为`ntp1.aliyun.com`的地址:
|
- 检查chronyd服务状态 `systemctl status chronyd`
|
||||||
|
- 检查chronyd时间同步日志 `/var/log/chrony`
|
||||||
```
|
|
||||||
$ chronyc sources -v
|
|
||||||
210 Number of sources = 5
|
|
||||||
|
|
||||||
.-- Source mode '^' = server, '=' = peer, '#' = local clock.
|
|
||||||
/ .- Source state '*' = current synced, '+' = combined , '-' = not combined,
|
|
||||||
| / '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
|
|
||||||
|| .- xxxx [ yyyy ] +/- zzzz
|
|
||||||
|| Reachability register (octal) -. | xxxx = adjusted offset,
|
|
||||||
|| Log2(Polling interval) --. | | yyyy = measured offset,
|
|
||||||
|| \ | | zzzz = estimated error.
|
|
||||||
|| | | \
|
|
||||||
MS Name/IP address Stratum Poll Reach LastRx Last sample
|
|
||||||
===============================================================================
|
|
||||||
^* 120.25.115.20 2 9 377 55 +147us[ +250us] +/- 15ms
|
|
||||||
^- 85.199.214.100 1 10 377 182 -25ms[ -24ms] +/- 128ms
|
|
||||||
^- makaki.miuku.net 2 10 367 307 +61ms[ +61ms] +/- 127ms
|
|
||||||
^- static-5-103-139-163.ip.f 1 9 167 572 +532us[ +336us] +/- 117ms
|
|
||||||
^- 119.28.183.184 2 7 377 33 -130us[ -130us] +/- 47ms
|
|
||||||
```
|
|
||||||
|
|
||||||
- 在 chrony server 检查时间源同步状态
|
|
||||||
|
|
||||||
```
|
|
||||||
chronyc sourcestats -v
|
|
||||||
210 Number of sources = 5
|
|
||||||
.- Number of sample points in measurement set.
|
|
||||||
/ .- Number of residual runs with same sign.
|
|
||||||
| / .- Length of measurement set (time).
|
|
||||||
| | / .- Est. clock freq error (ppm).
|
|
||||||
| | | / .- Est. error in freq.
|
|
||||||
| | | | / .- Est. offset.
|
|
||||||
| | | | | | On the -.
|
|
||||||
| | | | | | samples. \
|
|
||||||
| | | | | | |
|
|
||||||
Name/IP Address NP NR Span Frequency Freq Skew Offset Std Dev
|
|
||||||
==============================================================================
|
|
||||||
120.25.115.20 15 11 44m +0.011 0.909 +4097ns 758us
|
|
||||||
85.199.214.100 22 13 49m -3.588 5.097 -23ms 5709us
|
|
||||||
makaki.miuku.net 22 14 46m +2.455 6.225 +64ms 4945us
|
|
||||||
static-5-103-139-163.ip.f 20 13 42m -2.472 10.168 +3615us 6732us
|
|
||||||
119.28.183.184 16 9 19m +10.378 25.190 +3469us 6803us
|
|
||||||
```
|
|
||||||
|
|
||||||
- 在 chrony client 检查,可以看到时间源只有一个(groups.chrony[0] 节点地址)
|
|
||||||
|
|
||||||
```
|
|
||||||
$ chronyc sources
|
|
||||||
210 Number of sources = 1
|
|
||||||
MS Name/IP address Stratum Poll Reach LastRx Last sample
|
|
||||||
===============================================================================
|
|
||||||
^* 192.168.1.1 3 6 377 15 +4085ns[ -25us] +/- 15ms
|
|
||||||
$ chronyc sourcestats
|
|
||||||
210 Number of sources = 1
|
|
||||||
Name/IP Address NP NR Span Frequency Freq Skew Offset Std Dev
|
|
||||||
==============================================================================
|
|
||||||
192.168.1.1 5 4 323 -0.252 0.819 -3031ns 15us
|
|
||||||
```
|
|
||||||
|
|
||||||
## 验证时间同步状态完成
|
## 验证时间同步状态完成
|
||||||
|
|
||||||
|
|
2
ezdown
2
ezdown
|
@ -16,7 +16,7 @@ set -o errexit
|
||||||
DOCKER_VER=20.10.5
|
DOCKER_VER=20.10.5
|
||||||
KUBEASZ_VER=3.0.1
|
KUBEASZ_VER=3.0.1
|
||||||
K8S_BIN_VER=v1.20.5
|
K8S_BIN_VER=v1.20.5
|
||||||
EXT_BIN_VER=0.9.0
|
EXT_BIN_VER=0.9.2
|
||||||
SYS_PKG_VER=0.3.3
|
SYS_PKG_VER=0.3.3
|
||||||
HARBOR_VER=v2.1.3
|
HARBOR_VER=v2.1.3
|
||||||
REGISTRY_MIRROR=CN
|
REGISTRY_MIRROR=CN
|
||||||
|
|
|
@ -1,9 +1,9 @@
|
||||||
- name: apt更新缓存刷新
|
- name: prepare some dirs
|
||||||
apt: update_cache=yes cache_valid_time=72000
|
file: name={{ item }} state=directory
|
||||||
ignore_errors: true
|
with_items:
|
||||||
when:
|
- "/etc/chrony"
|
||||||
- 'ansible_distribution in ["Ubuntu","Debian"]'
|
- "/var/lib/chrony"
|
||||||
- 'INSTALL_SOURCE != "offline"'
|
- "/var/log/chrony"
|
||||||
|
|
||||||
- name: apt 卸载 ntp
|
- name: apt 卸载 ntp
|
||||||
shell: 'apt remove -y ntp'
|
shell: 'apt remove -y ntp'
|
||||||
|
@ -17,46 +17,33 @@
|
||||||
warn: false
|
warn: false
|
||||||
ignore_errors: true
|
ignore_errors: true
|
||||||
|
|
||||||
- name: 安装 chrony
|
- name: 下载二进制文件chronyd
|
||||||
package: name=chrony state=present
|
copy: src={{ base_dir }}/bin/chronyd dest=/usr/sbin/chronyd mode=0755
|
||||||
when: 'INSTALL_SOURCE != "offline"'
|
|
||||||
|
|
||||||
# 离线安装 chrony
|
- name: 创建chronyd的systemd unit文件
|
||||||
- import_tasks: offline.yml
|
template: src=chronyd.service.j2 dest=/etc/systemd/system/chronyd.service
|
||||||
when: 'INSTALL_SOURCE == "offline"'
|
|
||||||
|
|
||||||
- block:
|
- name: 配置 chrony server
|
||||||
- name: 配置 chrony server
|
template: src=server.conf.j2 dest=/etc/chrony/chrony.conf
|
||||||
template: src=server-centos.conf.j2 dest=/etc/chrony.conf
|
|
||||||
when: 'ansible_distribution in ["CentOS","RedHat","Amazon","Aliyun"]'
|
|
||||||
|
|
||||||
- name: 配置 chrony server
|
|
||||||
template: src=server-ubuntu.conf.j2 dest=/etc/chrony/chrony.conf
|
|
||||||
when: 'ansible_distribution in ["Ubuntu","Debian"]'
|
|
||||||
|
|
||||||
- name: 启动 chrony server
|
|
||||||
service: name=chronyd state=restarted enabled=yes
|
|
||||||
when: 'ansible_distribution in ["CentOS","RedHat","Amazon","Aliyun"]'
|
|
||||||
|
|
||||||
- name: 启动 chrony server
|
|
||||||
service: name=chrony state=restarted enabled=yes
|
|
||||||
when: 'ansible_distribution in ["Ubuntu","Debian"]'
|
|
||||||
when: 'inventory_hostname == groups.chrony[0]'
|
when: 'inventory_hostname == groups.chrony[0]'
|
||||||
|
|
||||||
- block:
|
- name: 配置 chrony client
|
||||||
- name: 配置 chrony client
|
template: src=client.conf.j2 dest=/etc/chrony/chrony.conf
|
||||||
template: src=client-centos.conf.j2 dest=/etc/chrony.conf
|
|
||||||
when: 'ansible_distribution in ["CentOS","RedHat","Amazon","Aliyun"]'
|
|
||||||
|
|
||||||
- name: 配置 chrony client
|
|
||||||
template: src=client-ubuntu.conf.j2 dest=/etc/chrony/chrony.conf
|
|
||||||
when: 'ansible_distribution in ["Ubuntu","Debian"]'
|
|
||||||
|
|
||||||
- name: 启动 chrony client
|
|
||||||
service: name=chronyd state=restarted enabled=yes
|
|
||||||
when: 'ansible_distribution in ["CentOS","RedHat","Amazon","Aliyun"]'
|
|
||||||
|
|
||||||
- name: 启动 chrony client
|
|
||||||
service: name=chrony state=restarted enabled=yes
|
|
||||||
when: 'ansible_distribution in ["Ubuntu","Debian"]'
|
|
||||||
when: 'inventory_hostname != groups.chrony[0]'
|
when: 'inventory_hostname != groups.chrony[0]'
|
||||||
|
|
||||||
|
- name: 开机启用chronyd服务
|
||||||
|
shell: systemctl enable chronyd
|
||||||
|
ignore_errors: true
|
||||||
|
|
||||||
|
- name: 开启chronyd服务
|
||||||
|
shell: systemctl daemon-reload && systemctl restart chronyd
|
||||||
|
ignore_errors: true
|
||||||
|
tags: restart_chronyd
|
||||||
|
|
||||||
|
- name: 以轮询的方式等待chronyd服务启动
|
||||||
|
shell: "systemctl status chronyd.service|grep Active"
|
||||||
|
register: svc_status
|
||||||
|
until: '"running" in svc_status.stdout'
|
||||||
|
retries: 3
|
||||||
|
delay: 3
|
||||||
|
tags: restart_chronyd
|
||||||
|
|
|
@ -1,70 +0,0 @@
|
||||||
# 离线安装 chrony
|
|
||||||
- name: 准备离线安装包目录
|
|
||||||
file: name=/opt/kube/packages/chrony state=directory
|
|
||||||
|
|
||||||
# ubuntu 1604
|
|
||||||
- block:
|
|
||||||
- name: 分发 chrony_xenial 离线包
|
|
||||||
copy:
|
|
||||||
src: "{{ base_dir }}/down/packages/chrony_xenial.tar.gz"
|
|
||||||
dest: "/opt/kube/packages/chrony/chrony_xenial.tar.gz"
|
|
||||||
|
|
||||||
- name: 安装 chrony_xenial 离线包
|
|
||||||
shell: 'cd /opt/kube/packages/chrony && tar zxf chrony_xenial.tar.gz && \
|
|
||||||
dpkg -i *.deb > /tmp/install_chrony.log 2>&1'
|
|
||||||
when: ansible_distribution_release == "xenial"
|
|
||||||
ignore_errors: true
|
|
||||||
|
|
||||||
# ubuntu 1804
|
|
||||||
- block:
|
|
||||||
- name: 分发 chrony_bionic 离线包
|
|
||||||
copy:
|
|
||||||
src: "{{ base_dir }}/down/packages/chrony_bionic.tar.gz"
|
|
||||||
dest: "/opt/kube/packages/chrony/chrony_bionic.tar.gz"
|
|
||||||
|
|
||||||
- name: 安装 chrony_bionic 离线包
|
|
||||||
shell: 'cd /opt/kube/packages/chrony && tar zxf chrony_bionic.tar.gz && \
|
|
||||||
dpkg -i *.deb > /tmp/install_chrony.log 2>&1'
|
|
||||||
when: ansible_distribution_release == "bionic"
|
|
||||||
ignore_errors: true
|
|
||||||
|
|
||||||
# centos7
|
|
||||||
- block:
|
|
||||||
- name: 分发 chrony_centos7 离线包
|
|
||||||
copy:
|
|
||||||
src: "{{ base_dir }}/down/packages/chrony_centos7.tar.gz"
|
|
||||||
dest: "/opt/kube/packages/chrony/chrony_centos7.tar.gz"
|
|
||||||
|
|
||||||
- name: 安装 chrony_centos7 离线包
|
|
||||||
shell: 'cd /opt/kube/packages/chrony && tar zxf chrony_centos7.tar.gz && \
|
|
||||||
rpm -Uvh --force --nodeps *.rpm > /tmp/install_chrony.log 2>&1'
|
|
||||||
when:
|
|
||||||
- 'ansible_distribution_major_version == "7"'
|
|
||||||
- 'ansible_distribution == "CentOS"'
|
|
||||||
ignore_errors: true
|
|
||||||
|
|
||||||
# debian9
|
|
||||||
- block:
|
|
||||||
- name: 分发 chrony_stretch 离线包
|
|
||||||
copy:
|
|
||||||
src: "{{ base_dir }}/down/packages/chrony_stretch.tar.gz"
|
|
||||||
dest: "/opt/kube/packages/chrony/chrony_stretch.tar.gz"
|
|
||||||
|
|
||||||
- name: 安装 chrony_stretch 离线包
|
|
||||||
shell: 'cd /opt/kube/packages/chrony && tar zxf chrony_stretch.tar.gz && \
|
|
||||||
dpkg -i *.deb > /tmp/install_chrony.log 2>&1'
|
|
||||||
when: ansible_distribution_release == "stretch"
|
|
||||||
ignore_errors: true
|
|
||||||
|
|
||||||
# debian10
|
|
||||||
- block:
|
|
||||||
- name: 分发 chrony_buster 离线包
|
|
||||||
copy:
|
|
||||||
src: "{{ base_dir }}/down/packages/chrony_buster.tar.gz"
|
|
||||||
dest: "/opt/kube/packages/chrony/chrony_buster.tar.gz"
|
|
||||||
|
|
||||||
- name: 安装 chrony_buster 离线包
|
|
||||||
shell: 'cd /opt/kube/packages/chrony && tar zxf chrony_buster.tar.gz && \
|
|
||||||
dpkg -i *.deb > /tmp/install_chrony.log 2>&1'
|
|
||||||
when: ansible_distribution_release == "buster"
|
|
||||||
ignore_errors: true
|
|
|
@ -0,0 +1,20 @@
|
||||||
|
[Unit]
|
||||||
|
Description=chrony, an NTP client/server
|
||||||
|
Documentation=https://chrony.tuxfamily.org/documentation.html
|
||||||
|
Conflicts=systemd-timesyncd.service openntpd.service ntpd.service ntp.service ntpsec.service
|
||||||
|
After=network.target
|
||||||
|
ConditionCapability=CAP_SYS_TIME
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
# sysctl net.netfilter.nf_conntrack_count
|
||||||
|
Type=forking
|
||||||
|
PIDFile=/var/run/chrony/chronyd.pid
|
||||||
|
ExecStart=/usr/sbin/chronyd -f /etc/chrony/chrony.conf
|
||||||
|
ExecStartPost=/sbin/iptables -t raw -A PREROUTING -p udp -m udp --dport 123 -j NOTRACK
|
||||||
|
ExecStartPost=/sbin/iptables -t raw -A OUTPUT -p udp -m udp --sport 123 -j NOTRACK
|
||||||
|
PrivateTmp=yes
|
||||||
|
ProtectHome=yes
|
||||||
|
ProtectSystem=full
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
|
@ -1,44 +0,0 @@
|
||||||
# Use public servers from the pool.ntp.org project.
|
|
||||||
server {{ groups['chrony'][0] }} iburst
|
|
||||||
|
|
||||||
# Ignor source level
|
|
||||||
stratumweight 0
|
|
||||||
|
|
||||||
# Record the rate at which the system clock gains/losses time.
|
|
||||||
driftfile /var/lib/chrony/drift
|
|
||||||
|
|
||||||
# Allow the system clock to be stepped in the first three updates
|
|
||||||
# if its offset is larger than 1 second.
|
|
||||||
makestep 1.0 3
|
|
||||||
|
|
||||||
# Enable kernel synchronization of the real-time clock (RTC).
|
|
||||||
rtcsync
|
|
||||||
|
|
||||||
# Enable hardware timestamping on all interfaces that support it.
|
|
||||||
#hwtimestamp *
|
|
||||||
|
|
||||||
# Increase the minimum number of selectable sources required to adjust
|
|
||||||
# the system clock.
|
|
||||||
#minsources 2
|
|
||||||
|
|
||||||
# Allow NTP client access from local network.
|
|
||||||
allow {{ local_network }}
|
|
||||||
|
|
||||||
#
|
|
||||||
bindcmdaddress 127.0.0.1
|
|
||||||
bindcmdaddress ::1
|
|
||||||
|
|
||||||
# Serve time even if not synchronized to a time source.
|
|
||||||
#local stratum 10
|
|
||||||
|
|
||||||
# Specify file containing keys for NTP authentication.
|
|
||||||
keyfile /etc/chrony.keys
|
|
||||||
|
|
||||||
# Specify directory for log files.
|
|
||||||
logdir /var/log/chrony
|
|
||||||
|
|
||||||
# Select which information is logged.
|
|
||||||
#log measurements statistics tracking
|
|
||||||
|
|
||||||
#
|
|
||||||
logchange 1
|
|
|
@ -1,52 +0,0 @@
|
||||||
# Use public servers from the pool.ntp.org project.
|
|
||||||
pool {{ groups['chrony'][0] }} iburst
|
|
||||||
|
|
||||||
# Look here for the admin password needed for chronyc. The initial
|
|
||||||
# password is generated by a random process at install time. You may
|
|
||||||
# change it if you wish.
|
|
||||||
keyfile /etc/chrony/chrony.keys
|
|
||||||
|
|
||||||
# I moved the driftfile to /var/lib/chrony to comply with the Debian
|
|
||||||
# filesystem standard.
|
|
||||||
driftfile /var/lib/chrony/chrony.drift
|
|
||||||
|
|
||||||
# Comment this line out to turn off logging.
|
|
||||||
#log tracking measurements statistics
|
|
||||||
logdir /var/log/chrony
|
|
||||||
|
|
||||||
# Stop bad estimates upsetting machine clock.
|
|
||||||
maxupdateskew 100.0
|
|
||||||
|
|
||||||
# Dump measurements when daemon exits.
|
|
||||||
#dumponexit
|
|
||||||
|
|
||||||
# Specify directory for dumping measurements.
|
|
||||||
dumpdir /var/lib/chrony
|
|
||||||
|
|
||||||
# This directive lets 'chronyd' to serve time even if unsynchronised to any
|
|
||||||
# NTP server.
|
|
||||||
#local stratum 10
|
|
||||||
|
|
||||||
# This directive designates subnets (or nodes) from which NTP clients are allowed
|
|
||||||
# to access to 'chronyd'.
|
|
||||||
allow {{ local_network }}
|
|
||||||
|
|
||||||
# This directive forces `chronyd' to send a message to syslog if it
|
|
||||||
# makes a system clock adjustment larger than a threshold value in seconds.
|
|
||||||
logchange 1
|
|
||||||
|
|
||||||
# This directive defines an email address to which mail should be sent
|
|
||||||
# if chronyd applies a correction exceeding a particular threshold to the
|
|
||||||
# system clock.
|
|
||||||
|
|
||||||
# mailonchange root@localhost 0.5
|
|
||||||
|
|
||||||
# This directive tells 'chronyd' to parse the 'adjtime' file to find out if the
|
|
||||||
# real-time clock keeps local time or UTC. It overrides the 'rtconutc' directive.
|
|
||||||
|
|
||||||
hwclockfile /etc/adjtime
|
|
||||||
|
|
||||||
# This directive enables kernel synchronisation (every 11 minutes) of the
|
|
||||||
# real-time clock. Note that it can’t be used along with the 'rtcfile' directive.
|
|
||||||
|
|
||||||
rtcsync
|
|
|
@ -0,0 +1,32 @@
|
||||||
|
# Use local server
|
||||||
|
server {{ groups['chrony'][0] }} iburst
|
||||||
|
|
||||||
|
# Record the rate at which the system clock gains/losses time.
|
||||||
|
driftfile /var/lib/chrony/drift
|
||||||
|
|
||||||
|
# Allow the system clock to be stepped in the first three updates
|
||||||
|
# if its offset is larger than 1 second.
|
||||||
|
makestep 1.0 3
|
||||||
|
|
||||||
|
# This directive enables kernel synchronisation (every 11 minutes) of the
|
||||||
|
# real-time clock. Note that it can’t be used along with the 'rtcfile' directive.
|
||||||
|
rtcsync
|
||||||
|
|
||||||
|
# Specify directory for dumping measurements.
|
||||||
|
dumpdir /var/lib/chrony
|
||||||
|
|
||||||
|
# This directive designates subnets (or nodes) from which NTP clients are allowed
|
||||||
|
# to access to 'chronyd'.
|
||||||
|
allow {{ local_network }}
|
||||||
|
|
||||||
|
# Stop bad estimates upsetting machine clock.
|
||||||
|
maxupdateskew 100.0
|
||||||
|
|
||||||
|
# Ignor source level
|
||||||
|
stratumweight 0
|
||||||
|
|
||||||
|
# Comment this line out to turn off logging.
|
||||||
|
#log tracking measurements statistics
|
||||||
|
logdir /var/log/chrony
|
||||||
|
log statistics measurements tracking
|
||||||
|
noclientlog
|
|
@ -1,51 +0,0 @@
|
||||||
# Use public servers from the pool.ntp.org project.
|
|
||||||
{% for HOST in ntp_servers %}
|
|
||||||
server {{ HOST }} iburst
|
|
||||||
{% endfor %}
|
|
||||||
server 0.centos.pool.ntp.org iburst
|
|
||||||
server 1.centos.pool.ntp.org iburst
|
|
||||||
server 2.centos.pool.ntp.org iburst
|
|
||||||
server 3.centos.pool.ntp.org iburst
|
|
||||||
|
|
||||||
# Ignor source level
|
|
||||||
stratumweight 0
|
|
||||||
|
|
||||||
# Record the rate at which the system clock gains/losses time.
|
|
||||||
driftfile /var/lib/chrony/drift
|
|
||||||
|
|
||||||
# Allow the system clock to be stepped in the first three updates
|
|
||||||
# if its offset is larger than 1 second.
|
|
||||||
makestep 1.0 3
|
|
||||||
|
|
||||||
# Enable kernel synchronization of the real-time clock (RTC).
|
|
||||||
rtcsync
|
|
||||||
|
|
||||||
# Enable hardware timestamping on all interfaces that support it.
|
|
||||||
#hwtimestamp *
|
|
||||||
|
|
||||||
# Increase the minimum number of selectable sources required to adjust
|
|
||||||
# the system clock.
|
|
||||||
#minsources 2
|
|
||||||
|
|
||||||
# Allow NTP client access from local network.
|
|
||||||
allow {{ local_network }}
|
|
||||||
|
|
||||||
#
|
|
||||||
bindcmdaddress 127.0.0.1
|
|
||||||
bindcmdaddress ::1
|
|
||||||
|
|
||||||
# Serve time even if not synchronized to a time source.
|
|
||||||
local stratum 10
|
|
||||||
|
|
||||||
# Specify file containing keys for NTP authentication.
|
|
||||||
keyfile /etc/chrony.keys
|
|
||||||
|
|
||||||
# Specify directory for log files.
|
|
||||||
logdir /var/log/chrony
|
|
||||||
|
|
||||||
# Select which information is logged.
|
|
||||||
#log measurements statistics tracking
|
|
||||||
|
|
||||||
#
|
|
||||||
noclientlog
|
|
||||||
logchange 1
|
|
|
@ -1,55 +0,0 @@
|
||||||
# Use public servers from the pool.ntp.org project.
|
|
||||||
{% for HOST in ntp_servers %}
|
|
||||||
server {{ HOST }} iburst
|
|
||||||
{% endfor %}
|
|
||||||
pool 2.debian.pool.ntp.org iburst
|
|
||||||
|
|
||||||
# Look here for the admin password needed for chronyc. The initial
|
|
||||||
# password is generated by a random process at install time. You may
|
|
||||||
# change it if you wish.
|
|
||||||
keyfile /etc/chrony/chrony.keys
|
|
||||||
|
|
||||||
# I moved the driftfile to /var/lib/chrony to comply with the Debian
|
|
||||||
# filesystem standard.
|
|
||||||
driftfile /var/lib/chrony/chrony.drift
|
|
||||||
|
|
||||||
# Comment this line out to turn off logging.
|
|
||||||
#log tracking measurements statistics
|
|
||||||
logdir /var/log/chrony
|
|
||||||
|
|
||||||
# Stop bad estimates upsetting machine clock.
|
|
||||||
maxupdateskew 100.0
|
|
||||||
|
|
||||||
# Dump measurements when daemon exits.
|
|
||||||
#dumponexit
|
|
||||||
|
|
||||||
# Specify directory for dumping measurements.
|
|
||||||
dumpdir /var/lib/chrony
|
|
||||||
|
|
||||||
# This directive lets 'chronyd' to serve time even if unsynchronised to any
|
|
||||||
# NTP server.
|
|
||||||
local stratum 10
|
|
||||||
|
|
||||||
# This directive designates subnets (or nodes) from which NTP clients are allowed
|
|
||||||
# to access to 'chronyd'.
|
|
||||||
allow {{ local_network }}
|
|
||||||
|
|
||||||
# This directive forces `chronyd' to send a message to syslog if it
|
|
||||||
# makes a system clock adjustment larger than a threshold value in seconds.
|
|
||||||
logchange 1
|
|
||||||
|
|
||||||
# This directive defines an email address to which mail should be sent
|
|
||||||
# if chronyd applies a correction exceeding a particular threshold to the
|
|
||||||
# system clock.
|
|
||||||
|
|
||||||
# mailonchange root@localhost 0.5
|
|
||||||
|
|
||||||
# This directive tells 'chronyd' to parse the 'adjtime' file to find out if the
|
|
||||||
# real-time clock keeps local time or UTC. It overrides the 'rtconutc' directive.
|
|
||||||
|
|
||||||
hwclockfile /etc/adjtime
|
|
||||||
|
|
||||||
# This directive enables kernel synchronisation (every 11 minutes) of the
|
|
||||||
# real-time clock. Note that it can’t be used along with the 'rtcfile' directive.
|
|
||||||
|
|
||||||
rtcsync
|
|
|
@ -0,0 +1,39 @@
|
||||||
|
# Use public servers from the pool.ntp.org project.
|
||||||
|
{% for HOST in ntp_servers %}
|
||||||
|
server {{ HOST }} iburst
|
||||||
|
{% endfor %}
|
||||||
|
pool pool.ntp.org iburst
|
||||||
|
pool 2.debian.pool.ntp.org iburst
|
||||||
|
|
||||||
|
# Record the rate at which the system clock gains/losses time.
|
||||||
|
driftfile /var/lib/chrony/drift
|
||||||
|
|
||||||
|
# Allow the system clock to be stepped in the first three updates
|
||||||
|
# if its offset is larger than 1 second.
|
||||||
|
makestep 1.0 3
|
||||||
|
|
||||||
|
# This directive enables kernel synchronisation (every 11 minutes) of the
|
||||||
|
# real-time clock. Note that it can’t be used along with the 'rtcfile' directive.
|
||||||
|
rtcsync
|
||||||
|
|
||||||
|
# Specify directory for dumping measurements.
|
||||||
|
dumpdir /var/lib/chrony
|
||||||
|
|
||||||
|
# This directive lets 'chronyd' to serve time even if unsynchronised to any NTP server.
|
||||||
|
local stratum 10
|
||||||
|
|
||||||
|
# This directive designates subnets (or nodes) from which NTP clients are allowed
|
||||||
|
# to access to 'chronyd'.
|
||||||
|
allow {{ local_network }}
|
||||||
|
|
||||||
|
# Stop bad estimates upsetting machine clock.
|
||||||
|
maxupdateskew 100.0
|
||||||
|
|
||||||
|
# Ignor source level
|
||||||
|
stratumweight 0
|
||||||
|
|
||||||
|
# Comment this line out to turn off logging.
|
||||||
|
#log tracking measurements statistics
|
||||||
|
logdir /var/log/chrony
|
||||||
|
log statistics measurements tracking
|
||||||
|
noclientlog
|
|
@ -1,11 +1,14 @@
|
||||||
- block:
|
- block:
|
||||||
- name: stop and disable chrony in Ubuntu
|
- name: stop and disable chronyd
|
||||||
service: name=chrony state=stopped enabled=no
|
|
||||||
ignore_errors: true
|
|
||||||
when: 'ansible_distribution in ["Ubuntu","Debian"]'
|
|
||||||
|
|
||||||
- name: stop and disable chronyd in CentOS/RedHat
|
|
||||||
service: name=chronyd state=stopped enabled=no
|
service: name=chronyd state=stopped enabled=no
|
||||||
ignore_errors: true
|
ignore_errors: true
|
||||||
when: 'ansible_distribution in ["CentOS","RedHat","Amazon","Aliyun"]'
|
|
||||||
|
- name: remove files and dirs
|
||||||
|
file: name={{ item }} state=absent
|
||||||
|
with_items:
|
||||||
|
- "/etc/chrony"
|
||||||
|
- "/var/lib/chrony"
|
||||||
|
- "/var/log/chrony"
|
||||||
|
- "/var/run/chrony"
|
||||||
|
- "/etc/systemd/system/chronyd.service"
|
||||||
when: "groups['chrony']|length > 0"
|
when: "groups['chrony']|length > 0"
|
||||||
|
|
|
@ -62,7 +62,6 @@
|
||||||
- "/root/.kube/config"
|
- "/root/.kube/config"
|
||||||
- "/etc/kubernetes/kube-controller-manager.kubeconfig"
|
- "/etc/kubernetes/kube-controller-manager.kubeconfig"
|
||||||
- "/etc/kubernetes/kube-scheduler.kubeconfig"
|
- "/etc/kubernetes/kube-scheduler.kubeconfig"
|
||||||
tags: upgrade_k8s, restart_master
|
|
||||||
|
|
||||||
- name: 创建 kube-scheduler 配置文件
|
- name: 创建 kube-scheduler 配置文件
|
||||||
template: src=kube-scheduler-config.yaml.j2 dest=/etc/kubernetes/kube-scheduler-config.yaml
|
template: src=kube-scheduler-config.yaml.j2 dest=/etc/kubernetes/kube-scheduler-config.yaml
|
||||||
|
|
Loading…
Reference in New Issue