Skip to main content
Kiga’s Blog
  1. Tutorial/

Ansible: install NTP service

1536 words·8 mins
Ansible
Table of Contents

部署目标机配置
#

Subnet Ip 配置为 192.168.139.0

Subnet mask 为 255.255.255.0

inventory /ntp/inventory/all.ini

[machine]
192.168.139.[201:202] ansible_ssh_user=root ansible_ssh_pass=password

需要安装工具包/system/vars/main.yml

deployment_online_tools:
  - unzip
  - telnet
  - ntfs-3g
  - iftop
  - iotop
  - htop
  - lrzsz
  - net-tools
  - sysstat
  - python3

参数配置/playbook/config.yml

machine:
  ip: 192.168.139.201,192.168.139.202
  hostname: deploy-test
  dest_dir: '/home'
  src_dir: '/home/workspace/ntp/backup'

install:
  ntp: true

playbook 配置/playbook/main.yml

- hosts: "{{ machine.ip }}"
  gather_facts: false
  any_errors_fatal: True
  vars_files:
    - ./config.yml
  roles:
    - {role: system, tags: ['ntp', 'app']}
    - {role: middleware, tags: ['middleware','docker', 'app']}

NTP task 配置

---
- name: 在线安装 NTP 服务
  yum:
    name: ntp
    state: present

- name: 时钟同步
  block:
    - name: 同步系统时钟
      command: "ntpdate -u ntp.aliyun.com"
      ignore_errors: true

    - name: 同步硬件时钟
      command: "hwclock -w"

- name: NTP 配置
  block:
    - name: 注释 NTP 原配置
      shell: |
        sed -i 's/^server.*centos.pool.ntp.org/#&/g' /etc/ntp.conf        

    - name: 增加 NTP 配置
      lineinfile:
        path: /etc/ntp.conf
        state: present
        line: "{{ item }}"
      with_items:
        - server 127.127.1.0
        - Fudge 127.127.1.0 stratum 10

- name: 重启 NTP 服务
  service:
    name: ntpd
    state: restarted
    enabled: yes

配置文件需要核对文件所在路径。变量值决定部署位置,及部署环境属性。

执行
#

master 部署机上执行

ansible-playbook  -i inventory/all.ini playbook/main.yml

执行同步输出:

[root@localhost ntp]# ansible-playbook  -i inventory/all.ini playbook/main.yml

PLAY [192.168.139.201,192.168.139.202] ************************************************************************************************************************************************

TASK [system : 初始化变量] ************************************************************************************************************************************************************
ok: [192.168.139.201]
ok: [192.168.139.202]

TASK [system : 设置部署目录] **********************************************************************************************************************************************************
ok: [192.168.139.201]
ok: [192.168.139.202]

TASK [system : 获取系统信息] **********************************************************************************************************************************************************
ok: [192.168.139.202]
ok: [192.168.139.201]

TASK [system : 提取系统信息] **********************************************************************************************************************************************************
ok: [192.168.139.201]
ok: [192.168.139.202]

TASK [system : 设置 ansible_python_interpreter] ***************************************************************************************************************************************
ok: [192.168.139.201] => (item={'os': 'CentOS', 'python': '/usr/bin/python'})
skipping: [192.168.139.201] => (item={'os': 'KylinSec', 'python': '/usr/bin/python3'}) 
ok: [192.168.139.202] => (item={'os': 'CentOS', 'python': '/usr/bin/python'})
skipping: [192.168.139.202] => (item={'os': 'KylinSec', 'python': '/usr/bin/python3'}) 

TASK [system : 不支持的操作系统] ******************************************************************************************************************************************************
skipping: [192.168.139.201]
skipping: [192.168.139.202]

TASK [system : 退出] ******************************************************************************************************************************************************************
skipping: [192.168.139.201]

TASK [system : 打印系统信息] **********************************************************************************************************************************************************
ok: [192.168.139.201] => {
    "msg": "操作系统: CentOS 7.9, python: /usr/bin/python"
}
ok: [192.168.139.202] => {
    "msg": "操作系统: CentOS 7.9, python: /usr/bin/python"
}

TASK [system : 停止服务] **************************************************************************************************************************************************************
ok: [192.168.139.201] => (item=chronyd)
ok: [192.168.139.202] => (item=chronyd)
ok: [192.168.139.201] => (item=firewalld)
ok: [192.168.139.202] => (item=firewalld)
ok: [192.168.139.201] => (item=NetworkManager)
ok: [192.168.139.202] => (item=NetworkManager)

TASK [system : 创建YUM配置备份目录] ***************************************************************************************************************************************************
ok: [192.168.139.202]
ok: [192.168.139.201]

TASK [system : 备份YUM当前配置文件] ***************************************************************************************************************************************************
changed: [192.168.139.202]
changed: [192.168.139.201]

TASK [system : 上传YUM新配置文件] *****************************************************************************************************************************************************
changed: [192.168.139.201] => (item={'src': 'CentOS-Base.repo.j2', 'dest': '/etc/yum.repos.d/CentOS-Base.repo'})
changed: [192.168.139.202] => (item={'src': 'CentOS-Base.repo.j2', 'dest': '/etc/yum.repos.d/CentOS-Base.repo'})
changed: [192.168.139.201] => (item={'src': 'epel-testing.repo.j2', 'dest': '/etc/yum.repos.d/epel-testing.repo'})
changed: [192.168.139.202] => (item={'src': 'epel-testing.repo.j2', 'dest': '/etc/yum.repos.d/epel-testing.repo'})
changed: [192.168.139.201] => (item={'src': 'epel.repo.j2', 'dest': '/etc/yum.repos.d/epel.repo'})
changed: [192.168.139.202] => (item={'src': 'epel.repo.j2', 'dest': '/etc/yum.repos.d/epel.repo'})
ok: [192.168.139.202] => (item={'src': 'RPM-GPG-KEY-EPEL-7.j2', 'dest': '/etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7'})
ok: [192.168.139.201] => (item={'src': 'RPM-GPG-KEY-EPEL-7.j2', 'dest': '/etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7'})

TASK [system : 删除缓存] **************************************************************************************************************************************************************
changed: [192.168.139.202]
changed: [192.168.139.201]

TASK [system : 重置缓存] **************************************************************************************************************************************************************
changed: [192.168.139.202]
changed: [192.168.139.201]

TASK [system : 升级] ******************************************************************************************************************************************************************
changed: [192.168.139.202]
changed: [192.168.139.201]

TASK [system : 在线安装工具] **********************************************************************************************************************************************************
ok: [192.168.139.201] => (item=unzip)
ok: [192.168.139.202] => (item=unzip)
ok: [192.168.139.201] => (item=telnet)
ok: [192.168.139.202] => (item=telnet)
ok: [192.168.139.201] => (item=ntfs-3g)
ok: [192.168.139.202] => (item=ntfs-3g)
ok: [192.168.139.202] => (item=iftop)
ok: [192.168.139.201] => (item=iftop)
ok: [192.168.139.202] => (item=iotop)
ok: [192.168.139.201] => (item=iotop)
ok: [192.168.139.202] => (item=htop)
ok: [192.168.139.201] => (item=htop)
ok: [192.168.139.202] => (item=lrzsz)
ok: [192.168.139.201] => (item=lrzsz)
ok: [192.168.139.202] => (item=net-tools)
ok: [192.168.139.201] => (item=net-tools)
ok: [192.168.139.201] => (item=sysstat)
ok: [192.168.139.202] => (item=sysstat)
ok: [192.168.139.201] => (item=python3)
ok: [192.168.139.202] => (item=python3)

TASK [system : 设置主机名称] **********************************************************************************************************************************************************
changed: [192.168.139.201]
changed: [192.168.139.202]

TASK [system : 修改 SELinux 配置] *****************************************************************************************************************************************************
ok: [192.168.139.202]
ok: [192.168.139.201]

TASK [system : SELinux 配置生效] ******************************************************************************************************************************************************
fatal: [192.168.139.201]: FAILED! => {"changed": true, "cmd": ["setenforce", "0"], "delta": "0:00:00.023077", "end": "2024-10-15 02:08:07.549152", "msg": "non-zero return code", "rc": 1, "start": "2024-10-15 02:08:07.526075", "stderr": "setenforce: SELinux is disabled", "stderr_lines": ["setenforce: SELinux is disabled"], "stdout": "", "stdout_lines": []}
...ignoring
fatal: [192.168.139.202]: FAILED! => {"changed": true, "cmd": ["setenforce", "0"], "delta": "0:00:00.021580", "end": "2024-10-15 02:08:07.555685", "msg": "non-zero return code", "rc": 1, "start": "2024-10-15 02:08:07.534105", "stderr": "setenforce: SELinux is disabled", "stderr_lines": ["setenforce: SELinux is disabled"], "stdout": "", "stdout_lines": []}
...ignoring

TASK [system : 内核优化配置] **********************************************************************************************************************************************************
ok: [192.168.139.201] => (item=net.core.somaxconn= 2048)
ok: [192.168.139.202] => (item=net.core.somaxconn= 2048)
ok: [192.168.139.201] => (item=vm.overcommit_memory=1)
ok: [192.168.139.202] => (item=vm.overcommit_memory=1)
ok: [192.168.139.201] => (item=fs.file-max = 100000000)
ok: [192.168.139.202] => (item=fs.file-max = 100000000)
ok: [192.168.139.202] => (item=fs.inotify.max_user_watches=99999999)
ok: [192.168.139.201] => (item=fs.inotify.max_user_watches=99999999)
ok: [192.168.139.202] => (item=fs.inotify.max_user_instances=65535)
ok: [192.168.139.201] => (item=fs.inotify.max_user_instances=65535)
ok: [192.168.139.201] => (item=net.ipv4.tcp_tw_reuse = 1)
ok: [192.168.139.202] => (item=net.ipv4.tcp_tw_reuse = 1)
ok: [192.168.139.201] => (item=net.ipv4.tcp_keepalive_time = 600)
ok: [192.168.139.202] => (item=net.ipv4.tcp_keepalive_time = 600)
ok: [192.168.139.202] => (item=net.ipv4.tcp_fin_timeout = 60)
ok: [192.168.139.201] => (item=net.ipv4.tcp_fin_timeout = 60)
ok: [192.168.139.201] => (item=net.ipv4.tcp_max_tw_buckets = 5000)
ok: [192.168.139.202] => (item=net.ipv4.tcp_max_tw_buckets = 5000)
ok: [192.168.139.201] => (item=net.ipv4.ip_local_port_range = 1024 65536)
ok: [192.168.139.202] => (item=net.ipv4.ip_local_port_range = 1024 65536)
ok: [192.168.139.201] => (item=net.ipv4.tcp_rmem = 4096 32768 16777216)
ok: [192.168.139.202] => (item=net.ipv4.tcp_rmem = 4096 32768 16777216)
ok: [192.168.139.201] => (item=net.ipv4.tcp_wmem = 4096 32768 16777216)
ok: [192.168.139.202] => (item=net.ipv4.tcp_wmem = 4096 32768 16777216)
ok: [192.168.139.202] => (item=net.core.netdev_max_backlog = 262144)
ok: [192.168.139.201] => (item=net.core.netdev_max_backlog = 262144)
ok: [192.168.139.202] => (item=net.core.rmem_default = 262144)
ok: [192.168.139.201] => (item=net.core.rmem_default = 262144)
ok: [192.168.139.201] => (item=net.core.wmem_default = 262144)
ok: [192.168.139.202] => (item=net.core.wmem_default = 262144)
ok: [192.168.139.202] => (item=net.core.rmem_max = 2097152)
ok: [192.168.139.201] => (item=net.core.rmem_max = 2097152)
ok: [192.168.139.202] => (item=net.core.wmem_max = 2097152)
ok: [192.168.139.201] => (item=net.core.wmem_max = 2097152)
ok: [192.168.139.202] => (item=net.ipv4.tcp_syncookies = 1)
ok: [192.168.139.201] => (item=net.ipv4.tcp_syncookies = 1)
ok: [192.168.139.201] => (item=net.ipv4.tcp_max_syn_backlog = 262144)
ok: [192.168.139.202] => (item=net.ipv4.tcp_max_syn_backlog = 262144)

TASK [system : 加载配置] **************************************************************************************************************************************************************
changed: [192.168.139.202]
changed: [192.168.139.201]

TASK [system : Limits 配置] ***********************************************************************************************************************************************************
ok: [192.168.139.201] => (item=root soft nofile 65536)
ok: [192.168.139.202] => (item=root soft nofile 65536)
ok: [192.168.139.201] => (item=root hard nofile 65536)
ok: [192.168.139.202] => (item=root hard nofile 65536)
ok: [192.168.139.201] => (item=root soft nproc 65535)
ok: [192.168.139.202] => (item=root soft nproc 65535)
ok: [192.168.139.201] => (item=root hard nproc 65535)
ok: [192.168.139.202] => (item=root hard nproc 65535)

TASK [system : 关闭swap分区] **********************************************************************************************************************************************************
changed: [192.168.139.201]
changed: [192.168.139.202]

TASK [system : 生成工作目录] **********************************************************************************************************************************************************
ok: [192.168.139.201]
ok: [192.168.139.202]

TASK [system : 检查 /home/data 是否存在且为目录] **************************************************************************************************************************************
ok: [192.168.139.202]
ok: [192.168.139.201]

TASK [system : 检查 /home/data 目录] **************************************************************************************************************************************************
skipping: [192.168.139.201]
skipping: [192.168.139.202]

TASK [system : 打印成功信息] **********************************************************************************************************************************************************
ok: [192.168.139.201] => {
    "msg": "/home/data 目录存在且为一个目录"
}
ok: [192.168.139.202] => {
    "msg": "/home/data 目录存在且为一个目录"
}

TASK [system : 在线安装 NTP 服务] *****************************************************************************************************************************************************
ok: [192.168.139.201]
ok: [192.168.139.202]

TASK [system : 同步系统时钟] **********************************************************************************************************************************************************
changed: [192.168.139.201]
changed: [192.168.139.202]

TASK [system : 同步硬件时钟] **********************************************************************************************************************************************************
changed: [192.168.139.202]
changed: [192.168.139.201]

TASK [system : 注释 NTP 原配置] *******************************************************************************************************************************************************
changed: [192.168.139.201]
changed: [192.168.139.202]

TASK [system : 增加 NTP 配置] *********************************************************************************************************************************************************
ok: [192.168.139.202] => (item=server 127.127.1.0)
ok: [192.168.139.201] => (item=server 127.127.1.0)
ok: [192.168.139.202] => (item=Fudge 127.127.1.0 stratum 10)
ok: [192.168.139.201] => (item=Fudge 127.127.1.0 stratum 10)

TASK [system : 重启 NTP 服务] *********************************************************************************************************************************************************
changed: [192.168.139.202]
changed: [192.168.139.201]

TASK [system : 在线安装 NTP 服务] *****************************************************************************************************************************************************
ok: [192.168.139.202]
ok: [192.168.139.201]

TASK [system : 同步系统时钟] **********************************************************************************************************************************************************
changed: [192.168.139.202]
changed: [192.168.139.201]

TASK [system : 同步硬件时钟] **********************************************************************************************************************************************************
changed: [192.168.139.202]
changed: [192.168.139.201]

TASK [system : 注释 NTP 原配置] *******************************************************************************************************************************************************
changed: [192.168.139.201]
changed: [192.168.139.202]

TASK [system : 增加 NTP 配置] *********************************************************************************************************************************************************
ok: [192.168.139.201] => (item=server 127.127.1.0)
ok: [192.168.139.202] => (item=server 127.127.1.0)
ok: [192.168.139.201] => (item=Fudge 127.127.1.0 stratum 10)
ok: [192.168.139.202] => (item=Fudge 127.127.1.0 stratum 10)

TASK [system : 重启 NTP 服务] *********************************************************************************************************************************************************
changed: [192.168.139.201]
changed: [192.168.139.202]

TASK [system : 检查Docker是否已安装] **************************************************************************************************************************************************
changed: [192.168.139.201]
changed: [192.168.139.202]

TASK [system : 上传 docker 相关压缩包] ************************************************************************************************************************************************
skipping: [192.168.139.201] => (item=docker-20.10.3.tgz) 
skipping: [192.168.139.201] => (item=docker-rootless-extras-20.10.3.tgz) 
skipping: [192.168.139.201]
skipping: [192.168.139.202] => (item=docker-20.10.3.tgz) 
skipping: [192.168.139.202] => (item=docker-rootless-extras-20.10.3.tgz) 
skipping: [192.168.139.202]

TASK [system : 上传 docker-compose 程序] **********************************************************************************************************************************************
skipping: [192.168.139.201] => (item=docker-compose-v2.20.0) 
skipping: [192.168.139.201]
skipping: [192.168.139.202] => (item=docker-compose-v2.20.0) 
skipping: [192.168.139.202]

TASK [system : 解压安装 docker 相关可执行程序] ****************************************************************************************************************************************
skipping: [192.168.139.201] => (item=docker-20.10.3.tgz) 
skipping: [192.168.139.201] => (item=docker-rootless-extras-20.10.3.tgz) 
skipping: [192.168.139.201]
skipping: [192.168.139.202] => (item=docker-20.10.3.tgz) 
skipping: [192.168.139.202] => (item=docker-rootless-extras-20.10.3.tgz) 
skipping: [192.168.139.202]

TASK [system : 上传 docker 系统服务配置文件] ******************************************************************************************************************************************
skipping: [192.168.139.201]
skipping: [192.168.139.202]

TASK [system : 重新加载配置] **********************************************************************************************************************************************************
skipping: [192.168.139.201]
skipping: [192.168.139.202]

TASK [system : 创建 docker 配置文件目录] **********************************************************************************************************************************************
skipping: [192.168.139.201]
skipping: [192.168.139.202]

TASK [system : 上传 docker 配置文件] **************************************************************************************************************************************************
skipping: [192.168.139.201] => (item={'src': 'daemon.json.j2', 'dest': '/etc/docker/daemon.json'}) 
skipping: [192.168.139.201]
skipping: [192.168.139.202] => (item={'src': 'daemon.json.j2', 'dest': '/etc/docker/daemon.json'}) 
skipping: [192.168.139.202]

TASK [system : 重启 docker 服务] ******************************************************************************************************************************************************
skipping: [192.168.139.201]
skipping: [192.168.139.202]

TASK [middleware : 初始化变量] ********************************************************************************************************************************************************
ok: [192.168.139.201]
ok: [192.168.139.202]

TASK [middleware : pip install requests] **********************************************************************************************************************************************
changed: [192.168.139.202]
changed: [192.168.139.201]

TASK [middleware : 生成镜像目录] ******************************************************************************************************************************************************
ok: [192.168.139.201]
ok: [192.168.139.202]

TASK [middleware : 上传 deployment_mariadb 镜像文件] **********************************************************************************************************************************
ok: [192.168.139.201] => (item=mariadb10.5.4.tar.gz)
ok: [192.168.139.202] => (item=mariadb10.5.4.tar.gz)

TASK [middleware : 加载 deployment_mariadb 镜像文件] **********************************************************************************************************************************
changed: [192.168.139.202] => (item=mariadb10.5.4.tar.gz)
changed: [192.168.139.201] => (item=mariadb10.5.4.tar.gz)

TASK [middleware : include_tasks] *****************************************************************************************************************************************************
included: /home/workspace/ntp/playbook/roles/middleware/tasks/init_before_mariadb.yml for 192.168.139.201, 192.168.139.202

TASK [middleware : 创建 mysql 数据目录] ***********************************************************************************************************************************************
ok: [192.168.139.201] => (item={'dir': '/home/mariadb/data'})
ok: [192.168.139.202] => (item={'dir': '/home/mariadb/data'})

TASK [middleware : make mysql config path] ********************************************************************************************************************************************
ok: [192.168.139.201]
ok: [192.168.139.202]

TASK [middleware : copy mysql config rules] *******************************************************************************************************************************************
ok: [192.168.139.201]
ok: [192.168.139.202]

TASK [middleware : 检查 MariaDB 容器是否存在] *****************************************************************************************************************************************
changed: [192.168.139.201]
changed: [192.168.139.202]

TASK [middleware : 确保 MariaDB 容器正在运行] *****************************************************************************************************************************************
skipping: [192.168.139.201]
skipping: [192.168.139.202]

TASK [middleware : wait for 5 seconds for mysql ready] ********************************************************************************************************************************
Pausing for 5 seconds
(ctrl+C then 'C' = continue early, ctrl+C then 'A' = abort)
ok: [192.168.139.201]

TASK [middleware : include_tasks] *****************************************************************************************************************************************************
included: /home/workspace/ntp/playbook/roles/middleware/tasks/init_after_mariadb.yml for 192.168.139.201, 192.168.139.202

TASK [middleware : 提取 MariaDB 容器ID] ***********************************************************************************************************************************************
changed: [192.168.139.201]
changed: [192.168.139.202]

TASK [middleware : 设置 MariaDB 容器ID 变量] ******************************************************************************************************************************************
ok: [192.168.139.201]
ok: [192.168.139.202]

TASK [middleware : 输出容器ID] ********************************************************************************************************************************************************
changed: [192.168.139.201]
changed: [192.168.139.202]

TASK [middleware : 显示容器ID] ********************************************************************************************************************************************************
ok: [192.168.139.201] => {
    "msg": "a34e4569027d"
}
ok: [192.168.139.202] => {
    "msg": "c70f41967c11"
}

PLAY RECAP ****************************************************************************************************************************************************************************
192.168.139.201            : ok=53   changed=23   unreachable=0    failed=0    skipped=11   rescued=0    ignored=1   
192.168.139.202            : ok=52   changed=23   unreachable=0    failed=0    skipped=11   rescued=0    ignored=1

Code Repository
#

https://github.com/kiga-hub/Ansible_4_NTP

Related

Ansible: Failed to connect to the host via ssh: Permission denied
410 words·2 mins
Ansible
Failed to connect to the host via ssh: Permission denied # 需要设置免密通信, 通过ssh-keygen命令执行生成密钥对
Docker package usage
79 words·1 min
docker
镜像打包 # 从工作站拉取拉取镜像到本地
Centos7 install python and pip
77 words·1 min
Python
从源代码编译安装 # 安装构建 Python 所需的依赖包
Centos7: 误删python2导致yum无法使用
219 words·2 mins
Linux
uninstall python # 优先卸载,确保环境干净
Centos7 换源&更新网络连接
151 words·1 min
Linux
Cannot find a valid baseurl for repo: centos-sclo-rh/x86_64 # reset /etc/yum.