From 5719da2f814fa066b9714abf068e815844a2abd8 Mon Sep 17 00:00:00 2001
From: Simon Michnowicz <simon.michnowicz@monash.edu>
Date: Fri, 28 Feb 2020 12:25:29 +1100
Subject: [PATCH] First checkin of a role to set the timezone on servers.
 Replaces local_roles/m3_ntp

---
 roles/set_timezone/README.md             | 13 ++++++
 roles/set_timezone/tasks/main.yml        | 20 +++++++++
 roles/set_timezone/templates/ntp.conf.j2 | 55 ++++++++++++++++++++++++
 roles/set_timezone/vars/main.yml         |  3 ++
 4 files changed, 91 insertions(+)
 create mode 100644 roles/set_timezone/README.md
 create mode 100644 roles/set_timezone/tasks/main.yml
 create mode 100644 roles/set_timezone/templates/ntp.conf.j2
 create mode 100644 roles/set_timezone/vars/main.yml

diff --git a/roles/set_timezone/README.md b/roles/set_timezone/README.md
new file mode 100644
index 00000000..43cb094b
--- /dev/null
+++ b/roles/set_timezone/README.md
@@ -0,0 +1,13 @@
+This role sets the timezone on the desired server.
+- installs a templated file into /etc/ntp.conf. The variable NTP_SERVER sets the ntp server
+  - NTP_SERVER defaults to ntp.monash.edu.au
+- starts and enables the ntpd process
+- Makes a link from /etc/localtime state=link to path defined by Variable TIMEZONE_PATH
+  - TIMEZONE_PATH  defaults to /usr/share/zoneinfo/Australia/Melbourne
+
+
+Example of use
+- { role: set_timezone } #sets to Melbourne time
+- { role: set_timezone, TIMEZONE_PATH: "/usr/share/zoneinfo/Australia/Perth" } #sets to Perth time
+- { role: set_timezone, TIMEZONE_PATH: "/usr/share/zoneinfo/Australia/Perth", NTP_SERVER: "time.google.com" } #sets to Perth time and using google ntp server
+
diff --git a/roles/set_timezone/tasks/main.yml b/roles/set_timezone/tasks/main.yml
new file mode 100644
index 00000000..17796910
--- /dev/null
+++ b/roles/set_timezone/tasks/main.yml
@@ -0,0 +1,20 @@
+---
+- name: install ntp.conf
+  template: src=ntp.conf.j2 dest=/etc/ntp.conf mode=644 owner=root group=root
+  become: true
+  become_user: root
+
+- name: restart ntpd
+  service: name=ntpd state=restarted 
+  become: true
+  become_user: root
+
+- name: ensure ntpd is enabled and started   
+  service: name=ntpd state=started enabled=yes   
+  become: true   
+  become_user: root
+
+- name: set local timezone
+  file: path=/etc/localtime state=link src={{ TIMEZONE_PATH }}
+  become: true
+  become_user: root
diff --git a/roles/set_timezone/templates/ntp.conf.j2 b/roles/set_timezone/templates/ntp.conf.j2
new file mode 100644
index 00000000..2717f982
--- /dev/null
+++ b/roles/set_timezone/templates/ntp.conf.j2
@@ -0,0 +1,55 @@
+# For more information about this file, see the man pages
+# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).
+
+driftfile /var/lib/ntp/drift
+
+# Permit time synchronization with our time source, but do not
+# permit the source to query or modify the service on this system.
+restrict default nomodify notrap nopeer noquery
+
+# Permit all access over the loopback interface.  This could
+# be tightened as well, but to do so would effect some of
+# the administrative functions.
+restrict 127.0.0.1 
+restrict ::1
+
+# Hosts on local network are less restricted.
+#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
+
+# Use public servers from the pool.ntp.org project.
+# Please consider joining the pool (http://www.pool.ntp.org/join.html).
+server {{ NTP_SERVER }}
+
+#broadcast 192.168.1.255 autokey	# broadcast server
+#broadcastclient			# broadcast client
+#broadcast 224.0.1.1 autokey		# multicast server
+#multicastclient 224.0.1.1		# multicast client
+#manycastserver 239.255.254.254		# manycast server
+#manycastclient 239.255.254.254 autokey # manycast client
+
+# Enable public key cryptography.
+#crypto
+
+includefile /etc/ntp/crypto/pw
+
+# Key file containing the keys and key identifiers used when operating
+# with symmetric key cryptography. 
+keys /etc/ntp/keys
+
+# Specify the key identifiers which are trusted.
+#trustedkey 4 8 42
+
+# Specify the key identifier to use with the ntpdc utility.
+#requestkey 8
+
+# Specify the key identifier to use with the ntpq utility.
+#controlkey 8
+
+# Enable writing of statistics records.
+#statistics clockstats cryptostats loopstats peerstats
+
+# Disable the monitoring facility to prevent amplification attacks using ntpdc
+# monlist command when default restrict does not include the noquery flag. See
+# CVE-2013-5211 for more details.
+# Note: Monitoring will not be disabled with the limited restriction flag.
+disable monitor
diff --git a/roles/set_timezone/vars/main.yml b/roles/set_timezone/vars/main.yml
new file mode 100644
index 00000000..65f16b25
--- /dev/null
+++ b/roles/set_timezone/vars/main.yml
@@ -0,0 +1,3 @@
+---
+TIMEZONE_PATH: "/usr/share/zoneinfo/Australia/Melbourne"
+NTP_SERVER: "ntp.monash.edu.au"
-- 
GitLab