move chrony bits to 50-install-prepare

playbooks/30-quay-pre-tasks.yml

@@ -135,91 +135,4 @@
       become: yes
       command: update-ca-trust
       when: copied.changed
-
-- name: Have utility serve time.
-  hosts: utility.lab.example.com
-  become: no
-  gather_subset: min
-  tasks:
-    - name: Ensure we have the correct chrony.conf
-      become: yes
-      ansible.builtin.copy:
-        dest: /etc/chrony.conf
-        mode: 0644
-        content: |
-          # Use public servers from the pool.ntp.org project.
-          # Please consider joining the pool (http://www.pool.ntp.org/join.html).
-          server 172.25.254.254 iburst
-          
-          # Record the rate at which the system clock gains/losses time.
-          driftfile /var/lib/chrony/drift
-          
-          # Allow the system clock to be stepped in the first three updates
-          # if its offset is larger than 1 second.
-          makestep 1.0 3
-          
-          # Enable kernel synchronization of the real-time clock (RTC).
-          rtcsync
-          
-          # Enable hardware timestamping on all interfaces that support it.
-          #hwtimestamp *
-          
-          # Increase the minimum number of selectable sources required to adjust
-          # the system clock.
-          #minsources 2
-          
-          # Allow NTP client access from local network.
-          #allow 192.168.0.0/16
-          allow all
-          
-          bindcmdaddress 0.0.0.0
-          cmdallow all
-          
-          # Serve time even if not synchronized to a time source.
-          #local stratum 10
-          
-          # Specify file containing keys for NTP authentication.
-          keyfile /etc/chrony.keys
-          
-          # Get TAI-UTC offset and leap seconds from the system tz database.
-          leapsectz right/UTC
-          
-          # Specify directory for log files.
-          logdir /var/log/chrony
-          
-          # Select which information is logged.
-          #log measurements statistics tracking
-      notify:
-        - restart chronyd
-
-    - name: Ensure firewall allows NTP.
-      become: yes
-      ansible.posix.firewalld:
-        immediate: yes
-        permanent: yes
-        zone: "{{ item }}"
-        service: ntp
-        state: enabled
-      loop:
-        - external
-        - public
-
-    - name: Ensure firewall allows cmdport.
-      become: yes
-      ansible.posix.firewalld:
-        immediate: yes
-        permanent: yes
-        zone: "{{ item }}"
-        port: 323/udp
-        state: enabled
-      loop:
-        - external
-        - public
-
-  handlers:
-    - name: restart chronyd
-      become: yes
-      ansible.builtin.service:
-        name: chronyd
-        state: restarted
 ...

playbooks/50-install-prepare.yml

@@ -142,7 +142,7 @@
         size: 2048
         state: present
 
-- name: Ensure DHCP server on utility is configured.
+- name: Ensure DHCP and DNS servers on utility are configured.
   hosts: utility.lab.example.com
   gather_subset: min
   become: yes
@@ -387,4 +387,91 @@
     - name: reload systemd
       ansible.builtin.systemd_service:
         daemon_reload: true
+
+- name: Have utility serve time.
+  hosts: utility.lab.example.com
+  become: no
+  gather_subset: min
+  tasks:
+    - name: Ensure we have the correct chrony.conf
+      become: yes
+      ansible.builtin.copy:
+        dest: /etc/chrony.conf
+        mode: 0644
+        content: |
+          # Use public servers from the pool.ntp.org project.
+          # Please consider joining the pool (http://www.pool.ntp.org/join.html).
+          server 172.25.254.254 iburst
+          
+          # Record the rate at which the system clock gains/losses time.
+          driftfile /var/lib/chrony/drift
+          
+          # Allow the system clock to be stepped in the first three updates
+          # if its offset is larger than 1 second.
+          makestep 1.0 3
+          
+          # Enable kernel synchronization of the real-time clock (RTC).
+          rtcsync
+          
+          # Enable hardware timestamping on all interfaces that support it.
+          #hwtimestamp *
+          
+          # Increase the minimum number of selectable sources required to adjust
+          # the system clock.
+          #minsources 2
+          
+          # Allow NTP client access from local network.
+          #allow 192.168.0.0/16
+          allow all
+          
+          bindcmdaddress 0.0.0.0
+          cmdallow all
+          
+          # Serve time even if not synchronized to a time source.
+          #local stratum 10
+          
+          # Specify file containing keys for NTP authentication.
+          keyfile /etc/chrony.keys
+          
+          # Get TAI-UTC offset and leap seconds from the system tz database.
+          leapsectz right/UTC
+          
+          # Specify directory for log files.
+          logdir /var/log/chrony
+          
+          # Select which information is logged.
+          #log measurements statistics tracking
+      notify:
+        - restart chronyd
+
+    - name: Ensure firewall allows NTP.
+      become: yes
+      ansible.posix.firewalld:
+        immediate: yes
+        permanent: yes
+        zone: "{{ item }}"
+        service: ntp
+        state: enabled
+      loop:
+        - external
+        - public
+
+    - name: Ensure firewall allows cmdport.
+      become: yes
+      ansible.posix.firewalld:
+        immediate: yes
+        permanent: yes
+        zone: "{{ item }}"
+        port: 323/udp
+        state: enabled
+      loop:
+        - external
+        - public
+
+  handlers:
+    - name: restart chronyd
+      become: yes
+      ansible.builtin.service:
+        name: chronyd
+        state: restarted
 ...