Bug fix for chrony configuration

author Yifei Xue <xueyifei@huawei.com>

Wed, 20 Dec 2017 07:03:35 +0000 (15:03 +0800)

committer Yifei Xue <xueyifei@huawei.com>

Wed, 20 Dec 2017 11:22:32 +0000 (19:22 +0800)
author Yifei Xue <xueyifei@huawei.com>
Wed, 20 Dec 2017 07:03:35 +0000 (15:03 +0800)
committer Yifei Xue <xueyifei@huawei.com>
Wed, 20 Dec 2017 11:22:32 +0000 (19:22 +0800)
diff --git a/deploy/adapters/ansible/roles/config-osa/tasks/main.yml b/deploy/adapters/ansible/roles/config-osa/tasks/main.yml

index 75e89b0..49e4e26 100755 (executable)
--- a/deploy/adapters/ansible/roles/config-osa/tasks/main.yml
+++ b/deploy/adapters/ansible/roles/config-osa/tasks/main.yml
@@ -88,6 +88,13 @@
          delay: 10
    when: hostvars[hostvars[inventory_hostname]['groups']['controller'][0]]['local_mirror'] == 'CentOS'
  
+- name: update the directory of chrony key
+  lineinfile:
+    dest: /etc/ansible/roles/ansible-hardening/templates/chrony.conf.j2
+    regexp: '^keyfile'
+    line: 'keyfile /etc/chrony.keys'
+  when: hostvars[hostvars[inventory_hostname]['groups']['controller'][0]]['local_mirror'] == 'CentOS'
+
  - name: add mariadb local repository
    blockinfile:
      dest: /etc/openstack_deploy/user_variables.yml
diff --git a/deploy/adapters/ansible/roles/config-osa/templates/user_variables.yml.j2 b/deploy/adapters/ansible/roles/config-osa/templates/user_variables.yml.j2

index 88a3233..5fa999a 100644 (file)
--- a/deploy/adapters/ansible/roles/config-osa/templates/user_variables.yml.j2
+++ b/deploy/adapters/ansible/roles/config-osa/templates/user_variables.yml.j2
@@ -63,3 +63,6 @@ neutron_provider_networks:
  {% endif %}
  
  security_sshd_permit_root_login: yes
+
+security_ntp_servers:
+  - 45.79.111.114
diff --git a/deploy/adapters/ansible/roles/pre-openstack/tasks/RedHat.yml b/deploy/adapters/ansible/roles/pre-openstack/tasks/RedHat.yml

index 6ac191a..d423ed0 100644 (file)
--- a/deploy/adapters/ansible/roles/pre-openstack/tasks/RedHat.yml
+++ b/deploy/adapters/ansible/roles/pre-openstack/tasks/RedHat.yml
@@ -90,7 +90,9 @@
      dest: /etc/modules-load.d/openstack-ansible.conf
  
  - name: restart ntp service
-  shell: "systemctl enable ntpd.service && systemctl start ntpd.service"
+  shell: |
+    systemctl stop ntpd.service;
+    systemctl disable ntpd.service;
  
  - name: change the MaxSessions
    lineinfile:
diff --git a/deploy/adapters/ansible/roles/pre-openstack/tasks/Ubuntu.yml b/deploy/adapters/ansible/roles/pre-openstack/tasks/Ubuntu.yml

index 5bb7748..2433ac1 100644 (file)
--- a/deploy/adapters/ansible/roles/pre-openstack/tasks/Ubuntu.yml
+++ b/deploy/adapters/ansible/roles/pre-openstack/tasks/Ubuntu.yml
@@ -55,7 +55,9 @@
      state: absent
  
  - name: restart ntp service
-  shell: "service ntp restart"
+  shell: |
+    service ntp stop;
+    systemctl disable ntp;
  
  - name: add the appropriate kernel modules
    copy:
author	Yifei Xue <xueyifei@huawei.com>
	Wed, 20 Dec 2017 07:03:35 +0000 (15:03 +0800)
committer	Yifei Xue <xueyifei@huawei.com>
	Wed, 20 Dec 2017 11:22:32 +0000 (19:22 +0800)
deploy/adapters/ansible/roles/config-osa/tasks/main.yml		patch \| blob \| history
deploy/adapters/ansible/roles/config-osa/templates/user_variables.yml.j2		patch \| blob \| history
deploy/adapters/ansible/roles/pre-openstack/tasks/RedHat.yml		patch \| blob \| history
deploy/adapters/ansible/roles/pre-openstack/tasks/Ubuntu.yml		patch \| blob \| history