I would like to add the ability to separate the server list from the options applied to each server in the list similarly to the way the openstack chrony role works. For my use and hopefully others the separation makes the configuration more expandable.

The way it is done in the openstack version is they have a global options variable like the following with an empty default set:

chrony_ntp_server_options: "iburst maxpoll 10"

Then in the template that value can be applied to each server like:

{% if chrony_ntp_servers|length > 0 %}
# List of NTP servers to use
{% for server in chrony_ntp_servers %}
server {{ server }} {{ chrony_ntp_server_options }}
{% endfor %}
{% endif %}

This allows me to use inventory groups to specify the servers like:

[STRATUM1_TIME_SERVERS]
time0s1.example.com
time1s1.example.com
time2s1.example.com

[PROD_TIME_SERVERS]
prod-time0.example.com
prod-time1.example.com
prod-time2.example.com

So when I want to setup the PROD_TIME_SERVERS with STRATUM1_TIME_SERVERS as their servers I can do the following

chrony_ntp_server_options: "iburst maxpoll 10"
chrony_ntp_servers: "{{ groups.STRATUM1_TIME_SERVERS }}"

Without defining chrony_ntp_server_options the role should work as before.

Hi, Today I noticed that there is no archive to download from github. We have been using the role for several months and before we had no problem installing it.

$ ansible-galaxy install frzk.chrony -f
Starting galaxy role install process
- downloading role 'chrony', owned by frzk
- downloading role from https://github.com/Frzk/ansible-role-chrony/archive/master.tar.gz
 [ERROR]: failed to download the file: HTTP Error 404: Not Found
[WARNING]: - frzk.chrony was NOT installed successfully.
ERROR! - you can use --ignore-errors to skip failed roles and finish processing the list.

See ansible-community/molecule-plugins#22

A fix has been applied, it should be removed once molecule-docker 2.1.1 is released.

Hi,

Nice ansible role, please do a release tag on it so the user can do a version in requirements.yml. It will help when you make changes and the user can decide to upgrade their code to your new patch or changes on a schedule, not just a thing that happens.

Thank You, GearBoxScott

Since this is a chrony role I'm confused as to why the role is setting the system time zone.

For example, on RHEL8 the system time zone is set to "America/New_York". That value is incompatible with crony's leapsectz setting. The leapsectz setting accepts only EST, EDT, UTC, etc. It does not support the America/New_York style value.

I recommend that setting of the system time zone be remove entirely as this isn't something that chrony should be doing.

I had to disable AppArmor for chrony to get this working on Debian 12. Can you please verify and fix if you agree? I may be out of my depth.

Here's what I had to run:
aa-complain /etc/apparmor.d/usr.sbin.chronyd

The molecule converge calls Ansible, which fails to gather facts because it couldn't create temporary directory.
The root cause seems more to be that the instance is unreachable.

The error message is:

PLAY [Converge] ****************************************************************
  
  TASK [Gathering Facts] *********************************************************
  fatal: [instance]: UNREACHABLE! => changed=false 
    msg: 'Failed to create temporary directory. In some cases, you may have been able to authenticate and did not have permissions on the target directory. Consider changing the remote tmp path in ansible.cfg to a path rooted in "/tmp", for more error information use -vvv. Failed command was: ( umask 77 && mkdir -p "` echo /tmp `"&& mkdir "` echo /tmp/ansible-tmp-1685568278.5878556-2111-47362399749280 `" && echo ansible-tmp-1685568278.5878556-2111-47362399749280="` echo /tmp/ansible-tmp-1685568278.5878556-2111-47362399749280 `" ), exited with result 1'
    unreachable: true

The provisioner is configured like this:

provisioner:
  name: ansible
  env:
    ANSIBLE_LOCAL_TEMP: "${WORKSPACE:-$HOME}/.ansible/tmp"
    ANSIBLE_REMOTE_TMP: /tmp

Seems related to ansible/molecule#3818

All my attempts to run tests in an unprivileged container were unsuccessful.
I tried to run with:

capabilities:
  - SYS_ADMIN
  - SYS_TIME
privileged: false

which should be sufficient (?)
But we get this result:

TASK [frzk.chrony : Set up timezone] *******************************************
[WARNING]: timedatectl command was found but not usable: Failed to query
server: Connection timed out . using other method.
fatal: [instance]: FAILED! => changed=false 
  msg: |-
    Error message:
    tried to configure name using a file "/etc/sysconfig/clock", but could not write to it

PLAY RECAP *********************************************************************
instance                   : ok=2    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0

CRITICAL Ansible return code was 2, command was: ansible-playbook --diff --inventory /home/runner/.cache/molecule/frzk.chrony/default/inventory --skip-tags molecule-notest,notest /home/runner/work/ansible-role-chrony/ansible-role-chrony/frzk.chrony/molecule/default/converge.yml
WARNING  An error occurred during the test sequence action: 'converge'. Cleaning up.

I sadly don't have time to dive into Docker internals and whatever. So we'll run in privileged mode for now.
Any help appreciated :-)

Molecule run log: https://github.com/Frzk/ansible-role-chrony/runs/3549306100?check_suite_focus=true#step:5:396

Dockerfile: https://github.com/Frzk/docker-ansible-images/blob/main/debian-11/Dockerfile

We've found our ansible-galaxy installs are failing recently and it appears to be related to frzk.chrony's change in tag format.

[WARNING]: - frzk.chrony was NOT installed successfully: Unable to compare role
versions (1.0.0, v2.0.0) to determine the most recent version due to
incompatible version formats. Please contact the role author to resolve
versioning conflicts, or specify an explicit role version to install.
ERROR! - you can use --ignore-errors to skip failed roles and finish processing the list.

I have a requirements file like such:

- src: frzk.chrony
  version: 1.0.0

Our builds are unable to execute now and I cannot figure out how to get Ansible to just use the given version. Please advise