From a2cbb186c85411293c239fc6193aa6dd93e10654 Mon Sep 17 00:00:00 2001
From: davidumea <david.andersson@elastisys.com>
Date: Thu, 24 Oct 2024 16:26:30 +0200
Subject: [PATCH] Add support for ntpsec

---
 docs/advanced/ntp.md                                      | 7 +++++++
 roles/kubernetes/preinstall/defaults/main.yml             | 3 ++-
 .../preinstall/tasks/0081-ntp-configurations.yml          | 8 +++++---
 3 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/docs/advanced/ntp.md b/docs/advanced/ntp.md
index a91e09efc2b..39c62e1e416 100644
--- a/docs/advanced/ntp.md
+++ b/docs/advanced/ntp.md
@@ -48,3 +48,10 @@ Force sync time immediately by NTP after the ntp installed, which is useful in n
 ```ShellSession
 ntp_force_sync_immediately: true
 ```
+
+When using Ubuntu 24.04 or a distribution that already has `systemd-timesyncd` installed, use the `ntpsec` package.
+
+```ShellSession
+ntp_package: ntpsec
+ntp_driftfile: /var/lib/ntpsec/ntp.drift
+```
diff --git a/roles/kubernetes/preinstall/defaults/main.yml b/roles/kubernetes/preinstall/defaults/main.yml
index 3c4d8a40d52..2ec0e949ba2 100644
--- a/roles/kubernetes/preinstall/defaults/main.yml
+++ b/roles/kubernetes/preinstall/defaults/main.yml
@@ -64,7 +64,7 @@ ping_access_ip: true
 ntp_enabled: false
 # The package to install which provides NTP functionality.
 # The default is ntp for most platforms, or chrony on RHEL/CentOS 7 and later.
-# The ntp_package can be one of ['ntp', 'chrony']
+# The ntp_package can be one of ['ntp', 'ntpsec', 'chrony']
 ntp_package: >-
       {% if ansible_os_family == "RedHat" -%}
       chrony
@@ -95,6 +95,7 @@ ntp_filter_interface: false
 #   - listen xxx
 # The NTP driftfile path
 # Only takes effect when ntp_manage_config is true.
+# For ntpsec use '/var/lib/ntpsec/ntp.drift'
 ntp_driftfile: /var/lib/ntp/ntp.drift
 # Enable tinker panic is useful when running NTP in a VM environment.
 # Only takes effect when ntp_manage_config is true.
diff --git a/roles/kubernetes/preinstall/tasks/0081-ntp-configurations.yml b/roles/kubernetes/preinstall/tasks/0081-ntp-configurations.yml
index da4b312ebf6..71db59a1166 100644
--- a/roles/kubernetes/preinstall/tasks/0081-ntp-configurations.yml
+++ b/roles/kubernetes/preinstall/tasks/0081-ntp-configurations.yml
@@ -21,6 +21,8 @@
     ntp_config_file: >-
       {% if ntp_package == "ntp" -%}
       /etc/ntp.conf
+      {%- elif ntp_package == "ntpsec" -%}
+      /etc/ntpsec/ntp.conf
       {%- elif ansible_os_family in ['RedHat', 'Suse'] -%}
       /etc/chrony.conf
       {%- else -%}
@@ -56,10 +58,10 @@
   # noqa: jinja[spacing]
   command: >-
       timeout -k 60s 60s
-      {% if ntp_package == "ntp" -%}
-      ntpd -gq
-      {%- else -%}
+      {% if ntp_package == "chrony" -%}
       chronyd -q
+      {%- else -%}
+      ntpd -gq
       {%- endif -%}
   when:
     - ntp_force_sync_immediately