From 09e391dec270759359d3ec4ed7edd56d62911cc9 Mon Sep 17 00:00:00 2001 From: Kay Yan Date: Sat, 14 May 2022 14:12:59 +0000 Subject: [PATCH] add Feature synchronized time checking --- roles/kubernetes/preinstall/defaults/main.yml | 3 +++ .../preinstall/tasks/0020-verify-settings.yml | 15 +++++++++++++++ 2 files changed, 18 insertions(+) diff --git a/roles/kubernetes/preinstall/defaults/main.yml b/roles/kubernetes/preinstall/defaults/main.yml index fc17b79d491..bb0eb9aa177 100644 --- a/roles/kubernetes/preinstall/defaults/main.yml +++ b/roles/kubernetes/preinstall/defaults/main.yml @@ -61,3 +61,6 @@ pkg_install_retries: 4 # Check if access_ip responds to ping. Set false if your firewall blocks ICMP. ping_access_ip: true + +# Check time synchronization. The number is the max allowed time between servers in ms. +max_allowed_time_sync_diff: 60000 diff --git a/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml b/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml index 108da926170..f52a7a3c519 100644 --- a/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml +++ b/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml @@ -314,3 +314,18 @@ when: - kube_external_ca_mode - not ignore_assert_errors + +- name: Get current state of time synchronization + shell: "echo $(($(date +%s%N)/1000000))" + args: + executable: /bin/bash + changed_when: false + register: cur_time_ms_string + +- name: Stop if time is not synchronized + assert: + that: ((hostvars[item]['cur_time_ms_string'].stdout|int - cur_time_ms_string.stdout|int) | abs) < max_allowed_time_sync_diff + msg: "Do not allow more than {{ max_allowed_time_sync_diff }} ms diff between servers. {{ ((hostvars[item]['cur_time_ms_string'].stdout|int - cur_time_ms_string.stdout|int) | abs) }}ms is different between the two servers." + when: + - not ignore_assert_errors + with_items: "{{ play_hosts }}"