From f9700c4dd893adfe5417c942fd88dcbedb93fbbb Mon Sep 17 00:00:00 2001
From: Julian Labus <julian@labus-online.de>
Date: Mon, 18 Mar 2019 10:05:11 +0100
Subject: [PATCH] Role service-ntpd: only run ntpdate on primary interface
 during if-up

---
 roles/service-ntpd/tasks/main.yml       |  8 +++++
 roles/service-ntpd/templates/ntpdate.j2 | 41 +++++++++++++++++++++++++
 2 files changed, 49 insertions(+)
 create mode 100644 roles/service-ntpd/templates/ntpdate.j2

diff --git a/roles/service-ntpd/tasks/main.yml b/roles/service-ntpd/tasks/main.yml
index 2cb19eb..96e769d 100644
--- a/roles/service-ntpd/tasks/main.yml
+++ b/roles/service-ntpd/tasks/main.yml
@@ -15,6 +15,14 @@
     - ntpdate
     - ntpstat
 
+- name: update if-up ntpdate script
+  template:
+    src: ntpdate.j2
+    dest: /etc/network/if-up.d/ntpdate
+    mode: 0755
+    owner: root
+    group: root
+
 - name: enable and start ntp daemon
   systemd:
     name: ntp
diff --git a/roles/service-ntpd/templates/ntpdate.j2 b/roles/service-ntpd/templates/ntpdate.j2
new file mode 100644
index 0000000..0c1347e
--- /dev/null
+++ b/roles/service-ntpd/templates/ntpdate.j2
@@ -0,0 +1,41 @@
+#!/bin/sh
+
+set -e
+
+PATH=/sbin:/bin:/usr/sbin:/usr/bin
+
+# This is a heuristic:  The idea is that if a static interface is brought
+# up, that is a major event, and we can put in some extra effort to fix
+# the system time.  Feel free to change this, especially if you regularly
+# bring up new network interfaces.
+if [ "$METHOD" = static ]; then
+	OPTS="-b"
+fi
+
+if [ "$METHOD" = loopback ] || [ "$METHOD" = none ]; then
+	exit 0
+fi
+
+# only run on primary network interface
+if [ "$IFACE" != {{ ansible_default_ipv4.interface }} ]; then
+	exit 0
+fi
+
+# Check whether ntpdate was removed but not purged; it's useless to wait for
+# it in that case.
+if [ ! -x /usr/sbin/ntpdate-debian ] && [ -d /usr/sbin ]; then
+	exit 0
+fi
+
+(
+
+# This is for the case that /usr will be mounted later.
+if [ -r /lib/udev/hotplug.functions ]; then
+	. /lib/udev/hotplug.functions
+	wait_for_file /usr/sbin/ntpdate-debian
+fi
+
+# Avoid running more than one at a time
+flock -n /run/lock/ntpdate /usr/sbin/ntpdate-debian -s $OPTS 2>/dev/null || :
+
+) &