feat: modernize chrony cookbook and refactor master to server

.github/workflows/ci.yml

@@ -1,4 +1,3 @@
----
 name: ci
 
 "on":
@@ -24,15 +23,18 @@ jobs:
     strategy:
       matrix:
         os:
-          - "centos-7"
-          - "centos-8"
-          - "debian-9"
-          - "debian-10"
-          - "ubuntu-1804"
-          - "ubuntu-2004"
+          - "almalinux-9"
+          - "amazonlinux-2023"
+          - "centos-stream-9"
+          - "debian-12"
+          - "fedora-latest"
+          - "oraclelinux-9"
+          - "rockylinux-9"
+          - "ubuntu-22.04"
+          - "ubuntu-24.04"
         suite:
-          - "client"
-          - "master"
+          - "default"
+          - "server"
       fail-fast: false
 
     steps:
@@ -41,10 +43,8 @@ jobs:
       - name: Install Chef
         uses: actionshub/chef-install@main
       - name: Dokken
-        uses: actionshub/test-kitchen@main
         env:
           CHEF_LICENSE: accept-no-persist
           KITCHEN_LOCAL_YAML: kitchen.dokken.yml
-        with:
-          suite: ${{ matrix.suite }}
-          os: ${{ matrix.os }}
+          INSTANCE_NAME: ${{ matrix.suite }}-${{ matrix.os }}
+        run: kitchen test "${INSTANCE_NAME//./}"

.markdownlint-cli2.yaml

@@ -3,3 +3,8 @@ config:
   line-length: false # MD013
   no-duplicate-heading: false # MD024
   reference-links-images: false # MD052
+  no-multiple-blanks:
+    maximum: 2
+ignores:
+  - .github/copilot-instructions.md
+  - .windsurf/**

.mdlrc

@@ -1 +1 @@
-rules "~MD013", "~MD024", "~MD025"
+rules "~MD013", "~MD024"

LIMITATIONS.md

@@ -0,0 +1,28 @@
+# Limitations
+
+## Package Availability
+
+### APT (Debian/Ubuntu)
+
+- Debian 12: `chrony` is available from the standard Debian 12 repositories for amd64, arm64, armel, armhf, i386, mips64el, ppc64el, riscv64, and s390x.
+- Ubuntu 22.04 and 24.04: `chrony` is available from the standard Ubuntu repositories for amd64, arm64, armhf, ppc64el, riscv64, and s390x.
+
+### DNF/YUM (RHEL family)
+
+- RHEL 9, AlmaLinux 9, Rocky Linux 9, Oracle Linux 9, and CentOS Stream 9 provide `chrony` from their standard repositories.
+- Amazon Linux 2023 provides `chrony` from the standard `dnf` repositories.
+- Fedora latest provides `chrony` from the standard Fedora repositories.
+
+## Architecture Limitations
+
+- No cookbook-specific architecture restriction is currently known for supported platforms.
+- The common deployment targets across the tested platforms are x86_64 and aarch64.
+
+## Source/Compiled Installation
+
+Chrony is installed from OS packages on all supported platforms in this cookbook. No source build path is implemented or required.
+
+## Known Issues
+
+- This cookbook does not manage vendor-specific repository setup because chrony is installed from the base OS repositories on supported platforms.
+- Platform support in `metadata.rb` should stay aligned with `kitchen.yml`, `kitchen.dokken.yml`, and `kitchen.global.yml`.

README.md

@@ -6,45 +6,50 @@
 [![OpenCollective](https://opencollective.com/sous-chefs/sponsors/badge.svg)](#sponsors)
 [![License](https://img.shields.io/badge/License-Apache%202.0-green.svg)](https://opensource.org/licenses/Apache-2.0)
 
-Configures the time synchronization application `chrony` as a client or master timeserver, maintaining the accuracy of the system clock (similar to NTP). Isolated networks are supported as well.
+Configures the time synchronization application `chrony` as a client or server timeserver, maintaining the accuracy of the system clock (similar to NTP).
 
 ## Maintainers
 
-This cookbook is maintained by the Sous Chefs. The Sous Chefs are a community of Chef cookbook maintainers working together to maintain important cookbooks. If you’d like to know more please visit [sous-chefs.org](https://sous-chefs.org/) or come chat with us on the Chef Community Slack in [#sous-chefs](https://chefcommunity.slack.com/messages/C2V7B88SF).
+This cookbook is maintained by the Sous Chefs. The Sous Chefs are a community of Chef cookbook maintainers working together to maintain important cookbooks. If you'd like to know more please visit [sous-chefs.org](https://sous-chefs.org/) or come chat with us on the Chef Community Slack in [#sous-chefs](https://chefcommunity.slack.com/messages/C2V7B88SF).
 
 ## Requirements
 
 ### Platforms
 
-- Debian / Ubuntu
-- CentOS / Redhat
+- Debian 12+
+- Ubuntu 22.04+
+- RHEL / AlmaLinux / Rocky / Oracle Linux 9+
+- CentOS Stream 9+
+- Amazon Linux 2023
+- Fedora (latest)
 
 ### Chef
 
-- Chef 13+
+- Chef >= 15.3
 
-## Recipes
+## Resources
 
-### client
-
-Configures the node to use the `chrony` application to keep the node's clock synced. If there is a node using the `chrony::master` recipe, the client will attempt to sync with it, unless disabled via `['chrony']['search_masters']`. If there is not an available master, the attribute list `['chrony'][:servers]` is used (defaults are `[0-3].debian.pool.ntp.org`). If there is a master node, the `['chrony'][:allowed]` will be set to allow for syncing with the master.
-
-### default
-
-The default recipe passes through to the client recipe.
-
-### master
-
-The node will use the `chrony` application to provide time to nodes using the `chrony::client` recipe. The master sets its own time against the attribute list `['chrony'][:servers]` (defaults are `[0-3].debian.pool.ntp.org`). Access to this master is restricted by the `['chrony'][:allowed]` attribute set in the recipe (default is to the `x.y.*` subnet).
+This cookbook provides the `chrony_config` custom resource. See [documentation/chrony_config.md](documentation/chrony_config.md) for full details.
 
 ## Usage
 
-Nodes using the `chrony::client` recipe will attempt to sync time with nodes using the `chrony::master` recipe. If there are no `chrony::master` nodes found, the contents of the attribute list `['chrony'][:servers]` are used (defaults are `[0-3].debian.pool.ntp.org`).
-
-The current configurations are supported:
-
-1) Clients with direct NTP server access
-2) A master with direct NTP server access with clients pointing to it
+```ruby
+chrony_config 'default' do
+  servers({ 'pool.ntp.org' => 'iburst' })
+end
+```
+
+### Server configuration
+
+```ruby
+chrony_config 'server' do
+  servers({
+    'ntp1.example.com' => 'iburst',
+    'ntp2.example.com' => 'iburst',
+  })
+  allow ['192.168.1.0/24']
+end
+```
 
 ## Contributors
 

documentation/chrony_config.md

@@ -0,0 +1,45 @@
+# chrony_config
+
+The `chrony_config` resource manages the chrony package, service, and configuration file.
+
+## Actions
+
+| Action | Description |
+|---|---|
+| `:create` | Installs the chrony package, manages the configuration file, and enables and starts the service. Default action. |
+| `:delete` | Stops and disables the service, removes the package, and deletes the configuration file. |
+
+## Properties
+
+| Property | Type | Default | Description |
+|---|---|---|---|
+| `servers` | Hash | `{ 'pool.ntp.org' => 'iburst' }` | NTP servers to configure, keyed by hostname with option strings as values. |
+| `pools` | Hash | `{}` | NTP pools to configure, keyed by hostname with option strings as values. |
+| `allow` | Array | `[]` | Networks or hosts allowed to query the local chrony server. |
+| `deny` | Array | `[]` | Networks or hosts denied access to the local chrony server. |
+| `driftfile` | String | platform-specific | Drift file path. Defaults to `/var/lib/chrony/drift` on RHEL family and `/var/lib/chrony/chrony.drift` on Debian family. |
+| `log_dir` | String | `'/var/log/chrony'` | Directory used for chrony log output. |
+| `extra_config` | Array | `[]` | Raw configuration lines appended to the generated chrony configuration file. |
+
+## Examples
+
+### Basic usage
+
+```ruby
+chrony_config 'default' do
+  action :create
+end
+```
+
+### Server configuration
+
+```ruby
+chrony_config 'server' do
+  servers(
+    'ntp1.example.com' => 'iburst',
+    'ntp2.example.com' => 'iburst'
+  )
+  allow ['192.168.1.0/24']
+  action :create
+end
+```

kitchen.dokken.yml

@@ -7,11 +7,6 @@ transport: { name: dokken }
 provisioner: { name: dokken }
 
 platforms:
-  - name: almalinux-8
-    driver:
-      image: dokken/almalinux-8
-      pid_one_command: /usr/lib/systemd/systemd
-
   - name: almalinux-9
     driver:
       image: dokken/almalinux-9
@@ -22,36 +17,11 @@ platforms:
       image: dokken/amazonlinux-2023
       pid_one_command: /usr/lib/systemd/systemd
 
-  - name: centos-7
-    driver:
-      image: dokken/centos-7
-      pid_one_command: /usr/lib/systemd/systemd
-
-  - name: centos-stream-8
-    driver:
-      image: dokken/centos-stream-8
-      pid_one_command: /usr/lib/systemd/systemd
-
   - name: centos-stream-9
     driver:
       image: dokken/centos-stream-9
       pid_one_command: /usr/lib/systemd/systemd
 
-  - name: debian-9
-    driver:
-      image: dokken/debian-9
-      pid_one_command: /bin/systemd
-
-  - name: debian-10
-    driver:
-      image: dokken/debian-10
-      pid_one_command: /bin/systemd
-
-  - name: debian-11
-    driver:
-      image: dokken/debian-11
-      pid_one_command: /bin/systemd
-
   - name: debian-12
     driver:
       image: dokken/debian-12
@@ -62,52 +32,36 @@ platforms:
       image: dokken/fedora-latest
       pid_one_command: /usr/lib/systemd/systemd
 
-  - name: opensuse-leap-15
-    driver:
-      image: dokken/opensuse-leap-15
-      pid_one_command: /usr/lib/systemd/systemd
-
-  - name: oraclelinux-7
-    driver:
-      image: dokken/oraclelinux-7
-      pid_one_command: /usr/lib/systemd/systemd
-
-  - name: oraclelinux-8
-    driver:
-      image: dokken/oraclelinux-8
-      pid_one_command: /usr/lib/systemd/systemd
-
   - name: oraclelinux-9
     driver:
       image: dokken/oraclelinux-9
       pid_one_command: /usr/lib/systemd/systemd
 
-  - name: rockylinux-8
-    driver:
-      image: dokken/rockylinux-8
-      pid_one_command: /usr/lib/systemd/systemd
-
   - name: rockylinux-9
     driver:
       image: dokken/rockylinux-9
       pid_one_command: /usr/lib/systemd/systemd
 
-  - name: ubuntu-18.04
-    driver:
-      image: dokken/ubuntu-18.04
-      pid_one_command: /bin/systemd
-
-  - name: ubuntu-20.04
-    driver:
-      image: dokken/ubuntu-20.04
-      pid_one_command: /bin/systemd
-
   - name: ubuntu-22.04
     driver:
       image: dokken/ubuntu-22.04
       pid_one_command: /bin/systemd
 
-  - name: ubuntu-23.04
+  - name: ubuntu-24.04
     driver:
-      image: dokken/ubuntu-23.04
+      image: dokken/ubuntu-24.04
       pid_one_command: /bin/systemd
+
+suites:
+  - name: default
+    run_list:
+      - recipe[test::default]
+    verifier:
+      inspec_tests:
+        - path: test/integration/default
+  - name: server
+    run_list:
+      - recipe[test::server]
+    verifier:
+      inspec_tests:
+        - path: test/integration/server

kitchen.global.yml

@@ -15,24 +15,12 @@ verifier:
   name: inspec
 
 platforms:
-  - name: almalinux-8
   - name: almalinux-9
   - name: amazonlinux-2023
-  - name: centos-7
-  - name: centos-stream-8
   - name: centos-stream-9
-  - name: debian-9
-  - name: debian-10
-  - name: debian-11
   - name: debian-12
   - name: fedora-latest
-  - name: opensuse-leap-15
-  - name: oraclelinux-7
-  - name: oraclelinux-8
   - name: oraclelinux-9
-  - name: rockylinux-8
   - name: rockylinux-9
-  - name: ubuntu-18.04
-  - name: ubuntu-20.04
   - name: ubuntu-22.04
-  - name: ubuntu-23.04
+  - name: ubuntu-24.04