baserock_openid: Install ntp to make sure the clock is set correctly

Before this, we were having problems to authenticate with Gerrit. Gerrit clock
was set correctly, but OpenId one wasn't.

Gerrit service was complaining with:

    "ERROR com.google.gerrit.httpd.auth.openid.OpenIdServiceImpl : OpenID failure: Nonce verification failed.  Likely caused by clock skew on this server, install/configure NTP.

Change-Id: I391091df5afeb564411d141981ae1608a8ce6ab3

2 files changed, 7 insertions, 2 deletions

diff --git a/baserock_openid_provider/image-config.yml b/baserock_openid_provider/image-config.yml
index 92ba0951..4aa939f8 100644
--- a/baserock_openid_provider/image-config.yml
+++ b/baserock_openid_provider/image-config.yml
@@ -1,6 +1,4 @@
 # Image configuration for Baserock OpenID provider.
-#
-# This playbook is run at image-creation time by Packer.
 ---
 - hosts: openid
   gather_facts: False
@@ -30,6 +28,10 @@
   - name: install PyYAML
     dnf: name=PyYAML state=latest
 
+  # Authentication in Gerrit fails if OpenID clock is not set correctly
+  - name: Install ntp
+    dnf: name=ntp
+
   # All this stuff is installed with Pip, which isn't really necessary except
   # for django-registration-redux. Fedora packages django-registration but not
   # the better django-registration-redux (I think).
diff --git a/baserock_openid_provider/instance-config.yml b/baserock_openid_provider/instance-config.yml
index 3311d51e..ffd7b66f 100644
--- a/baserock_openid_provider/instance-config.yml
+++ b/baserock_openid_provider/instance-config.yml
@@ -31,3 +31,6 @@
 
   - name: enable and start Cherokee service
     service: name=cherokee enabled=yes state=restarted
+
+  - name: enable and start ntpd service
+    service: name=ntpd enabled=yes state=restarted