-
Notifications
You must be signed in to change notification settings - Fork 157
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Tomáš Kuba <tom.kuba@gmail.com>
- Loading branch information
Showing
1 changed file
with
27 additions
and
80 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,95 +1,42 @@ | ||
| ## This file is managed by Ansible, YOUR CHANGED WILL BE LOST! | ||
|
|
||
| # This the default chrony.conf file for the Debian chrony package. After | ||
| # editing this file use the command 'invoke-rc.d chrony restart' to make | ||
| # your changes take effect. John Hasler <jhasler@debian.org> 1998-2008 | ||
|
|
||
| # See www.pool.ntp.org for an explanation of these servers. Please | ||
| # consider joining the project if possible. If you can't or don't want to | ||
| # use these servers I suggest that you try your ISP's nameservers. We mark | ||
| # the servers 'offline' so that chronyd won't try to connect when the link | ||
| # is down. Scripts in /etc/ppp/ip-up.d and /etc/ppp/ip-down.d use chronyc | ||
| # commands to switch it on when a dialup link comes up and off when it goes | ||
| # down. Code in /etc/init.d/chrony attempts to determine whether or not | ||
| # the link is up at boot time and set the online status accordingly. If | ||
| # you have an always-on connection such as cable omit the 'offline' | ||
| # directive and chronyd will default to online. | ||
| # | ||
| # Note that if Chrony tries to go "online" and dns lookup of the servers | ||
| # fails they will be discarded. Thus under some circumstances it is | ||
| # better to use IP numbers than host names. | ||
| ## This file is managed by Ansible, YOUR CHANGES WILL BE LOST! | ||
|
|
||
| # Use public servers from the pool.ntp.org project. | ||
| # Please consider joining the pool (http://www.pool.ntp.org/join.html). | ||
| {% for server in rhel8cis_time_synchronization_servers -%} | ||
| server {{ server }} {{ rhel8cis_chrony_server_options }} | ||
| {% endfor %} | ||
|
|
||
| # Look here for the admin password needed for chronyc. The initial | ||
| # password is generated by a random process at install time. You may | ||
| # change it if you wish. | ||
|
|
||
| keyfile /etc/chrony/chrony.keys | ||
|
|
||
| # Set runtime command key. Note that if you change the key (not the | ||
| # password) to anything other than 1 you will need to edit | ||
| # /etc/ppp/ip-up.d/chrony, /etc/ppp/ip-down.d/chrony, /etc/init.d/chrony | ||
| # and /etc/cron.weekly/chrony as these scripts use it to get the password. | ||
|
|
||
| commandkey 1 | ||
|
|
||
| # I moved the driftfile to /var/lib/chrony to comply with the Debian | ||
| # filesystem standard. | ||
|
|
||
| driftfile /var/lib/chrony/chrony.drift | ||
|
|
||
| # Comment this line out to turn off logging. | ||
|
|
||
| log tracking measurements statistics | ||
| logdir /var/log/chrony | ||
|
|
||
| # Stop bad estimates upsetting machine clock. | ||
|
|
||
| maxupdateskew 100.0 | ||
|
|
||
| # Dump measurements when daemon exits. | ||
|
|
||
| dumponexit | ||
| # Record the rate at which the system clock gains/losses time. | ||
| driftfile /var/lib/chrony/drift | ||
|
|
||
| # Specify directory for dumping measurements. | ||
| # Allow the system clock to be stepped in the first three updates | ||
| # if its offset is larger than 1 second. | ||
| makestep 1.0 3 | ||
|
|
||
| dumpdir /var/lib/chrony | ||
| # Enable kernel synchronization of the real-time clock (RTC). | ||
| rtcsync | ||
|
|
||
| # Let computer be a server when it is unsynchronised. | ||
| # Enable hardware timestamping on all interfaces that support it. | ||
| #hwtimestamp * | ||
|
|
||
| local stratum 10 | ||
| # Increase the minimum number of selectable sources required to adjust | ||
| # the system clock. | ||
| #minsources 2 | ||
|
|
||
| # Allow computers on the unrouted nets to use the server. | ||
| # Allow NTP client access from local network. | ||
| #allow 192.168.0.0/16 | ||
|
|
||
| #allow 10/8 | ||
| #allow 192.168/16 | ||
| #allow 172.16/12 | ||
| # Serve time even if not synchronized to a time source. | ||
| #local stratum 10 | ||
|
|
||
| # This directive forces `chronyd' to send a message to syslog if it | ||
| # makes a system clock adjustment larger than a threshold value in seconds. | ||
| # Specify file containing keys for NTP authentication. | ||
| keyfile /etc/chrony.keys | ||
|
|
||
| logchange 0.5 | ||
| # Get TAI-UTC offset and leap seconds from the system tz database. | ||
| leapsectz right/UTC | ||
|
|
||
| # This directive defines an email address to which mail should be sent | ||
| # if chronyd applies a correction exceeding a particular threshold to the | ||
| # system clock. | ||
|
|
||
| # mailonchange root@localhost 0.5 | ||
|
|
||
| # This directive tells chrony to regulate the real-time clock and tells it | ||
| # Where to store related data. It may not work on some newer motherboards | ||
| # that use the HPET real-time clock. It requires enhanced real-time | ||
| # support in the kernel. I've commented it out because with certain | ||
| # combinations of motherboard and kernel it is reported to cause lockups. | ||
|
|
||
| # rtcfile /var/lib/chrony/chrony.rtc | ||
| # Specify directory for log files. | ||
| logdir /var/log/chrony | ||
|
|
||
| # If the last line of this file reads 'rtconutc' chrony will assume that | ||
| # the CMOS clock is on UTC (GMT). If it reads '# rtconutc' or is absent | ||
| # chrony will assume local time. The line (if any) was written by the | ||
| # chrony postinst based on what it found in /etc/default/rcS. You may | ||
| # change it if necessary. | ||
| rtconutc | ||
| # Select which information is logged. | ||
| #log measurements statistics tracking |