Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

use RHEL conf for chrony #343

Merged
merged 2 commits into from
Feb 19, 2024
Merged

use RHEL conf for chrony #343

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
a8ee800
use RHEL conf for chrony
tomkuba Feb 7, 2024
05231b3
use ansible_managed variable in chrony.conf
tomkuba Feb 15, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
107 changes: 27 additions & 80 deletions templates/chrony.conf.j2
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,95 +1,42 @@
## This file is managed by Ansible, YOUR CHANGED WILL BE LOST!

# This the default chrony.conf file for the Debian chrony package. After
# editing this file use the command 'invoke-rc.d chrony restart' to make
# your changes take effect. John Hasler <jhasler@debian.org> 1998-2008

# See www.pool.ntp.org for an explanation of these servers. Please
# consider joining the project if possible. If you can't or don't want to
# use these servers I suggest that you try your ISP's nameservers. We mark
# the servers 'offline' so that chronyd won't try to connect when the link
# is down. Scripts in /etc/ppp/ip-up.d and /etc/ppp/ip-down.d use chronyc
# commands to switch it on when a dialup link comes up and off when it goes
# down. Code in /etc/init.d/chrony attempts to determine whether or not
# the link is up at boot time and set the online status accordingly. If
# you have an always-on connection such as cable omit the 'offline'
# directive and chronyd will default to online.
#
# Note that if Chrony tries to go "online" and dns lookup of the servers
# fails they will be discarded. Thus under some circumstances it is
# better to use IP numbers than host names.
{{ ansible_managed | comment }}

# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
{% for server in rhel8cis_time_synchronization_servers -%}
server {{ server }} {{ rhel8cis_chrony_server_options }}
{% endfor %}

# Look here for the admin password needed for chronyc. The initial
# password is generated by a random process at install time. You may
# change it if you wish.

keyfile /etc/chrony/chrony.keys

# Set runtime command key. Note that if you change the key (not the
# password) to anything other than 1 you will need to edit
# /etc/ppp/ip-up.d/chrony, /etc/ppp/ip-down.d/chrony, /etc/init.d/chrony
# and /etc/cron.weekly/chrony as these scripts use it to get the password.

commandkey 1

# I moved the driftfile to /var/lib/chrony to comply with the Debian
# filesystem standard.

driftfile /var/lib/chrony/chrony.drift

# Comment this line out to turn off logging.

log tracking measurements statistics
logdir /var/log/chrony

# Stop bad estimates upsetting machine clock.

maxupdateskew 100.0

# Dump measurements when daemon exits.

dumponexit
# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift

# Specify directory for dumping measurements.
# Allow the system clock to be stepped in the first three updates
# if its offset is larger than 1 second.
makestep 1.0 3

dumpdir /var/lib/chrony
# Enable kernel synchronization of the real-time clock (RTC).
rtcsync

# Let computer be a server when it is unsynchronised.
# Enable hardware timestamping on all interfaces that support it.
#hwtimestamp *

local stratum 10
# Increase the minimum number of selectable sources required to adjust
# the system clock.
#minsources 2

# Allow computers on the unrouted nets to use the server.
# Allow NTP client access from local network.
#allow 192.168.0.0/16

#allow 10/8
#allow 192.168/16
#allow 172.16/12
# Serve time even if not synchronized to a time source.
#local stratum 10

# This directive forces `chronyd' to send a message to syslog if it
# makes a system clock adjustment larger than a threshold value in seconds.
# Specify file containing keys for NTP authentication.
keyfile /etc/chrony.keys

logchange 0.5
# Get TAI-UTC offset and leap seconds from the system tz database.
leapsectz right/UTC

# This directive defines an email address to which mail should be sent
# if chronyd applies a correction exceeding a particular threshold to the
# system clock.

# mailonchange root@localhost 0.5

# This directive tells chrony to regulate the real-time clock and tells it
# Where to store related data. It may not work on some newer motherboards
# that use the HPET real-time clock. It requires enhanced real-time
# support in the kernel. I've commented it out because with certain
# combinations of motherboard and kernel it is reported to cause lockups.

# rtcfile /var/lib/chrony/chrony.rtc
# Specify directory for log files.
logdir /var/log/chrony

# If the last line of this file reads 'rtconutc' chrony will assume that
# the CMOS clock is on UTC (GMT). If it reads '# rtconutc' or is absent
# chrony will assume local time. The line (if any) was written by the
# chrony postinst based on what it found in /etc/default/rcS. You may
# change it if necessary.
rtconutc
# Select which information is logged.
#log measurements statistics tracking