Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fixed chrony configuration options #121

Merged
merged 1 commit into from
Dec 13, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions defaults/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -449,6 +449,9 @@ rhel9cis_time_synchronization_servers:
- 2.pool.ntp.org
- 3.pool.ntp.org
rhel9cis_chrony_server_options: "minpoll 8"
rhel9cis_chrony_server_rtcsync: false
rhel9cis_chrony_server_makestep: "1.0 3"
rhel9cis_chrony_server_minsources: 2

### 2.2 Special Purposes
##### Service configuration booleans set true to keep service
Expand Down
22 changes: 12 additions & 10 deletions templates/etc/chrony.conf.j2
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
## This file is managed by Ansible, YOUR CHANGED WILL BE LOST!
## {{ ansible_managed }}

# This the default chrony.conf file for the Debian chrony package. After
# editing this file use the command 'invoke-rc.d chrony restart' to make
Expand Down Expand Up @@ -27,19 +27,21 @@ server {{ server }} {{ rhel9cis_chrony_server_options }}
# password is generated by a random process at install time. You may
# change it if you wish.

keyfile /etc/chrony/chrony.keys
keyfile /etc/chrony.keys

# Set runtime command key. Note that if you change the key (not the
# password) to anything other than 1 you will need to edit
# /etc/ppp/ip-up.d/chrony, /etc/ppp/ip-down.d/chrony, /etc/init.d/chrony
# and /etc/cron.weekly/chrony as these scripts use it to get the password.
# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift

commandkey 1
# Allow the system clock to be stepped in the first three updates
# if its offset is larger than 1 second.
makestep {{ rhel9cis_chrony_server_makestep }}

# I moved the driftfile to /var/lib/chrony to comply with the Debian
# filesystem standard.
# Enable kernel synchronization of the real-time clock (RTC).
{% if not rhel9cis_chrony_server_rtcsync %}#{% endif %}rtcsync

driftfile /var/lib/chrony/chrony.drift
# Increase the minimum number of selectable sources required to adjust
# the system clock.
minsources {{ rhel9cis_chrony_server_minsources }}

# Comment this line out to turn off logging.

Expand Down