- Overview
- Module Description - What the module does and why it is useful
- Setup - The basics of getting started with chrony
- Usage - Configuration options and additional functionality
- Reference - An under-the-hood peek at what the module is doing and how
- Limitations - OS compatibility, etc.
Manage chrony time daemon on Archlinux and Redhat
The Chrony module handles running chrony in Archlinux and Redhat systems with systemd.
- chrony package.
- chrony configuration file.
- chrony key file.
- chrony service.
- Puppet 4.6.1 or later. Puppet 3 was supported up until release 0.2.0.
include '::chrony' is all you need to get it running. If you wish to pass in parameters like which servers to use then you can use:
class { '::chrony':
servers => ['ntp1.corp.com', 'ntp2.corp.com' ],
}All interaction with the chrony module can be done through the main chrony class.
include '::chrony'class { '::chrony':
servers => [ 'ntp1.corp.com', 'ntp2.corp.com', ],
}class { '::chrony':
servers => [ 'ntp1.corp.com', 'ntp2.corp.com', ],
chrony_password => 'secret_password',
}class { '::chrony':
keys => [
'25 SHA1 HEX:1dc764e0791b11fa67efc7ecbc4b0d73f68a070c',
],
servers => {
'ntp1.corp.com' => ['key 25', 'iburst'],
'ntp2.corp.com' => ['key 25', 'iburst'],
},
}class { '::chrony':
chrony_password => 'unset',
config_keys_manage => false,
}class { '::chrony':
queryhosts => [ '192.168/16', ],
port => 123,
}class { '::chrony':
leapsecmode => 'slew',
smoothtime => '400 0.001 leaponly',
maxslewrate => 1000.0
}The parameter port is also set here,
module default is 0 to ensure server mode is not activated accidentally.
- chrony: Main class, includes all the rest.
- chrony::install: Handles the packages.
- chrony::config: Handles the configuration and key file.
- chrony::service: Handles the service.
The following parameters are available in the chrony module
Array of addresses of interfaces on which chronyd will listen for monitoring command packets (defaults to localhost).
This sets the chrony password to be used in the key file. By default a short fixed string is used. If set explicitly to 'unset' then no password will setting will be added to the keys file by puppet.
An array of ACLs for monitoring access. This expects a list of directives, for
example: ['cmdallow 1.2.3.4', 'cmddeny 1.2.3']. The order will be respected at
the time of generating the configuration. The argument of the allow or deny
commands can be an address, a partial address or a subnet (see manpage for more
details).
The cmdport directive allows the port that is used for run-time monitoring (via the chronyc program) to be altered from its default (323).
This sets the key ID used by chronyc to authenticate to chronyd.
This sets the file to write chrony configuration into.
This determines which template puppet should use for the chrony configuration.
This sets the file to write chrony keys into.
Specify unix owner of chrony keys file, defaults to 0.
Specify unix group of chrony keys files, defaults to 0 on ArchLinux and chrony on Redhat.
Specify unix mode of chrony keys files, defaults to 0644 on ArchLinux and 0640 on Redhat.
This determines which template puppet should use for the chrony key file.
An array of key lines. These are printed as-is into the chrony key file.
How to insert the leap second mode. Use one of possible values only: leapsecmode ignore. Or three other possible values (system, step, slew).
Override the stratum of the server which will be reported to clients when the local reference is active. Defaults to 10
Specify which information is to be logged.
Maximum rate for chronyd to slew the time. Only float type values possible, for example: maxslewrate 1000.0.
This can be set to 'present' or 'latest' or a specific version to choose the chrony package to be installed.
This determines the name of the package to install.
This selects the servers to use for NTP peers (symmetric association). It is an array of servers.
This selects the servers to use for NTP servers. It can be an array of servers or a hash of servers to their respective options.
This should be a Hash of hardware reference clock drivers to use. They hash can either list a single list of options for the driver, or any array of multiple options if the same driver is used for multiple hardware clocks.
Example:
refclocks = { 'PPS' => [ '/dev/pps0 lock NMEA refid GPS',
'/dev/pps1:clear refid GPS2' ],
'SHM' => '0 offset 0.5 delay 0.2 refid NMEA noselect' }
This configures the makestep parameter of chronyd.
Usually, chronyd never steps the time, but applies a slew
after the initial synchronization.
This setting configures for how many updates the time may be stepped
if the adjustment is larger than specified seconds.
For virtual machines which are suspended and resumed for a prolonged time,
stepping the time may be wanted. In this case, set makestep_updates to -1
to allow stepping the time for any update.
This adds the networks, hosts that are allowed to query the daemon.
Note that port needs to be set for this to work.
Port the service should listen on, to be used in combination with queryhosts.
Module default is 0 to prevent accidental activation of server mode.
This determines if the service should be enabled at boot.
This determines if the service should be running or not.
This selects if puppet should manage the service in the first place.
This selects the name of the chrony service for puppet to manage.
Specify the smoothing of the time parameter as a string, for example smoothtime 50000 0.01.
Specify the mail you wanna alert when chronyd execute a sync grater than threshold.
Specify the time limit for triggering events.
Force chrony to only use RAM & prevent swapping.
This module has been built on and tested against Puppet 3.2.3 and higher.
The module has been tested on:
- Arch Linux
- Red Hat
- Debian (9)
- Suse 12.3