--- /dev/null
+
+chrony:
+ pkg:
+ - installed
+ service:
+ - running
+ - enable: True
+ - watch:
+ - pkg: chrony
+ - file: /etc/chrony/chrony.conf
+ - file: /etc/chrony/chrony.keys
+
+/etc/chrony:
+ file.directory:
+ - user: root
+ - group: root
+ - dir_mode: 755
+ - require:
+ - pkg: chrony
+
+/etc/chrony/chrony.keys:
+ file.managed:
+ - user: root
+ - group: root
+ - mode: 640
+ - replace: False
+ - source: salt://basic/files/chrony.keys
+ - template: jinja
+ - backup: minion
+ - require:
+ - pkg: chrony
+ - file: /etc/chrony
+
+/var/lib/chrony:
+ file.directory:
+ - user: root
+ - group: root
+ - dir_mode: 755
+ - require:
+ - pkg: chrony
+
+/var/log/chrony:
+ file.directory:
+ - user: root
+ - group: root
+ - dir_mode: 755
+ - require:
+ - pkg: chrony
+
+/etc/chrony/chrony.conf:
+ file.managed:
+ - user: root
+ - group: root
+ - mode: 644
+ - source: salt://basic/files/chrony.conf
+ - template: jinja
+ - backup: minion
+ - require:
+ - pkg: chrony
+ - file: /etc/chrony
+ - file: /etc/chrony/chrony.keys
+ - file: /var/lib/chrony
+ - file: /var/log/chrony
+
+chrony-logswitch-script-parent:
+ file.directory:
+ - name: /usr/local/bin
+ - user: root
+ - group: staff
+ - dir_mode: 2775
+
+chrony-logswitch-script:
+ file.managed:
+ - name: /usr/local/bin/rotate-chrony
+ - source: salt://basic/files/rotate-chrony
+ - user: root
+ - group: staff
+ - mode: 755
+ - template: jinja
+ - backup: minion
+ - require:
+ - pkg: chrony
+ - file: chrony-logswitch-script-parent
+ - file: /etc/chrony/chrony.keys
+
+/etc/logrotate.d/chrony:
+ file.managed:
+ - user: root
+ - group: root
+ - mode: 755
+ - source: salt://basic/files/chrony.logrotate
+ - template: jinja
+ - backup: minion
+ - onlyif:
+ - test -d /etc/logrotate.d
+ - require:
+ - pkg: chrony
+ - file: chrony-logswitch-script
+
--- /dev/null
+# This the default chrony.conf file for the Debian chrony package. After
+# editing this file use the command 'invoke-rc.d chrony restart' to make
+# your changes take effect. John Hasler <jhasler@debian.org> 1998-2008
+
+# See www.pool.ntp.org for an explanation of these servers. Please
+# consider joining the project if possible. If you can't or don't want to
+# use these servers I suggest that you try your ISP's nameservers. We mark
+# the servers 'offline' so that chronyd won't try to connect when the link
+# is down. Scripts in /etc/ppp/ip-up.d and /etc/ppp/ip-down.d use chronyc
+# commands to switch it on when a dialup link comes up and off when it goes
+# down. Code in /etc/init.d/chrony attempts to determine whether or not
+# the link is up at boot time and set the online status accordingly. If
+# you have an always-on connection such as cable omit the 'offline'
+# directive and chronyd will default to online.
+#
+# Note that if Chrony tries to go "online" and dns lookup of the servers
+# fails they will be discarded. Thus under some circumstances it is
+# better to use IP numbers than host names.
+
+server 0.debian.pool.ntp.org auto_offline iburst minpoll 8
+server 1.debian.pool.ntp.org auto_offline iburst minpoll 8
+server 2.debian.pool.ntp.org auto_offline iburst minpoll 8
+server 3.debian.pool.ntp.org auto_offline iburst minpoll 8
+
+# Look here for the admin password needed for chronyc. The initial
+# password is generated by a random process at install time. You may
+# change it if you wish.
+
+keyfile /etc/chrony/chrony.keys
+
+# Set runtime command key. Note that if you change the key (not the
+# password) to anything other than 1 you will need to edit
+# /etc/ppp/ip-up.d/chrony, /etc/ppp/ip-down.d/chrony, /etc/init.d/chrony
+# and /etc/cron.weekly/chrony as these scripts use it to get the password.
+
+commandkey 1
+
+# I moved the driftfile to /var/lib/chrony to comply with the Debian
+# filesystem standard.
+
+driftfile /var/lib/chrony/chrony.drift
+
+# Comment this line out to turn off logging.
+
+log tracking measurements statistics
+logdir /var/log/chrony
+
+# Stop bad estimates upsetting machine clock.
+
+maxupdateskew 100.0
+
+# Dump measurements when daemon exits.
+
+dumponexit
+
+# Specify directory for dumping measurements.
+
+dumpdir /var/lib/chrony
+
+# Let computer be a server when it is unsynchronised.
+
+local stratum 10
+
+# GRIDSCALE - Disable server functionality and only bind on localhost
+bindcmdaddress 127.0.0.1
+bindcmdaddress ::1
+port 0
+
+# GRIDSCALE - Allow stepping the clock. Normally, it’s recommended to allow the step only in
+# the first few updates, but in some cases (a virtual machine which can be suspended and resumed
+# with incorrect time) it may be necessary to allow the step at any clock update.
+makestep 1 -1
+
+# Allow computers on the unrouted nets to use the server.
+
+allow 10/8
+allow 192.168/16
+allow 172.16/12
+
+# This directive forces `chronyd' to send a message to syslog if it
+# makes a system clock adjustment larger than a threshold value in seconds.
+
+logchange 0.5
+
+# This directive defines an email address to which mail should be sent
+# if chronyd applies a correction exceeding a particular threshold to the
+# system clock.
+
+# mailonchange root@localhost 0.5
+
+# This directive tells chrony to regulate the real-time clock and tells it
+# Where to store related data. It may not work on some newer motherboards
+# that use the HPET real-time clock. It requires enhanced real-time
+# support in the kernel. I've commented it out because with certain
+# combinations of motherboard and kernel it is reported to cause lockups.
+
+# rtcfile /var/lib/chrony/chrony.rtc
+
+# If the last line of this file reads 'rtconutc' chrony will assume that
+# the CMOS clock is on UTC (GMT). If it reads '# rtconutc' or is absent
+# chrony will assume local time. The line (if any) was written by the
+# chrony postinst based on what it found in /etc/default/rcS. You may
+# change it if necessary.
+rtconutc
projects / salt / states.git / commitdiff