}
#-----------------------------------------------------------
-install_ntp() {
+install_chrony() {
echo
echo "${HASH_LINE}"
echo
- log "Deinstalling chrony from whatever reason ..."
- echo "Stopping chronyd ..."
- systemctl stop chronyd
- echo "Disabling chronyd ..."
- systemctl disable chronyd
- echo "Deinstalling chrony ..."
- yum remove -y chrony
+ log "Deinstalling ntp ..."
+ echo "Stopping ntpd.service ..."
+ systemctl stop ntpd.service
+ echo "Disabling ntpd.service ..."
+ systemctl disable ntpd.service
+ echo "Deinstalling ntp ..."
+ yum remove -y ntp
echo
- log "Installing NTP ..."
- if yum install -y ntp ; then
+ log "Installing Chrony ..."
+ if yum install -y chrony ; then
:
else
- echo "[$(date)]: Could not install ntp." | tee -a "${ERROR_POINTER}"
+ echo "[$(date)]: Could not install chrony" | tee -a "${ERROR_POINTER}"
fi
- echo "Cofiguring ntpd ..."
- mkdir -pv /etc/ntp
-
- cat <<-EOF > /etc/ntp.conf
- tinker panic 0
- driftfile /var/lib/ntp/drift
- # Permit time synchronization with our time source, but do not
- # permit the source to query or modify the service on this system.
- restrict default kod nomodify notrap nopeer noquery
- restrict -6 default kod nomodify notrap nopeer noquery
- restrict 127.0.0.1
- restrict -6 ::1
+ echo "Configuring chrony ..."
+
+ cat <<-EOF > /etc/chrony.conf
+ # Chrony configuration
+
+ # Using timeservers of pixelpark
server time01.pixelpark.com iburst
server time02.pixelpark.com iburst
server time03.pixelpark.com iburst
+ # Record the rate at which the system clock gains/losses time.
+ driftfile /var/lib/chrony/drift
+
+ # Allow the system clock to be stepped in the first three updates
+ # if its offset is larger than 1 second.
+ makestep 1.0 3
+
+ # Enable kernel synchronization of the real-time clock (RTC).
+ rtcsync
+
+ # Enable hardware timestamping on all interfaces that support it.
+ #hwtimestamp *
+
+ # Increase the minimum number of selectable sources required to adjust
+ # the system clock.
+ minsources 2
+
+ # Allow NTP client access from local network.
+ #allow 192.168.0.0/16
+ allow 10/8
+ allow 192.168/16
+ allow 172.16/12
+
+ # Serve time even if not synchronized to a time source.
+ local stratum 10
+
+ # Specify file containing keys for NTP authentication.
+ keyfile /etc/chrony.keys
+
+ # Specify directory for log files.
+ logdir /var/log/chrony
+
+ # Select which information is logged.
+ log measurements statistics tracking
+
EOF
- cat <<-EOF > /etc/ntp/step-tickers
- time01.pixelpark.com
- time02.pixelpark.com
- time03.pixelpark.com
+ echo "Configuring chrony keys ..."
+
+ cat <<-EOF > /etc/chrony.keys
+ # This is the chrony keys file. It is used for NTP authentication with
+ # symmetric keys. It should be readable only by root or the user to which
+ # chronyd is configured to switch to after start.
+
+ # Examples of valid keys:
+
+ #1 MD5 AVeryLongAndRandomPassword
+ #2 MD5 HEX:12114855C7931009B4049EF3EFC48A139C3F989F
+ #3 SHA1 HEX:B2159C05D6A219673A3B7E896B6DE07F6A440995
+
+ 1 SHA256 HEX:4739BD84604DE5A1CCEE906C23EB3947398B31DA33BD0C5FE9A863B4CA9BA4AA
+ 2 MD5 HEX:4D534773C63AA638BE493B154844AADEEFFCA0AB98358E61815FA12466C8C807
EOF
- systemctl enable ntpd
+ chown -v root:chrony /etc/chrony.keys
+ chmod -v 0640 /etc/chrony.keys
+
+ echo "Ensuring /var/lib/chrony ..."
+ mkdir -pv /var/lib/chrony
+ cmmod -v 0755 /var/lib/chrony
+ chown -v chrony:chrony /var/lib/chrony
+
+ echo "Ensuring /var/log/chrony ..."
+ mkdir -pv /var/log/chrony
+ cmmod -v 0755 /var/log/chrony
+ chown -v chrony:chrony /var/log/chrony
+
+ systemctl enable chronyd.service
}
remove_ipv6_localhost
create_motd
install_legato_networker
- install_ntp
+ install_chrony
install_openvm_tools
remove_uek_packages
disable_floppy