From: Frank Brehm Date: Fri, 19 Jun 2020 09:45:09 +0000 (+0200) Subject: Adding and using snippets/tpl.400.chrony.sh X-Git-Tag: 2.1.2^2~9^2~31^2~17^2~11 X-Git-Url: https://git.uhu-banane.org/?a=commitdiff_plain;h=50359a24e0d8a35bf995e168117dfb0020c9dbc0;p=pixelpark%2Fcreate-vmware-tpl.git Adding and using snippets/tpl.400.chrony.sh --- diff --git a/kickstart/template-centos8.ks b/kickstart/template-centos8.ks index 5218ade..6902a61 100644 --- a/kickstart/template-centos8.ks +++ b/kickstart/template-centos8.ks @@ -222,6 +222,11 @@ echo echo "Using snippet $legato_snippet" $SNIPPET($legato_snippet) +#set $chrony_snippet = "per_status/" + $SYSTEM_STATUS + "/tpl.400.chrony.sh" +echo +echo "Using snippet $chrony_snippet" +$SNIPPET($chrony_snippet) + diff --git a/snippets/tpl.400.chrony.sh b/snippets/tpl.400.chrony.sh new file mode 100644 index 0000000..90b76a5 --- /dev/null +++ b/snippets/tpl.400.chrony.sh @@ -0,0 +1,159 @@ +## !/bin/bash +#raw + +#----------------------------------------------------------- +deinstall_ntp() { + + if rpm -qa | grep '^ntp-[0-9]' >/dev/null ; then + : + else + echo + echo "ntp is not installed." + return 0 + fi + + echo + echo "${HASH_LINE}" + echo + log "Deinstalling ntp ..." + echo + echo "Stopping ntpd.service ..." + systemctl stop ntpd.service || return 5 + echo + echo "Disabling ntpd.service ..." + systemctl disable ntpd.service || return 5 + echo + echo "Deinstalling ntp ..." + yum remove -y ntp || return 5 + return 0 + +} + +#----------------------------------------------------------- +install_chrony() { + + if rpm -qa | grep '^chrony-[0-9]' >/dev/null ; then + echo + echo "chrony is already installed." + return 0 + fi + + echo + log "Installing Chrony ..." + if yum install -y chrony ; then + return 0 + else + echo "[$(date)]: Could not install chrony" | tee -a "${ERROR_POINTER}" + return 6 + fi + return 0 + +} + +#----------------------------------------------------------- +perform_chrony() { + + if deinstall_ntp ; then + if install_chrony ; then + echo + echo "All packages okay." + else + return 6 + fi + else + return 5 + fi + + echo + log "Configuring Chrony ..." + + cat <<-EOF > /etc/chrony.conf + # Chrony configuration + + # Using timeservers of pixelpark + server time01.pixelpark.com iburst + server time02.pixelpark.com iburst + server time03.pixelpark.com iburst + + # Record the rate at which the system clock gains/losses time. + driftfile /var/lib/chrony/drift + + # Allow the system clock to be stepped in the first three updates + # if its offset is larger than 1 second. + makestep 1.0 3 + + # Enable kernel synchronization of the real-time clock (RTC). + rtcsync + + # Enable hardware timestamping on all interfaces that support it. + #hwtimestamp * + + # Increase the minimum number of selectable sources required to adjust + # the system clock. + minsources 2 + + # Allow NTP client access from local network. + #allow 192.168.0.0/16 + allow 10/8 + allow 192.168/16 + allow 172.16/12 + + # Serve time even if not synchronized to a time source. + local stratum 10 + + # Specify file containing keys for NTP authentication. + keyfile /etc/chrony.keys + + # Specify directory for log files. + logdir /var/log/chrony + + # Select which information is logged. + log measurements statistics tracking + + EOF + + mkdir -pv /var/log/chrony + chmod -v 0755 /var/log/chrony + chown -v chrony:chrony /var/log/chrony + + echo + echo "Configuring chrony keys ..." + if [[ -f /etc/chrony.keys ]] ; then + echo "File /etc/chrony.keys is already existing" + else + cat <<-EOF > /etc/chrony.keys + # This is the chrony keys file. It is used for NTP authentication with + # symmetric keys. It should be readable only by root or the user to which + # chronyd is configured to switch to after start. + + # Examples of valid keys: + + #1 MD5 AVeryLongAndRandomPassword + #2 MD5 HEX:12114855C7931009B4049EF3EFC48A139C3F989F + #3 SHA1 HEX:B2159C05D6A219673A3B7E896B6DE07F6A440995 + + EOF + fi + + echo "Removing of possibly existing keys ..." + sed -i -e '/^[1-9][0-9]*/d' /etc/chrony.keys + + local method= + local keylen=256 + local i= + local key= + for method in 'MD5' 'SHA1' 'SHA256' 'SHA512'; do + echo " * ${method}" + key=$( chronyc keygen $i "${method}" "${keylen}" ) + echo " $key" + echo "${key}" >> /etc/chrony.keys + i=$(( $i + 1 )) + done + echo >> /etc/chrony.keys + +} + +perform_chrony + +#end raw +## vim: ts=4 et list