X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/442f6383a519381b1ecaee26ed8b49d40dfaf02d..d51169137e4f79bbe3aba52be72071d11dd27127:/cookbooks/ntp/templates/default/chrony.conf.erb?ds=sidebyside diff --git a/cookbooks/ntp/templates/default/chrony.conf.erb b/cookbooks/ntp/templates/default/chrony.conf.erb index 9f7b30d49..b3948809d 100644 --- a/cookbooks/ntp/templates/default/chrony.conf.erb +++ b/cookbooks/ntp/templates/default/chrony.conf.erb @@ -1,9 +1,31 @@ # DO NOT EDIT - This file is being maintained by Chef +<% if node[:lsb][:release].to_f >= 22.04 -%> +# Include configuration files found in /etc/chrony/conf.d. +confdir /etc/chrony/conf.d +<% end -%> + # Servers <% node[:ntp][:servers].each do |server| -%> pool <%= server %> iburst <% end -%> +# Add additional non-pool NTP servers +# pool.ntp.org can sometimes be aggressive with KoD +pool time.cloudflare.com iburst +pool time.google.com iburst + +# Allow local queries for monitoring +allow 127.0.0.1/32 +allow ::1/128 + +# Run an initial NTP sync on daemon startup +# Use a few IPs here to workaround DNSSEC failure if time is wrong: https://github.com/openstreetmap/operations/issues/654 +initstepslew 30 216.239.35.0 216.239.35.4 216.239.35.8 216.239.35.12 time.google.com time.cloudflare.com <%= node[:ntp][:servers].join(" ") %> + +<% if node[:lsb][:release].to_f >= 22.04 -%> +# Use NTP sources found in /etc/chrony/sources.d. +sourcedir /etc/chrony/sources.d +<% end -%> # This directive specify the location of the file containing ID/key pairs for # NTP authentication. @@ -13,6 +35,11 @@ keyfile /etc/chrony/chrony.keys # information. driftfile /var/lib/chrony/chrony.drift +<% if node[:lsb][:release].to_f >= 22.04 -%> +# Save NTS keys and cookies. +ntsdumpdir /var/lib/chrony +<% end -%> + # Uncomment the following line to turn logging on. #log tracking measurements statistics @@ -29,8 +56,6 @@ rtcsync <% if node[:virtualization][:role] == "guest" -%> # Allow anytime step on VM guests makestep 1 -1 -# Allow 1h changes and do not exit -maxchange 3600 1 -1 <% else -%> # Step the system clock instead of slewing it if the adjustment is larger than # one second, but only in the first three clock updates. @@ -40,3 +65,6 @@ makestep 1 3 # Enable leap second slew leapsecmode slew maxslewrate 1000 + +# Enable hardware timestamps if available +hwtimestamp *