doc: update chrony.texi
This commit is contained in:
Miroslav Lichvar
parent
c8fe0fe992
commit
72f0f99ac3
1 changed files with 38 additions and 28 deletions
|
|
@ -430,15 +430,15 @@ install-info /usr/local/share/info/chrony.info /usr/share/info/dir
|
||||||
|
|
||||||
Now that the software is successfully installed, the next step is to
|
Now that the software is successfully installed, the next step is to
|
||||||
set up a configuration file. The default location of the file
|
set up a configuration file. The default location of the file
|
||||||
is @file{@SYSCONFDIR@/chrony.conf}. Suppose you want to use public NTP
|
is @file{@SYSCONFDIR@/chrony.conf}. Several examples of configuration with
|
||||||
servers from the pool.ntp.org project as your time reference. A
|
comments are included in the examples directory. Suppose you want to use
|
||||||
|
public NTP servers from the pool.ntp.org project as your time reference. A
|
||||||
minimal useful configuration file could be
|
minimal useful configuration file could be
|
||||||
|
|
||||||
@example
|
@example
|
||||||
server 0.pool.ntp.org iburst
|
pool pool.ntp.org iburst
|
||||||
server 1.pool.ntp.org iburst
|
|
||||||
server 2.pool.ntp.org iburst
|
|
||||||
makestep 10 3
|
makestep 10 3
|
||||||
|
rtcsync
|
||||||
@end example
|
@end example
|
||||||
|
|
||||||
Then, @code{chronyd} can be run.
|
Then, @code{chronyd} can be run.
|
||||||
|
|
@ -584,10 +584,10 @@ server baz.example.net
|
||||||
@end example
|
@end example
|
||||||
|
|
||||||
However, you will probably want to include some of the other directives
|
However, you will probably want to include some of the other directives
|
||||||
described later. The @code{driftfile} and @code{makestep} directives may be
|
described later. The following directives may be particularly useful :
|
||||||
particularly useful. Also, the @code{iburst} server option is useful to speed
|
@code{driftfile}, @code{makestep}, @code{rtcsync}. Also, the @code{iburst}
|
||||||
up the initial synchronization. The smallest useful configuration file would
|
server option is useful to speed up the initial synchronization. The smallest
|
||||||
look something like
|
useful configuration file would look something like
|
||||||
|
|
||||||
@example
|
@example
|
||||||
server foo.example.net iburst
|
server foo.example.net iburst
|
||||||
|
|
@ -595,6 +595,20 @@ server bar.example.net iburst
|
||||||
server baz.example.net iburst
|
server baz.example.net iburst
|
||||||
driftfile @CHRONYVARDIR@/drift
|
driftfile @CHRONYVARDIR@/drift
|
||||||
makestep 10 3
|
makestep 10 3
|
||||||
|
rtcsync
|
||||||
|
@end example
|
||||||
|
|
||||||
|
When using a pool of NTP servers (one name is used for multiple servers which
|
||||||
|
may change over time), it's better to specify them with the @code{pool}
|
||||||
|
directive instead of multiple @code{server} directives in order to allow
|
||||||
|
@code{chronyd} to replace unreachable or bad servers automatically. The
|
||||||
|
configuration file could in this case look like
|
||||||
|
|
||||||
|
@example
|
||||||
|
pool pool.ntp.org iburst
|
||||||
|
driftfile @CHRONYVARDIR@/drift
|
||||||
|
makestep 10 3
|
||||||
|
rtcsync
|
||||||
@end example
|
@end example
|
||||||
@c }}}
|
@c }}}
|
||||||
@c {{{ S:Infrequent connection
|
@c {{{ S:Infrequent connection
|
||||||
|
|
@ -871,9 +885,9 @@ For the @file{@SYSCONFDIR@/chrony.conf} file, the following can be used as an
|
||||||
example.
|
example.
|
||||||
|
|
||||||
@example
|
@example
|
||||||
server 0.pool.ntp.org maxdelay 0.4 offline
|
server foo.example.net maxdelay 0.4 offline
|
||||||
server 1.pool.ntp.org maxdelay 0.4 offline
|
server bar.example.net maxdelay 0.4 offline
|
||||||
server 2.pool.ntp.org maxdelay 0.4 offline
|
server baz.example.net maxdelay 0.4 offline
|
||||||
logdir /var/log/chrony
|
logdir /var/log/chrony
|
||||||
log statistics measurements tracking
|
log statistics measurements tracking
|
||||||
driftfile @CHRONYVARDIR@/drift
|
driftfile @CHRONYVARDIR@/drift
|
||||||
|
|
@ -1316,16 +1330,9 @@ bindaddress 192.168.1.1
|
||||||
|
|
||||||
to the configuration file.
|
to the configuration file.
|
||||||
|
|
||||||
This directive affects NTP (UDP port 123 by default) packets.
|
For each of IPv4 and IPv6 protocols, only one @code{bindaddress} directive can
|
||||||
|
be specified. Therefore, it's not useful on computers which should serve NTP
|
||||||
The @code{bindaddress} directive has been found to cause problems when used on
|
on multiple network interfaces.
|
||||||
computers that need to pass NTP traffic over multiple network interfaces (e.g.
|
|
||||||
firewalls). It is, therefore, not particularly useful. Use of the
|
|
||||||
@code{allow} and @code{deny} directives together with a network firewall is
|
|
||||||
more likely to be successful.
|
|
||||||
|
|
||||||
For each of IPv4 and IPv6 protocols, only one @code{bindaddress}
|
|
||||||
directive can be specified.
|
|
||||||
@c }}}
|
@c }}}
|
||||||
@c {{{ bindcmdaddress
|
@c {{{ bindcmdaddress
|
||||||
@node bindcmdaddress directive
|
@node bindcmdaddress directive
|
||||||
|
|
@ -4624,9 +4631,9 @@ For the current development from the developers' version control system see the
|
||||||
@code{Git} link on the web site.
|
@code{Git} link on the web site.
|
||||||
|
|
||||||
@subsection Are there any packaged versions of chrony?
|
@subsection Are there any packaged versions of chrony?
|
||||||
We are aware of packages for Arch, Debian, Fedora, Gentoo, Mandriva, Slackware,
|
We are aware of packages for Arch, CentOS, Debian, Fedora, Gentoo, Mageia,
|
||||||
Ubuntu, FreeBSD and NetBSD. We are not involved with how these are built or
|
OpenSuse, Slackware, Ubuntu, FreeBSD and NetBSD. We are not involved with how
|
||||||
distributed.
|
these are built or distributed.
|
||||||
|
|
||||||
@subsection Where is the home page?
|
@subsection Where is the home page?
|
||||||
It is currently at
|
It is currently at
|
||||||
|
|
@ -4711,9 +4718,12 @@ increasing intervals until it succeeds. The @code{online} command can be
|
||||||
issued from @code{chronyc} to try to resolve them immediately.
|
issued from @code{chronyc} to try to resolve them immediately.
|
||||||
|
|
||||||
@subsection How can I make chronyd more secure?
|
@subsection How can I make chronyd more secure?
|
||||||
If you don't need to serve time to NTP clients, you can add @code{port 0} to
|
If you don't need to serve time to NTP clients or peers, you can add
|
||||||
the @file{chrony.conf} file to disable the NTP server/peer sockets and prevent
|
@code{port 0} to the @file{chrony.conf} file to completely disable the NTP
|
||||||
NTP requests from reaching @code{chronyd}.
|
server functionality and prevent NTP requests from reaching @code{chronyd}.
|
||||||
|
Starting from version 2.0, the NTP server port is open only when client access
|
||||||
|
is allowed by the @code{allow} directive or command, an NTP peer is configured,
|
||||||
|
or the @code{broadcast} directive is used.
|
||||||
|
|
||||||
If you don't need to use @code{chronyc} remotely, you can add the following
|
If you don't need to use @code{chronyc} remotely, you can add the following
|
||||||
directives to the configuration file to bind the command sockets to the
|
directives to the configuration file to bind the command sockets to the
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue