example: update chrony.conf examples
Add some new directives, remove dumponexit (it's a no-op), remove broadcast (to not encourage its use), fix a typo, and remove a OS-specific limitation.
This commit is contained in:
Miroslav Lichvar
parent
7d551d34a0
commit
8882fb21e0
2 changed files with 41 additions and 17 deletions
|
|
@ -25,9 +25,15 @@ rtcsync
|
|||
# Serve time even if not synchronized to a time source.
|
||||
#local stratum 10
|
||||
|
||||
# Require authentication (nts or key option) for all NTP sources.
|
||||
#authselectmode require
|
||||
|
||||
# Specify file containing keys for NTP authentication.
|
||||
#keyfile /etc/chrony.keys
|
||||
|
||||
# Save NTS keys and cookies.
|
||||
ntsdumpdir /var/lib/chrony
|
||||
|
||||
# Get TAI-UTC offset and leap seconds from the system tz database.
|
||||
#leapsectz right/UTC
|
||||
|
||||
|
|
|
|||
|
|
@ -57,6 +57,20 @@
|
|||
|
||||
! maxdrift 100
|
||||
|
||||
# By default, chronyd allows synchronisation to an unauthenticated NTP
|
||||
# source (i.e. specified without the nts and key options) if it agrees with
|
||||
# a majority of authenticated NTP sources, or if no authenticated source is
|
||||
# specified. If you don't want chronyd to ever synchronise to an
|
||||
# unauthenticated NTP source, uncomment the first from the following lines.
|
||||
# If you don't want to synchronise to an unauthenticated NTP source only
|
||||
# when an authenticated source is specified, uncomment the second line.
|
||||
# If you want chronyd to ignore authentication in the source selection,
|
||||
# uncomment the third line.
|
||||
|
||||
! authselectmode require
|
||||
! authselectmode prefer
|
||||
! authselectmode ignore
|
||||
|
||||
#######################################################################
|
||||
### FILENAMES ETC
|
||||
# Chrony likes to keep information about your computer's clock in files.
|
||||
|
|
@ -72,22 +86,37 @@ driftfile /var/lib/chrony/drift
|
|||
|
||||
! keyfile /etc/chrony.keys
|
||||
|
||||
# If you specify an NTP server with the nts option to enable authentication
|
||||
# with the Network Time Security (NTS) mechanism, or enable server NTS with
|
||||
# the ntsservercert and ntsserverkey directives below, the following line will
|
||||
# allow the client/server to save the NTS keys and cookies in order to reduce
|
||||
# the number of key establishments (NTS-KE sessions).
|
||||
|
||||
ntsdumpdir /var/lib/chrony
|
||||
|
||||
# If chronyd is configured to act as an NTP server and you want to enable NTS
|
||||
# for its clients, you will need a TLS certificate and private key. Uncomment
|
||||
# and edit the following lines to specify the locations of the certificate and
|
||||
# key.
|
||||
|
||||
! ntsservercert /etc/.../foo.example.net.crt
|
||||
! ntsserverkey /etc/.../foo.example.net.key
|
||||
|
||||
# chronyd can save the measurement history for the servers to files when
|
||||
# it it exits. This is useful in 2 situations:
|
||||
# it exits. This is useful in 2 situations:
|
||||
#
|
||||
# 1. On Linux, if you stop chronyd and restart it with '-r' (e.g. after
|
||||
# 1. If you stop chronyd and restart it with the '-r' option (e.g. after
|
||||
# an upgrade), the old measurements will still be relevant when chronyd
|
||||
# is restarted. This will reduce the time needed to get accurate
|
||||
# gain/loss measurements, especially with a dial-up link.
|
||||
# gain/loss measurements.
|
||||
#
|
||||
# 2. Again on Linux, if you use the RTC support and start chronyd with
|
||||
# 2. On Linux, if you use the RTC support and start chronyd with
|
||||
# '-r -s' on bootup, measurements from the last boot will still be
|
||||
# useful (the real time clock is used to 'flywheel' chronyd between
|
||||
# boots).
|
||||
#
|
||||
# Enable these two options to use this.
|
||||
# Uncomment the following line to use this.
|
||||
|
||||
! dumponexit
|
||||
! dumpdir /var/lib/chrony
|
||||
|
||||
# chronyd writes its process ID to a file. If you try to start a second
|
||||
|
|
@ -135,8 +164,6 @@ driftfile /var/lib/chrony/drift
|
|||
#######################################################################
|
||||
### ACTING AS AN NTP SERVER
|
||||
# You might want the computer to be an NTP server for other computers.
|
||||
# e.g. you might be running chronyd on a dial-up machine that has a LAN
|
||||
# sitting behind it with several 'satellite' computers on it.
|
||||
#
|
||||
# By default, chronyd does not allow any clients to access it. You need
|
||||
# to explicitly enable access using 'allow' and 'deny' directives.
|
||||
|
|
@ -152,15 +179,6 @@ driftfile /var/lib/chrony/drift
|
|||
# You can have as many allow and deny directives as you need. The order
|
||||
# is unimportant.
|
||||
|
||||
# If you want chronyd to act as an NTP broadcast server, enable and edit
|
||||
# (and maybe copy) the following line. This means that a broadcast
|
||||
# packet is sent to the address 192.168.1.255 every 60 seconds. The
|
||||
# address MUST correspond to the broadcast address of one of the network
|
||||
# interfaces on your machine. If you have multiple network interfaces,
|
||||
# add a broadcast line for each.
|
||||
|
||||
! broadcast 60 192.168.1.255
|
||||
|
||||
# If you want to present your computer's time for others to synchronise
|
||||
# with, even if you don't seem to be synchronised to any NTP servers
|
||||
# yourself, enable the following line. The value 10 may be varied
|
||||
|
|
|
|||
Loading…
Reference in a new issue