fa2800419e
This patch migrates all of the remaining non-unique variable names in the security role to a pattern that begins with `security_*`. This will reduce potential variable collisions with other roles. This is a breaking change for deployers and users who are moving from the liberty or stable/mitaka branches to master. Release notes are included with additional details to help with the transition. Closes-Bug: 1578326 Change-Id: Ib716e81e6fed971b21dc5579ae1a871736e21189
943 B
The chrony service is installed to manage clock
synchronization for hosts and to serve as an NTP server for NTP clients.
Chrony was chosen over ntpd because it's actively maintained and has
some enhancements for virtualized environments.
There are two configurations available for users to adjust chrony's default configuration:
The security_ntp_servers variable is a list of NTP
servers that chrony should use to synchronize time. They are set to
North American NTP servers by default.
The security_allowed_ntp_subnets variable is a list of
subnets (in CIDR notation) that are allowed to reach your servers
running chrony. A sane default is chosen (all RFC1918 networks are
allowed), but this can be easily adjusted.
For more information on chrony, review the chrony documentation at the upstream site, or run man chrony on a host with chrony installed.