ansible-hardening/doc/source/developer-notes/V-38620.rst
Major Hayden fa2800419e Migrate to unique variable names
This patch migrates all of the remaining non-unique variable names
in the security role to a pattern that begins with `security_*`.
This will reduce potential variable collisions with other roles.

This is a breaking change for deployers and users who are moving
from the liberty or stable/mitaka branches to master. Release notes
are included with additional details to help with the transition.

Closes-Bug: 1578326

Change-Id: Ib716e81e6fed971b21dc5579ae1a871736e21189
2016-05-09 16:18:48 -05:00

22 lines
943 B
ReStructuredText

The ``chrony`` service is installed to manage clock synchronization for hosts
and to serve as an NTP server for NTP clients. Chrony was chosen over ntpd
because it's actively maintained and has some enhancements for virtualized
environments.
There are two configurations available for users to adjust chrony's default
configuration:
The ``security_ntp_servers`` variable is a list of NTP servers that
chrony should use to synchronize time. They are set to North American NTP
servers by default.
The ``security_allowed_ntp_subnets`` variable is a list of subnets (in CIDR
notation) that are allowed to reach your servers running chrony. A sane
default is chosen (all RFC1918 networks are allowed), but this can be easily
adjusted.
For more information on chrony, review the `chrony documentation`_ at the
upstream site, or run `man chrony` on a host with chrony installed.
.. _chrony documentation: http://chrony.tuxfamily.org/faq.html