fa2800419e
This patch migrates all of the remaining non-unique variable names in the security role to a pattern that begins with `security_*`. This will reduce potential variable collisions with other roles. This is a breaking change for deployers and users who are moving from the liberty or stable/mitaka branches to master. Release notes are included with additional details to help with the transition. Closes-Bug: 1578326 Change-Id: Ib716e81e6fed971b21dc5579ae1a871736e21189
22 lines
943 B
ReStructuredText
22 lines
943 B
ReStructuredText
The ``chrony`` service is installed to manage clock synchronization for hosts
|
|
and to serve as an NTP server for NTP clients. Chrony was chosen over ntpd
|
|
because it's actively maintained and has some enhancements for virtualized
|
|
environments.
|
|
|
|
There are two configurations available for users to adjust chrony's default
|
|
configuration:
|
|
|
|
The ``security_ntp_servers`` variable is a list of NTP servers that
|
|
chrony should use to synchronize time. They are set to North American NTP
|
|
servers by default.
|
|
|
|
The ``security_allowed_ntp_subnets`` variable is a list of subnets (in CIDR
|
|
notation) that are allowed to reach your servers running chrony. A sane
|
|
default is chosen (all RFC1918 networks are allowed), but this can be easily
|
|
adjusted.
|
|
|
|
For more information on chrony, review the `chrony documentation`_ at the
|
|
upstream site, or run `man chrony` on a host with chrony installed.
|
|
|
|
.. _chrony documentation: http://chrony.tuxfamily.org/faq.html
|