kolla-ansible/ansible/roles/chrony/templates/chrony.conf.j2

{% set keyfile = '/etc/chrony.keys' if kolla_base_distro in ['centos', 'oraclelinux', 'redhat'] else '/etc/chrony/chrony.keys' %}

server {{ kolla_internal_vip_address }} iburst
{# NOTE(jeffrey4l): external_ntp_servers may be None here #}
{% if external_ntp_servers %}
{% for ntp_server in external_ntp_servers %}
server {{ ntp_server }} iburst
{% endfor %}
{% endif %}

user chrony

keyfile {{ keyfile }}

commandkey 1

driftfile /var/lib/chrony/chrony.drift

log tracking measurements statistics
logdir /var/log/kolla/chrony

makestep 3 3

maxupdateskew 100.0

dumponexit

dumpdir /var/lib/chrony

{% if inventory_hostname in groups['chrony-server'] %}
allow all
# prevent chrony sync from self
deny {{ kolla_internal_vip_address }}
deny {{ api_interface_address }}
local stratum 10
{% else %}
port 0
deny all
{% endif %}

bindaddress {{ kolla_internal_vip_address }}

logchange 0.5

hwclockfile /etc/adjtime

rtcsync