Jeffrey Zhang 72ee7dac7c Support multi local chrony servers
In the old implementation, if there is no external ntp server, only one
local chrony server is supported. If multi chrony-server is configured,
chrony client can not sync with them.

In the new implementation
* use VIP to connect chrony-server, which ensure multi local chrony
  servers are supported.
* chrony servers depend on VIP. So chrony-server group should be
  the same with haproxy group.
* prevent chrony client sync from itself.
* Change owner to chrony:kolla for chrony log folder
* fix keysfile path
* use chrony user for centos and ubuntu image
* fix permission issue for /var/lib/chrony folder

Closes-Bug: #1705200
Change-Id: I6e85fda9824b5ddc7a96895425c5932a3566c27e
2017-07-26 03:38:05 +00:00

48 lines
920 B
Django/Jinja

{% set keyfile = '/etc/chrony.keys' if kolla_base_distro in ['centos', 'oraclelinux', 'redhat'] else '/etc/chrony/chrony.keys' %}
server {{ kolla_internal_vip_address }} iburst
{# NOTE(jeffrey4l): external_ntp_servers may be None here #}
{% if external_ntp_servers %}
{% for ntp_server in external_ntp_servers %}
server {{ ntp_server }} iburst
{% endfor %}
{% endif %}
user chrony
keyfile {{ keyfile }}
commandkey 1
driftfile /var/lib/chrony/chrony.drift
log tracking measurements statistics
logdir /var/log/kolla/chrony
makestep 3 3
maxupdateskew 100.0
dumponexit
dumpdir /var/lib/chrony
{% if inventory_hostname in groups['chrony-server'] %}
allow all
# prevent chrony sync from self
deny {{ kolla_internal_vip_address }}
deny {{ api_interface_address }}
local stratum 10
{% else %}
port 0
deny all
{% endif %}
bindaddress {{ kolla_internal_vip_address }}
logchange 0.5
hwclockfile /etc/adjtime
rtcsync