From a04e91a7a4174af9e0f6e180071f7f76c0498447 Mon Sep 17 00:00:00 2001 From: Frank Brehm Date: Mon, 25 Jun 2018 11:56:44 +0200 Subject: [PATCH] Installing chrony instead of ntp --- bin/postinst | 111 +++++++++++++++++++++++++++++++++++++-------------- 1 file changed, 82 insertions(+), 29 deletions(-) diff --git a/bin/postinst b/bin/postinst index 7f5e1cf..57b21db 100644 --- a/bin/postinst +++ b/bin/postinst @@ -569,52 +569,105 @@ install_legato_networker() { } #----------------------------------------------------------- -install_ntp() { +install_chrony() { echo echo "${HASH_LINE}" echo - log "Deinstalling chrony from whatever reason ..." - echo "Stopping chronyd ..." - systemctl stop chronyd - echo "Disabling chronyd ..." - systemctl disable chronyd - echo "Deinstalling chrony ..." - yum remove -y chrony + log "Deinstalling ntp ..." + echo "Stopping ntpd.service ..." + systemctl stop ntpd.service + echo "Disabling ntpd.service ..." + systemctl disable ntpd.service + echo "Deinstalling ntp ..." + yum remove -y ntp echo - log "Installing NTP ..." - if yum install -y ntp ; then + log "Installing Chrony ..." + if yum install -y chrony ; then : else - echo "[$(date)]: Could not install ntp." | tee -a "${ERROR_POINTER}" + echo "[$(date)]: Could not install chrony" | tee -a "${ERROR_POINTER}" fi - echo "Cofiguring ntpd ..." - mkdir -pv /etc/ntp - - cat <<-EOF > /etc/ntp.conf - tinker panic 0 - driftfile /var/lib/ntp/drift - # Permit time synchronization with our time source, but do not - # permit the source to query or modify the service on this system. - restrict default kod nomodify notrap nopeer noquery - restrict -6 default kod nomodify notrap nopeer noquery - restrict 127.0.0.1 - restrict -6 ::1 + echo "Configuring chrony ..." + + cat <<-EOF > /etc/chrony.conf + # Chrony configuration + + # Using timeservers of pixelpark server time01.pixelpark.com iburst server time02.pixelpark.com iburst server time03.pixelpark.com iburst + # Record the rate at which the system clock gains/losses time. + driftfile /var/lib/chrony/drift + + # Allow the system clock to be stepped in the first three updates + # if its offset is larger than 1 second. + makestep 1.0 3 + + # Enable kernel synchronization of the real-time clock (RTC). + rtcsync + + # Enable hardware timestamping on all interfaces that support it. + #hwtimestamp * + + # Increase the minimum number of selectable sources required to adjust + # the system clock. + minsources 2 + + # Allow NTP client access from local network. + #allow 192.168.0.0/16 + allow 10/8 + allow 192.168/16 + allow 172.16/12 + + # Serve time even if not synchronized to a time source. + local stratum 10 + + # Specify file containing keys for NTP authentication. + keyfile /etc/chrony.keys + + # Specify directory for log files. + logdir /var/log/chrony + + # Select which information is logged. + log measurements statistics tracking + EOF - cat <<-EOF > /etc/ntp/step-tickers - time01.pixelpark.com - time02.pixelpark.com - time03.pixelpark.com + echo "Configuring chrony keys ..." + + cat <<-EOF > /etc/chrony.keys + # This is the chrony keys file. It is used for NTP authentication with + # symmetric keys. It should be readable only by root or the user to which + # chronyd is configured to switch to after start. + + # Examples of valid keys: + + #1 MD5 AVeryLongAndRandomPassword + #2 MD5 HEX:12114855C7931009B4049EF3EFC48A139C3F989F + #3 SHA1 HEX:B2159C05D6A219673A3B7E896B6DE07F6A440995 + + 1 SHA256 HEX:4739BD84604DE5A1CCEE906C23EB3947398B31DA33BD0C5FE9A863B4CA9BA4AA + 2 MD5 HEX:4D534773C63AA638BE493B154844AADEEFFCA0AB98358E61815FA12466C8C807 EOF - systemctl enable ntpd + chown -v root:chrony /etc/chrony.keys + chmod -v 0640 /etc/chrony.keys + + echo "Ensuring /var/lib/chrony ..." + mkdir -pv /var/lib/chrony + cmmod -v 0755 /var/lib/chrony + chown -v chrony:chrony /var/lib/chrony + + echo "Ensuring /var/log/chrony ..." + mkdir -pv /var/log/chrony + cmmod -v 0755 /var/log/chrony + chown -v chrony:chrony /var/log/chrony + + systemctl enable chronyd.service } @@ -1080,7 +1133,7 @@ main() { remove_ipv6_localhost create_motd install_legato_networker - install_ntp + install_chrony install_openvm_tools remove_uek_packages disable_floppy -- 2.39.5