folliehiyuki/sysconfig
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
This repository has been archived on 2024-02-16. You can view files and clone it, but cannot push or open issues or pull requests.
sysconfig/roles/ntpd
History
Hoang Nguyen 9e12ff1ffb
ntpd: fix ntpsec config 
ntpsec daemon didn't run, since minsane was greater than the default
minclock (4 > 3).

Also calculate maxclock option of ntpsec more effectively, and rename
terminus-font package.
2023-04-06 00:00:00 +07:00
..
tasks Add 'ntpd' and 'auditd' roles 2023-04-06 00:00:00 +07:00
templates ntpd: fix ntpsec config 2023-04-06 00:00:00 +07:00
README.md Add 'ntpd' and 'auditd' roles 2023-04-06 00:00:00 +07:00

README.md

Notes

Tasks not needed in NTP client mode but might come handy in the future.

Generate NTP symetric key for chronyd

NOTE: NTS should be used if the server is publicly accessible. Otherwise, for a private NTP server, symetric key is sufficient.

- name: chrony | Generate the symetric key with chronyc
  command:
    cmd: /usr/bin/chronyc keygen {{ (2**32 - 1) | random }} SHA512 256
    creates: /etc/chrony/chrony.keys
  register: chrony_keys

- name: chrony | Create chrony.keys file from chronyc output
  copy:
    content: |
      {{ chrony_keys['stdout'] }}      
    dest: /etc/chrony/chrony.keys
    mode: '400'
    owner: chrony
    group: root
  when: chrony_keys is defined

Then add keyfile /etc/chrony/chrony.keys to /etc/chrony/chrony.conf file.