7 | 2024-11-26T05:20:26.503Z | INFO | zone-setup: Chrony configuration file has changed
new configuration file = "#\\n# Configuration file for a boundary NTP server - one which communicates with\\n# NTP servers outside the rack.\\n#\\n\\ndriftfile /var/lib/chrony/drift\\nntsdumpdir /var/lib/chrony\\ndumpdir /var/lib/chrony\\npidfile /var/run/chrony/chronyd.pid\\nlogdir /var/log/chrony\\n\\nlog measurements statistics tracking\\n\\nallow fe80::/10\\nallow fd00:1122:3344:100::/56\\n\\n# Enable local reference mode, which keeps us operating as an NTP server that\\n# appears synchronised even if there are currently no active upstreams. When\\n# in this mode, we report as stratum 10 to clients. The `distance' parameter\\n# controls when we will decide to abandon the upstreams and switch to the local\\n# reference. By setting `activate`, we prevent the server from ever activating\\n# its local reference until it has synchronised with upstream at least once and\\n# the root distance has dropped below the provided threshold. This prevents\\n# a boundary server in a cold booted rack from authoritatively advertising a\\n# time from the 1980s prior to gaining external connectivity.\\n#\\n# distance: Distance from root above which we use the local reference, opting\\n# to ignore the upstream.\\n# activate: Distance from root below which we must fall once to ever consider\\n# the local reference.\\n#\\nlocal stratum 10 distance 0.4 activate 0.5\\n\\n# makestep <threshold> <limit>\\n# We allow chrony to step the system clock during the first three time updates\\n# if we are more than 0.1 seconds out.\\nmakestep 0.1 3\\n\\n# When a leap second occurs we slew the clock over approximately 37 seconds.\\nleapsecmode slew\\nmaxslewrate 2708.333\\n\\npool 0.pool.ntp.org iburst maxdelay 0.1 minpoll 0 maxpoll 3 maxsources 16\\n"
old configuration file = "### COMMENTS\\n# Any of the following lines are comments (you have a choice of\\n# comment start character):\\n# a comment\\n% a comment\\n! a comment\\n; a comment\\n#\\n# Below, the '!' form is used for lines that you might want to\\n# uncomment and edit to make your own chrony.conf file.\\n#\\n#######################################################################\\n#######################################################################\\n### SPECIFY YOUR NTP SERVERS\\n# Most computers using chrony will send measurement requests to one or\\n# more 'NTP servers'. You will probably find that your Internet Service\\n# Provider or company have one or more NTP servers that you can specify.\\n# Failing that, there are a lot of public NTP servers. There is a list\\n# you can access at http://support.ntp.org/bin/view/Servers/WebHome or\\n# you can use servers from the pool.ntp.org project.\\n\\n! server foo.example.net iburst\\n! server bar.example.net iburst\\n! server baz.example.net iburst\\n\\npool 0.omnios.pool.ntp.org iburst\\n\\n#######################################################################\\n### AVOIDING POTENTIALLY BOGUS CHANGES TO YOUR CLOCK\\n#\\n# To avoid changes being made to your computer's gain/loss compensation\\n# when the measurement history is too erratic, you might want to enable\\n# one of the following lines. The first seems good with servers on the\\n# Internet, the second seems OK for a LAN environment.\\n\\n! maxupdateskew 100\\n! maxupdateskew 5\\n\\n# If you want to increase the minimum number of selectable sources\\n# required to update the system clock in order to make the\\n# synchronisation more reliable, uncomment (and edit) the following\\n# line.\\n\\n! minsources 2\\n\\n# If your computer has a good stable clock (e.g. it is not a virtual\\n# machine), you might also want to reduce the maximum assumed drift\\n# (frequency error) of the clock (the value is specified in ppm).\\n\\n! maxdrift 100\\n\\n# By default, chronyd allows synchronisation to an unauthenticated NTP\\n# source (i.e. specified without the nts and key options) if it agrees with\\n# a majority of authenticated NTP sources, or if no authenticated source is\\n# specified. If you don't want chronyd to ever synchronise to an\\n# unauthenticated NTP source, uncomment the first from the following lines.\\n# If you don't want to synchronise to an unauthenticated NTP source only\\n# when an authenticated source is specified, uncomment the second line.\\n# If you want chronyd to ignore authentication in the source selection,\\n# uncomment the third line.\\n\\n! authselectmode require\\n! authselectmode prefer\\n! authselectmode ignore\\n\\n#######################################################################\\n### FILENAMES ETC\\n# Chrony likes to keep information about your computer's clock in files.\\n# The 'driftfile' stores the computer's clock gain/loss rate in parts\\n# per million. When chronyd starts, the system clock can be tuned\\n# immediately so that it doesn't gain or lose any more time. You\\n# generally want this, so it is uncommented.\\n\\ndriftfile /var/lib/chrony/drift\\n\\n# If you want to enable NTP authentication with symmetric keys, you will need\\n# to uncomment the following line and edit the file to set up the keys.\\n\\n! keyfile /etc/inet/chrony.keys\\n\\n# If you specify an NTP server with the nts option to enable authentication\\n# with the Network Time Security (NTS) mechanism, or enable server NTS with\\n# the ntsservercert and ntsserverkey directives below, the following line will\\n# allow the client/server to save the NTS keys and cookies in order to reduce\\n# the number of key establishments (NTS-KE sessions).\\n\\nntsdumpdir /var/lib/chrony\\n\\n# If chronyd is configured to act as an NTP server and you want to enable NTS\\n# for its clients, you will need a TLS certificate and private key. Uncomment\\n# and edit the following lines to specify the locations of the certificate and\\n# key.\\n\\n! ntsservercert /etc/.../foo.example.net.crt\\n! ntsserverkey /etc/.../foo.example.net.key\\n\\n# chronyd can save the measurement history for the servers to files when\\n# it exits. This is useful:\\n#\\n# 1. If you stop chronyd and restart it with the '-r' option (e.g. after\\n# an upgrade), the old measurements will still be relevant when chronyd\\n# is restarted. This will reduce the time needed to get accurate\\n# gain/loss measurements.\\n#\\n# Uncomment the following line to use this.\\n\\n! dumpdir /var/lib/chrony\\n\\n# chronyd writes its process ID to a file. If you try to start a second\\n# copy of chronyd, it will detect that the process named in the file is\\n# still running and bail out. If you want to change the path to the PID\\n# file, uncomment this line and edit it. The default path is shown.\\n\\npidfile /var/run/chrony/chronyd.pid\\n\\n# If the system timezone database is kept up to date and includes the\\n# right/UTC timezone, chronyd can use it to determine the current\\n# TAI-UTC offset and when will the next leap second occur.\\n\\n! leapsectz right/UTC\\n\\n# This directive specifies the location of the Samba ntp_signd socket\\n# when it is running as a Domain Controller (DC). If chronyd is\\n# compiled with this feature, responses to MS-SNTP clients will be\\n# signed by the smbd daemon.\\n\\n! ntpsigndsocket /var/lib/samba/ntp_signd\\n\\n#######################################################################\\n### INITIAL CLOCK CORRECTION\\n# This option is useful to quickly correct the clock on start if it's\\n# off by a large amount. The value '1.0' means that if the error is less\\n# than 1 second, it will be gradually removed by speeding up or slowing\\n# down your computer's clock until it is correct. If the error is above\\n# 1 second, an immediate time jump will be applied to correct it. The\\n# value '3' means the step is allowed only in the first three updates of\\n# the clock. Some software can get upset if the system clock jumps\\n# (especially backwards), so be careful!\\n\\n! makestep 1.0 3\\n\\n#######################################################################\\n### LEAP SECONDS\\n# A leap second is an occasional one-second correction of the UTC\\n# time scale. By default, chronyd tells the kernel to insert/delete\\n# the leap second, which makes a backward/forward step to correct the\\n# clock for it. As with the makestep directive, this jump can upset\\n# some applications. If you prefer chronyd to make a gradual\\n# correction, causing the clock to be off for a longer time, uncomment\\n# the following line.\\n\\n! leapsecmode slew\\n\\n#######################################################################\\n### LOGGING\\n# If you want to log information about the time measurements chronyd has\\n# gathered, you might want to enable the following lines. You probably\\n# only need this if you really enjoy looking at the logs, you want to\\n# produce some graphs of your system's timekeeping performance, or you\\n# need help in debugging a problem.\\n\\n! logdir /var/log/chrony\\n! log measurements statistics tracking\\n\\n# If you have real time clock support enabled (see below), you might want\\n# this line instead:\\n\\n! log measurements statistics tracking rtc\\n\\n#######################################################################\\n### ACTING AS AN NTP SERVER\\n# You might want the computer to be an NTP server for other computers.\\n#\\n# By default, chronyd does not allow any clients to access it. You need\\n# to explicitly enable access using 'allow' and 'deny' directives.\\n#\\n# e.g. to enable client access from the 192.168.*.* class B subnet,\\n\\n! allow 192.168/16\\n\\n# .. but disallow the 192.168.100.* subnet of that,\\n\\n! deny 192.168.100/24\\n\\n# You can have as many allow and deny directives as you need. The order\\n# is unimportant.\\n\\n# If you want to present your computer's time for others to synchronise\\n# with, even if you don't seem to be synchronised to any NTP servers\\n# yourself, enable the following line. The value 10 may be varied\\n# between 1 and 15. You should avoid small values because you will look\\n# like a real NTP server. The value 10 means that you appear to be 10\\n# NTP 'hops' away from an authoritative source (atomic clock, GPS\\n# receiver, radio clock etc).\\n\\n! local stratum 10\\n\\n# Normally, chronyd will keep track of how many times each client\\n# machine accesses it. The information can be accessed by the 'clients'\\n# command of chronyc. You can disable this facility by uncommenting the\\n# following line. This will save a bit of memory if you have many\\n# clients and it will also disable support for the interleaved mode.\\n\\n! noclientlog\\n\\n# The clientlog size is limited to 512KB by default. If you have many\\n# clients, you might want to increase the limit.\\n\\n! clientloglimit 4194304\\n\\n# By default, chronyd tries to respond to all valid NTP requests from\\n# allowed addresses. If you want to limit the response rate for NTP\\n# clients that are sending requests too frequently, uncomment and edit\\n# the following line.\\n\\n! ratelimit interval 3 burst 8\\n\\n#######################################################################\\n### REPORTING BIG CLOCK CHANGES\\n# Perhaps you want to know if chronyd suddenly detects any large error\\n# in your computer's clock. This might indicate a fault or a problem\\n# with the server(s) you are using, for example.\\n#\\n# The next option causes a message to be written to syslog when chronyd\\n# has to correct an error above 0.5 seconds (you can use any amount you\\n# like).\\n\\n! logchange 0.5\\n\\n# The next option will send email to the named person when chronyd has\\n# to correct an error above 0.5 seconds. (If you need to send mail to\\n# several people, you need to set up a mailing list or sendmail alias\\n# for them and use the address of that.)\\n\\n! mailonchange wibble@foo.example.net 0.5\\n\\n#######################################################################\\n### COMMAND ACCESS\\n# The program chronyc is used to show the current operation of chronyd\\n# and to change parts of its configuration whilst it is running.\\n\\n# By default chronyd binds to the loopback interface. Uncomment the\\n# following lines to allow receiving command packets from remote hosts.\\n\\n! bindcmdaddress 0.0.0.0\\n! bindcmdaddress ::\\n\\n# Normally, chronyd will only allow connections from chronyc on the same\\n# machine as itself. This is for security. If you have a subnet\\n# 192.168.*.* and you want to be able to use chronyc from any machine on\\n# it, you could uncomment the following line. (Edit this to your own\\n# situation.)\\n\\n! cmdallow 192.168/16\\n\\n# You can add as many 'cmdallow' and 'cmddeny' lines as you like. The\\n# syntax and meaning is the same as for 'allow' and 'deny', except that\\n# 'cmdallow' and 'cmddeny' control access to the chronyd's command port.\\n\\n# Rate limiting can be enabled also for command packets. (Note,\\n# commands from localhost are never limited.)\\n\\n! cmdratelimit interval -4 burst 16\\n\\n\\n"
|