|
|
|
|
@ -0,0 +1,304 @@ |
|
|
|
|
####################################################################### |
|
|
|
|
# |
|
|
|
|
# This is an example chrony configuration file. You should copy it to |
|
|
|
|
# /etc/chrony.conf after uncommenting and editing the options that you |
|
|
|
|
# want to enable. The more obscure options are not included. Refer |
|
|
|
|
# to the documentation for these. |
|
|
|
|
# |
|
|
|
|
####################################################################### |
|
|
|
|
### COMMENTS |
|
|
|
|
# Any of the following lines are comments (you have a choice of |
|
|
|
|
# comment start character): |
|
|
|
|
# a comment |
|
|
|
|
% a comment |
|
|
|
|
! a comment |
|
|
|
|
; a comment |
|
|
|
|
# |
|
|
|
|
# Below, the '!' form is used for lines that you might want to |
|
|
|
|
# uncomment and edit to make your own chrony.conf file. |
|
|
|
|
# |
|
|
|
|
####################################################################### |
|
|
|
|
####################################################################### |
|
|
|
|
### SPECIFY YOUR NTP SERVERS |
|
|
|
|
# Most computers using chrony will send measurement requests to one or |
|
|
|
|
# more 'NTP servers'. You will probably find that your Internet Service |
|
|
|
|
# Provider or company have one or more NTP servers that you can specify. |
|
|
|
|
# Failing that, there are a lot of public NTP servers. There is a list |
|
|
|
|
# you can access at http://support.ntp.org/bin/view/Servers/WebHome or |
|
|
|
|
# you can use servers from the pool.ntp.org project. |
|
|
|
|
|
|
|
|
|
! server foo.example.net iburst |
|
|
|
|
! server bar.example.net iburst |
|
|
|
|
! server baz.example.net iburst |
|
|
|
|
|
|
|
|
|
! pool pool.ntp.org iburst |
|
|
|
|
|
|
|
|
|
####################################################################### |
|
|
|
|
### AVOIDING POTENTIALLY BOGUS CHANGES TO YOUR CLOCK |
|
|
|
|
# |
|
|
|
|
# To avoid changes being made to your computer's gain/loss compensation |
|
|
|
|
# when the measurement history is too erratic, you might want to enable |
|
|
|
|
# one of the following lines. The first seems good with servers on the |
|
|
|
|
# Internet, the second seems OK for a LAN environment. |
|
|
|
|
|
|
|
|
|
! maxupdateskew 100 |
|
|
|
|
! maxupdateskew 5 |
|
|
|
|
|
|
|
|
|
# If you want to increase the minimum number of selectable sources |
|
|
|
|
# required to update the system clock in order to make the |
|
|
|
|
# synchronisation more reliable, uncomment (and edit) the following |
|
|
|
|
# line. |
|
|
|
|
|
|
|
|
|
! minsources 2 |
|
|
|
|
|
|
|
|
|
# If your computer has a good stable clock (e.g. it is not a virtual |
|
|
|
|
# machine), you might also want to reduce the maximum assumed drift |
|
|
|
|
# (frequency error) of the clock (the value is specified in ppm). |
|
|
|
|
|
|
|
|
|
! maxdrift 100 |
|
|
|
|
|
|
|
|
|
####################################################################### |
|
|
|
|
### FILENAMES ETC |
|
|
|
|
# Chrony likes to keep information about your computer's clock in files. |
|
|
|
|
# The 'driftfile' stores the computer's clock gain/loss rate in parts |
|
|
|
|
# per million. When chronyd starts, the system clock can be tuned |
|
|
|
|
# immediately so that it doesn't gain or lose any more time. You |
|
|
|
|
# generally want this, so it is uncommented. |
|
|
|
|
|
|
|
|
|
driftfile /var/lib/chrony/drift |
|
|
|
|
|
|
|
|
|
# If you want to enable NTP authentication with symmetric keys, you will need |
|
|
|
|
# to uncomment the following line and edit the file to set up the keys. |
|
|
|
|
|
|
|
|
|
! keyfile /etc/chrony.keys |
|
|
|
|
|
|
|
|
|
# chronyd can save the measurement history for the servers to files when |
|
|
|
|
# it it exits. This is useful in 2 situations: |
|
|
|
|
# |
|
|
|
|
# 1. On Linux, if you stop chronyd and restart it with '-r' (e.g. after |
|
|
|
|
# an upgrade), the old measurements will still be relevant when chronyd |
|
|
|
|
# is restarted. This will reduce the time needed to get accurate |
|
|
|
|
# gain/loss measurements, especially with a dial-up link. |
|
|
|
|
# |
|
|
|
|
# 2. Again on Linux, if you use the RTC support and start chronyd with |
|
|
|
|
# '-r -s' on bootup, measurements from the last boot will still be |
|
|
|
|
# useful (the real time clock is used to 'flywheel' chronyd between |
|
|
|
|
# boots). |
|
|
|
|
# |
|
|
|
|
# Enable these two options to use this. |
|
|
|
|
|
|
|
|
|
! dumponexit |
|
|
|
|
! dumpdir /var/lib/chrony |
|
|
|
|
|
|
|
|
|
# chronyd writes its process ID to a file. If you try to start a second |
|
|
|
|
# copy of chronyd, it will detect that the process named in the file is |
|
|
|
|
# still running and bail out. If you want to change the path to the PID |
|
|
|
|
# file, uncomment this line and edit it. The default path is shown. |
|
|
|
|
|
|
|
|
|
! pidfile /var/run/chrony/chronyd.pid |
|
|
|
|
|
|
|
|
|
# If the system timezone database is kept up to date and includes the |
|
|
|
|
# right/UTC timezone, chronyd can use it to determine the current |
|
|
|
|
# TAI-UTC offset and when will the next leap second occur. |
|
|
|
|
|
|
|
|
|
! leapsectz right/UTC |
|
|
|
|
|
|
|
|
|
####################################################################### |
|
|
|
|
### INITIAL CLOCK CORRECTION |
|
|
|
|
# This option is useful to quickly correct the clock on start if it's |
|
|
|
|
# off by a large amount. The value '1.0' means that if the error is less |
|
|
|
|
# than 1 second, it will be gradually removed by speeding up or slowing |
|
|
|
|
# down your computer's clock until it is correct. If the error is above |
|
|
|
|
# 1 second, an immediate time jump will be applied to correct it. The |
|
|
|
|
# value '3' means the step is allowed only in the first three updates of |
|
|
|
|
# the clock. Some software can get upset if the system clock jumps |
|
|
|
|
# (especially backwards), so be careful! |
|
|
|
|
|
|
|
|
|
! makestep 1.0 3 |
|
|
|
|
|
|
|
|
|
####################################################################### |
|
|
|
|
### LOGGING |
|
|
|
|
# If you want to log information about the time measurements chronyd has |
|
|
|
|
# gathered, you might want to enable the following lines. You probably |
|
|
|
|
# only need this if you really enjoy looking at the logs, you want to |
|
|
|
|
# produce some graphs of your system's timekeeping performance, or you |
|
|
|
|
# need help in debugging a problem. |
|
|
|
|
|
|
|
|
|
! logdir /var/log/chrony |
|
|
|
|
! log measurements statistics tracking |
|
|
|
|
|
|
|
|
|
# If you have real time clock support enabled (see below), you might want |
|
|
|
|
# this line instead: |
|
|
|
|
|
|
|
|
|
! log measurements statistics tracking rtc |
|
|
|
|
|
|
|
|
|
####################################################################### |
|
|
|
|
### ACTING AS AN NTP SERVER |
|
|
|
|
# You might want the computer to be an NTP server for other computers. |
|
|
|
|
# e.g. you might be running chronyd on a dial-up machine that has a LAN |
|
|
|
|
# sitting behind it with several 'satellite' computers on it. |
|
|
|
|
# |
|
|
|
|
# By default, chronyd does not allow any clients to access it. You need |
|
|
|
|
# to explicitly enable access using 'allow' and 'deny' directives. |
|
|
|
|
# |
|
|
|
|
# e.g. to enable client access from the 192.168.*.* class B subnet, |
|
|
|
|
|
|
|
|
|
! allow 192.168/16 |
|
|
|
|
|
|
|
|
|
# .. but disallow the 192.168.100.* subnet of that, |
|
|
|
|
|
|
|
|
|
! deny 192.168.100/24 |
|
|
|
|
|
|
|
|
|
# You can have as many allow and deny directives as you need. The order |
|
|
|
|
# is unimportant. |
|
|
|
|
|
|
|
|
|
# If you want chronyd to act as an NTP broadcast server, enable and edit |
|
|
|
|
# (and maybe copy) the following line. This means that a broadcast |
|
|
|
|
# packet is sent to the address 192.168.1.255 every 60 seconds. The |
|
|
|
|
# address MUST correspond to the broadcast address of one of the network |
|
|
|
|
# interfaces on your machine. If you have multiple network interfaces, |
|
|
|
|
# add a broadcast line for each. |
|
|
|
|
|
|
|
|
|
! broadcast 60 192.168.1.255 |
|
|
|
|
|
|
|
|
|
# If you want to present your computer's time for others to synchronise |
|
|
|
|
# with, even if you don't seem to be synchronised to any NTP servers |
|
|
|
|
# yourself, enable the following line. The value 10 may be varied |
|
|
|
|
# between 1 and 15. You should avoid small values because you will look |
|
|
|
|
# like a real NTP server. The value 10 means that you appear to be 10 |
|
|
|
|
# NTP 'hops' away from an authoritative source (atomic clock, GPS |
|
|
|
|
# receiver, radio clock etc). |
|
|
|
|
|
|
|
|
|
! local stratum 10 |
|
|
|
|
|
|
|
|
|
# Normally, chronyd will keep track of how many times each client |
|
|
|
|
# machine accesses it. The information can be accessed by the 'clients' |
|
|
|
|
# command of chronyc. You can disable this facility by uncommenting the |
|
|
|
|
# following line. This will save a bit of memory if you have many |
|
|
|
|
# clients and it will also disable support for the interleaved mode. |
|
|
|
|
|
|
|
|
|
! noclientlog |
|
|
|
|
|
|
|
|
|
# The clientlog size is limited to 512KB by default. If you have many |
|
|
|
|
# clients, you might want to increase the limit. |
|
|
|
|
|
|
|
|
|
! clientloglimit 4194304 |
|
|
|
|
|
|
|
|
|
# By default, chronyd tries to respond to all valid NTP requests from |
|
|
|
|
# allowed addresses. If you want to limit the response rate for NTP |
|
|
|
|
# clients that are sending requests too frequently, uncomment and edit |
|
|
|
|
# the following line. |
|
|
|
|
|
|
|
|
|
! ratelimit interval 3 burst 8 |
|
|
|
|
|
|
|
|
|
####################################################################### |
|
|
|
|
### REPORTING BIG CLOCK CHANGES |
|
|
|
|
# Perhaps you want to know if chronyd suddenly detects any large error |
|
|
|
|
# in your computer's clock. This might indicate a fault or a problem |
|
|
|
|
# with the server(s) you are using, for example. |
|
|
|
|
# |
|
|
|
|
# The next option causes a message to be written to syslog when chronyd |
|
|
|
|
# has to correct an error above 0.5 seconds (you can use any amount you |
|
|
|
|
# like). |
|
|
|
|
|
|
|
|
|
! logchange 0.5 |
|
|
|
|
|
|
|
|
|
# The next option will send email to the named person when chronyd has |
|
|
|
|
# to correct an error above 0.5 seconds. (If you need to send mail to |
|
|
|
|
# several people, you need to set up a mailing list or sendmail alias |
|
|
|
|
# for them and use the address of that.) |
|
|
|
|
|
|
|
|
|
! mailonchange wibble@foo.example.net 0.5 |
|
|
|
|
|
|
|
|
|
####################################################################### |
|
|
|
|
### COMMAND ACCESS |
|
|
|
|
# The program chronyc is used to show the current operation of chronyd |
|
|
|
|
# and to change parts of its configuration whilst it is running. |
|
|
|
|
|
|
|
|
|
# By default chronyd binds to the loopback interface. Uncomment the |
|
|
|
|
# following lines to allow receiving command packets from remote hosts. |
|
|
|
|
|
|
|
|
|
! bindcmdaddress 0.0.0.0 |
|
|
|
|
! bindcmdaddress :: |
|
|
|
|
|
|
|
|
|
# Normally, chronyd will only allow connections from chronyc on the same |
|
|
|
|
# machine as itself. This is for security. If you have a subnet |
|
|
|
|
# 192.168.*.* and you want to be able to use chronyc from any machine on |
|
|
|
|
# it, you could uncomment the following line. (Edit this to your own |
|
|
|
|
# situation.) |
|
|
|
|
|
|
|
|
|
! cmdallow 192.168/16 |
|
|
|
|
|
|
|
|
|
# You can add as many 'cmdallow' and 'cmddeny' lines as you like. The |
|
|
|
|
# syntax and meaning is the same as for 'allow' and 'deny', except that |
|
|
|
|
# 'cmdallow' and 'cmddeny' control access to the chronyd's command port. |
|
|
|
|
|
|
|
|
|
# Rate limiting can be enabled also for command packets. (Note, |
|
|
|
|
# commands from localhost are never limited.) |
|
|
|
|
|
|
|
|
|
! cmdratelimit interval -4 burst 16 |
|
|
|
|
|
|
|
|
|
####################################################################### |
|
|
|
|
### HARDWARE TIMESTAMPING |
|
|
|
|
# On Linux, if the network interface controller and its driver support |
|
|
|
|
# hardware timestamping, it can significantly improve the accuracy of |
|
|
|
|
# synchronisation. It can be enabled on specified interfaces only, or it |
|
|
|
|
# can be enabled on all interfaces that support it. |
|
|
|
|
|
|
|
|
|
! hwtimestamp eth0 |
|
|
|
|
! hwtimestamp * |
|
|
|
|
|
|
|
|
|
####################################################################### |
|
|
|
|
### REAL TIME CLOCK |
|
|
|
|
# chronyd can characterise the system's real-time clock. This is the |
|
|
|
|
# clock that keeps running when the power is turned off, so that the |
|
|
|
|
# machine knows the approximate time when it boots again. The error at |
|
|
|
|
# a particular epoch and gain/loss rate can be written to a file and |
|
|
|
|
# used later by chronyd when it is started with the '-s' option. |
|
|
|
|
# |
|
|
|
|
# You need to have 'enhanced RTC support' compiled into your Linux |
|
|
|
|
# kernel. (Note, these options apply only to Linux.) |
|
|
|
|
|
|
|
|
|
! rtcfile /var/lib/chrony/rtc |
|
|
|
|
|
|
|
|
|
# Your RTC can be set to keep Universal Coordinated Time (UTC) or local |
|
|
|
|
# time. (Local time means UTC +/- the effect of your timezone.) If you |
|
|
|
|
# use UTC, chronyd will function correctly even if the computer is off |
|
|
|
|
# at the epoch when you enter or leave summer time (aka daylight saving |
|
|
|
|
# time). However, if you dual boot your system with Microsoft Windows, |
|
|
|
|
# that will work better if your RTC maintains local time. You take your |
|
|
|
|
# pick! |
|
|
|
|
|
|
|
|
|
! rtconutc |
|
|
|
|
|
|
|
|
|
# By default chronyd assumes that the enhanced RTC device is accessed as |
|
|
|
|
# /dev/rtc. If it's accessed somewhere else on your system (e.g. you're |
|
|
|
|
# using devfs), uncomment and edit the following line. |
|
|
|
|
|
|
|
|
|
! rtcdevice /dev/misc/rtc |
|
|
|
|
|
|
|
|
|
# Alternatively, if not using the -s option, this directive can be used |
|
|
|
|
# to enable a mode in which the RTC is periodically set to the system |
|
|
|
|
# time, with no tracking of its drift. |
|
|
|
|
|
|
|
|
|
! rtcsync |
|
|
|
|
|
|
|
|
|
####################################################################### |
|
|
|
|
### REAL TIME SCHEDULER |
|
|
|
|
# This directive tells chronyd to use the real-time FIFO scheduler with the |
|
|
|
|
# specified priority (which must be between 0 and 100). This should result |
|
|
|
|
# in reduced latency. You don't need it unless you really have a requirement |
|
|
|
|
# for extreme clock stability. Works only on Linux. Note that the "-P" |
|
|
|
|
# command-line switch will override this. |
|
|
|
|
|
|
|
|
|
! sched_priority 1 |
|
|
|
|
|
|
|
|
|
####################################################################### |
|
|
|
|
### LOCKING CHRONYD INTO RAM |
|
|
|
|
# This directive tells chronyd to use the mlockall() syscall to lock itself |
|
|
|
|
# into RAM so that it will never be paged out. This should result in reduced |
|
|
|
|
# latency. You don't need it unless you really have a requirement |
|
|
|
|
# for extreme clock stability. Works only on Linux. Note that the "-m" |
|
|
|
|
# command-line switch will also enable this feature. |
|
|
|
|
|
|
|
|
|
! lock_all |
Eamonn Travers
6 years ago