318 lines
13 KiB
Plaintext
318 lines
13 KiB
Plaintext
#######################################################################
|
|
#
|
|
# This is an example chrony configuration file. You should copy it to
|
|
# /etc/chrony.conf after uncommenting and editing the options that you
|
|
# want to enable. The more obscure options are not included. Refer
|
|
# to the documentation for these.
|
|
#
|
|
# Copyright 2002 Richard P. Curnow
|
|
#
|
|
# This program is free software; you can redistribute it and/or modify
|
|
# it under the terms of version 2 of the GNU General Public License as
|
|
# published by the Free Software Foundation.
|
|
#
|
|
# This program is distributed in the hope that it will be useful, but
|
|
# WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
# General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License along
|
|
# with this program; if not, write to the Free Software Foundation, Inc.,
|
|
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
|
#
|
|
#
|
|
#######################################################################
|
|
### COMMENTS
|
|
# Any of the following lines are comments (you have a choice of
|
|
# comment start character):
|
|
# a comment
|
|
% a comment
|
|
! a comment
|
|
; a comment
|
|
#
|
|
# Below, the '!' form is used for lines that you might want to
|
|
# uncomment and edit to make your own chrony.conf file.
|
|
#
|
|
#######################################################################
|
|
#######################################################################
|
|
### SPECIFY YOUR NTP SERVERS
|
|
# Most computers using chrony will send measurement requests to one or
|
|
# more 'NTP servers'. You will probably find that your Internet Service
|
|
# Provider or company have one or more NTP servers that you can specify.
|
|
# Failing that, there are a lot of public NTP servers. There is a list
|
|
# you can access at http://support.ntp.org/bin/view/Servers/WebHome or
|
|
# you can use servers from the pool.ntp.org project.
|
|
|
|
! server foo.example.net iburst
|
|
! server bar.example.net iburst
|
|
! server baz.example.net iburst
|
|
|
|
pool pool.ntp.org iburst
|
|
|
|
# However, for dial-up use you probably want these instead. The word
|
|
# 'offline' means that the server is not visible at boot time. Use
|
|
# chronyc's 'online' command to tell chronyd that these servers have
|
|
# become visible after you go on-line.
|
|
|
|
! server foo.example.net offline
|
|
! server bar.example.net offline
|
|
! server baz.example.net offline
|
|
|
|
! pool pool.ntp.org offline
|
|
|
|
# You may want to specify NTP 'peers' instead. If you run a network
|
|
# with a lot of computers and want several computers running chrony to
|
|
# have the 'front-line' interface to the public NTP servers, you can
|
|
# 'peer' these machines together to increase robustness.
|
|
|
|
! peer foo.example.net
|
|
|
|
# There are other options to the 'server' and 'peer' directives that you
|
|
# might want to use. For example, you can ignore measurements whose
|
|
# round-trip-time is too large (indicating that the measurement is
|
|
# probably useless, because you don't know which way the measurement
|
|
# message got held up.) Consult the full documentation for details.
|
|
|
|
#######################################################################
|
|
### AVOIDING POTENTIALLY BOGUS CHANGES TO YOUR CLOCK
|
|
#
|
|
# To avoid changes being made to your computer's gain/loss compensation
|
|
# when the measurement history is too erratic, you might want to enable
|
|
# one of the following lines. The first seems good for dial-up (or
|
|
# other high-latency connections like slow leased lines), the second
|
|
# seems OK for a LAN environment.
|
|
|
|
! maxupdateskew 100
|
|
! maxupdateskew 5
|
|
|
|
#######################################################################
|
|
### FILENAMES ETC
|
|
# Chrony likes to keep information about your computer's clock in files.
|
|
# The 'driftfile' stores the computer's clock gain/loss rate in parts
|
|
# per million. When chronyd starts, the system clock can be tuned
|
|
# immediately so that it doesn't gain or lose any more time. You
|
|
# generally want this, so it is uncommented.
|
|
|
|
driftfile /var/db/chrony/drift
|
|
|
|
# If you want to use the program called chronyc to configure aspects of
|
|
# chronyd's operation once it is running (e.g. tell it the Internet link
|
|
# has gone up or down), you need a password. This is stored in the
|
|
# following keys file. (You also need keys to support authenticated NTP
|
|
# exchanges between cooperating machines.) Again, this option is
|
|
# assumed by default.
|
|
|
|
keyfile /var/db/chrony/keys
|
|
|
|
# Tell chronyd which numbered key in the file is used as the password
|
|
# for chronyc. (You can pick any integer up to 2**32-1. '1' is just a
|
|
# default. Using another value will _NOT_ increase security.)
|
|
|
|
commandkey 1
|
|
|
|
# With this directive a random password will be generated automatically.
|
|
|
|
generatecommandkey
|
|
|
|
# chronyd can save the measurement history for the servers to files when
|
|
# it it exits. This is useful in 2 situations:
|
|
#
|
|
# 1. On Linux, if you stop chronyd and restart it with '-r' (e.g. after
|
|
# an upgrade), the old measurements will still be relevant when chronyd
|
|
# is restarted. This will reduce the time needed to get accurate
|
|
# gain/loss measurements, especially with a dial-up link.
|
|
#
|
|
# 2. Again on Linux, if you use the RTC support and start chronyd with
|
|
# '-r -s' on bootup, measurements from the last boot will still be
|
|
# useful (the real time clock is used to 'flywheel' chronyd between
|
|
# boots).
|
|
#
|
|
# Enable these two options to use this.
|
|
|
|
dumponexit
|
|
dumpdir /var/db/chrony
|
|
|
|
# chronyd writes its process ID to a file. If you try to start a second
|
|
# copy of chronyd, it will detect that the process named in the file is
|
|
# still running and bail out. If you want to change the path to the PID
|
|
# file, uncomment this line and edit it. The default path is shown.
|
|
|
|
! pidfile /var/run/chronyd.pid
|
|
|
|
#######################################################################
|
|
### INITIAL CLOCK CORRECTION
|
|
# This option is useful to quickly correct the clock on start if it's
|
|
# off by a large amount. The value '10' means that if the error is less
|
|
# than 10 seconds, it will be gradually removed by speeding up or
|
|
# slowing down your computer's clock until it is correct. If the error
|
|
# is above 10 seconds, an immediate time jump will be applied to correct
|
|
# it. The value '1' means the step is allowed only on the first update
|
|
# of the clock. Some software can get upset if the system clock jumps
|
|
# (especially backwards), so be careful!
|
|
|
|
makestep 10 1
|
|
|
|
#######################################################################
|
|
### LOGGING
|
|
# If you want to log information about the time measurements chronyd has
|
|
# gathered, you might want to enable the following lines. You probably
|
|
# only need this if you really enjoy looking at the logs, you want to
|
|
# produce some graphs of your system's timekeeping performance, or you
|
|
# need help in debugging a problem.
|
|
|
|
! logdir /var/log/chrony
|
|
! log measurements statistics tracking
|
|
|
|
# If you have real time clock support enabled (see below), you might want
|
|
# this line instead:
|
|
|
|
! log measurements statistics tracking rtc
|
|
|
|
#######################################################################
|
|
### ACTING AS AN NTP SERVER
|
|
# You might want the computer to be an NTP server for other computers.
|
|
# e.g. you might be running chronyd on a dial-up machine that has a LAN
|
|
# sitting behind it with several 'satellite' computers on it.
|
|
#
|
|
# By default, chronyd does not allow any clients to access it. You need
|
|
# to explicitly enable access using 'allow' and 'deny' directives.
|
|
#
|
|
# e.g. to enable client access from the 192.168.*.* class B subnet,
|
|
|
|
! allow 192.168/16
|
|
|
|
# .. but disallow the 192.168.100.* subnet of that,
|
|
|
|
! deny 192.168.100/24
|
|
|
|
# You can have as many allow and deny directives as you need. The order
|
|
# is unimportant.
|
|
|
|
# If you want chronyd to act as an NTP broadcast server, enable and edit
|
|
# (and maybe copy) the following line. This means that a broadcast
|
|
# packet is sent to the address 192.168.1.255 every 60 seconds. The
|
|
# address MUST correspond to the broadcast address of one of the network
|
|
# interfaces on your machine. If you have multiple network interfaces,
|
|
# add a broadcast line for each.
|
|
|
|
! broadcast 60 192.168.1.255
|
|
|
|
# If you want to present your computer's time for others to synchronise
|
|
# with, even if you don't seem to be synchronised to any NTP servers
|
|
# yourself, enable the following line. The value 10 may be varied
|
|
# between 1 and 15. You should avoid small values because you will look
|
|
# like a real NTP server. The value 10 means that you appear to be 10
|
|
# NTP 'hops' away from an authoritative source (atomic clock, GPS
|
|
# receiver, radio clock etc).
|
|
|
|
! local stratum 10
|
|
|
|
# Normally, chronyd will keep track of how many times each client
|
|
# machine accesses it. The information can be accessed by the 'clients'
|
|
# command of chronyc. You can disable this facility by uncommenting the
|
|
# following line. This will save a bit of memory if you have many
|
|
# clients.
|
|
|
|
! noclientlog
|
|
|
|
# The clientlog size is limited to 512KB by default. If you have many
|
|
# clients, especially in many different subnets, you might want to
|
|
# increase the limit.
|
|
|
|
! clientloglimit 4194304
|
|
|
|
#######################################################################
|
|
### REPORTING BIG CLOCK CHANGES
|
|
# Perhaps you want to know if chronyd suddenly detects any large error
|
|
# in your computer's clock. This might indicate a fault or a problem
|
|
# with the server(s) you are using, for example.
|
|
#
|
|
# The next option causes a message to be written to syslog when chronyd
|
|
# has to correct an error above 0.5 seconds (you can use any amount you
|
|
# like).
|
|
|
|
! logchange 0.5
|
|
|
|
# The next option will send email to the named person when chronyd has
|
|
# to correct an error above 0.5 seconds. (If you need to send mail to
|
|
# several people, you need to set up a mailing list or sendmail alias
|
|
# for them and use the address of that.)
|
|
|
|
! mailonchange wibble@foo.example.net 0.5
|
|
|
|
#######################################################################
|
|
### COMMAND ACCESS
|
|
# The program chronyc is used to show the current operation of chronyd
|
|
# and to change parts of its configuration whilst it is running.
|
|
|
|
# By default chronyd binds to the loopback interface. Uncomment the
|
|
# following lines to allow receiving command packets from remote hosts.
|
|
! bindcmdaddress 0.0.0.0
|
|
! bindcmdaddress ::
|
|
|
|
# Normally, chronyd will only allow connections from chronyc on the same
|
|
# machine as itself. This is for security. If you have a subnet
|
|
# 192.168.*.* and you want to be able to use chronyc from any machine on
|
|
# it, you could uncomment the following line. (Edit this to your own
|
|
# situation.)
|
|
|
|
! cmdallow 192.168/16
|
|
|
|
# You can add as many 'cmdallow' and 'cmddeny' lines as you like. The
|
|
# syntax and meaning is the same as for 'allow' and 'deny', except that
|
|
# 'cmdallow' and 'cmddeny' control access to the chronyd's command port.
|
|
|
|
# NOTE, even if the host where you run chronyc is granted access, you
|
|
# still need a command key set up and you have to know the password to
|
|
# put into chronyc to allow you to modify chronyd's parameters. By
|
|
# default all you can do is view information about chronyd's operation.
|
|
|
|
#######################################################################
|
|
### REAL TIME CLOCK
|
|
# chronyd can characterise the system's real-time clock. This is the
|
|
# clock that keeps running when the power is turned off, so that the
|
|
# machine knows the approximate time when it boots again. The error at
|
|
# a particular epoch and gain/loss rate can be written to a file and
|
|
# used later by chronyd when it is started with the '-s' option.
|
|
#
|
|
# You need to have 'enhanced RTC support' compiled into your Linux
|
|
# kernel. (Note, these options apply only to Linux.)
|
|
|
|
rtcfile /var/db/chrony/rtc
|
|
|
|
# Your RTC can be set to keep Universal Coordinated Time (UTC) or local
|
|
# time. (Local time means UTC +/- the effect of your timezone.) If you
|
|
# use UTC, chronyd will function correctly even if the computer is off
|
|
# at the epoch when you enter or leave summer time (aka daylight saving
|
|
# time). However, if you dual boot your system with Microsoft Windows,
|
|
# that will work better if your RTC maintains local time. You take your
|
|
# pick!
|
|
|
|
! rtconutc
|
|
|
|
# By default chronyd assumes that the enhanced RTC device is accessed as
|
|
# /dev/rtc. If it's accessed somewhere else on your system (e.g. you're
|
|
# using devfs), uncomment and edit the following line.
|
|
|
|
! rtcdevice /dev/misc/rtc
|
|
|
|
#######################################################################
|
|
### REAL TIME SCHEDULER
|
|
# This directive tells chronyd to use the real-time FIFO scheduler with the
|
|
# specified priority (which must be between 0 and 100). This should result
|
|
# in reduced latency. You don't need it unless you really have a requirement
|
|
# for extreme clock stability. Works only on Linux. Note that the "-P"
|
|
# command-line switch will override this.
|
|
|
|
! sched_priority 1
|
|
|
|
#######################################################################
|
|
### LOCKING CHRONYD INTO RAM
|
|
# This directive tells chronyd to use the mlockall() syscall to lock itself
|
|
# into RAM so that it will never be paged out. This should result in reduced
|
|
# latency. You don't need it unless you really have a requirement
|
|
# for extreme clock stability. Works only on Linux. Note that the "-m"
|
|
# command-line switch will also enable this feature.
|
|
|
|
! lock_all
|