search

ansible-lockdown / RHEL7-CIS

Ansible role for Red Hat 7 CIS Baseline
https://ansible-lockdown.readthedocs.io/en/latest/
MIT License
472 stars 303 forks source link

Add makestep in chrony.conf.j2 #309

Closed Tuxem closed 1 year ago

Tuxem commented 1 year ago

Feature Request or Enhancement

Summary of Request In certain situations, the system clock might be so far adrift that this slewing process would take a very long time to correct the system clock.

Normally chronyd will cause the system to gradually correct any time offset, by slowing down or speeding up the clock as required. In certain situations, the system clock might be so far adrift that this slewing process would take a very long time to correct the system clock.

This directive forces chronyd to step the system clock if the adjustment is larger than a threshold value, but only if there were no more clock updates since chronyd was started than a specified limit (a negative value can be used to disable the limit).

This is particularly useful when using reference clocks, because the initstepslew directive works only with NTP sources.

An example of the use of this directive is:

makestep 0.1 3

This would step the system clock if the adjustment is larger than 0.1 seconds, but only in the first three clock updates.

Describe alternatives you've considered To use a dedicated role for chrony and disable the part on CIS

Suggested Code

templates/chrony.conf

{% if rhel7cis_chrony_makestep is defined %}
makestep {{ rhel7cis_chrony_makestep }}
{% endif %}
uk-bolly commented 1 year ago

hi @Tuxem

I have added this option into the latest PR to devel. This is undocumented and would only be called if aware of the option as in the template. Thank you for the suggestion and the time to provide a solution.

regards

uk-bolly