Mirror
/
zulip
mirror of https://github.com/zulip/zulip.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

puppet: Configure chrony to use AWS-local NTP sources. 

This prevents hosts from spewing traffic to random hosts across the
Internet.
This commit is contained in:
Alex Vandiver 2022-03-25 12:16:13 -07:00 committed by Tim Abbott
parent 5e128e7cad
commit f6d27562fa
3 changed files with 40 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
puppet/zulip/manifests/profile/base.pp
View File

@ -61,6 +61,7 @@ class zulip::profile::base {
} }
} }
package { 'ntp': ensure => 'purged', before => Package['chrony'] } package { 'ntp': ensure => 'purged', before => Package['chrony'] }
service { 'chrony': ensure => 'running', require => Package['chrony'] }
package { $base_packages: ensure => 'installed' } package { $base_packages: ensure => 'installed' }
group { 'zulip': group { 'zulip':

31
puppet/zulip_ops/files/chrony.conf Normal file
View File

@ -0,0 +1,31 @@
# Welcome to the chrony configuration file. See chrony.conf(5) for more
# information about usable directives.
# This will use the AWS local atomic clocks as a datasource; see
# https://aws.amazon.com/blogs/aws/keeping-time-with-amazon-time-sync-service/
server 169.254.169.123 prefer iburst minpoll 4 maxpoll 4
# This directive specify the location of the file containing ID/key pairs for
# NTP authentication.
keyfile /etc/chrony/chrony.keys
# This directive specify the file into which chronyd will store the rate
# information.
driftfile /var/lib/chrony/chrony.drift
# Uncomment the following line to turn logging on.
#log tracking measurements statistics
# Log files location.
logdir /var/log/chrony
# Stop bad estimates upsetting machine clock.
maxupdateskew 100.0
# This directive enables kernel synchronisation (every 11 minutes) of the
# real-time clock. Note that it cant be used along with the 'rtcfile' directive.
rtcsync
# Step the system clock instead of slewing it if the adjustment is larger than
# one second, but only in the first three clock updates.
makestep 1 3

8
puppet/zulip_ops/manifests/profile/base.pp
View File

@ -154,6 +154,14 @@ class zulip_ops::profile::base {
mode => '0755', mode => '0755',
source => 'puppet:///modules/zulip_ops/zulip-ec2-configure-interfaces_if-up.d.sh', source => 'puppet:///modules/zulip_ops/zulip-ec2-configure-interfaces_if-up.d.sh',
} }
file { '/etc/chrony/chrony.conf':
ensure => file,
mode => '0644',
source => 'puppet:///modules/zulip_ops/chrony.conf',
require => Package['chrony'],
notify => Service['chrony'],
}
} }
group { 'nagios': group { 'nagios':