Major Hayden bfcf6c7423 Initial import of openstack-ansible-security role
This role contains around 150 controls from the 270+ controls that exist
in the RHEL 6 STIG. New controls are still being added.

Implements: blueprint security-hardening

Change-Id: I0578f86bf42d55242bc72b97b40a5935a3cb18d6
2015-10-07 07:27:39 -05:00

925 B

The chrony service is installed to manage clock synchronization for hosts and to serve as an NTP server for NTP clients. Chrony was chosen over ntpd because it's actively maintained and has some enhancements for virtualized environments.

There are two configurations available for users to adjust chrony's default configuration:

The ntp_servers variable is a list of NTP servers that chrony should use to synchronize time. They are set to North American NTP servers by default.

The allowed_ntp_subnets variable is a list of subnets (in CIDR notation) that are allowed to reach your servers running chrony. A sane default is chosen (all RFC1918 networks are allowed), but this can be easily adjusted.

For more information on chrony, review the chrony documentation at the upstream site, or run man chrony on a host with chrony installed.