| Commit message (Collapse) | Author | Age | Files |
|---|
| |
|
|
|
|
|
|
|
| |
(Excluding our NTP master.) It's simpler, arguably more secure, and
provides enough functionality when only simple client use-cases are
desired.
We allow outgoing connections to 123/udp also on NTP slaves so systemd-timesyncd
can connect to the fallbacks NTP servers.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This avoids
[DEPRECATION WARNING]: The TRANSFORM_INVALID_GROUP_CHARS settings is set
to allow bad characters in group names by default, this will change, but
still be user configurable on deprecation. This feature will be removed
in version 2.10. Deprecation warnings can be disabled by setting
deprecation_warnings=False in ansible.cfg.
[WARNING]: Invalid characters were found in group names but not
replaced, use -vvvv to see details
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
More precisely, between our NTP-master (stratum 1) host and the other
machines (all stratum 2). Providing authentification and integrity for
internal NTP traffic ensures a consistent time within our internal
infrastructure.
|
| |
|
|
| |
We've yet to get authenticated time, though.
|
| |
|
|
|
|
| |
E.g., ldap.fripost.org, ntp.fripost.org, etc. (Ideally the DNS zone
would be provisioned by ansible, too.) It's a bit unclear how to index
the subdomains (mx{1,2,3}, etc), though.
|
|
|
We use a "master" NTP server, which synchronizes against stratum 1
servers (hence is a stratum 2 itself); all other clients synchronize to
this master server through IPSec.
|
