ntpd durch chrony ersetzen

Wenn man bei NTPd die Zugriffe auf Subnetze beschränkt, dann schließt man damit auch die pool-NTP-Server aus. Man kann zwar einzelne Server erlauben, aber nur mit IP-Adresse - was bei einem Serverpool nichts hilft.

Lösung: NTPd durch Chrony ersetzen, Konfig wie unten:

# Managed by Ansible

# Welcome to the chrony configuration file. See chrony.conf(5) for more
# information about usuable directives.
server 0.debian.pool.ntp.org minpoll 8
server 1.debian.pool.ntp.org minpoll 8
server 2.debian.pool.ntp.org minpoll 8
server 3.debian.pool.ntp.org minpoll 8

# This directive specify the location of the file containing ID/key pairs for
# NTP authentication.
keyfile /etc/chrony/chrony.keys

# This directive specify the file into which chronyd will store the rate
# information.
driftfile /var/lib/chrony/chrony.drift

# Uncomment the following line to turn logging on.
#log tracking measurements statistics

# Log files location.
logdir /var/log/chrony

# Stop bad estimates upsetting machine clock.
maxupdateskew 100.0

# This directive enables kernel synchronisation (every 11 minutes) of the
# real-time clock. Note that it can’t be used along with the 'rtcfile' directive.
rtcsync

# Step the system clock instead of slewing it if the adjustment is larger than
# one second, but only in the first three clock updates.
makestep 1 3

### NTP SERVER
# by default no client has access to anything

# Allow access from Freifunk networks
allow 10.10.0.0/16
allow 2a03:2260:116::/64