kubeasz/roles/chrony/templates/chronyd.service.j2

[Unit]
Description=chrony, an NTP client/server
Documentation=https://chrony.tuxfamily.org/documentation.html
Conflicts=systemd-timesyncd.service openntpd.service ntpd.service ntp.service ntpsec.service
After=network.target
ConditionCapability=CAP_SYS_TIME

[Service]
# sysctl net.netfilter.nf_conntrack_count
Type=forking
PIDFile=/var/run/chrony/chronyd.pid
ExecStart=/usr/sbin/chronyd -f /etc/chrony/chrony.conf
ExecStartPost=/sbin/iptables -t raw -A PREROUTING -p udp -m udp --dport 123 -j NOTRACK
ExecStartPost=/sbin/iptables -t raw -A OUTPUT -p udp -m udp --sport 123 -j NOTRACK
PrivateTmp=yes
ProtectHome=yes
ProtectSystem=full

[Install]
WantedBy=multi-user.target
rewrite chrony installation 2021-04-06 20:03:42 +08:00			`[Unit]`
			`Description=chrony, an NTP client/server`
			`Documentation=https://chrony.tuxfamily.org/documentation.html`
			`Conflicts=systemd-timesyncd.service openntpd.service ntpd.service ntp.service ntpsec.service`
			`After=network.target`
			`ConditionCapability=CAP_SYS_TIME`

			`[Service]`
			`# sysctl net.netfilter.nf_conntrack_count`
			`Type=forking`
			`PIDFile=/var/run/chrony/chronyd.pid`
			`ExecStart=/usr/sbin/chronyd -f /etc/chrony/chrony.conf`
			`ExecStartPost=/sbin/iptables -t raw -A PREROUTING -p udp -m udp --dport 123 -j NOTRACK`
			`ExecStartPost=/sbin/iptables -t raw -A OUTPUT -p udp -m udp --sport 123 -j NOTRACK`
			`PrivateTmp=yes`
			`ProtectHome=yes`
			`ProtectSystem=full`

			`[Install]`
			`WantedBy=multi-user.target`