[system-administrators-guide] markup improvements
stephenw
stephenw at fedoraproject.org
Thu Jul 31 10:38:34 UTC 2014
commit e624163192a93ef7daa02e690ec1dbe26a07313e
Author: Stephen Wadeley <swadeley at redhat.com>
Date: Wed Jul 30 23:31:05 2014 +0200
markup improvements
en-US/Configuring_NTP_Using_the_chrony_Suite.xml | 47 +++++++++++-----------
1 files changed, 24 insertions(+), 23 deletions(-)
---
diff --git a/en-US/Configuring_NTP_Using_the_chrony_Suite.xml b/en-US/Configuring_NTP_Using_the_chrony_Suite.xml
index 53eaaa6..d4459bc 100644
--- a/en-US/Configuring_NTP_Using_the_chrony_Suite.xml
+++ b/en-US/Configuring_NTP_Using_the_chrony_Suite.xml
@@ -103,7 +103,7 @@ Things <systemitem class="daemon">ntpd</systemitem> can do that <systemitem clas
</listitem>
<listitem>
<para>
- The <systemitem class="protocol">NTP</systemitem> daemon (<systemitem class="daemon">ntpd</systemitem>) should be considered for systems which are normally kept permanently on. Systems which are required to use broadcast or multicast IP, or to perform authentication of packets with the <systemitem class="protocol">Autokey</systemitem> protocol, should consider using <systemitem class="daemon">ntpd</systemitem>. <application>Chrony</application> only supports symmetric key authentication using a message authentication code (MAC) with MD5, SHA1 or stronger hash functions, whereas <systemitem class="daemon">ntpd</systemitem> also supports the <systemitem class="protocol">Autokey</systemitem> authentication protocol which can make use of the PKI system. <systemitem class="protocol">Autokey</systemitem> is described in <citetitle pubwork="webpage">RFC5906</citetitle>.
+ The <systemitem class="protocol">NTP</systemitem> daemon (<systemitem class="daemon">ntpd</systemitem>) should be considered for systems which are normally kept permanently on. Systems which are required to use broadcast or multicast <systemitem class="protocol">IP</systemitem>, or to perform authentication of packets with the <systemitem class="protocol">Autokey</systemitem> protocol, should consider using <systemitem class="daemon">ntpd</systemitem>. <application>Chrony</application> only supports symmetric key authentication using a message authentication code (MAC) with MD5, SHA1 or stronger hash functions, whereas <systemitem class="daemon">ntpd</systemitem> also supports the <systemitem class="protocol">Autokey</systemitem> authentication protocol which can make use of the PKI system. <systemitem class="protocol">Autokey</systemitem> is described in <citetitle pubwork="webpage">RFC 5906</citetitle>.
</para>
</listitem>
</itemizedlist>
@@ -121,13 +121,13 @@ Things <systemitem class="daemon">ntpd</systemitem> can do that <systemitem clas
<section id="sect-Understanding_chronyc">
<title>Understanding chronyc</title>
<para>
- The <application>chrony</application> daemon, <systemitem class="daemon">chronyd</systemitem>, can be controlled by the command line utility <application>chronyc</application>. This utility provides a command prompt which allows entering of a number of commands to make changes to <systemitem class="daemon">chronyd</systemitem>. The default configuration is for <systemitem class="daemon">chronyd</systemitem> to only accept commands from a local instance of <application>chronyc</application>, but <application>chronyc</application> can be used to alter the configuration so that <systemitem class="daemon">chronyd</systemitem> will allow external control. That is to say, <application>chronyc</application> can be run remotely after first configuring <systemitem class="daemon">chronyd</systemitem> to accept remote connections. The IP addresses allowed to connect to <systemitem class="daemon">chronyd</systemitem> should be tightly controlled.</para>
+ The <application>chrony</application> daemon, <systemitem class="daemon">chronyd</systemitem>, can be controlled by the command line utility <application>chronyc</application>. This utility provides a command prompt which allows entering of a number of commands to make changes to <systemitem class="daemon">chronyd</systemitem>. The default configuration is for <systemitem class="daemon">chronyd</systemitem> to only accept commands from a local instance of <application>chronyc</application>, but <application>chronyc</application> can be used to alter the configuration so that <systemitem class="daemon">chronyd</systemitem> will allow external control. That is to say, <application>chronyc</application> can be run remotely after first configuring <systemitem class="daemon">chronyd</systemitem> to accept remote connections. The <systemitem class="protocol">IP</systemitem> addresses allowed to connect to <systemitem class="daemon">chronyd</systemitem> should be tightly control
led.</para>
</section>
<section id="sect-Understanding_the_chrony_configuration_commands">
<title>Understanding the chrony Configuration Commands</title>
<para>
- The default configuration file for <systemitem class="daemon">chronyd</systemitem> is <filename>/etc/chrony.conf</filename>. The <option>-f</option> option can be used to specify an alternate configuration file path. Refer to the <systemitem class="daemon">chronyd</systemitem> man page for further options. For a complete list of the directives that can be used see <ulink url="http://chrony.tuxfamily.org/manual.html#Configuration-file"><citetitle pubwork="webpage">http://chrony.tuxfamily.org/manual.html#Configuration-file</citetitle></ulink>. We present here a selection of configuration options:
+ The default configuration file for <systemitem class="daemon">chronyd</systemitem> is <filename>/etc/chrony.conf</filename>. The <option>-f</option> option can be used to specify an alternate configuration file path. See the <systemitem class="daemon">chronyd</systemitem> man page for further options. For a complete list of the directives that can be used see <ulink url="http://chrony.tuxfamily.org/manual.html#Configuration-file"><citetitle pubwork="webpage">http://chrony.tuxfamily.org/manual.html#Configuration-file</citetitle></ulink>. We present here a selection of configuration options:
<variablelist>
<varlistentry>
<term>Comments</term>
@@ -420,7 +420,7 @@ peer w.x.y.z key 10
Were <literal>20</literal> is the key ID and <literal>foobar</literal> is the secret authentication key. The default hash is MD5, and ASCII is the default format for the key.
</para>
<para>
- By default, <systemitem class="daemon">chronyd</systemitem> is configured to listen for commands only from <systemitem class="systemname">localhost</systemitem> (<systemitem class="ipaddress">127.0.0.1</systemitem> and <systemitem class="ipaddress">::1</systemitem>) on port <literal>323</literal>. To access <systemitem class="daemon">chronyd</systemitem> remotely with <application>chronyc</application>, any <command>bindcmdaddress</command> directives in the <filename>/etc/chrony.conf</filename> file should be removed to enable listening on all interfaces and the <command>cmdallow</command> directive should be used to allow commands from the remote IP address, network, or subnet. In addition, port <literal>323</literal> has to be opened in the firewall in order to connect from a remote system. Note that the <command>allow</command> directive is for <systemitem class="protocol">NTP</systemitem> access whereas the <command>cmdallow</command> directive is to enable the
receiving of remote commands. It is possible to make these changes temporarily using <application>chronyc</application> running locally. Edit the configuration file to make persistent changes.
+ By default, <systemitem class="daemon">chronyd</systemitem> is configured to listen for commands only from <systemitem class="systemname">localhost</systemitem> (<systemitem class="ipaddress">127.0.0.1</systemitem> and <systemitem class="ipaddress">::1</systemitem>) on port <literal>323</literal>. To access <systemitem class="daemon">chronyd</systemitem> remotely with <application>chronyc</application>, any <command>bindcmdaddress</command> directives in the <filename>/etc/chrony.conf</filename> file should be removed to enable listening on all interfaces and the <command>cmdallow</command> directive should be used to allow commands from the remote <systemitem class="protocol">IP</systemitem> address, network, or subnet. In addition, port <literal>323</literal> has to be opened in the firewall in order to connect from a remote system. Note that the <command>allow</command> directive is for <systemitem class="protocol">NTP</systemitem> access whereas the <command>cmda
llow</command> directive is to enable the receiving of remote commands. It is possible to make these changes temporarily using <application>chronyc</application> running locally. Edit the configuration file to make persistent changes.
</para>
<para>
The communication between <application>chronyc</application> and <application>chronyd</application> is done over <systemitem class="protocol">UDP</systemitem>, so it needs to be authorized before issuing operational commands. To authorize, use the <command>authhash</command> and <command>password</command> commands as follows:
@@ -485,7 +485,7 @@ chronyc> <command>password HEX:A6CFC50C9C93AB6E5A19754C246242FC5471BCDF</command
<section id="sect-Checking_if_chrony_is_installed">
<title>Checking if chrony is Installed</title>
<para>
- To check if <application>chrony</application> is installed, run the following command as root:
+ To check if <application>chrony</application> is installed, run the following command as <systemitem class="username">root</systemitem>:
<screen>~]# <command>yum install chrony</command></screen>
The default location for the <application>chrony</application> daemon is <filename>/usr/sbin/chronyd</filename>. The command line utility will be installed to <filename>/usr/bin/chronyc</filename>.
</para>
@@ -494,7 +494,7 @@ chronyc> <command>password HEX:A6CFC50C9C93AB6E5A19754C246242FC5471BCDF</command
<section id="sect-Installing_chrony">
<title>Installing chrony</title>
<para>
-To install <application>chrony</application>, run the following command as root:
+To install <application>chrony</application>, run the following command as <systemitem class="username">root</systemitem>:
<screen>~]# <command>yum install chrony -y</command></screen>
The default location for the <application>chrony</application> daemon is <filename>/usr/sbin/chronyd</filename>. The command line utility will be installed to <filename>/usr/bin/chronyc</filename>.
</para>
@@ -514,22 +514,22 @@ chronyd.service - NTP client/server
<section id="sect-Starting_chronyd">
<title>Starting chronyd</title>
<para>
- To start <systemitem class="daemon">chronyd</systemitem>, issue the following command as root:
+ To start <systemitem class="daemon">chronyd</systemitem>, issue the following command as <systemitem class="username">root</systemitem>:
<screen>~]# <command>systemctl start chronyd</command></screen>
</para>
<para>
- To ensure <systemitem class="daemon">chronyd</systemitem> starts automatically at system start, issue the following command as root:
+ To ensure <systemitem class="daemon">chronyd</systemitem> starts automatically at system start, issue the following command as <systemitem class="username">root</systemitem>:
<screen>~]# <command>systemctl enable chronyd</command></screen>
</para>
</section>
<section id="sect-Stopping_chronyd">
<title>Stopping chronyd</title>
<para>
- To stop <systemitem class="daemon">chronyd</systemitem>, issue the following command as root:
+ To stop <systemitem class="daemon">chronyd</systemitem>, issue the following command as <systemitem class="username">root</systemitem>:
<screen>~]# <command>systemctl stop chronyd</command></screen>
</para>
<para>
- To prevent <systemitem class="daemon">chronyd</systemitem> from starting automatically at system start, issue the following command as root:
+ To prevent <systemitem class="daemon">chronyd</systemitem> from starting automatically at system start, issue the following command as <systemitem class="username">root</systemitem>:
<screen>~]# <command>systemctl disable chronyd</command></screen>
</para>
</section>
@@ -568,7 +568,8 @@ Leap status : Normal
<term>Reference ID</term>
<listitem>
<para>
- This is the reference ID and name (or IP address) if available, of the server to which the computer is currently synchronized. If this is <systemitem class="ipaddress">127.127.1.1</systemitem> it means the computer is not synchronized to any external source and that you have the <quote>local</quote> mode operating (via the local command in <application>chronyc</application>, or the <command>local</command> directive in the <filename>/etc/chrony.conf</filename> file (see section <command>local</command>)).</para>
+ This is the reference ID and name (or <systemitem class="protocol">IP</systemitem> address) if available, of the server to which the computer is currently synchronized. If this is <systemitem class="ipaddress">127.127.1.1</systemitem> it means the computer is not synchronized to any external source and that you have the <quote>local</quote> mode operating (via the local command in <application>chronyc</application>, or the <command>local</command> directive in the <filename>/etc/chrony.conf</filename> file (see section <command>local</command>)).
+ </para>
</listitem>
</varlistentry>
@@ -696,7 +697,7 @@ This column indicates the state of the sources. <quote>*</quote> indicates the s
<term>Name/IP address</term>
<listitem>
<para>
-This shows the name or the IP address of the source, or reference ID for reference clocks.
+This shows the name or the <systemitem class="protocol">IP</systemitem> address of the source, or reference ID for reference clocks.
</para>
</listitem>
</varlistentry>
@@ -769,7 +770,7 @@ The columns are as follows:
<term>Name/IP address</term>
<listitem>
<para>
-This is the name or IP address of the <systemitem class="protocol">NTP</systemitem> server (or peer) or reference ID of the reference clock to which the rest of the line relates.
+This is the name or <systemitem class="protocol">IP</systemitem> address of the <systemitem class="protocol">NTP</systemitem> server (or peer) or reference ID of the reference clock to which the rest of the line relates.
</para>
</listitem>
</varlistentry>
@@ -837,7 +838,7 @@ This is the estimated error bounds on Freq (again in parts per million).
<section id="sect-Manually_Adjusting-the-System_Clock">
<title>Manually Adjusting the System Clock</title>
<para>
- To update, or step, the system clock immediately, bypassing any adjustments in progress by slewing the clock, issue the following commands as root:
+ To update, or step, the system clock immediately, bypassing any adjustments in progress by slewing the clock, issue the following commands as <systemitem class="username">root</systemitem>:
<screen>~]# <command>chronyc</command>
chrony> <command>password</command> <replaceable>commandkey-password</replaceable>
200 OK
@@ -874,8 +875,8 @@ The command key ID is generated at install time and should correspond with the <
<orderedlist>
<listitem>
<para>
- Using your editor running as root, add the addresses of four <systemitem class="protocol">NTP</systemitem> servers as follows:
- <screen>
+ Using your editor running as <systemitem class="username">root</systemitem>, add the addresses of four <systemitem class="protocol">NTP</systemitem> servers as follows:
+ <screen>
server 0.pool.ntp.org offline
server 1.pool.ntp.org offline
server 2.pool.ntp.org offline
@@ -894,7 +895,7 @@ The <option>offline</option> option can be useful in preventing systems from try
For a network that is never connected to the Internet, one computer is selected to be the master timeserver. The other computers are either direct clients of the master, or clients of clients. On the master, the drift file must be manually set with the average rate of drift of the system clock. If the master is rebooted it will obtain the time from surrounding systems and take an average to set its system clock. Thereafter it resumes applying adjustments based on the drift file. The drift file will be updated automatically when the <command>settime</command> command is used.
</para>
<para>
- On the system selected to be the master, using a text editor running as root, edit the <filename>/etc/chrony.conf</filename> as follows:
+ On the system selected to be the master, using a text editor running as <systemitem class="username">root</systemitem>, edit the <filename>/etc/chrony.conf</filename> as follows:
<screen>
driftfile /var/lib/chrony/drift
commandkey 1
@@ -906,7 +907,7 @@ allow 192.0.2.0
</screen>
Where <systemitem class="ipaddress">192.0.2.0</systemitem> is the network or subnet address from which the clients are allowed to connect.</para>
<para>
- On the systems selected to be direct clients of the master, using a text editor running as root, edit the <filename>/etc/chrony.conf</filename> as follows:
+ On the systems selected to be direct clients of the master, using a text editor running as <systemitem class="username">root</systemitem>, edit the <filename>/etc/chrony.conf</filename> as follows:
<screen>server master
driftfile /var/lib/chrony/drift
logdir /var/log/chrony
@@ -916,7 +917,7 @@ commandkey 24
local stratum 10
initstepslew 20 master
allow 192.0.2.123</screen>
-Where <systemitem class="ipaddress">192.0.2.123</systemitem> is the address of the master, and <systemitem class="systemname">master</systemitem> is the host name of the master. These client will resynchronize the master if it restarts.
+Where <systemitem class="ipaddress">192.0.2.123</systemitem> is the address of the master, and <systemitem class="systemname">master</systemitem> is the host name of the master. Clients with this configuration will resynchronize the master if it restarts.
</para>
<para>
@@ -933,9 +934,9 @@ Where <systemitem class="ipaddress">192.0.2.123</systemitem> is the address of t
<section id="sect-Using_chronyc_chronyc_to_control_chronyd">
<title>Using chronyc to Control chronyd</title>
<para>
- To make changes using the command line utility <application>chronyc</application> in interactive mode, enter the following command as root:
+ To make changes using the command line utility <application>chronyc</application> in interactive mode, enter the following command as <systemitem class="username">root</systemitem>:
<screen>~]# <command>chronyc</command></screen>
- <application>chronyc</application> must run as root if some of the restricted commands are to be used.
+ <application>chronyc</application> must run as <systemitem class="username">root</systemitem> if some of the restricted commands are to be used.
</para>
<para>
The <application>chronyc</application> command prompt will be displayed as follows:</para>
@@ -953,12 +954,12 @@ Where <systemitem class="ipaddress">192.0.2.123</systemitem> is the address of t
<section id="sect-Using_chronyc_for_remote_administration">
<title>Using chronyc for Remote Administration</title>
<para>
-To configure <application>chrony</application> to connect to a remote instance of <systemitem class="daemon">chronyd</systemitem>, issue a command as root in the following format:
+To configure <application>chrony</application> to connect to a remote instance of <systemitem class="daemon">chronyd</systemitem>, issue a command as <systemitem class="username">root</systemitem> in the following format:
<screen>~]# <command>chronyc <option>-h</option> <replaceable>hostname</replaceable></command></screen>
Where <replaceable>hostname</replaceable> is the <systemitem class="systemname">hostname</systemitem> of a system running <systemitem class="daemon">chronyd</systemitem> to connect to in order to allow remote administration from that host. The default is to connect to the daemon on the localhost.
</para>
<para>
-To configure <application>chrony</application> to connect to a remote instance of <systemitem class="daemon">chronyd</systemitem> on a non-default port, issue a command as root in the following format:
+To configure <application>chrony</application> to connect to a remote instance of <systemitem class="daemon">chronyd</systemitem> on a non-default port, issue a command as <systemitem class="username">root</systemitem> in the following format:
<screen>~]# <command>chronyc <option>-h</option> <replaceable>hostname</replaceable> <option>-p</option> <replaceable>port</replaceable></command></screen>
Where <replaceable>port</replaceable> is the port in use for controlling and monitoring by the instance of <systemitem class="daemon">chronyd</systemitem> to be connected to.
</para>
More information about the docs-commits
mailing list