Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-145208

Feature Request: Support for `key` directive in chrony.conf

Linking RHIVOS CVEs to...Migration: Automation ...Sync from "Extern...XMLWordPrintable

    • Low
    • rhel-system-roles
    • None
    • False
    • False
    • Hide

      None

      Show
      None
    • Yes
    • Red Hat Enterprise Linux
    • None
    • None
    • None
    • Enhancement
    • Hide
      Renoa first draft:
       Initially, servers were unable to natively configure chrony service keys within Ansible roles, potentially exposing time synchronization data to unauthorized access due to the need for custom settings and manual key file handling (Cause & Consequence). To remedy this, a fix was implemented that allows native configuration of servers using the `key` field within role configurations, eliminating the need for additional setup and manual management (Fix). As a result, users can now securely configure their servers using standardized and automated methods, improving overall system security and efficiency. (Result)
      Show
      Renoa first draft:  Initially, servers were unable to natively configure chrony service keys within Ansible roles, potentially exposing time synchronization data to unauthorized access due to the need for custom settings and manual key file handling (Cause & Consequence). To remedy this, a fix was implemented that allows native configuration of servers using the `key` field within role configurations, eliminating the need for additional setup and manual management (Fix). As a result, users can now securely configure their servers using standardized and automated methods, improving overall system security and efficiency. (Result)
    • Proposed
    • Unspecified
    • Unspecified
    • Unspecified
    • None

      I need to be able to configure servers with the `key` field

      ```

      1. /etc/chrony.conf
        server <hostname> key <keyid> maxpoll 10
        ````

      In order to do this currently I need to pass the server configure via custom settings:

      ```yaml
      timesync_chrony_custom_settings:

      • "server <hostname> key <keyid> maxpoll 10"
        ```

      And I also need to push the key files to `keyfile /etc/chrony.keys` via a custom task.

      ```

      1. /etc/chrony.keys
        <keyid> <hashing algorithm> <password hash>
        25 SHA1 HEX:1dc764e0791b11fa67efc7ecbc4b0d73f68a070c
        ```

      I would like to be able to handle this scenario natively with the role configuration

              rmeggins@redhat.com Richard Megginson
              rmeggins@redhat.com Richard Megginson
              Richard Megginson Richard Megginson
              David Jez David Jez
              Lucie Varakova Lucie Varakova
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated: