Puppet Class: chrony

Defined in:
manifests/init.pp

Summary

Installs and configures the chrony NTP daemon.

Overview

Installs and configures the chrony NTP daemon.

Examples:

Installs and configures chrony with default settings

class { 'chrony': }

Installs and configures chrony with specified source servers

class { 'chrony':
  servers => [
    { hostname => 'ntp1.mydomain.tld' },
    { hostname => 'ntp2.mydomain.tld' }
  ]
}

Installs and configures chrony to serve time to clients on the 192.168.1.0/24 network.

class { 'chrony':
  access_rules => [
    {
      access => 'allow',
      subnet => '192.168.1'
    }
  ]
}

Using three pool.ntp.org servers as sources, while serving time to the 192.168.0.0/16 network - except for 192.168.2.0/24.


class { 'chrony':
  servers      => [
    {
      hostname => '0.pool.ntp.org',
      iburst   => true,
    },
    {
      hostname => '1.pool.ntp.org',
      iburst   => true,
    },
    {
      hostname => '2.pool.ntp.org',
      iburst   => true,
    },
  ],
  access_rules => [
    {
      access => 'deny',
      subnet => '192.168.2.',
    },
    {
      access => 'allow',
      subnet => '192.168.',
    }
  ],
}

Previous example repeated, but with data provided through hiera.


chrony::servers:
  - hostname: '0.pool.ntp.org'
    iburst:   true
  - hostname: '1.pool.ntp.org'
    iburst:   true
  - hostname: '2.pool.ntp.org'
    iburst:   true
chrony::access_rules:
  - access: 'deny'
    subnet: '192.168.2.'
  - access: 'allow'
    subnet: '192.168.'

include chrony

Example as a client but using a key for authentication


class { 'chrony':
  servers => [
    {
      hostname => 'ntp1.mydomain.tld',
      key      => 5,
    }
  ],
  keys    => [
    {
      id      => 5,
      hashalg => 'SHA1',
      hash    => 'HEX:EC56E6FC27CD0C9B5E6B867DD53F137985279B48',
    }
  ],
}

Parameters:

  • package_ensure (Enum['absent', 'present'])

    What state to ensure the chrony package is in. Default value: ‘present’.

  • service_ensure (Stdlib::Ensure::Service)

    What state to ensure the chrony service is in. Default value: ‘running’.

  • service_enable (Boolean)

    Whether or not the chrony service should be automatically started on system boot. Default value: true.

  • config (Stdlib::Absolutepath)

    The complete path to the chrony configuration file.

  • package (String)

    Name of the chrony package to install.

  • service (String)

    Name of the chrony service on the system.

  • group (String)

    Name of chrony group on the system, used for setting ownership on keyfile.

  • servers (Optional[Array[Struct[{ hostname => String, iburst => Optional[Boolean], offline => Optional[Boolean], auto_offline => Optional[Boolean], prefer => Optional[Boolean], noselect => Optional[Boolean], trust => Optional[Boolean], require => Optional[Boolean], xleave => Optional[Boolean], minpoll => Optional[Integer[-6, 24]], maxpoll => Optional[Integer[-6, 24]], key => Optional[Integer], maxdelay => Optional[Variant[Float[0.0, 1000],Integer[0, 1000]]], maxdelayratio => Optional[Variant[Float,Integer]], maxdelaydevratio => Optional[Variant[Float,Integer]], mindelay => Optional[Variant[Float,Integer]], asymmetry => Optional[Variant[Float,Integer]], offset => Optional[Variant[Float,Integer]], minsamples => Optional[Integer], maxsamples => Optional[Integer], polltarget => Optional[Integer[6, 60]], port => Optional[Stdlib::Port], presend => Optional[Integer], minstratum => Optional[Integer], version => Optional[Integer], burst => Optional[Boolean], }]]])

    Array of NTP servers to configure as sources.

  • peers (Optional[Array[Struct[{ hostname => String, iburst => Optional[Boolean], offline => Optional[Boolean], auto_offline => Optional[Boolean], prefer => Optional[Boolean], noselect => Optional[Boolean], trust => Optional[Boolean], require => Optional[Boolean], xleave => Optional[Boolean], minpoll => Optional[Integer[-6, 24]], maxpoll => Optional[Integer[-6, 24]], key => Optional[Integer], maxdelay => Optional[Variant[Float[0.0, 1000],Integer[0, 1000]]], maxdelayratio => Optional[Variant[Float,Integer]], maxdelaydevratio => Optional[Variant[Float,Integer]], mindelay => Optional[Variant[Float,Integer]], asymmetry => Optional[Variant[Float,Integer]], offset => Optional[Variant[Float,Integer]], minsamples => Optional[Integer], maxsamples => Optional[Integer], polltarget => Optional[Integer[6, 60]], port => Optional[Stdlib::Port], presend => Optional[Integer], minstratum => Optional[Integer], version => Optional[Integer], burst => Optional[Boolean], }]]])

    Array of NTP servers to configure as peers.

  • pools (Optional[Array[Struct[{ hostname => String, iburst => Optional[Boolean], offline => Optional[Boolean], auto_offline => Optional[Boolean], prefer => Optional[Boolean], noselect => Optional[Boolean], trust => Optional[Boolean], require => Optional[Boolean], xleave => Optional[Boolean], minpoll => Optional[Integer[-6, 24]], maxpoll => Optional[Integer[-6, 24]], key => Optional[Integer], maxdelay => Optional[Variant[Float[0.0, 1000],Integer[0, 1000]]], maxdelayratio => Optional[Variant[Float,Integer]], maxdelaydevratio => Optional[Variant[Float,Integer]], mindelay => Optional[Variant[Float,Integer]], asymmetry => Optional[Variant[Float,Integer]], offset => Optional[Variant[Float,Integer]], minsamples => Optional[Integer], maxsamples => Optional[Integer], polltarget => Optional[Integer[6, 60]], port => Optional[Stdlib::Port], presend => Optional[Integer], minstratum => Optional[Integer], version => Optional[Integer], maxsources => Optional[Integer], burst => Optional[Boolean], }]]])

    Array of NTP server pools to configure.

  • initstepslews (Optional[Array[Struct[{ hostnames => Array[String], threshold => Integer, }]]])

    Array of initstepslew threshold configurations. See chrony.conf man-page for details of use.

  • refclocks (Optional[Array[Struct[{ driver => Enum['PPS', 'SHM', 'SOCK', 'PHC'], param => String, driver_options => Optional[Hash], poll => Optional[Integer], dpoll => Optional[Integer], refid => Optional[String], lock => Optional[String], rate => Optional[Integer], maxlockage => Optional[Integer], width => Optional[Integer], pps => Optional[Boolean], offset => Optional[Variant[Float,Integer]], delay => Optional[String], precision => Optional[Integer], maxdispersion => Optional[Integer], filter => Optional[Integer], prefer => Optional[Boolean], noselect => Optional[Boolean], trust => Optional[Boolean], require => Optional[Boolean], minsamples => Optional[Integer], maxsamples => Optional[Integer], stratum => Optional[Integer], tai => Optional[Boolean], }]]])

    Array of reference clock configurations.

  • manual (Optional[Boolean])

    Toggles support for the settime command in chronyc. Default value: false.

  • acquisitionport (Optional[Stdlib::Port])

    Configures the source port number to use in outgoing requests.

  • bindacqaddress (Optional[Stdlib::IP::Address])

    Sets the source network interface which chrony uses for outgoing requests.

  • dumpdir (Optional[Stdlib::Absolutepath])

    Complete path to the directory where measurement histories are saved.

  • maxsamples (Optional[Integer[0,64]])

    Sets the default max number of samples that chrony should keep for each source.

  • minsamples (Optional[Integer[0,64]])

    Sets the default min number of samples that chrony should keep for each source.

  • combinelimit (Optional[Integer])

    Limits which sources are included in the combining algorithm. See chrony.conf man-page for details of use.

  • maxdistance (Optional[Integer])

    Sets the maximum allowed distance to root for the sources to be considered by the source selection algorithm.

  • maxjitter (Optional[Integer])

    Sets the maximum allowed amount of jitter for the sources to be considered by the source selection algorithm.

  • minsources (Optional[Integer])

    Sets the minimum number of sources that needs to be available for selection before the local clock is updated.

  • reselectdist (Optional[Integer])

    Sets the reselect distance. See chrony.conf man-page for details of use.

  • stratumweight (Optional[Variant[Float,Integer]])

    Sets the amount of distance that should be added per stratum when selecting a source.

  • corrtimeratio (Optional[Integer])

    Sets the corrtimeratio. See chrony.conf man-page for details of use.

  • driftfile (Optional[Stdlib::Absolutepath])

    Complete path to the chrony driftfile.

  • fallbackdrift (Optional[Tuple[Integer, Integer]])

    Sets the fallbackdrift. See chrony.conf man-page for details of use.

  • leapsecmode (Optional[Enum['system', 'step', 'slew', 'ignore']])

    Configures the method used to correct for leap seconds.

  • leapsectz (Optional[String])

    Set the name of the timezone to use for determining when leap seconds occur.

  • makestep (Optional[Tuple[Variant[Float,Integer], Variant[Float, Integer]]])

    Configures under which circumstances chrony will step the system clock.

  • maxchange (Optional[Tuple[Integer, Integer, Integer]])

    Sets the maximum allowed offset corrected on a clock update.

  • maxclockerror (Optional[Variant[Float,Integer]])

    Sets the maxclockerror. See chrony.conf man-page for details of use.

  • maxdrift (Optional[Variant[Float,Integer]])

    Sets the maximum assumed drift of the system clock.

  • maxupdateskew (Optional[Variant[Float,Integer]])

    Sets the maxupdateskew. See chrony.conf man-page for details of use.

  • maxslewrate (Optional[Variant[Float,Integer]])

    Sets the maximum rate at which chrony is allowed to slew the time.

  • tempcomp (Optional[Hash])

    Configures temperature compensation. See chrony.conf man-page for details of use.

  • access_rules (Optional[Array[Struct[{ access => Enum['allow', 'deny'], all => Optional[Boolean], subnet => Optional[String], }]]])

    Ordered array of chrony NTP-server access rules.

  • bindaddress_v4 (Optional[Stdlib::IP::Address::V4])

    IPv4 address on the system that chrony should bind to for offering NTP service.

  • bindaddress_v6 (Optional[Stdlib::IP::Address::V6])

    IPv6 address on the system that chrony should bind to for offering NTP service.

  • broadcast (Optional[Array[Struct[{ interval => Integer, address => Stdlib::IP::Address, port => Optional[Stdlib::Port], }]]])

    Array of broadcast configurations, to make chrony advertise time by broadcasting.

  • clientloglimit (Optional[Integer])

    Configures the maximum memory that chrony is allowed to allocate for logging client accesses.

  • noclientlog (Optional[Boolean])

    Toggles whether client accesses are logged or not. If this statement is present, logging is turned off.

  • local (Optional[Struct[{ stratum => Optional[Integer], distance => Optional[Integer], orphan => Optional[Boolean], }]])

    Configures the chrony local reference mode. See chrony.conf man-page for details of use.

  • port (Optional[Stdlib::Port])

    Sets the port on which chrony will listen for NTP requests.

  • ratelimit (Optional[Struct[{ interval => Optional[Integer[-19,12]], burst => Optional[Integer[1,255]], leak => Optional[Integer[1,4]], }]])

    Configures response rate limiting of NTP packets.

  • smoothtime (Optional[Struct[{ max_freq => Integer, max_wander => Variant[Float,Integer], leaponly => Optional[Boolean], }]])

    Configures smoothing of time that chrony servers to clients. See chrony.conf man-page for details of use.

  • bindcmdaddress_v4 (Optional[Stdlib::IP::Address::V4])

    Configures the IPv4 network interface on which chrony will listen for command packets (ie. from chronyc).

  • bindcmdaddress_v6 (Optional[Stdlib::IP::Address::V6])

    Configures the IPv6 network interface on which chrony will listen for command packets (ie. from chronyc).

  • bindcmdaddress_sock (Optional[Stdlib::Absolutepath])

    Complete path to the Unix domain command socket.

  • cmdaccess_rules (Optional[Array[Struct[{ access => Enum['cmdallow', 'cmddeny'], all => Optional[Boolean], subnet => Optional[String], }]]])

    An ordered array of command access rules.

  • cmdport (Optional[Stdlib::Port])

    Configures the port chrony will listen on for command packets.

  • cmdratelimit (Optional[Struct[{ interval => Optional[Integer[-19,12]], burst => Optional[Integer[1,255]], leak => Optional[Integer[1,4]], }]])

    Configures response rate limiting for command packets.

  • hwclockfile (Optional[Stdlib::Absolutepath])

    Complete path to the adjtime file used by the Linux hwclock.

  • rtcautotrim (Optional[Integer])

    Sets the rtcautotrim threshold. See chrony.conf man-page for details of use.

  • rtcdevice (Optional[Stdlib::Absolutepath])

    Complete path to the device file for accessing the RTC.

  • rtcfile (Optional[Stdlib::Absolutepath])

    Complete path to the file where chrony saves RTC tracking parameters.

  • rtconutc (Optional[Boolean])

    Configures RTC to assume that the RTC is keeping UTC time.

  • rtcsync (Optional[Boolean])

    Configures chrony to periodically copy system time to the RTC.

  • log (Optional[Struct[{ measurements => Optional[Boolean], statistics => Optional[Boolean], tracking => Optional[Boolean], rtc => Optional[Boolean], refclocks => Optional[Boolean], tempcomp => Optional[Boolean], rawmeasurements => Optional[Boolean], }]])

    Configures chrony logging behaviour. See chrony.conf man-page for details of use.

  • logbanner (Optional[Integer])

    Sets the frequency with which chrony will print a banner describing the fields of the log file.

  • logchange (Optional[Variant[Float,Integer]])

    Sets the threshold for adjustment of system clock that will generate a syslog message.

  • logdir (Optional[Stdlib::Absolutepath])

    Complete path to the chrony log directory.

  • mailonchange (Optional[Struct[{ email => String, threshold => Variant[Float,Integer], }]])

    Configures an email address where alerts are sent if chrony applies a correction exceeding a threshold.

  • include (Optional[Array[Stdlib::Absolutepath]])

    An array of complete paths to files that will be included in the chrony configuration.

  • keyfile (Optional[Stdlib::Absolutepath])

    Complete path to the keyfile for NTP authentication.

  • lock_all (Optional[Boolean])

    Configures chrony to lock the daemon into RAM so that it never gets paged out.

  • pidfile (Optional[Stdlib::Absolutepath])

    Complete path to the chrony pidfile.

  • sched_priority (Optional[Integer[0,100]])

    Configures the scheduling priority. See chrony.conf man-page for details of use.

  • user (Optional[String])

    Sets the name of the user which runs chrony.

  • ntpsigndsocket (Optional[Stdlib::Absolutepath])

    Complete path to the Samba ntp_signd socket. See chrony.conf man-page for details of use.

  • keys (Optional[Array[Struct[{ id => Integer, hashalg => Optional[Enum[ 'MD5', 'SHA1', 'SHA256', 'SHA384', 'SHA512', 'SHA3-224', 'SHA3-256', 'SHA3-384', 'SHA3-512', 'RMD128', 'RMD160', 'RMD256', 'RMD320', 'TIGER', 'WHIRLPOOL', ]], hash => String, }]]])

    List of keys used for chrony authentication. Populates the chrony keyfile.

  • hwtimestamp (Optional[Array[Struct[{ interface => String, minpoll => Optional[Integer], precision => Optional[String], txcomp => Optional[Integer], rxcomp => Optional[Integer], nocrossts => Optional[Boolean], rxfilter => Optional[Enum['all', 'ntp', 'none']], }]]])

    Array of hwtimestamp configurations, one entry per interface. See chrony.conf man-page for details of use.



306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
 
# File 'manifests/init.pp', line 306

class chrony (
  Enum['absent', 'present']                                        $package_ensure,
  Stdlib::Ensure::Service                                          $service_ensure,
  Boolean                                                          $service_enable,
  Stdlib::Absolutepath                                             $config,
  String                                                           $package,
  String                                                           $service,
  String                                                           $group,
  Optional[Array[Struct[{
    hostname         => String,
    iburst           => Optional[Boolean],
    offline          => Optional[Boolean],
    auto_offline     => Optional[Boolean],
    prefer           => Optional[Boolean],
    noselect         => Optional[Boolean],
    trust            => Optional[Boolean],
    require          => Optional[Boolean],
    xleave           => Optional[Boolean],
    minpoll          => Optional[Integer[-6, 24]],
    maxpoll          => Optional[Integer[-6, 24]],
    key              => Optional[Integer],
    maxdelay         => Optional[Variant[Float[0.0, 1000],Integer[0, 1000]]],
    maxdelayratio    => Optional[Variant[Float,Integer]],
    maxdelaydevratio => Optional[Variant[Float,Integer]],
    mindelay         => Optional[Variant[Float,Integer]],
    asymmetry        => Optional[Variant[Float,Integer]],
    offset           => Optional[Variant[Float,Integer]],
    minsamples       => Optional[Integer],
    maxsamples       => Optional[Integer],
    polltarget       => Optional[Integer[6, 60]],
    port             => Optional[Stdlib::Port],
    presend          => Optional[Integer],
    minstratum       => Optional[Integer],
    version          => Optional[Integer],
    burst            => Optional[Boolean],
  }]]]                                                             $servers,
  Optional[Array[Struct[{
    hostname         => String,
    iburst           => Optional[Boolean],
    offline          => Optional[Boolean],
    auto_offline     => Optional[Boolean],
    prefer           => Optional[Boolean],
    noselect         => Optional[Boolean],
    trust            => Optional[Boolean],
    require          => Optional[Boolean],
    xleave           => Optional[Boolean],
    minpoll          => Optional[Integer[-6, 24]],
    maxpoll          => Optional[Integer[-6, 24]],
    key              => Optional[Integer],
    maxdelay         => Optional[Variant[Float[0.0, 1000],Integer[0, 1000]]],
    maxdelayratio    => Optional[Variant[Float,Integer]],
    maxdelaydevratio => Optional[Variant[Float,Integer]],
    mindelay         => Optional[Variant[Float,Integer]],
    asymmetry        => Optional[Variant[Float,Integer]],
    offset           => Optional[Variant[Float,Integer]],
    minsamples       => Optional[Integer],
    maxsamples       => Optional[Integer],
    polltarget       => Optional[Integer[6, 60]],
    port             => Optional[Stdlib::Port],
    presend          => Optional[Integer],
    minstratum       => Optional[Integer],
    version          => Optional[Integer],
    burst            => Optional[Boolean],
  }]]]                                                             $peers,
  Optional[Array[Struct[{
    hostname         => String,
    iburst           => Optional[Boolean],
    offline          => Optional[Boolean],
    auto_offline     => Optional[Boolean],
    prefer           => Optional[Boolean],
    noselect         => Optional[Boolean],
    trust            => Optional[Boolean],
    require          => Optional[Boolean],
    xleave           => Optional[Boolean],
    minpoll          => Optional[Integer[-6, 24]],
    maxpoll          => Optional[Integer[-6, 24]],
    key              => Optional[Integer],
    maxdelay         => Optional[Variant[Float[0.0, 1000],Integer[0, 1000]]],
    maxdelayratio    => Optional[Variant[Float,Integer]],
    maxdelaydevratio => Optional[Variant[Float,Integer]],
    mindelay         => Optional[Variant[Float,Integer]],
    asymmetry        => Optional[Variant[Float,Integer]],
    offset           => Optional[Variant[Float,Integer]],
    minsamples       => Optional[Integer],
    maxsamples       => Optional[Integer],
    polltarget       => Optional[Integer[6, 60]],
    port             => Optional[Stdlib::Port],
    presend          => Optional[Integer],
    minstratum       => Optional[Integer],
    version          => Optional[Integer],
    maxsources       => Optional[Integer],
    burst            => Optional[Boolean],
  }]]]                                                             $pools,
  Optional[Array[Struct[{
    hostnames => Array[String],
    threshold => Integer,
  }]]]                                                             $initstepslews,
  Optional[Array[Struct[{
    driver         => Enum['PPS', 'SHM', 'SOCK', 'PHC'],
    param          => String,
    driver_options => Optional[Hash],
    poll           => Optional[Integer],
    dpoll          => Optional[Integer],
    refid          => Optional[String],
    lock           => Optional[String],
    rate           => Optional[Integer],
    maxlockage     => Optional[Integer],
    width          => Optional[Integer],
    pps            => Optional[Boolean],
    offset         => Optional[Variant[Float,Integer]],
    delay          => Optional[String],
    precision      => Optional[Integer],
    maxdispersion  => Optional[Integer],
    filter         => Optional[Integer],
    prefer         => Optional[Boolean],
    noselect       => Optional[Boolean],
    trust          => Optional[Boolean],
    require        => Optional[Boolean],
    minsamples     => Optional[Integer],
    maxsamples     => Optional[Integer],
    stratum        => Optional[Integer],
    tai            => Optional[Boolean],
  }]]]                                                             $refclocks,
  Optional[Boolean]                                                $manual,
  Optional[Stdlib::Port]                                           $acquisitionport,
  Optional[Stdlib::IP::Address]                                    $bindacqaddress,
  Optional[Stdlib::Absolutepath]                                   $dumpdir,
  Optional[Integer[0,64]]                                          $maxsamples,
  Optional[Integer[0,64]]                                          $minsamples,
  Optional[Integer]                                                $combinelimit,
  Optional[Integer]                                                $maxdistance,
  Optional[Integer]                                                $maxjitter,
  Optional[Integer]                                                $minsources,
  Optional[Integer]                                                $reselectdist,
  Optional[Variant[Float,Integer]]                                 $stratumweight,
  Optional[Integer]                                                $corrtimeratio,
  Optional[Stdlib::Absolutepath]                                   $driftfile,
  Optional[Tuple[Integer, Integer]]                                $fallbackdrift,
  Optional[Enum['system', 'step', 'slew', 'ignore']]               $leapsecmode,
  Optional[String]                                                 $leapsectz,
  Optional[Tuple[Variant[Float,Integer], Variant[Float, Integer]]] $makestep,
  Optional[Tuple[Integer, Integer, Integer]]                       $maxchange,
  Optional[Variant[Float,Integer]]                                 $maxclockerror,
  Optional[Variant[Float,Integer]]                                 $maxdrift,
  Optional[Variant[Float,Integer]]                                 $maxupdateskew,
  Optional[Variant[Float,Integer]]                                 $maxslewrate,
  Optional[Hash]                                                   $tempcomp,
  Optional[Array[Struct[{
    access => Enum['allow', 'deny'],
    all    => Optional[Boolean],
    subnet => Optional[String],
  }]]]                                                             $access_rules,
  Optional[Stdlib::IP::Address::V4]                                $bindaddress_v4,
  Optional[Stdlib::IP::Address::V6]                                $bindaddress_v6,
  Optional[Array[Struct[{
    interval => Integer,
    address  => Stdlib::IP::Address,
    port     => Optional[Stdlib::Port],
  }]]]                                                             $broadcast,
  Optional[Integer]                                                $clientloglimit,
  Optional[Boolean]                                                $noclientlog,
  Optional[Struct[{
    stratum  => Optional[Integer],
    distance => Optional[Integer],
    orphan   => Optional[Boolean],
  }]]                                                              $local,
  Optional[Stdlib::Port]                                           $port,
  Optional[Struct[{
    interval => Optional[Integer[-19,12]],
    burst    => Optional[Integer[1,255]],
    leak     => Optional[Integer[1,4]],
  }]]                                                              $ratelimit,
  Optional[Struct[{
    max_freq   => Integer,
    max_wander => Variant[Float,Integer],
    leaponly   => Optional[Boolean],
  }]]                                                              $smoothtime,
  Optional[Stdlib::IP::Address::V4]                                $bindcmdaddress_v4,
  Optional[Stdlib::IP::Address::V6]                                $bindcmdaddress_v6,
  Optional[Stdlib::Absolutepath]                                   $bindcmdaddress_sock,
  Optional[Array[Struct[{
    access => Enum['cmdallow', 'cmddeny'],
    all    => Optional[Boolean],
    subnet => Optional[String],
  }]]]                                                             $cmdaccess_rules,
  Optional[Stdlib::Port]                                           $cmdport,
  Optional[Struct[{
    interval => Optional[Integer[-19,12]],
    burst    => Optional[Integer[1,255]],
    leak     => Optional[Integer[1,4]],
  }]]                                                              $cmdratelimit,
  Optional[Stdlib::Absolutepath]                                   $hwclockfile,
  Optional[Integer]                                                $rtcautotrim,
  Optional[Stdlib::Absolutepath]                                   $rtcdevice,
  Optional[Stdlib::Absolutepath]                                   $rtcfile,
  Optional[Boolean]                                                $rtconutc,
  Optional[Boolean]                                                $rtcsync,
  Optional[Struct[{
    measurements    => Optional[Boolean],
    statistics      => Optional[Boolean],
    tracking        => Optional[Boolean],
    rtc             => Optional[Boolean],
    refclocks       => Optional[Boolean],
    tempcomp        => Optional[Boolean],
    rawmeasurements => Optional[Boolean],
  }]]                                                              $log,
  Optional[Integer]                                                $logbanner,
  Optional[Variant[Float,Integer]]                                 $logchange,
  Optional[Stdlib::Absolutepath]                                   $logdir,
  Optional[Struct[{
    email     => String,
    threshold => Variant[Float,Integer],
  }]]                                                              $mailonchange,
  Optional[Array[Stdlib::Absolutepath]]                            $include,
  Optional[Stdlib::Absolutepath]                                   $keyfile,
  Optional[Boolean]                                                $lock_all,
  Optional[Stdlib::Absolutepath]                                   $pidfile,
  Optional[Integer[0,100]]                                         $sched_priority,
  Optional[String]                                                 $user,
  Optional[Stdlib::Absolutepath]                                   $ntpsigndsocket,
  Optional[Array[Struct[{
    id      => Integer,
    hashalg => Optional[Enum[
                  'MD5',
                  'SHA1',
                  'SHA256',
                  'SHA384',
                  'SHA512',
                  'SHA3-224',
                  'SHA3-256',
                  'SHA3-384',
                  'SHA3-512',
                  'RMD128',
                  'RMD160',
                  'RMD256',
                  'RMD320',
                  'TIGER',
                  'WHIRLPOOL',
                ]],
    hash    => String,
  }]]]                                                             $keys,
  Optional[Array[Struct[{
    interface  => String,
    minpoll    => Optional[Integer],
    precision  => Optional[String],
    txcomp     => Optional[Integer],
    rxcomp     => Optional[Integer],
    nocrossts  => Optional[Boolean],
    rxfilter   => Optional[Enum['all', 'ntp', 'none']],
  }]]]                                                             $hwtimestamp,
) {
  # Check for incompatible options
  if $noclientlog and $ratelimit {
    fail("You can't specify both noclientlog and ratelimit options in the same configuration")
  }

  if $rtcfile and $rtcsync {
    fail("You can't specify both rtcfile and rtcsync options in the same configuration")
  }

  # Manage chrony package
  package { $package:
    ensure => $package_ensure,
  }

  # Manage configuration file
  file { $config:
    ensure  => file,
    owner   => root,
    group   => root,
    mode    => '0644',
    content => epp("${module_name}/chrony.conf.epp"),
    require => Package[$package],
    notify  => Service[$service],
  }

  # Manage keyfile
  if $keys and $keyfile {
    file { $keyfile:
      ensure  => file,
      owner   => root,
      group   => $group,
      mode    => '0640',
      content => epp("${module_name}/chrony.keys.epp"),
      require => Package[$package],
      notify  => Service[$service],
    }
  }

  # Manage chrony service
  service { $service:
    ensure => $service_ensure,
    enable => $service_enable,
  }
}