In some baremetal and private Cloud deployments we need to force masters nodes to sync clocks. This is required by etcd and for the validity of the installation certs.
Force time sync
sudo chronyc -a makestep
To force clock update (without stepped updates)
/etc/chrony.conf
# Add the following entry
makestep 1 -1
Reference custom chrony.conf
pool 2.rhel.pool.ntp.org iburst
driftfile /var/lib/chrony/drift
makestep 1.0 -1
rtcsync
keyfile /etc/chrony.keys
logdir /var/log/chrony
# Get TAI-UTC offset and leap seconds from the system tz database.
leapsectz right/UTC
Get the base64 encoded version of the config file with
cat custom-chrony.conf | base64 -w0
Reference MachineConfig
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
metadata:
labels:
machineconfiguration.openshift.io/role: master
name: 50-master-chrony
spec:
config:
ignition:
config: {}
security:
tls: {}
timeouts: {}
version: 2.2.0
networkd: {}
passwd: {}
storage:
files:
- path: "/etc/chrony.conf"
filesystem: root
mode: 420
contents:
source: data:;base64,<BASE64_CHRONY.CONF>