From 06f05b29840c261ab62bef126384f8bcb9b604d3 Mon Sep 17 00:00:00 2001
From: Jakob Englisch <jakob.englisch@catalysts.cc>
Date: Tue, 8 Jan 2019 22:13:13 +0100
Subject: [PATCH] Chrony: add an option to sync the hardware clock

Provide the possibility to allow users to synchronize
the RTC. It is (still) disabled by default, since
certain combinations of linux kernel version and
hardware pieces are subject to cause lockups.

"rtcautotrim 10" and rtcfile have been favoured over
"rtcsync" since "rtcsync" syncs the RTC every 11 seconds
which is not necessary IMO. "rtcautotrim 10" will only
set the time to the RTC if the gap between RTC and
the system clock exceed more than 10 seconds.

Change-Id: I2961bc554eb6caf6e6c78137a33c4fde256ae1ff
---
 defaults/main.yml                                        | 2 ++
 releasenotes/notes/chrony-rtc-sync-f46b9a526aec0889.yaml | 4 ++++
 templates/chrony.conf.j2                                 | 7 +++++--
 3 files changed, 11 insertions(+), 2 deletions(-)
 create mode 100644 releasenotes/notes/chrony-rtc-sync-f46b9a526aec0889.yaml

diff --git a/defaults/main.yml b/defaults/main.yml
index cd4ac047..4177a46b 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -272,6 +272,8 @@ security_ntp_servers:
   - 3.pool.ntp.org
 # NTP server options.
 security_ntp_server_options: offline maxpoll 10 minpoll 8
+# Configure Chrony to synchronize the hardware clock
+security_ntp_sync_rtc: false
 # Chrony limits access to clients that are on certain subnets.  Adjust the
 # following subnets here to limit client access to chrony servers.
 security_allowed_ntp_subnets:
diff --git a/releasenotes/notes/chrony-rtc-sync-f46b9a526aec0889.yaml b/releasenotes/notes/chrony-rtc-sync-f46b9a526aec0889.yaml
new file mode 100644
index 00000000..87079f93
--- /dev/null
+++ b/releasenotes/notes/chrony-rtc-sync-f46b9a526aec0889.yaml
@@ -0,0 +1,4 @@
+---
+features:
+  - Chrony got a new configuration option to synchronize the system clock back
+    to the RTC using the ``security_ntp_sync_rtc`` variable. Disabled by default.
diff --git a/templates/chrony.conf.j2 b/templates/chrony.conf.j2
index d5ed910a..bf91e6c7 100644
--- a/templates/chrony.conf.j2
+++ b/templates/chrony.conf.j2
@@ -82,13 +82,16 @@ makestep 1 3
 
 # mailonchange root@localhost 0.5
 
+{% if security_ntp_sync_rtc | bool %}
 # This directive tells chrony to regulate the real-time clock and tells it
 # Where to store related data.  It may not work on some newer motherboards
 # that use the HPET real-time clock.  It requires enhanced real-time
-# support in the kernel.  I've commented it out because with certain
+# support in the kernel.  It is disabled by default because with certain
 # combinations of motherboard and kernel it is reported to cause lockups.
 
-# rtcfile /var/lib/chrony/chrony.rtc
+rtcfile /var/lib/chrony/chrony.rtc
+rtcautotrim 10
+{% endif %}
 
 # If the last line of this file reads 'rtconutc' chrony will assume that
 # the CMOS clock is on UTC (GMT).  If it reads '# rtconutc' or is absent