| Re: [chrony-users] NTS: Limiting |
[ Thread Index |
Date Index
| More chrony.tuxfamily.org/chrony-users Archives
]
- To: chrony-users@xxxxxxxxxxxxxxxxxxxx
- Subject: Re: [chrony-users] NTS: Limiting
- From: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
- Date: Wed, 20 Jan 2021 11:37:09 +0100
- Authentication-results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=mlichvar@xxxxxxxxxx
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1611139035; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=RHYVZADjEUs9lyTCvYd8N43sRNuqecqVBbyWNxFIJtI=; b=C8gFTuMd9mi68StloDbvia6bLUJSPqCvsTqtislyXz173TKNGfEZg8uH1g+wRRCz1n3jRe pkc9NtyGipy1zRiAevNAgZ55Q/qcp0U/WGsWf+NuVsa6ZKYpV0YRpIALIH9uCalfafISxY v8rap7bZjJu8VFZi2DH+SZh84Gbkids=
On Wed, Jan 20, 2021 at 10:58:37AM +0100, Karol Babioch wrote:
> Hi,
>
> Am 20.01.21 um 10:15 schrieb Miroslav Lichvar:
> > Yes, NTS can work with pools. The servers need to have the same name
> > in their certificates, one that matches the name specified in the
> > chrony config.
> >
> > I have a small pool of servers running under the name
> > "nts-test.strangled.net".
>
> Could you elaborate how exactly your setup looks like? What DNS records
> do you have, how does your Chrony config look like? Do all servers share
> the same certificate (or at least a certificate with the common name /
> same subject alternative names)?
There are multiple A records for that name and a single certificate
(signed by Let's Encrypt) shared by the servers. They have identical
configuration. Same as if you would implement load balancing at DNS
level.
--
Miroslav Lichvar
--
To unsubscribe email chrony-users-request@xxxxxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject.
For help email chrony-users-request@xxxxxxxxxxxxxxxxxxxx
with "help" in the subject.
Trouble? Email listmaster@xxxxxxxxxxxxxxxxxxxx.