Chronyd seems to ignore its config file

English Network/Internet
#1

Not sure if I should have posted this in category Applications, sorry if wrong here.

In /etc/chrony.conf, a couple of days ago I’ve changed the line

pool 0.opensuse.pool.ntp.org iburst

to

#pool 0.opensuse.pool.ntp.org iburst
server 0.de.pool.ntp.org iburst
server 1.de.pool.ntp.org iburst
server 2.de.pool.ntp.org iburst
server 3.de.pool.ntp.org iburst

and saved the file and enabled chronyd.service.

Today, I checked the journal and found these entries:

Apr 20 08:25:10 xs chronyd[1475]: Selected source 2001:638:a000:1123:123::4 (2.opensuse.pool.ntp.org)
Apr 20 08:25:10 xs chronyd[1475]: System clock wrong by 1.773080 seconds
Apr 20 08:25:11 xs chronyd[1475]: System clock was stepped by 1.773080 seconds
Apr 20 08:26:16 xs chronyd[1475]: Selected source 2003:a:47f:abe4::1 (2.opensuse.pool.ntp.org)

Why is chronyd still using the original pool setting for time source and not the configured one?

I double-checked the configuration file /etc/chrony.conf and it has the settings as shown above.

#2

Mein chronyd tut was ich ihm sage:

erlangen:~ # head /etc/chrony.conf
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (https://www.pool.ntp.org/join.html).
# ! pool pool.ntp.org iburst
server ntp.mnet-online.de iburst
erlangen:~ # 

erlangen:~ # journalctl -b -u chronyd.service 
Apr 19 18:29:55 erlangen systemd[1]: Starting NTP client/server...
Apr 19 18:29:55 erlangen chronyd[1104]: chronyd version 4.3 starting (+CMDMON +NTP +REFCLOCK +RTC +PRIVDROP +SCFILTER +SIGND +ASYNCDNS +NTS +SECHASH +IPV6 -DEBUG)
Apr 19 18:29:55 erlangen chronyd[1104]: Frequency 12.408 +/- 0.427 ppm read from /var/lib/chrony/drift
Apr 19 18:29:55 erlangen systemd[1]: Started NTP client/server.
Apr 19 18:30:28 erlangen chronyd[1104]: Selected source 2001:a60::123:1 (ntp.mnet-online.de)
erlangen:~ #
#3

Because of /etc/chrony.d/pool.conf?

#4

Thank you. It seems I overlooked the very last line in the /etc/chrony.conf file:

include /etc/chrony.d/*.conf

So you could argue that this is my fault. On the other hand, the very first lines in the /etc/chrony.conf file imply that the value currently is and should be configured exactly there:

# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (https://www.pool.ntp.org/join.html).
pool 0.opensuse.pool.ntp.org iburst

The truth is it’s actually meaningless! It is simply unexpected and surprising that this value in any case gets overwritten by the one in pool.conf. :neutral_face:

Also, the man pages chronyd(8) and chrony.conf(5) only mention the file /etc/chrony.conf, neither mentions the pool.conf.

My suggestion here would be for openSUSE maintainers to insert a comment at the top of the /etc/chrony.conf file about existance and role of the otherwise undocumented /etc/chrony.d/pool.conf file.

#5

From man chrony.conf:

   include pattern

       The include directive includes a configuration file, or multiple configuration files if a wildcard pattern is specified. Unlike with the confdir directive, the full name of the files needs to be specified and at least
       one file is required to exist.

       This directive can be used multiple times.

       An example of the directive is:

           include /etc/chrony.d/*.conf
#6

@ [karlmistelberger]
Your comment is considered noise, sorry. Neither does it contradict any of my statements nor does it add any value or new knowledge gain. BTW, it’s the same with your first comment. I see this so often:

  • someone posts “I have this isse”
  • someone like you responds “I don’t have this issue.” or “It works for me.”

What’s the point? How does that help? I don’t get it.

#7

No, it’s not your fault!

  • Not even a little bit «your fault» …

What’s happened is, the default openSUSE RPM packages related to default Chrony pool servers –

  • You have to –
    Blacklist and remove, the following packages –
    chrony-pool-openSUSE
    chrony-pool-suse

You then, have to install the package “chrony-pool-empty” …

  • This will place a Chrony configuration file in ‘/etc/chrony.d/’ with the following content:
 # cat /etc/chrony.d/pool.conf 
# Add ntp pools here
 #

Have a nice day now you all … :sunglasses:

#8

You claim man pages don’t refer to pool.conf. However the man pages state that “multiple configuration files if a wildcard pattern is specified” will be included. This holds also for pool.conf.

You are completely misrepresenting my comment. It does not read “I don’t have this issue.” or “It works for me.”

Stop making false claims!

I posted a working configuration file together with the journal of chronyd, which shows unambiguously, that chrony indeed reads /etc/chrony.conf.

#9

Nobody here in this thread ever claimed the opposite. :man_shrugging:

Possible reasons why your configuration works as intended are
a) you removed or commented the last include line in the /etc/chrony.conf file, or
b) you modified, deleted or renamed the /etc/chrony.d/pool.conf file, or
c) uninstalled the package chrony-pool-openSUSE, or
d) you are not running Leap 15.4

Otherwise you’ld have the same issue that I got with your configuration. True or not?

The point is that none of these possible reasons have been mentioned by you. Actually one can write pool non.existing.ntp.server.whatever in line 3 of /etc/chrony.conf, it doesn’t matter because it will be ignored/overwritten. THAT was the point that I made and your note about the include statement did not consider that in any way.

Sorry if my comment came across as hostile. Was not meant to be a personal attack.

#10

Thanks for pointing out the possible rpm issue. But I don’t get the point of an empty /etc/chrony.conf file that ignores the existing *.conf files in the /etc/chrony.d folder.

IMO it is sufficient to uninstall and block the chrony-pool-openSUSE package:

# rpm -qa | grep chrony
chrony-pool-openSUSE-4.1-150400.19.4.noarch
chrony-4.1-150400.19.4.x86_64
# rpm -ql chrony-pool-openSUSE
/etc/chrony.d/pool.conf

Thanks again for helping in identifying the real issue.

#11

The package maintainers decided to make package or capability chrony depend upon package or capability chrony-pool-openSUSE for whatever reason (obviously there’s no technical reason–the /etc/chrony.d/pool.conf file is not needed). Also, the --no-clean-deps option of zypper remove seems to be not working:

 # zypper rm --no-clean-deps chrony-pool-openSUSE
Reading installed packages...
Resolving package dependencies...

The following 2 packages are going to be REMOVED:
  chrony chrony-pool-openSUSE

2 packages to remove.
After the operation, 575.9 KiB will be freed.
Continue? [y/n/v/...? shows all options] (y): ^C

So don’t do this unless you want chrony being uninstalled, too. We have to do it using rpm:

# rpm -e --nodeps chrony-pool-openSUSE
warning: /etc/chrony.d/pool.conf saved as /etc/chrony.d/pool.conf.rpmsave
# rpm -qa | grep chrony
chrony-4.1-150400.19.4.x86_64
# zypper al chrony-pool-openSUSE
Specified lock has been successfully added.

Posting this here for completeness.

#12

Wrong. It depends on chrony-pool.

bor@10:~> zypper se -x --provides chrony-pool
Loading repository data...
Reading installed packages...

S | Name                 | Summary                                | Type
--+----------------------+----------------------------------------+--------
  | chrony-pool-empty    | Empty pool preconfiguration for chrony | package
i | chrony-pool-openSUSE | Chrony preconfiguration for openSUSE   | package
  | chrony-pool-suse     | Chrony preconfiguration for SUSE       | package
bor@10:~>
#13

Nope. Not on my system:

# rpmdep chrony
chrony depends upon bash,bash-sh,chrony,chrony-pool-openSUSE,coreutils,crypto-policies,diffutils,filesystem,fillup,glibc,grep,info,libacl1,libattr1,libbz2-1,libcap2,libedit0,libffi7,libgcc_s1,libgmp10,libgnutls30,libhogweed6,libidn2-0,libjitterentropy3,liblzma5,libncurses6,libnettle8,libp11-kit0,libpcre1,libreadline7,libseccomp2,libselinux1,libstdc++6,libtasn1,libtasn1-6,libunistring2,libz1,libzio1,system-user-root,sysuser-shadow,terminfo-base

(rpmdep is a tool in the rpmorphan package)

Packages vs. capabilities?

#14

False. I booted host 6700k into leap154, did a pristine install, verified, added server directive and enabled chronyd.service:

leap154:~ # zypper search -is chrony
Loading repository data...
Reading installed packages...

S  | Name                 | Type    | Version         | Arch   | Repository
---+----------------------+---------+-----------------+--------+---------------------
i+ | chrony               | package | 4.1-150400.19.4 | x86_64 | openSUSE-Leap-15.4-1
i  | chrony-pool-openSUSE | package | 4.1-150400.19.4 | noarch | openSUSE-Leap-15.4-1
leap154:~ # 

leap154:~ # rpm -V chrony chrony-pool-openSUSE 
S.5....T.  c /etc/chrony.conf
.M.......  g /var/lib/chrony/drift
leap154:~ # 

leap154:~ # diff /.snapshots/102/snapshot/etc/chrony.conf /.snapshots/1/snapshot/etc/chrony.conf
3a4
> server ntp.mnet-online.de iburst
leap154:~ # 

leap154:~ # chronyc -n sources 
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^+ 2001:a60::123:1               2   6   377    55   +312us[ +312us] +/-   10ms
^- 2a05:d014:c0e:e900:5c44:c0dd:8f8e:1575   2   6   377    53   +525us[ +525us] +/-   44ms
^+ 144.76.43.40                  4   6   377    51   -714us[ -714us] +/-   11ms
^* 2a01:b740:a30:3000::1f2       1   6   377    52   +345us[ +345us] +/-   10ms
^+ 213.209.109.45                2   6   377   246   +435us[ +451us] +/-   18ms
leap154:~ #

The server directive I added to /etc/chrony.conf works. Server ntp.mnet-online.de ( 2001:a60::123:1) is the first entry in the above list of sources.

Originally I made the above changes on infamous Tumbleweed host erlangen when I experienced issues with the openSUSE default pool configuration a year or two ago.

#15

Thank you for taking the effort. Do you still have that 6700k machine available? What happens if you replace the single line entry server ntp.mnet-online.de iburst with the four server entries from the initial post and restart the chronyd service?

Because that’s the only difference (count of servers) that I can see if we assume that comments do not count as lines. My suspicion here is that chronyd might assign a single server entry a higher priority than a pool (and a group of four servers is nothing but a pool) and only in the case of a bunch of servers the later one in the pool.conf wins. But if there’s only one server given then that has higher priority than the predefined pool in pool.conf.

#16 
leap154:~ # chronyc -n sourcestats 
Name/IP Address            NP  NR  Span  Frequency  Freq Skew  Offset  Std Dev
==============================================================================
2001:a60::123:1             0   0     0     +0.000   2000.000     +0ns  4000ms
2a05:d014:c0e:e900:5c44:c0dd:8f8e:1575   0   0     0     +0.000   2000.000     +0ns  4000ms
144.76.43.40                5   3    71     +9.239     77.639   -660us   244us
2a01:b740:a30:3000::1f2     0   0     0     +0.000   2000.000     +0ns  4000ms
213.209.109.45              5   5    71    +15.261    187.821  +1584us   581us
leap154:~ # 

leap154:~ # diff /.snapshots/102/snapshot/etc/chrony.conf /.snapshots/1/snapshot/etc/chrony.conf
3a4,8
> #server ntp.mnet-online.de iburst
> server 0.de.pool.ntp.org iburst
> server 1.de.pool.ntp.org iburst
> server 2.de.pool.ntp.org iburst
> server 3.de.pool.ntp.org iburst
leap154:~ # 

leap154:~ # systemctl restart chronyd
leap154:~ # 

leap154:~ # chronyc -n sourcestats 
Name/IP Address            NP  NR  Span  Frequency  Freq Skew  Offset  Std Dev
==============================================================================
85.214.127.75               5   3    72    +12.848    343.201  +2782us  1594us
185.13.148.71               5   4    72     -1.589    118.391  -1909us   387us
2001:4ba0:92c1:5d::2:2      5   3    72     -3.502     23.823  -4746us   139us
167.235.228.35              5   5    72     +4.111     69.973   -323us   256us
2a03:4000:1e:130::123       5   4    72     +4.910     97.312   -913us   389us
2003:a:87f:c37c::3          5   3    71     +7.381     63.168   +324us   164us
86.108.190.23               5   3    71     +2.788     23.597  +2145us   122us
46.175.224.7                5   3    71     +1.453     51.955  -1194us   218us
leap154:~ #
#17

Interesting.

I reverted my virtual machine to the initial state after installation. Then I edited the /etc/chrony.conf and inserted the same time host as you:

 # head /etc/chrony.conf
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (https://www.pool.ntp.org/join.html).
server ntp.mnet-online.de iburst
#pool pool.ntp.org iburst

Then I restarted the chronyd service and checked the journal. Look what I found:

# systemctl restart chronyd.service
# journalctl -b -u chronyd.service
Apr 21 09:34:06 xs chronyd[1511]: chronyd exiting
Apr 21 09:34:06 xs systemd[1]: chronyd.service: Deactivated successfully.
Apr 21 09:34:06 xs systemd[1]: Stopped NTP client/server.
Apr 21 09:34:06 xs systemd[1]: Starting NTP client/server...
Apr 21 09:34:06 xs chronyd[16526]: chronyd version 4.1 starting (+CMDMON +NTP +REFCLOCK +RTC +PRIVDROP +SCFILTER +SIGND +ASYNCDNS +NTS +SECHAS>
Apr 21 09:34:06 xs chronyd[16526]: Frequency -32.327 +/- 2.348 ppm read from /var/lib/chrony/drift
Apr 21 09:34:06 xs systemd[1]: Started NTP client/server.
Apr 21 09:34:11 xs chronyd[16526]: Selected source 2001:a60::123:1 (ntp.mnet-online.de)
Apr 21 09:34:13 xs chronyd[16526]: Selected source 185.244.195.159 (2.opensuse.pool.ntp.org)

First chronyd selects the ntp.mnet-online.de time source but only 2 ms later one from the SuSE pool.

Conclusions:

  • all specified time sources are being considered, order does not matter
  • chronyd adds all of them to the pool it uses
  • I cannot say why it immediately dropped the mnet-online.de time source
  • one has to explicitly remove servers from the configuration files which one does not want to be used

Thanks for helping in getting this clear. From my point of view, this thread can be closed.

#18

The “chrony-pool-empty” package contains exactly one file:

 > rpm --query --list chrony-pool-empty 
/etc/chrony.d/pool.conf
 >

The Chrony configuration file in ‘/etc/’ is provided by the “chrony” package:

 > rpm --query --whatprovides /etc/chrony.conf 
chrony-4.1-150400.19.4.x86_64
 >

The last line of that configuration file is:

# Also include any directives found in configuration files in /etc/chrony.d
include /etc/chrony.d/*.conf

The set of “chrony-pool-???” packages provide “.conf” files located in “/etc/chrony.d/” to define NTP Pool servers suitable for openSUSE and/or SUSE machines – including an “empty” definition for those machines which do not wish to use the openSUSE or SUSE definition of NTP Pool servers …

#19

Meaning that, somewhere in ‘/etc/chrony.conf’ or, a ‘*.conf’ in ‘/etc/chrony.d/’ you still have an “opensuse.pool.ntp.org” NTP Pool definition in a ‘.conf’ file – find that configuration file and, change it …

  • After making the change, you’ll have to restart the systemd “chronyd.service” …
#20

Understood. Do you agree that uninstalling and blocking the package with the unwanted pool has the same effect as installing an package with an empty pool.conf (as long as nobody renames the package with the SuSE pool.conf)?