Not getting time updates from chronyd

English Network/Internet
#1

Hi there,

I noticed that my server’s time running Leap 15.3 is not accurate. It is about 5 mins ahead of all other computers.
After setting up OpenSuse I never tinkered with this and wonder what happened for it to break.
To me it seems that it has never updated and I don’t know why. I googled a lot and now hope people can help me here.

I tried started restarting, nothing. I pinged the pool servers and they are reachable. I think that my firewall is blocking these?
But the firewall is on by default and should not block a critical service like this.

 # chronyc tracking
Reference ID    : 00000000 ()
Stratum         : 0
Ref time (UTC)  : Thu Jan 01 00:00:00 1970
System time     : 0.000000008 seconds slow of NTP time
Last offset     : +0.000000000 seconds
RMS offset      : 0.000000000 seconds
Frequency       : 2.528 ppm slow
Residual freq   : +0.000 ppm
Skew            : 0.000 ppm
Root delay      : 1.000000000 seconds
Root dispersion : 1.000000000 seconds
Update interval : 0.0 seconds
Leap status     : Not synchronised

# chronyc sources
210 Number of sources = 28
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^? time.cloudflare.com           0   8     0     -     +0ns   +0ns] +/-    0ns
^? de-user.deepinid.deepin.>     0   8     0     -     +0ns   +0ns] +/-    0ns
^? blah.jabber.dk                0   8     0     -     +0ns   +0ns] +/-    0ns
^? chat.k-ten.de                 0   8     0     -     +0ns   +0ns] +/-    0ns
^? time4.isu.net.sa              0   8     0     -     +0ns   +0ns] +/-    0ns
^? 45.11.105.243                 0   8     0     -     +0ns   +0ns] +/-    0ns
^? ntp1.wirehive.net             0   8     0     -     +0ns   +0ns] +/-    0ns
^? 139.199.214.202               0   8     0     -     +0ns   +0ns] +/-    0ns
^? monkey.spod.net               0   8     0     -     +0ns   +0ns] +/-    0ns
^? time.cloudflare.com           0   8     0     -     +0ns   +0ns] +/-    0ns
^? server2.as2.ch                0   8     0     -     +0ns   +0ns] +/-    0ns
^? 195.50.171.101                0   8     0     -     +0ns   +0ns] +/-    0ns
^? 2a05:d014:c0e:e900:5c44:>     0   6     0     -     +0ns   +0ns] +/-    0ns
^? time.cloudflare.com           0   6     0     -     +0ns   +0ns] +/-    0ns
^? ntp.ganneff.de                0   6     0     -     +0ns   +0ns] +/-    0ns
^? stratum2-1.NTP.TechFak.N>     0   6     0     -     +0ns   +0ns] +/-    0ns
^? vmd46520.contaboserver.n>     0   8     0     -     +0ns   +0ns] +/-    0ns
^? server4.njk.aero              0   8     0     -     +0ns   +0ns] +/-    0ns
^? gromit.nocabal.de             0   8     0     -     +0ns   +0ns] +/-    0ns
^? us.ntp.tlercher.de            0   8     0     -     +0ns   +0ns] +/-    0ns
^? clicker.link38.eu             0   8     0     -     +0ns   +0ns] +/-    0ns
^? pingless.com                  0   8     0     -     +0ns   +0ns] +/-    0ns
^? ntp1.sul.t-online.de          0   8     0     -     +0ns   +0ns] +/-    0ns
^? bochum.solar                  0   8     0     -     +0ns   +0ns] +/-    0ns
^? batleth.sapienti-sat.org      0   6     0     -     +0ns   +0ns] +/-    0ns
^? ntp2.wtnet.de                 0   6     0     -     +0ns   +0ns] +/-    0ns
^? ntp.hetzner.eohm.net.eu.>     0   6     0     -     +0ns   +0ns] +/-    0ns
^? 2a01:4f8:c2c:3d20::1          0   6     0     -     +0ns   +0ns] +/-    0ns

This is my /etc/chrony.conf:

# cat -p /etc/chrony.conf 
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
pool 0.suse.pool.ntp.org iburst
pool 1.suse.pool.ntp.org iburst
pool 2.suse.pool.ntp.org iburst
pool 3.suse.pool.ntp.org iburst
! pool pool.ntp.org iburst

# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift

# Allow the system clock to be stepped in the first three updates
# if its offset is larger than 1 second.
makestep 1.0 3

# Enable kernel synchronization of the real-time clock (RTC).
rtcsync

# Enable hardware timestamping on all interfaces that support it.
#hwtimestamp *

# Increase the minimum number of selectable sources required to adjust
# the system clock.
#minsources 2

# Allow NTP client access from local network.
# allow 192.168.0.0/16

# Serve time even if not synchronized to a time source.
#local stratum 10

# Specify file containing keys for NTP authentication.
#keyfile /etc/chrony.keys

# Get TAI-UTC offset and leap seconds from the system tz database.
#leapsectz right/UTC

# Specify directory for log files.
logdir /var/log/chrony

# Select which information is logged.
#log measurements statistics tracking

# Also include any directives found in configuration files in /etc/chrony.d
include /etc/chrony.d/*.conf

When I disable the daemon via systemctl and attempt to specifically try one of the servers I get this:


# chronyd -q 'pool 0.suse.pool.ntp.org iburst'
2022-01-09T01:47:39Z chronyd version 3.2 starting (+CMDMON +NTP +REFCLOCK +RTC +PRIVDROP -SCFILTER +SECHASH -SIGND +ASYNCDNS +IPV6 -DEBUG)
2022-01-09T01:47:39Z Initial frequency -2.528 ppm
2022-01-09T01:47:50Z No suitable source for synchronisation
2022-01-09T01:47:50Z chronyd exiting

Can someone help me out with this? Any help would be much appreciated!!

#2

Hi and welcome to the Forum :slight_smile:
It’s not syncing at all… The -v option offers info on that output, but it’s errors on all (’?’ = unusable).

I use a local gps time server here… Perhaps just use one pool and see if it syncs up after restarting chronyd…


chronyc sources -v

Use YaST to make the changes :wink:

#3

Thank you fo ryour reply!

If I go into yast and into ntp config and just use e.g. 0.suse.pool.ntp.org and test it, I get: “Error: The server is unreachable or does not respond properly.”
If I use one of the others from my sources like “time.cloudflare.com” I get the same message when I test with yast :frowning:

#4

Hi
In YaST Date and Time, is time zone correct, then on the bottom right hit other settings, then make sure Syncronize with NTP Server is selected, then hit configure. Delete the pool entry(ies), hit ADD then in select add a public server and pick one in your locale and then hit the test button.

Is the firewall running? If so temporarily disable and check if it’s not working from above.

#5

Yeah NTP was selected. When I enter that NTP config screen, delete all pool servers and try to add new ones, the testing always results in the same error message that I posted above.
Even with firewalld stopped.

Is the firewall running? If so temporarily disable and check if it’s not working from above.

I disabled the firewalld via yast but it does not help unfortunately.

#6

chrony works fine here without any changes being made:

**erlangen:~ #** rpm -V chrony                                        
.M.......  g /var/lib/chrony/drift 
**erlangen:~ #** journalctl -b -o short-monotonic -u chronyd.service  
-- Journal begins at Wed 2021-12-15 08:27:08 CET, ends at Sun 2022-01-09 08:14:45 CET. -- 
    4.324742] erlangen systemd[1]: Starting NTP client/server... 
    4.344875] erlangen chronyd[907]: chronyd version 4.2 starting (+CMDMON +NTP +REFCLOCK +RTC +PRIVDROP +SCFILTER +SIGND +ASYNCDNS +NTS +SECHASH +IPV6 -DEBUG) 
    4.347283] erlangen chronyd[907]: Frequency -8.205 +/- 0.028 ppm read from /var/lib/chrony/drift 
    4.373909] erlangen systemd[1]: Started NTP client/server. 
   37.376834] erlangen chronyd[907]: Selected source 2a02:c207:2031:970::1 (2.opensuse.pool.ntp.org) 
  103.111695] erlangen chronyd[907]: Selected source 2a01:4f8:c2c:477d::2 (2.opensuse.pool.ntp.org) 
**erlangen:~ #**

Thus I suggest try a pristine configuration. The culprit also could be bad network configuration:

**erlangen:~ #** networkctl  
IDX LINK TYPE     OPERATIONAL SETUP     
  1 lo   loopback **carrier    ** unmanaged 
  2 eth0 ether    **routable   ****configured**

2 links listed. 
**erlangen:~ #** resolvectl  
**Global**
           Protocols: +LLMNR +mDNS -DNSOverTLS DNSSEC=allow-downgrade/supported 
    resolv.conf mode: uplink 
Fallback DNS Servers: 1.1.1.1#cloudflare-dns.com 8.8.8.8#dns.google 1.0.0.1#cloudflare-dns.com 8.8.4.4#dns.google 2606:4700:4700::1111#cloudflare-dns.com 2001:4860:4860::8888#dns.google 2606:4700:4700::1001#cloudflare-dns.com 2001:4860:4860::8844#dns.google 

**Link 2 (eth0)**
    Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6 
         Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=allow-downgrade/supported 
Current DNS Server: 192.168.178.1 
       DNS Servers: 192.168.178.1 fd00::a96:d7ff:fee2:d6cf 
        DNS Domain: fritz.box 
**erlangen:~ #**

Using the above stopped all issues encountered previously.

#7

Hi
Maybe a funky DNS? Do the following commands work…


dig time-a.nist.gov @8.8.8.8


dig 0.opensuse.poolntp.org @8.8.8.8


dig 0.opensuse.poolntp.org
#8

My outputs are:


static:~ # rpm -V chrony
S.5....T.  c /etc/chrony.conf
.M.......  g /var/lib/chrony/drift

static:~ # journalctl -b -o short-monotonic -u chronyd.service
-- Logs begin at Sat 2022-01-08 23:08:37 PST, end at Mon 2022-01-10 08:40:42 PST. --
   34.331792] static systemd[1]: Starting NTP client/server...
   34.409750] static chronyd[1605]: chronyd version 3.2 starting (+CMDMON +NTP +REFCLOCK +RTC +PRIVDROP -SCFILTER +SECHASH -SIGND +ASYNCDNS +IPV6 -DEBUG)
   34.410308] static chronyd[1605]: Frequency -2.528 +/- 0.002 ppm read from /var/lib/chrony/drift
   34.590734] static systemd[1]: Started NTP client/server.
 1849.394904] static chronyd[1605]: Source 2a01:4f8:13a:1e8f::2 replaced with 116.202.64.148
 3641.745069] static chronyd[1605]: Source 2a02:c207:3004:6520::1 replaced with 81.7.16.52
 5433.812792] static chronyd[1605]: Source 2001:418:3ff::53 replaced with 195.201.198.240
 7227.039883] static chronyd[1605]: Source 2a01:4f8:c17:645e::1 replaced with 94.23.160.14
 9213.993266] static chronyd[1605]: Source 116.202.64.148 replaced with 2a03:4000:6:856b:8887:8aff:fe01:9a9f
[11012.692649] static chronyd[1605]: Source 81.7.16.52 replaced with 176.9.42.91
[12812.692720] static chronyd[1605]: Source 195.201.198.240 replaced with 213.209.109.44
[14610.415697] static chronyd[1605]: Source 94.23.160.14 replaced with 2001:470:25:5ad::2
[16702.468526] static chronyd[1605]: Source 168.119.4.163 replaced with 2a01:4f8:160:43aa::2
[18535.600293] static chronyd[1605]: Source 2a03:4000:6:856b:8887:8aff:fe01:9a9f replaced with 78.46.92.194
[20348.901737] static chronyd[1605]: Source 176.9.42.91 replaced with 2a01:4f8:13a:1e8f::2
[22151.282147] static chronyd[1605]: Source 213.209.109.44 replaced with 217.14.146.53
[23954.706541] static chronyd[1605]: Source 94.16.114.254 replaced with 2a01:4f8:13a:bc1::
[26000.256763] static chronyd[1605]: Source 2001:470:25:5ad::2 replaced with 2001:1b10:100:6::53aa:109
[27855.305461] static chronyd[1605]: Source 78.46.92.194 replaced with 129.70.132.35
[29650.687538] static chronyd[1605]: Source 2a01:4f8:13a:1e8f::2 replaced with 5.189.140.236
[31447.577991] static chronyd[1605]: Source 217.14.146.53 replaced with 5.148.175.134
[33246.484261] static chronyd[1605]: Source 212.18.3.18 replaced with 188.40.142.18
[35309.344327] static chronyd[1605]: Source 2a01:4f8:160:43aa::2 replaced with 185.120.22.14
[37187.519348] static chronyd[1605]: Source 129.70.132.35 replaced with 129.70.132.33
[39460.554871] static chronyd[1605]: Source 157.90.3.240 replaced with 195.201.163.190
[41544.842065] static chronyd[1605]: Source 2001:1b10:100:6::53aa:109 replaced with 172.105.75.114
[43598.319259] static chronyd[1605]: Source 188.40.142.18 replaced with 217.79.179.106
[45633.603235] static chronyd[1605]: Source 185.120.22.14 replaced with 2001:4ba0:ffa4:3d2:5:199:135:170
[47521.675057] static chronyd[1605]: Source 129.70.132.33 replaced with 2a01:4f8:160:43aa::2
[51865.277508] static chronyd[1605]: Source 172.105.75.114 replaced with 136.243.202.118
[53936.546868] static chronyd[1605]: Source 2a01:4f8:13a:bc1:: replaced with 144.76.59.106
[55948.470957] static chronyd[1605]: Source 2001:4ba0:ffa4:3d2:5:199:135:170 replaced with 2606:4700:f1::1
[57913.062949] static chronyd[1605]: Source 2a01:4f8:160:43aa::2 replaced with 131.188.3.223
[60144.076349] static chronyd[1605]: Source 217.79.179.106 replaced with 62.128.1.18
[62204.167085] static chronyd[1605]: Source 136.243.202.118 replaced with 85.214.46.39
[64304.279272] static chronyd[1605]: Source 162.159.200.1 replaced with 94.130.184.193
[66299.106309] static chronyd[1605]: Source 2606:4700:f1::1 replaced with 168.119.4.163
[68268.069944] static chronyd[1605]: Source 131.188.3.223 replaced with 138.201.90.189
[70469.885590] static chronyd[1605]: Source 62.128.1.18 replaced with 5.9.57.158
[72537.846077] static chronyd[1605]: Source 85.214.46.39 replaced with 129.70.132.34
[74640.914352] static chronyd[1605]: Source 144.76.59.106 replaced with 2001:49f0:d01f:1::2
[76648.606913] static chronyd[1605]: Source 168.119.4.163 replaced with 2001:a60::123:1
[78590.114543] static chronyd[1605]: Source 138.201.90.189 replaced with 144.76.0.164
[80815.052314] static chronyd[1605]: Source 5.9.57.158 replaced with 168.119.238.107
[82887.556860] static chronyd[1605]: Source 129.70.132.34 replaced with 85.199.214.102
[84985.610006] static chronyd[1605]: Source 2001:49f0:d01f:1::2 replaced with 167.86.115.96
[86962.430959] static chronyd[1605]: Source 2001:a60::123:1 replaced with 2001:638:a000:1123:123::1
[88931.770952] static chronyd[1605]: Source 144.76.0.164 replaced with 37.221.193.210
[91178.015534] static chronyd[1605]: Source 168.119.238.107 replaced with 188.68.36.203
[93260.676038] static chronyd[1605]: Source 85.199.214.102 replaced with 2404:2a00::31
[95330.260700] static chronyd[1605]: Source 167.86.115.96 replaced with 78.47.94.77
[97300.510889] static chronyd[1605]: Source 2001:638:a000:1123:123::1 replaced with 194.163.172.98
[99288.374168] static chronyd[1605]: Source 37.221.193.210 replaced with 162.159.200.1
[101531.301006] static chronyd[1605]: Source 188.68.36.203 replaced with 195.50.171.101
[103583.158155] static chronyd[1605]: Source 2404:2a00::31 replaced with 2a01:4f9:c010:43d2::1
[105674.646580] static chronyd[1605]: Source 94.130.184.193 replaced with 94.23.160.14
[107663.746176] static chronyd[1605]: Source 194.163.172.98 replaced with 2600:3c03::f03c:91ff:fedf:1e98
[109645.240313] static chronyd[1605]: Source 162.159.200.1 replaced with 159.69.4.181
[113882.415240] static chronyd[1605]: Source 2a01:4f9:c010:43d2::1 replaced with 2a01:4f8:c2c:477d::2
[117989.706112] static chronyd[1605]: Source 2600:3c03::f03c:91ff:fedf:1e98 replaced with 2001:638:504:2000::33
[120008.942281] static chronyd[1605]: Source 159.69.4.181 replaced with 2003:a:87f:c37c::2
static:~ #

Thus I suggest try a pristine configuration. The culprit also could be bad network configuration:

Will try this, what package are these two tools part of?

Output for these commands is:


static:~ # dig time-a.nist.gov @8.8.8.8

; <<>> DiG 9.16.6 <<>> time-a.nist.gov @8.8.8.8
;; global options: +cmd
;; connection timed out; no servers could be reached


static:~ # dig 0.opensuse.poolntp.org @8.8.8.8

; <<>> DiG 9.16.6 <<>> 0.opensuse.poolntp.org @8.8.8.8
;; global options: +cmd
;; connection timed out; no servers could be reached


static:~ # dig 0.opensuse.poolntp.org

; <<>> DiG 9.16.6 <<>> 0.opensuse.poolntp.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 36600
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;0.opensuse.poolntp.org.                IN      A

;; AUTHORITY SECTION:
poolntp.org.            3600    IN      SOA     dns1.registrar-servers.com. hostmaster.registrar-servers.com. 1613513046 43200 3600 604800 3601

;; Query time: 64 msec
;; SERVER: 185.12.64.1#53(185.12.64.1)
;; WHEN: Mon Jan 10 08:52:52 PST 2022
;; MSG SIZE  rcvd: 124

static:~ #
#9

Hi
I suspect some DNS issues with your router… can you reboot it and see if that helps, or look at using external DNS?

#10

You have general network connectivity issue. Do you have access to Internet at all? What is output of “ping 8.8.8.8”?

#11

Hmm this is a dedicted root server from hetzner. I did set up a firewall on the hetzner console, maybe that is blocking some services? What would I need to watch out for?

Pinging 8.8.8.8 works fine.

Maybe I misconfigured something in yast’s security center, is that possible?
Is there any way to debug this to see where the problem is?

I should say that this is a webserver which I use for nextcloud and other services.

#12

(Sorry for double post, could not find where I could edit my old post)

Yeah I think the problem may be that I configured the firewall of my hoster too tightly.

Can someone tell me what protocol/port I need to allow chrony on Leap?

#13

Then something blocks DNS port (53) and it is quite possible that also NTP port (123) is blocked as well. Ask your provider.

#14

NTP is using UDP port 123. Not only on Leap, but everywhere.

#15

Okay it is my server’s firewall. When I completely disabled it, ntp/chrony worked just fine. Now I just have to configure it correctly…
I should have thought about that, sorry y’all.

Thank you! Just allowing this and dns at 53/udp did not work but I will search and try a bit to figure out how to make it work.

Thanks everyone!

#16

Hi
Your on the right track now, good job!

#17

Okay I solved my problem. It might not be helpful for most but I will still post it:

I just used the ntp servers of my hoster (in my case hetzner) found here: https://community.hetzner.com/tutorials/install-and-configure-ntp

With this, I did not even need to open up ports for ntp or dns (which did not work anyway). Not sure why this works but all is good now.

Again thanks everyone for helping me and pointing me in the right direction!