NTP doesn't care for configuration in YaST

Hi!

I have here two TW and two 15.2 (updated from 15.1) that LATELY (it worked in the past) simply don’t care for the specific NTP server I configure in Yast (Date and Time) and get blocked by the perimeter firewall.

https://paste.opensuse.org/4b482a16

A TW I didn’t update the last 2 weeks or so is not in the spam list.

Any suggestions?

Hi
And the status of chronyd and configs?


systemctl status chronyd.service

rpmconfigcheck

E wouala:

systemctl status chronyd.service
?? chronyd.service - NTP client/server
     Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled; vendor preset: disabled)
     Active: active (running) since Wed 2020-07-15 07:58:53 CEST; 10h ago
       Docs: man:chronyd(8)
             man:chrony.conf(5)
    Process: 1220 ExecStart=/usr/sbin/chronyd $OPTIONS (code=exited, status=0/SUCCESS)
    Process: 1243 ExecStartPost=/usr/lib/chrony/helper update-daemon (code=exited, status=0/SUCCESS)
   Main PID: 1233 (chronyd)
      Tasks: 1 (limit: 9830)
     Memory: 3.5M
     CGroup: /system.slice/chronyd.service
             ????1233 /usr/sbin/chronyd

and

sudo rpmconfigcheck
Searching for unresolved configuration files
Please check the following files (see /var/adm/rpmconfigcheck):
    /etc/chrony.conf.rpmnew
    /etc/fonts/conf.d/30-metric-aliases.conf.rpmsave
    /etc/localtime.rpmnew
    /etc/nsswitch.conf.rpmnew
    /etc/postfix/main.cf.rpmnew
    /etc/postfix/master.cf.rpmnew
    /etc/samba/smb.conf.rpmnew


Update:

In /etc/chrony.d/pool.conf (which is “included” via /etc/chrony.conf.rpmnew) I see the opensuse pool, which I don’t want to have.

Is this a bug or a feature? I don’t want to have it this way…

Hi
No, this is why you run rpmconfigcheck to see if the rpmnew file are applicable to you (eg diff -Naur old new) then can just remove. I use;


pool time-a.nist.gov iburst
pool time-b.nist.gov iburst

But I see the makestep changed to 3, so updated, deleted the rpmnew files and restarted the service…

On Tumbleweed and Leap 15.2 no issues seen, so what config do you have for the ntp servers?

https://paste.opensuse.org/e0bac601

one server, I don’t want to use any opensuse pool. At a recent TW install I saw that they removed the customization of the NTP config during install. Not funny! I now install always with network…

Hi
Can you reach the server?


systemctl stop chronyd.service

chronyd -q 'pool time-a.nist.gov iburst'
2020-07-15T16:59:41Z chronyd version 3.5 starting (+CMDMON +NTP +REFCLOCK +RTC +PRIVDROP -SCFILTER +SIGND +ASYNCDNS +SECHASH +IPV6 -DEBUG)
2020-07-15T16:59:41Z Initial frequency 12.306 ppm
2020-07-15T16:59:46Z System clock wrong by -0.004363 seconds (step)
2020-07-15T16:59:46Z chronyd exiting

chronyd -q 'pool time-b.nist.gov iburst'
2020-07-15T16:59:50Z chronyd version 3.5 starting (+CMDMON +NTP +REFCLOCK +RTC +PRIVDROP -SCFILTER +SIGND +ASYNCDNS +SECHASH +IPV6 -DEBUG)
2020-07-15T16:59:50Z Initial frequency 12.306 ppm
2020-07-15T16:59:55Z System clock wrong by -0.000672 seconds (step)
2020-07-15T16:59:55Z chronyd exiting

Yepp

chronyc> sources
210 Number of sources = 9
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^* ntpxxxxxxxxxxxxxxxx>     1  10   377   961  -1415us-1305us] +/-   24ms
^? ntp04.plutex.de               0  10     0     -     +0ns   +0ns] +/-    0ns
^? n1.taur.dk                    0  10     0     -     +0ns   +0ns] +/-    0ns
^? vps-22c7558f.vps.ovh.ca       0  10     0     -     +0ns   +0ns] +/-    0ns
^? ntp1.hetzner.de               0  10     0     -     +0ns   +0ns] +/-    0ns
^? server1b.meinberg.de          0   6     0     -     +0ns   +0ns] +/-    0ns
^? electrode.felixc.at           0   6     0     -     +0ns   +0ns] +/-    0ns
^? 2a01:4f8:13a:bc1::            0   6     0     -     +0ns   +0ns] +/-    0ns
^? 2a02:8106:19::2               0   6     0     -     +0ns   +0ns] +/-    0ns

Hi
What about ntpdata for the server, looks ok? Maybe chrony is just grumpy with only one server?

I diagnosed the problem in my post above:

In /etc/chrony.conf.rpmnew TW and 15.2 have an “include”

  GNU nano 4.9.3                            /etc/chrony.conf.rpmnew                                      
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
! pool pool.ntp.org iburst

# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift

# Allow the system clock to be stepped in the first three updates
# if its offset is larger than 1 second.
makestep 1.0 3

# Enable kernel synchronization of the real-time clock (RTC).
rtcsync

# Enable hardware timestamping on all interfaces that support it.
#hwtimestamp *

# Increase the minimum number of selectable sources required to adjust
# the system clock.
#minsources 2

# Allow NTP client access from local network.
#allow 192.168.0.0/16

# Serve time even if not synchronized to a time source.
#local stratum 10

# Specify file containing keys for NTP authentication.
#keyfile /etc/chrony.keys

# Get TAI-UTC offset and leap seconds from the system tz database.
#leapsectz right/UTC

# Specify directory for log files.
logdir /var/log/chrony

# Select which information is logged.
#log measurements statistics tracking

# Also include any directives found in configuration files in /etc/chrony.d
**include /etc/chrony.d/*.conf
**

An in this /etc/chrony.d/pool.conf there is

pool 2.opensuse.pool.ntp.org iburst

So TW and 15.2 add NTP-servers (opensuse pool) I can not configure via YaST, but nobody wants to have, if you do use a cutom config for NTP.

This is a bug.

…just to add: The “include” is also present in /etc/chrony.conf

  GNU nano 4.9.3                                  chrony.conf                                            
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
pool 130.149.17.21 iburst

# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift

# Allow the system clock to be stepped in the first three updates
# if its offset is larger than 1 second.
makestep 1.0 3

# Enable kernel synchronization of the real-time clock (RTC).
rtcsync

# Enable hardware timestamping on all interfaces that support it.
#hwtimestamp *

# Increase the minimum number of selectable sources required to adjust
# the system clock.
#minsources 2

# Allow NTP client access from local network.
#allow 192.168.0.0/16

# Serve time even if not synchronized to a time source.
#local stratum 10

# Specify file containing keys for NTP authentication.
#keyfile /etc/chrony.keys

# Get TAI-UTC offset and leap seconds from the system tz database.
#leapsectz right/UTC

# Specify directory for log files.
logdir /var/log/chrony

# Select which information is logged.
#log measurements statistics tracking

# Also include any directives found in configuration files in /etc/chrony.d
**include /etc/chrony.d/*.conf**

hello, is your problem solved? Here opensuse 15.2, the time is always 2 min late.