Control: tags -1 + moreinfo Hi,
Le 2025-10-23 22:17, Christopher Martin a écrit : > Package: chrony > Version: 4.8-2 > Severity: important > > When chonyd starts up on one of my systems, it starts before the > network has been brought up, meaning that it fails to bind to an IP > address or interface. It thus doesn't work as a time server unless I > manually restart chronyd once the system is fully up. What does 'sudo systemctl status chrony.service' output? Could you please tell me more about chronyd's configuration? > A fix is to add the following under [Unit] in chronyd.service in > /etc/systemd/system: > > After=network.target > > This delays the start of chronyd by just enough so that when it > starts, enough of the network is up that chronyd can bind properly, > and thus it works as a time server. Contrary to network-online.target, network.target only means that the network stack management has been started, but in no ways it should be assumed that the network interfaces are configured. Also, chronyd uses the IP_FREEBIND sockopt from the Linux kernel to allow binding to an address that doesn't exist yet so it should definitely not fail. > I would note that this issue doesn't occur on all my systems, but I do > experience this issue on a system with a more complex networking setup > - possibly due to the use of bonded interfaces. Presumably the > complexity of that setup affects when the various elements are > initialized, and thus makes it necessary that chronyd start a bit > later than on more 'normal' systems. Note that the use of > ip_nonlocal_bind makes no difference on this system. > > In any case, I can't think of any harm or downside in making the tweak > above a default even for systems that work right now. Well, we really don't want to wait for the network stack before starting chronyd because it is perfectly able to operate without network or DNS functionality notably when used with a hardware reference clock as a time source. > Thanks, > Christopher Martin Cheers, Vincent
signature.asc
Description: PGP signature
