Re: [chrony-dev] Multihomed (multiple) network interfaces support !
It seems I found out what is permissions issue where.
It is necessary to add in apparmor chroyd file appropriate paths with write
permissions.
For example:
@{run}/chrony1/{,*} rw,
@{run}/chrony2/{,*} rw,
and there is no necessity to set permissions manually.
All is done automatically.
But in this case chronyd hangs up during starting.
ср, 6 дек. 2023 г. в 00:48, CpServiceSPb :
> I set up _chrony user and _chrony group for /var/run/chrony1 and even set
> up 755 permission to the folder.
> Here is my one config at :/etc/chrony/conf.d /lan.conf
> At the time only one file:
> server 192.168.0.200 port 1123 minpoll 0 maxpoll 0 copy
> allow
> cmdport 1123
> bindcmdaddress /var/run/chrony1/chronyd-server_lan.sock
> pidfile /var/run/chrony1/chronyd-server_lan.pid
> driftfile /var/lib/drift-server1_lan
>
> Launch chronyd either from systemctl start chronyd or chronyd -D and get:
> 2023-12-05T21:45:17Z chronyd version 4.3 starting (+CMDMON +NTP +REFCLOCK
> +RTC +PRIVDROP +SCFILTER +SIGND +ASYNCDNS +NTS +SECHASH +IPV6 -DEBUG)
> 2023-12-05T21:45:17Z Wrong permissions on /var/run/chrony1
> 2023-12-05T21:45:17Z Disabled command socket
> /var/run/chrony1/chronyd-server_lan.sock
> 2023-12-05T21:45:17Z Fatal error : Could not open
> /var/run/chrony1/chronyd-server_lan.pid : Permission denied
>
> What and where is wrong ?
>
>
>
> ср, 6 дек. 2023 г. в 00:28, CpServiceSPb :
>
>> Can you either post a link or detailed instruction on how to launch
>> multiple chrony server instances for the same port but different
>> interfaces/addresses ?
>>
>> пн, 4 дек. 2023 г. в 18:25, Miroslav Lichvar :
>>
>>> On Thu, Nov 30, 2023 at 11:04:37PM +0300, CpServiceSPb wrote:
>>> > But there is
>>> > сен 05 22:55:07 key chronyd[152706]: chronyd version 4.3 starting
>>> (+CMDMON
>>> > +NTP +REFCLOCK +RTC +PRIVDROP +SCFILTER +SIGND +ASYNCDNS +NTS +SECHASH
>>> > +IPV6 -DEBUG)
>>> > сен 05 22:55:07 key chronyd-starter.sh[152704]: Could not open
>>> > /var/run/cc/chronyd-server1.pid : Permission denied
>>> > сен 05 22:55:07 key chronyd[152706]: Wrong permissions on /var/run/cc
>>>
>>> You will need to fix the permission of the directory to be writable by
>>> the chrony user.
>>>
>>> --
>>> Miroslav Lichvar
>>>
>>>
>>> --
>>> To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with
>>> "unsubscribe" in the subject.
>>> For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in
>>> the subject.
>>> Trouble? Email listmas...@chrony.tuxfamily.org.
>>>
>>>
Re: [chrony-dev] Multihomed (multiple) network interfaces support !
I set up _chrony user and _chrony group for /var/run/chrony1 and even set up 755 permission to the folder. Here is my one config at :/etc/chrony/conf.d /lan.conf At the time only one file: server 192.168.0.200 port 1123 minpoll 0 maxpoll 0 copy allow cmdport 1123 bindcmdaddress /var/run/chrony1/chronyd-server_lan.sock pidfile /var/run/chrony1/chronyd-server_lan.pid driftfile /var/lib/drift-server1_lan Launch chronyd either from systemctl start chronyd or chronyd -D and get: 2023-12-05T21:45:17Z chronyd version 4.3 starting (+CMDMON +NTP +REFCLOCK +RTC +PRIVDROP +SCFILTER +SIGND +ASYNCDNS +NTS +SECHASH +IPV6 -DEBUG) 2023-12-05T21:45:17Z Wrong permissions on /var/run/chrony1 2023-12-05T21:45:17Z Disabled command socket /var/run/chrony1/chronyd-server_lan.sock 2023-12-05T21:45:17Z Fatal error : Could not open /var/run/chrony1/chronyd-server_lan.pid : Permission denied What and where is wrong ? ср, 6 дек. 2023 г. в 00:28, CpServiceSPb : > Can you either post a link or detailed instruction on how to launch > multiple chrony server instances for the same port but different > interfaces/addresses ? > > пн, 4 дек. 2023 г. в 18:25, Miroslav Lichvar : > >> On Thu, Nov 30, 2023 at 11:04:37PM +0300, CpServiceSPb wrote: >> > But there is >> > сен 05 22:55:07 key chronyd[152706]: chronyd version 4.3 starting >> (+CMDMON >> > +NTP +REFCLOCK +RTC +PRIVDROP +SCFILTER +SIGND +ASYNCDNS +NTS +SECHASH >> > +IPV6 -DEBUG) >> > сен 05 22:55:07 key chronyd-starter.sh[152704]: Could not open >> > /var/run/cc/chronyd-server1.pid : Permission denied >> > сен 05 22:55:07 key chronyd[152706]: Wrong permissions on /var/run/cc >> >> You will need to fix the permission of the directory to be writable by >> the chrony user. >> >> -- >> Miroslav Lichvar >> >> >> -- >> To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with >> "unsubscribe" in the subject. >> For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in >> the subject. >> Trouble? Email listmas...@chrony.tuxfamily.org. >> >>
Re: [chrony-dev] Multihomed (multiple) network interfaces support !
Can you either post a link or detailed instruction on how to launch multiple chrony server instances for the same port but different interfaces/addresses ? пн, 4 дек. 2023 г. в 18:25, Miroslav Lichvar : > On Thu, Nov 30, 2023 at 11:04:37PM +0300, CpServiceSPb wrote: > > But there is > > сен 05 22:55:07 key chronyd[152706]: chronyd version 4.3 starting > (+CMDMON > > +NTP +REFCLOCK +RTC +PRIVDROP +SCFILTER +SIGND +ASYNCDNS +NTS +SECHASH > > +IPV6 -DEBUG) > > сен 05 22:55:07 key chronyd-starter.sh[152704]: Could not open > > /var/run/cc/chronyd-server1.pid : Permission denied > > сен 05 22:55:07 key chronyd[152706]: Wrong permissions on /var/run/cc > > You will need to fix the permission of the directory to be writable by > the chrony user. > > -- > Miroslav Lichvar > > > -- > To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with > "unsubscribe" in the subject. > For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the > subject. > Trouble? Email listmas...@chrony.tuxfamily.org. > >
Re: [chrony-dev] Chrony and leap-second table expiration
On Mon, Dec 04, 2023 at 08:21:07AM -0800, Hal Murray wrote: > > mlich...@redhat.com said: > >> * If Chrony reads leap-seconds.list should it also look at the > >> leap second expiration and reject old files? > > As currently chrony works, there would be no functional difference between > > rejecting old file and using old file unless someone was interested in > > replaying old leap seconds. > > If you know that the data in the file covers "now", you can ignore the > leap-pending in NTP packets from servers. The servers that incorrectly announce a leap second will likely apply it to their clock and need some time to correct the error. Ignoring that leap on the clients doesn't change much, they would still follow the servers' error if they make a majority in the selection (same as the leap majority). The client would need some logic to temporarily ignore these servers completely. IIRC a more common issue was with servers that announce the leap too late, causing the clients to miss it, e.g. due to ntpd accepting leap only from samples that pass the clock filter (~2.5 hour delay in worst case with default maxpoll) and too many servers in the chain, or a refclock getting the leap announcement only one hour ahead (e.g. DCF77). Using the right timezone or leapfile helps with that. For an event that might happen only once or twice again, I would prefer to not complicate things any further. -- Miroslav Lichvar -- To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
[chrony-dev] chrony-4.5 released
The final release of chrony-4.5 is now available. The source code is available here: https://chrony-project.org/releases/chrony-4.5.tar.gz SHA256 sum: 19fe1d9f4664d445a69a96c71e8fdb60bcd8df24c73d1386e02287f7366ad422 Since 4.5-pre1, it has only minor improvements in logging of selection loss and documentation. -- Miroslav Lichvar signature.asc Description: PGP signature
[chrony-dev] [Git][chrony/chrony] Pushed new tag 4.5
Miroslav Lichvar pushed new tag 4.5 at chrony / chrony -- View it on GitLab: https://gitlab.com/chrony/chrony/-/tree/4.5 You're receiving this email because of your account on gitlab.com.
[chrony-dev] [Git][chrony/chrony][master] 4 commits: doc: improve description of reload sources command
Miroslav Lichvar pushed to branch master at chrony / chrony Commits: 42fdad5d by Miroslav Lichvar at 2023-12-04T16:50:51+01:00 doc: improve description of reload sources command - - - - - 89aa8fa3 by Miroslav Lichvar at 2023-12-05T14:22:08+01:00 doc: mention dependency of net corrections on HW timestamping - - - - - 598b893e by Miroslav Lichvar at 2023-12-05T14:22:10+01:00 doc: update FAQ on improving accuracy - - - - - 120dfb8b by Miroslav Lichvar at 2023-12-05T14:22:10+01:00 update copyright years - - - - - 6 changed files: - doc/chrony.conf.adoc - doc/chronyc.adoc - doc/faq.adoc - siv_gnutls.c - socket.c - test/unit/util.c View it on GitLab: https://gitlab.com/chrony/chrony/-/compare/3ee7b3e786f4758e9799866b5a5a184b9a4e6bd3...120dfb8b36b942c31ddfc0220ca1475159ac5031 -- View it on GitLab: https://gitlab.com/chrony/chrony/-/compare/3ee7b3e786f4758e9799866b5a5a184b9a4e6bd3...120dfb8b36b942c31ddfc0220ca1475159ac5031 You're receiving this email because of your account on gitlab.com.
