Or try to reinstall chrony
apt install --reinstall chrony
omv-salt deploy run chrony
Or try to reinstall chrony
apt install --reinstall chrony
omv-salt deploy run chrony
I've tried executing the above commands but the result is exactly the same
Did you try to disable apparmor?
No, because I am afraid that it can break the system and I want to do a backup before trying.
Is possible to disable it only for chrony?
Is possible to disable it only for chrony?
I thought this is what the files are doing we were looking at.
But it might help if appamor is the issue or not. So if chrony works without apparmor that would show that apparmor is the issue.
Strange thing: on my server I have apparmor and chrony is working w/o issues. So might be it is not apparmor that is to blame.
No, because I am afraid that it can break the system and I want to do a backup before trying.
Is possible to disable it only for chrony?
In the meantime I've tried to take a look at the logs running
sudo cat /var/log/syslog | grep chrony
and this Is the output
Jan 6 11:52:33 Server kernel: [71629.373181] audit: type=1400 audit(1641466353.228
:9): apparmor="STATUS" operation="profile_replace" info="same as current profile, s
kipping" profile="unconfined" name="/usr/sbin/chronyd" pid=20436 comm="apparmor_par
ser"
Jan 6 11:52:34 Server systemd[1]: Starting chrony, an NTP client/server...
Jan 6 11:52:34 Server chronyd[20548]: chronyd version 3.4 starting (+CMDMON +NTP +
REFCLOCK +RTC +PRIVDROP +SCFILTER +SIGND +ASYNCDNS +SECHASH +IPV6 -DEBUG)
Jan 6 11:52:34 Server chronyd[20548]: Frequency -7.483 +/- 0.098 ppm read from /va
r/lib/chrony/chrony.drift
Jan 6 11:52:34 Server chronyd[20548]: Loaded seccomp filter
Jan 6 11:52:34 Server systemd[1]: Started chrony, an NTP client/server.
Jan 6 11:52:39 Server chronyd[20548]: Selected source 192.168.178.1
Jan 6 11:52:39 Server systemd[1]: chrony.service: Main process exited, code=killed
, status=31/SYS
Jan 6 11:52:39 Server systemd[1]: chrony.service: Failed with result 'signal'.
Jan 6 11:53:10 Server systemd[1]: Started /usr/bin/systemctl start chrony.service.
Jan 6 11:53:10 Server systemd[1]: Starting chrony, an NTP client/server...
Jan 6 11:53:11 Server chronyd[20918]: chronyd version 3.4 starting (+CMDMON +NTP +
REFCLOCK +RTC +PRIVDROP +SCFILTER +SIGND +ASYNCDNS +SECHASH +IPV6 -DEBUG)
Jan 6 11:53:11 Server chronyd[20918]: Frequency -7.483 +/- 0.098 ppm read from /va
r/lib/chrony/chrony.drift
Jan 6 11:53:11 Server chronyd[20918]: Loaded seccomp filter
Jan 6 11:53:11 Server systemd[1]: Started chrony, an NTP client/server.
Jan 6 11:53:15 Server chronyd[20918]: Selected source 192.168.178.1
Jan 6 11:53:15 Server systemd[1]: chrony.service: Main process exited, code=killed
, status=31/SYS
Jan 6 11:53:15 Server systemd[1]: chrony.service: Failed with result 'signal'.
Alles anzeigen
Is it possible that apparmor is a package from old versions? In this thread a problem is solved uninstalling it, maybe it is related.
Ok, first I've tried:
sudo aa-disable /etc/apparmor.d/usr.bin.chrony
sudo apt install --reinstall chrony
sudo omv-salt deploy run chrony
sudo reboot
and after reboot nothing changed.
Then I've tried disabling apparmor entirely:
sudo mkdir -p /etc/default/grub.d
echo 'GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT apparmor=0"' \
| sudo tee /etc/default/grub.d/apparmor.cfg
sudo update-grub
sudo reboot
And even in this case the result is the same. So I guess that apparmor is not the issue.
Someone that has chrony working correctly can report the chrony and apparmor versions?
Someone that has chrony working correctly can report the chrony and apparmor versions?
OMV5 on Debian 10:
15:03:48 root@hawk:~# apt-cache policy chrony
chrony:
Installed: 3.4-4+deb10u1
Candidate: 3.4-4+deb10u1
Version table:
4.0-8~bpo10+1 100
100 http://httpredir.debian.org/debian buster-backports/main amd64 Packages
*** 3.4-4+deb10u1 500
500 http://deb.debian.org/debian buster/main amd64 Packages
100 /var/lib/dpkg/status
15:03:55 root@hawk:~# apt-cache policy apparmor
apparmor:
Installed: 2.13.2-10
Candidate: 2.13.2-10
Version table:
*** 2.13.2-10 500
500 http://deb.debian.org/debian buster/main amd64 Packages
100 /var/lib/dpkg/status
Alles anzeigen
Thanks, I have tested the output of these commands on my system but is exactly the same. What can I try at this point?
Maybe yet another ntp server running. What is the output of
systemctl status ntp
If I type
sudo systemctl status ntp
there are available
ntpsec.service ntp.service
I've tried both of them and the output is
Unit ntp.service could not be found.
So I guess that it is not running
Yes, same here.
Did you ever try to start chronyd in the forground to see what is happening?
chronyd -d
No, I've tried it right now and if launched in this way there are no errors and is working as expected
2022-01-07T16:14:33Z chronyd version 3.4 starting (+CMDMON +NTP +REFCLOCK +RTC +PRIVDROP +SCFILTER +SIGND +ASYNCDNS +SECHASH +IPV6 -DEBUG)
2022-01-07T16:14:33Z Frequency -7.483 +/- 0.128 ppm read from /var/lib/chrony/chrony.drift
2022-01-07T16:14:37Z Selected source 185.157.229.254
2022-01-07T16:14:37Z System clock wrong by 68.717174 seconds, adjustment started
2022-01-07T16:15:46Z System clock was stepped by 68.717174 seconds
The time was synced correctly
So maybe it could be an issue with the systemd service files?
If it can be useful this is the content of my systemd file in
/etc/systemd/system/chronyd.service
[Unit]
Description=chrony, an NTP client/server
Documentation=man:chronyd(8) man:chronyc(1) man:chrony.conf(5)
Conflicts=systemd-timesyncd.service openntpd.service ntp.service ntpsec.service
After=network.target
ConditionCapability=CAP_SYS_TIME
[Service]
Type=forking
PIDFile=/run/chronyd.pid
EnvironmentFile=-/etc/default/chrony
ExecStart=/usr/sbin/chronyd $DAEMON_OPTS
ExecStartPost=-/usr/lib/chrony/chrony-helper update-daemon
PrivateTmp=yes
ProtectHome=yes
ProtectSystem=full
[Install]
Alias=chronyd.service
WantedBy=multi-user.target
Alles anzeigen
From my service file:
Conflicts=systemd-timesyncd.service openntpd.service ntp.service ntpsec.service
any of those services on your system? We already checked ntp.service.
I only have systemd-timesyncd.service, and this is the output of the systemctl status
$ sudo systemctl status systemd-timesyncd.service
● systemd-timesyncd.service - Network Time Synchronization
Loaded: loaded (/lib/systemd/system/systemd-timesyncd.service; enabled; vendor preset: enabled)
Drop-In: /usr/lib/systemd/system/systemd-timesyncd.service.d
└─disable-with-time-daemon.conf
Active: inactive (dead)
Condition: start condition failed at Fri 2022-01-07 16:00:24 CET; 1h 32min ago
└─ ConditionFileIsExecutable=!/usr/sbin/chronyd was not met
Docs: man:systemd-timesyncd.service(8)
Jan 07 16:00:24 Server systemd[1]: Condition check resulted in Network Time Synchronization being skipped.
Alles anzeigen
So it appears that is not running because chrony is present, that should be the correct behaviour
start condition failed at Fri 2022-01-07 16:00:24 CET; 1h 32min ago
was that when you started chrony?
Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!