2

I have been battling with Chrony for the last few hours and cannot seem to figure out what I'm doing wrong. I found that my system time was set to 2015 when trying to activate Epel-release in DNF, some certificate errors lead me to trying to resolve time date issues. Below is all my relevant output:

    # timedatectl
               Local time: Wed 2021-05-05 16:24:27 EDT
           Universal time: Wed 2021-05-05 20:24:27 UTC
                 RTC time: Wed 2021-05-05 20:24:27
                Time zone: America/Detroit (EDT, -0400)
System clock synchronized: no
              NTP service: active
          RTC in local TZ: no

I had to set time manually, so this is actually one minute fast so that I could see if it ran correctly.

# chronyc sources
210 Number of sources = 4
MS Name/IP address         Stratum Poll Reach LastRx Last sample
===============================================================================
^? ntp.speculation.org           0   9     0     -     +0ns[   +0ns] +/-    0ns
^? c-73-239-136-185.hsd1.wa>     0   9     0     -     +0ns[   +0ns] +/-    0ns
^? 165.227.106.11                0   9     0     -     +0ns[   +0ns] +/-    0ns
^? x.ns.gin.ntt.net              0   9     0     -     +0ns[   +0ns] +/-    0ns

# chronyc activity
200 OK
5 sources online
0 sources offline
0 sources doing burst (return to online)
0 sources doing burst (return to offline)
0 sources with unknown address

Looking at other people's sources output this seems not only unrealistic, but just wrong

# systemctl stop chronyd

# chronyd -q
2021-05-05T20:31:16Z chronyd version 3.5 starting (+CMDMON +NTP +REFCLOCK +RTC +PRIVDROP +SCFILTER +SIGND +ASYNCDNS +SECHASH +IPV6 +DEBUG)
2021-05-05T20:31:16Z Frequency -97.480 +/- 1.274 ppm read from /var/lib/chrony/drift
2021-05-05T20:31:16Z Using right/UTC timezone to obtain leap second data
2021-05-05T20:31:27Z No suitable source for synchronisation
2021-05-05T20:31:27Z chronyd exiting

I'm not even sure where to start troubleshooting this, I have tried with and without firewalld running.

# cat /etc/chrony.conf
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server 0.centos.pool.ntp.org iburst
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst
server 2.pool.ntp.org iburst
# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift

# Allow the system clock to be stepped in the first three updates
# if its offset is larger than 1 second.
makestep 1.0 3

# Enable kernel synchronization of the real-time clock (RTC).
rtcsync

# Enable hardware timestamping on all interfaces that support it.
#hwtimestamp *

# Increase the minimum number of selectable sources required to adjust
# the system clock.
#minsources 2

# Allow NTP client access from local network.
#allow 192.168.0.0/16

# Serve time even if not synchronized to a time source.
#local stratum 10

# Specify file containing keys for NTP authentication.
keyfile /etc/chrony.keys

# Get TAI-UTC offset and leap seconds from the system tz database.
leapsectz right/UTC

# Specify directory for log files.
logdir /var/log/chrony

# Select which information is logged.
#log measurements statistics tracking

I have edited my conf files a ton, my pools might be a little weird but I wasn't sure what else to have them set to. before this there was just 1 pool directive that I foolishly removed without backing up.

# ntpstat
unsynchronised
poll interval unknown

Finally by suggestion of a friend, I used ntpstat and it gave me this output..

I have tried chronyc makestep and refresh, both of which have yielding nothing as well

Edit: Update, I changed my config to include "pool" instead of "server" where applicable to see if that fixed me issue. No dice

Ryan Smith
  • 43
  • 2
  • 8
  • Anything interesting when running `journalctl -u chronyd'? – Brandon Xavier May 10 '21 at 19:22
  • ``` ntpdate -vd 0.centos.pool.ntp.org ``` Maybe try this as root and check that you getting responses, maybe firewall is blocking you? Thanks, – Drixter May 10 '21 at 18:36
  • is there any firewall blocking your 123/udp ingress and egress? – mforsetti May 11 '21 at 12:27
  • @mforsetti No firewall blocking – Ryan Smith May 11 '21 at 17:11
  • @BrandonXavier https://pastebin.com/S0Qm4PGs Nothing too interesting unfortunately, chronyd restart, chronyc makestep all kind of doing their normal thing and then the "adjusted by 0.000..." logs. "Lots of source x replaced with source y" that's really it. – Ryan Smith May 11 '21 at 17:15
  • @mforsetti Firewalld on default settings to allow outgoing access but I did try running everything with it fully disabled and no changes. Enabled NTP service just for funsies though – Ryan Smith May 11 '21 at 17:16
  • Following the line of firewall thinking, check and make sure your router isn't blocking port 123 (at my current job all external ntp access is blocked in lieu of using internal dedicated timesync servers). To test this you could spin up another chrony/ntp server on your local network and try syncing to it (just for testing). – Brandon Xavier May 11 '21 at 17:55
  • stop `chronyd` and `ntpd`, then install `ntpdate`. Edit your question by adding the result of `sudo ntpdate -d pool.ntp.org`. If there's any network problem e.g. firewall blocking 123/udp, you'll see there's no `transmit` and/or `receive` output message. – mforsetti May 11 '21 at 20:31
  • unfortunately most of the NTP commands don't work here and this is an issue with Chrony. At some point, miraculously, it synched once and only once but my clock has been stable enough to resolve some of my date/time issues. With Cent8 going away I haven't been using it as much anymore, I appreciate the help. I still am not syncing consistently but I can't afford to chase the issue anymore :( – Ryan Smith Oct 15 '21 at 01:38

0 Answers0