Re: [chrony-users] Chrony setup using RTC as fallback

[ Thread Index | Date Index | More chrony.tuxfamily.org/chrony-users Archives ]


sorry, my mistype. It is -a not -e

chronyc -a online

the -a tells chronyc to automatically read the password file /etc/chrony.keys
for the key to the password command of chronyc to allow it to run priviledged
commands.


On Thu, 19 Nov 2015, Mauro Condarelli wrote:

Hi,
I am very confused.
I seem to understand current chronyc connects to chronyd (localhost) via AF_UNIX socket (which must reside somewhere in filesystem). I also seem to understand this socket is (by default) created as /var/run/chrony/chronyd.sock

I have no such socket.


If my understanding is wrong please correct me.

Using the suggested command results in:

 / # chronyc -e online

-a not -e
And you have to make sure you have an /etc/chrony.keys file and a pointer to
the right line in /etc/chrony.conf

Eg
in chrony.conf
commandkey 13

and in chrony.keys
13 password_for_chrony

Or in chrony.conf
generatecommandkey
keyfile /etc/chrony.keys




Usage : chronyc [-h <hostname>] [-p <port-number>] [-n] [-4|-6] [-m] [-a] [-f <file>]] [command]

NOTE:
 / # chronyc -v
 chronyc (chrony) version 1.31

My full /etc/chroony.conf follows:

/ # cat /etc/chrony.conf
#initstepslew 30 2.it.pool.ntp.org 0.pool.ntp.org 1.pool.ntp.org

server 0.it.pool.ntp.org offline
server 1.it.pool.ntp.org offline
server 2.pool.ntp.org    offline
server 3.pool.ntp.org    offline

logdir /var/log/chrony
log rtc statistics measurements tracking
logchange 1
driftfile /var/lib/chrony/drift
keyfile /etc/chrony.keys
generatecommandkey
#makestep 1.0 3
maxupdateskew 100.0
dumponexit
dumpdir /var/lib/chrony
rtconutc
rtcautotrim 1
rtcfile /var/lib/chrony/rtc
#bindcmdaddress /var/run/chronyd.sock
/ #

What am I doing wrong?





Il 19/11/2015 00:31, Bill Unruh ha scritto:

On Thu, 19 Nov 2015, Mauro Condarelli wrote:

Hi Bill,
comments inline below.

Il 18/11/2015 21:04, Bill Unruh ha scritto:
On Wed, 18 Nov 2015, Mauro Condarelli wrote:

Thanks Bill,
comments inline below.

Il 18/11/2015 20:40, Bill Unruh ha scritto:


Unfortunately something is seriously wrong:
I get consistently "506 Cannot talk to daemon" to each and all chronyc commands I try (while being root).

Check that the chronyc and chronyd are the same versions.
They are, I'm pretty sure because I compiled them both from the dame source package.

Problem seems to be my /var/run is on a tmpfs, so the directory /var/run/chrony does not exist.

Why would you have /var/run on a tmpfs? And why does /var/run/chrony not
exist?


Not my choice.
This system is Buildroot-based.
General idea (AFAIK) is /var/run does not need to be persisted across boots, so /run is a tmpfs and /var/run is a symlink to /run. Obviously /run is crated empty, so /var/run/chrony (a.k.a.: /run/chrony) does not exist at startup.

Sure, but if you run chronyc before chronyd starts, then clearly there is
nothing to connect to, and if afterwards, that file should have been created. Mind you, as I said, the only chrony thing in /var/run or /run is chrony.pid, and if I remove that, chronyc connects fine to chrony. So I do not think this
is the problem.


I tried creating it (mkdir -p /var/run/chrony) before starting "chronyd -r -s" but now error is:
 / # chronyc online
 501 Not authorised

That is of course because, as I said, online is a priviledged command. You
either need to use chrony-helper, or use chronyc -e online, so chronyc can
read the password from /etc/chrony.keys.

But again, I have no such directory in /var/run or /run, and chronyc connects
fine. (chrony 1.31)

Ie, I do not think that the existence of /var/run/chrony is needed for
anything. There is of course a directory /var/lib/chrony for the drift and rtc files. since that is where I said they are in chrony.conf. A tmpfs filesystem would
be a bad place for them because they ahve to survive across reboots.








--
To unsubscribe email chrony-users-request@xxxxxxxxxxxxxxxxxxxx with "unsubscribe" in the subject. For help email chrony-users-request@xxxxxxxxxxxxxxxxxxxx with "help" in the subject.
Trouble?  Email listmaster@xxxxxxxxxxxxxxxxxxxx.


--
To unsubscribe email chrony-users-request@xxxxxxxxxxxxxxxxxxxx with "unsubscribe" in the subject. For help email chrony-users-request@xxxxxxxxxxxxxxxxxxxx with "help" in the subject.
Trouble?  Email listmaster@xxxxxxxxxxxxxxxxxxxx.


Mail converted by MHonArc 2.6.19+ http://listengine.tuxfamily.org/