[chrony-users] check_ntp_peer with Chrony

[ Thread Index | Date Index | More chrony.tuxfamily.org/chrony-users Archives ]

To: chrony-users@xxxxxxxxxxxxxxxxxxxx
Subject: [chrony-users] check_ntp_peer with Chrony
From: Daniele Palumbo <daniele@xxxxxxxxxxxx>
Date: Thu, 18 Jan 2018 16:35:31 +0100

Hi,

This post is quite long... sorry for that...

I need to monitor instances of chrony with icinga/nagios/...
I am on Debian Stretch, Chrony version 3.0-4+deb9u1.

I have seen a specific plugin on github, but i would like to keep it very straightforward.

So my goal has became to have monitoring-plugins check_ntp_peer working with Chrony.

https://github.com/monitoring-plugins/monitoring-plugins/blob/master/plugins/check_ntp_peer.c

From the following thread
https://support.nagios.com/forum/viewtopic.php?f=7&t=33845

Claim that this should be possible if NTPv4 is supported.
and Chrony does support NTPv4 (unicast).

Chrony already listen on 123 port, and i can use ntpdate to lookup for the time.

I have seen that a simple ntpdate request data in NTPv4, and the server does correctly reply.

But, check_ntp_peer will fail with timeout.
check_ntp_peer is asking instead for a NTPv2, for some reason.

# tcpdump -i any -n port 123 and host 172.16.8.102 -s0 -X
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
15:52:14.783472 IP XXX.XXX.XXX.XXX.56786 > XXX.XXX.XXX.XXX.123: NTPv2, Reserved, length 12
        0x0000:  4500 0028 1cc7 4000 4011 b574 ac10 0866  E..(..@.@..t...f
        0x0010:  ac10 0803 ddd2 007b 0014 a2ec 1601 0001  ........{........
        0x0020:  0000 0000 0000 0000 0000 0000 0000       ..............


NTPv2 is claimed to be supported since 1.28 version anyway,
https://git.tuxfamily.org/chrony/chrony.git/tree/NEWS?h=3.0&id=d5c507975c5ba5da32c9c7264dfde8b68a6140e5

Looking further, this call is READSTAT
# /usr/lib/nagios/plugins/check_ntp_peer -H XXX.XXX.XXX.XXX -vv
sending READSTAT requestcontrol packet contents:
        flags: 0x16 , 0x01
          li=0 (0x00)
          vn=2 (0x10)
          mode=6 (0x06)
          response=0 (0x00)
          more=0 (0x00)
          error=0 (0x00)
          op=1 (0x01)
        sequence: 1 (0x01)
        status: 0 (0x00)
        assoc: 0 (0x00)
        offset: 0 (0x00)
        count: 0 (0x00)
CRITICAL - Socket timeout
recieving READSTAT response

Description is here:
https://github.com/monitoring-plugins/monitoring-plugins/blob/master/plugins/check_ntp_peer.c#L223

Thinking of a I have checked if any option would fit me, even in the latest release.
https://chrony.tuxfamily.org/doc/3.2/chrony.conf.html

I went throgh
cmdallow
option, but this is only for chronyc.

Not other options seems to me fitting.

I have tried to lookup into Chrony sources as well... no luck.

READSTAT seems to be defined (at least) in
https://tools.ietf.org/id/draft-odonoghue-ntpv4-control-00.html

That means, opcode 1
|   1   | read status command/response                     |

So, is there a flag that i have missed to support read status opcode in Chrony?
Or is this not currently possible at all?

Thank you very much,
Daniele

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

Follow-Ups:
- Re: [chrony-users] check_ntp_peer with Chrony
  - From: Miroslav Lichvar
- Re: [chrony-users] check_ntp_peer with Chrony
  - From: Bill Unruh

Messages sorted by: [ date | thread ]
Prev by Date: Re: [chrony-users] Newbie Help Needed
Next by Date: Re: [chrony-users] check_ntp_peer with Chrony
Previous by thread: Re: [chrony-users] Re: Configuring chrony on SAMBA4 AD server
Next by thread: Re: [chrony-users] check_ntp_peer with Chrony

Mail converted by MHonArc 2.6.19+

http://listengine.tuxfamily.org/