Re: [chrony-users] Unreachable sources only updates NTPSynchronized on service start

[Bill Unruh <unruh@xxxxxxxxxxxxxx>]

On Tue, 17 Mar 2020, Jan Breuer wrote:

> Hi Jordan,
> after looking in the source code [1] of systemd-timedated (provider
> of org.freedesktop.timedate1 DBUS interface), you can see how "NTPSynchronized" is
> determined.
>
> Where timex.maxerror is some worst case estimation of error of current time. It is
> automatically incremented by the kernel and it tooks 8.89 hours to go from 0 to threshold of
> timedated. You can see direct value just by calling "adjtimex -p" and the threshold of
> timedated is 16000000. This value comes from linux kernel and it is NTP_PHASE_LIMIT [2]
> This value is incremented every second by 500 by the linux kernel itself [3]. This is fixed
> increment of worst case value.
> So it is badly named property. It does not mean, that your NTP client see some upstream
> server, but it means, that maximum estimated error of system time is not grater then some
> fixed value.
>
> Question is if Chrony touches somehow these values even if it is not synchronized. I don't
> know this.
> If chrony does not touch any kernel time adjustment interfaces, it can take hours for this
> dbus property to go to false state.

One of the whole purposes of any ntp system is to discipline not only the
time, but also the rate of the clock. Thus even if no external sources are
available, the time ticked off by the clock should be 1 sec par sec, and its
time should have started at UTC. If that were correct then the clock should
tick off UTC-- be synchronized to UTC-- forever more. Of course it is not
right, since the measurements have uncertainties, and the clock rate can vary
due especially to temperature fluctuations. meaning that the deviation from
UTC will grow with time. Now, one can estimate the undertainty in the time by
having an estimate in the uncertainty of the rate and of the initial time.
When do you say that estimated uncertainty is too big. If both were zero, then
the clock could tick away on its own for years and still determine UTC. For
example, the atomic clocks at the National labs define UTC because that
uncertainty remains very small for centuries even if the clock is running on
its own. They do have a number of clocks, so average, and a number of
international clocks, and average, but that only buys you 1/sqrt(N) where N is
the number of clocks. You would hardly want chrony to report that the clock
was not synchronized to UTC immediately it cannot reach one of its servers,
because you used the design of ntp to make sure that the clock does tick one
second per second, and its time is right. It is synchronized to UTC ( which is
the only measure that makes any sense) for a long time thereafter. How long
will depend on the uncertainty in the measured values of the rate, of the time
offset, and the wandering due to outside influences of the rate. All of those
aspects are estimated by chrony while it is running.  Can things change? Of
course. Someone could run hwclock and purposely change the time (for a test
let us say) , and the time it shows
may well be off by a lot. But estimates cannot take something like that into
account. So there is a difference between "I am unsynchronized to UTC" and "I
have no servers to compare with".

By looking in chronyc at the sources command, one can see whether chrony
thinks it has any servers to try to compare itself with. But that is different
from "do you think you are synchronized with UTC?"



> Best regards,
> Jan Breuer
>
> [1] https://github.com/systemd/systemd/blob/a4f4a4e44100025cfbe01b042db386e0e933c627/src/bas
> ic/time-util.c#L1190
> [2] https://elixir.bootlin.com/linux/v5.5/source/include/linux/timex.h#L132
> [3] https://elixir.bootlin.com/linux/v4.8/source/kernel/time/ntp.c#L456
>
> po 16. 3. 2020 v 23:36 odesílatel Jordan Gibbens <jgibbens@xxxxxxxxxxxxxxxxxxxxxx> napsal:
>       Hi,
>
> ]# cat /etc/redhat-release
> CentOS Linux release 8.1.1911 (Core)
>
> ]# uname -r
> 4.18.0-147.3.1.el8_1.x86_64
>
> ]# rpm -qa | grep chrony
> chrony-3.5-1.el8.x86_64
>
> I've been working with dbus and org.freedesktop.timedate1. If I purposefully stop my
> upstream NTP server that my chrony client is synchronizing to, the NTPSynchronized
> property never seems to get updated to reflect this.
>
> ]# chronyc sources
> 210 Number of sources = 1
> MS Name/IP address         Stratum Poll Reach LastRx Last sample               
> ===============================================================================
> ^? head.cluster                  3   6     0   636    -29us[  +95ns] +/- 8964us
> So the single NTP source is clearly unreachable in this scenario. Yet, I will still see
> NTPSynchronized in DBUS.
>
> # gdbus introspect --system --dest org.freedesktop.timedate1 --object-path
> /org/freedesktop/timedate1 | grep NTPSynchronized
>       readonly b NTPSynchronized = true;
>
>
> Timedatectl shows the same.
>
> ]# timedatectl 
> ...
> System clock synchronized: yes
>               NTP service: active
> And within chrony, it doesn't update leap status. Or show the server as down in the activity 
> report.
> ]# chronyc tracking | grep ^Leap
> Leap status     : Normal
> ]# chronyc activity
> 200 OK
> 1 sources online
> 0 sources offline
> 0 sources doing burst (return to online)
> 0 sources doing burst (return to offline)
> 0 sources with unknown address
>
> This behavior seems indefinite, until I restart the client side chronyd service.
> ]# systemctl restart chronyd
> ]# gdbus introspect --system --dest org.freedesktop.timedate1 --object-path /org/freedesktop/
> timedate1 | grep NTPSynchronized
>       readonly b NTPSynchronized = false;
> ]# chronyc tracking | grep ^Leap
> Leap status     : Not synchronised
> ]# chronyc activity
> 200 OK
> 1 sources online
> 0 sources offline
> ]# chronyc sources 
> 210 Number of sources = 1
> MS Name/IP address         Stratum Poll Reach LastRx Last sample               
> ===============================================================================
> ^? head.cluster                  0   8     0     -     +0ns[   +0ns] +/-    0ns
>
> If I bring the NTP source online, then restart the chronyd client, it will properly update to
>  show not synchronized, then eventually synchronized. The sync state appears to only get upda
> ted during the chronyd service startup sequence though.
>
> I really liked the idea of being able to easily show the NTP synchronization status, and this
>  is already done in the Cockpit GUI 'system' tab. Cockpit appears to use the same DBUS value 
> though, because it is not updating properly either. 
> If there is a configuration setting to force chronyd to update at intervals, without restarti
> ng the service, please let me know. I looked through all of the config options but nothing st
> ood out.
> Thank you,
> Jordan Gibbens
> Systems Engineer
> Advanced Clustering Technologies, Inc,