| Re: [chrony-users] Debian stretch read only rootfs? |
[ Thread Index |
Date Index
| More chrony.tuxfamily.org/chrony-users Archives
]
- To: chrony-users@xxxxxxxxxxxxxxxxxxxx
- Subject: Re: [chrony-users] Debian stretch read only rootfs?
- From: "Kevin P. Fleming" <kevin@xxxxxxx>
- Date: Fri, 4 Feb 2022 13:33:35 -0500
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=km6g.us; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :content-transfer-encoding; bh=zCeRfEhTTVP6IODpq7N63ILwibDqRQ96aTzb9YfyA9k=; b=RmUs8ZEBIoqM4qQklnEehlbCNaE1dsO1VLUdldF8lbzMY/0YUJ9RVodDz0XjlA3ni/ wQ5ONNvbuGDmiWd0DinaKL8tHn7AbQs/y4sA/yytQd3lA8o18+PGUzasgP8L0LAFRO6n 0OpPRNKGISVQ/ut5xZwAsQFSvPdr7NlX8PeI1crHM1Rb3CPT+9qhAbPurKjBF1MFWeFU OroVhHezAf0ZbV7x2C6IgY5vtdte6UURLoCME+vDIThotpGRzIkTuqNivO8sKrKjLj1X 6xRwH2zlfuBiXQmdVaSH5Gjnnlb+1YqH4ZWSv6p01B5KZ7msLiV8uvFS1a/jQEIN8RHI tQzQ==
You do not need to mount a tmpfs at /run/chrony, /run is already a
tmpfs. systemd should be creating /run/chrony automatically, with the
proper ownership, and creating it yourself means it won't have the
proper ownership unless you do that too.
For the other filesystems, you will need to ensure that they are owned
by the proper user and group, and have the correct permissions. You
are basically emulating the normal system's behavior, which the
service unit file assumes will happen. If you want to continue down
that path I'd encourage you to look at a regular system that has a
read-write root filesystem to see what each of those directories looks
like so you can reproduce it.
Alternatively you could just create your own, simpler, service unit
file that doesn't have all of those assumptions.
On Fri, Feb 4, 2022 at 1:30 PM Bill Unruh <unruh@xxxxxxxxxxxxxx> wrote:
>
>
> And what are the permissions for all thos directories?
>
> William G. Unruh __| Canadian Institute for|____ Tel: +1(604)822-3273
> Physics&Astronomy _|___ Advanced Research _|____ Fax: +1(604)822-5324
> UBC, Vancouver,BC _|_ Program in Cosmology |____ unruh@xxxxxxxxxxxxxx
> Canada V6T 1Z1 ____|____ and Gravity ______|_ www.theory.physics.ubc.ca/
>
> On Fri, 4 Feb 2022, Matthew Eshleman wrote:
>
> > [CAUTION: Non-UBC Email]Thank you to all responding. Sadly still not working.
> > I added basically all of the indicated folders as tmpfs:
> >
> > ~# df
> > Filesystem 1K-blocks Used Available Use% Mounted on
> > /dev/root 257664 257664 0 100% /
> > devtmpfs 167400 0 167400 0% /dev
> > tmpfs 167912 0 167912 0% /dev/shm
> > tmpfs 167912 980 166932 1% /run
> > tmpfs 5120 8 5112 1% /run/lock
> > tmpfs 167912 0 167912 0% /sys/fs/cgroup
> > tmpfs 1024 0 1024 0% /run/chrony
> > tmpfs 1024 0 1024 0% /var/db/chrony
> > tmpfs 1024 4 1020 1% /var/lib/dhcp
> > tmpfs 2048 20 2028 1% /run_etc_tmpfs
> > tmpfs 167912 0 167912 0% /tmp
> > tmpfs 1024 0 1024 0% /var/volatile/lib/chrony
> > tmpfs 1024 0 1024 0% /var/lib/chrony
> > tmpfs 1024 0 1024 0% /var/spool
> > tmpfs 1024 12 1012 2% /var/log
> > overlay 2048 20 2028 1% /etc
> > /dev/mmcblk0p5 122835 2669 113613 3% /media/settings
> >
> > But the end results are the same. Same failure. I've also confirmed that systemctl restart fails too, same
> > message as before.
> >
> > Additionally, my rev of debian apparently does not show the ReadWritePaths attribute. Perhaps we are just
> > too old at this point?
> >
> > I also manually ran chronyd, which seemed to run/start. The logs/journal does show:
> >
> > Feb 04 17:33:51 M chronyd[1888]: chronyd version 3.0 starting (+CMDMON +NTP +REFCLOCK +RTC +PRIVDROP
> > +SCFILTER +SECHASH +SIGND +ASYNCDNS +IPV6 -DEBUG)
> > Feb 04 17:33:51 M chronyd[1888]: Wrong permissions on /run/chrony
> > Feb 04 17:33:51 M chronyd[1888]: Disabled command socket /run/chrony/chronyd.sock
> >
> > Any further thoughts?
> >
> > Best regards,
> >
> > Matthew
> >
> >
> >
> > On Fri, Feb 4, 2022 at 10:39 AM Jan Mikkelsen <janm@xxxxxxxxxxxxxxxxxxx> wrote:
> > Hello,
> > For what it’s worth, I am running chrony on a FreeBSD system with a read-only root filesystem
> > (including read-only /etc) just fine. The places chrony writes on this system are /var/run/chrony
> > and /var/db/chrony.
> >
> > Regards,
> >
> > Jan M.
> >
> >
> > On 4 Feb 2022, at 17:06, Matthew Eshleman <matthew@xxxxxxxxxxxxxxxxxxxxxxxx> wrote:
> >
> > Hello all,
> > I've been experimenting with chrony for an embedded linux system and we have decided to move
> > forward, adding NTP as a feature to this device, using chrony. Previously this device only
> > supported human manual time entry. All experiments to-date have been on a development unit
> > with a fairly normal read/write debian rootfs.
> >
> > This device is currently using debian stretch, and we use a multistrap approach to generate
> > our rootfs, which is then packaged into a read only rootfs using squashfs for our production
> > configuration.
> >
> > In my attempts so far, chrony fails to start. We have a ramfs overlay for /etc/ and I added
> > one for /var/lib/chrony as well. The logs/journal did not point me to the exact folder/file
> > that is blocking chrony from starting with a read only root filesystem, and I didn't find
> > specific hints via google (except for some redhat patch, that I do not believe applies
> > here...)
> >
> > Additionally, I configured chrony to use a drift file that is on a separate read/write
> > partition.
> >
> > What additional files/folders does chrony need to be read/write?
> >
> > Logs and such are below:
> >
> > Feb 04 15:19:34 M systemd[1]: Started Raise network interfaces.
> > Feb 04 15:19:34 M systemd[1]: Reached target Network.
> > Feb 04 15:19:34 M systemd[1]: chrony.service: Failed to run 'start' task: Read-only file
> > system
> > Feb 04 15:19:34 M systemd[1]: Failed to start chrony, an NTP client/server.
> > Feb 04 15:19:35 M systemd[1]: chrony.service: Unit entered failed state..
> > Feb 04 15:19:35 M systemd[1]: chrony.service: Failed with result 'resources'.
> >
> > systemctl status chrony
> > ● chrony.service - chrony, an NTP client/server
> > Loaded: loaded (/lib/systemd/system/chrony.service; enabled; vendor preset: e
> > Active: failed (Result: resources)
> > Docs: man:chronyd(8)
> > man:chronyc(1)
> > man:chrony.conf(5)
> >
> > ~# df
> > Filesystem 1K-blocks Used Available Use% Mounted on
> > /dev/root 257664 257664 0 100% /
> > devtmpfs 167400 0 167400 0% /dev
> > tmpfs 167912 0 167912 0% /dev/shm
> > tmpfs 167912 960 166952 1% /run
> > tmpfs 5120 8 5112 1% /run/lock
> > tmpfs 167912 0 167912 0% /sys/fs/cgroup
> > tmpfs 1024 0 1024 0% /var/lib/chrony
> > tmpfs 2048 16 2032 1% /run_etc_tmpfs
> > tmpfs 167912 0 167912 0% /tmp
> > tmpfs 1024 4 1020 1% /var/lib/dhcp
> > overlay 2048 16 2032 1% /etc
> > /dev/mmcblk0p5 122835 2612 113670 3% /media/settings
> >
> > chronyd version 3.0 (+CMDMON +NTP +REFCLOCK +RTC +PRIVDROP +SCFILTER +SECHASH +SIGND +ASYNCDNS
> > +IPV6 -DEBUG)
> >
> > Thank you very much for any pointers, tips, etc.
> >
> > Best regards,
> >
> > Matthew
> >
> >
> >
> >
> >
> >
--
To unsubscribe email chrony-users-request@xxxxxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject.
For help email chrony-users-request@xxxxxxxxxxxxxxxxxxxx
with "help" in the subject.
Trouble? Email listmaster@xxxxxxxxxxxxxxxxxxxx.