[SOLVED] All timeservers are unusable with chrony

beroal · 2024-02-02 11:15:00

My desktop's time is off by 10 seconds relative to my Android smartphone's time and several web clocks. (My Android smartphone's time and the web clocks differ by 2 seconds.) I use chrony on my desktop. I tried to set different timeservers in “/etc/chrony.conf”. The procedure is as follows.

0. Set a time server in “/etc/chrony.conf”. Below is an example excerpt.

! server ntp1.example.net iburst
! server ntp2.example.net iburst
! server ntp3.example.net iburst

! pool 2.arch.pool.ntp.org iburst
! server 0.ua.pool.ntp.org iburst
! server 1.ua.pool.ntp.org iburst
! server 2.ua.pool.ntp.org iburst
! server 3.ua.pool.ntp.org iburst
server 2.in.pool.ntp.org iburst

1. Restart chrony.

systemctl restart chronyd

2. Check timeservers that chrony uses.

chronyc sources

MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^? 172-235-18-211.ip.linode>     2   6    17     9   -10.7s[ -10.7s] +/-  148ms

3. Check my computer's time.

chronyc tracking

Reference ID    : 00000000 ()
Stratum         : 0
Ref time (UTC)  : Thu Jan 01 00:00:00 1970
System time     : 0.000000002 seconds slow of NTP time
Last offset     : +0.000000000 seconds
RMS offset      : 0.000000000 seconds
Frequency       : 6.900 ppm slow
Residual freq   : +0.000 ppm
Skew            : 0.000 ppm
Root delay      : 1.000000000 seconds
Root dispersion : 1.000000000 seconds
Update interval : 0.0 seconds
Leap status     : Not synchronised

So chrony reports that my computer's time is synchronized.

Last edited by beroal (2024-02-02 14:48:47)

beroal · 2024-02-02 11:59:32

It seems that the output of

chronyc tracking

is absurd. Why is it?

icar · 2024-02-02 12:09:18

Why are you using chrony?

Have you read https://wiki.archlinux.org/title/System_time ?

I personally recommend https://wiki.archlinux.org/title/Systemd-timesyncd.

How did you install ArchLinux? If with the official guide, you should have seen https://wiki.archlinux.org/title/Instal … guide#Time which states

To prevent clock drift and ensure accurate time, set up time synchronization using a Network Time Protocol (NTP) client such as systemd-timesyncd.

beroal · 2024-02-02 12:31:33

icar wrote:

How did you install ArchLinux? If with the official guide, you should have seen https://wiki.archlinux.org/title/Instal … guide#Time which states
To prevent clock drift and ensure accurate time, set up time synchronization using a Network Time Protocol (NTP) client such as systemd-timesyncd.

Notice “such as”. IMHO, chrony is as good as any other NTP client.

beroal · 2024-02-02 12:41:16

After I stopped the chrony systemd demon and executed it once with

chronyd -q 'server 1.ua.pool.ntp.org iburst'

chrony fixed my time.

However, chrony is acting weird as a systemd demon. I added more timeservers to “/etc/chrony.conf”.

chronyc sources -v

outputs

  .-- Source mode  '^' = server, '=' = peer, '#' = local clock.
 / .- Source state '*' = current best, '+' = combined, '-' = not combined,
| /             'x' = may be in error, '~' = too variable, '?' = unusable.
||                                                 .- xxxx [ yyyy ] +/- zzzz
||      Reachability register (octal) -.           |  xxxx = adjusted offset,
||      Log2(Polling interval) --.      |          |  yyyy = measured offset,
||                                \     |          |  zzzz = estimated error.
||                                 |    |           \
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^? main13.ip-connect.net.ua      2   6   377    60   +898us[ +898us] +/-   34ms
^? omega-podval.ip-connect.>     2   6   377    61   +835us[ +835us] +/-   16ms
^? ns1.infomir.com.ua            3   6   377    59  +1380us[+1380us] +/-   55ms
^? eye.ip-connect.net.ua         2   6   377    59  +1421us[+1421us] +/-   19ms
^? shtucer.tntu.edu.ua           2   6   377    59   +181us[ +181us] +/-   42ms
^? ns2.infomir.com.ua            2   7     3   120  +1076us[+1076us] +/-   54ms
^? dns1.campus-rv.net            2   6   377    62   +326us[ +326us] +/- 7893us
^? net-193-84-22.komitex.net     1   6   377    59  +1371us[+1371us] +/-   12ms
^? ns3051461.ip-51-255-95.eu     3   6   377    60  +1180us[+1180us] +/-   66ms
^? h2993030.stratoserver.net     2   6   377    59  -1172us[-1172us] +/-   30ms
^? ntp.qntmnet.com               2   6   377    61    -12ms[  -12ms] +/-  287ms

All timeservers are marked with “?” which means “unusable”. And what does “unusable” mean?

In the first post,

chronyc sources

reported that “Last sample” was “-10.7s[ -10.7s] +/- 148ms”. Hence, it saw that my computer's time is off by 10.7 seconds, but didn't do anything about it.

Last edited by beroal (2024-02-02 12:41:48)

beroal · 2024-02-02 13:48:46

“/etc/chrony.conf”:

#######################################################################
#
# This is an example chrony configuration file.  You should copy it to
# /etc/chrony.conf after uncommenting and editing the options that you
# want to enable.  The more obscure options are not included.  Refer
# to the documentation for these.
#
#######################################################################
### COMMENTS
# Any of the following lines are comments (you have a choice of
# comment start character):
# a comment
% a comment
! a comment
; a comment
#
# Below, the '!' form is used for lines that you might want to
# uncomment and edit to make your own chrony.conf file.
#
#######################################################################
#######################################################################
### SPECIFY YOUR NTP SERVERS
# Most computers using chrony will send measurement requests to one or
# more 'NTP servers'.  You will probably find that your Internet Service
# Provider or company have one or more NTP servers that you can specify.
# Failing that, there are a lot of public NTP servers.  There is a list
# you can access at http://support.ntp.org/bin/view/Servers/WebHome or
# you can use servers from the pool.ntp.org project.

! server ntp1.example.net iburst
! server ntp2.example.net iburst
! server ntp3.example.net iburst

pool 2.arch.pool.ntp.org iburst
server 0.ua.pool.ntp.org iburst
server 1.ua.pool.ntp.org iburst
server 2.ua.pool.ntp.org iburst
server 3.ua.pool.ntp.org iburst
server 0.fr.pool.ntp.org iburst
server 1.de.pool.ntp.org iburst
server 2.in.pool.ntp.org iburst
 
#######################################################################
### AVOIDING POTENTIALLY BOGUS CHANGES TO YOUR CLOCK
#
# To avoid changes being made to your computer's gain/loss compensation
# when the measurement history is too erratic, you might want to enable
# one of the following lines.  The first seems good with servers on the
# Internet, the second seems OK for a LAN environment.

! maxupdateskew 100
! maxupdateskew 5

# If you want to increase the minimum number of selectable sources
# required to update the system clock in order to make the
# synchronisation more reliable, uncomment (and edit) the following
# line.

! minsources 2

# If your computer has a good stable clock (e.g. it is not a virtual
# machine), you might also want to reduce the maximum assumed drift
# (frequency error) of the clock (the value is specified in ppm).

! maxdrift 100

# By default, chronyd allows synchronisation to an unauthenticated NTP
# source (i.e. specified without the nts and key options) if it agrees with
# a majority of authenticated NTP sources, or if no authenticated source is
# specified.  If you don't want chronyd to ever synchronise to an
# unauthenticated NTP source, uncomment the first from the following lines.
# If you don't want to synchronise to an unauthenticated NTP source only
# when an authenticated source is specified, uncomment the second line.
# If you want chronyd to ignore authentication in the source selection,
# uncomment the third line.

authselectmode require
! authselectmode prefer
! authselectmode ignore

#######################################################################
### FILENAMES ETC
# Chrony likes to keep information about your computer's clock in files.
# The 'driftfile' stores the computer's clock gain/loss rate in parts
# per million.  When chronyd starts, the system clock can be tuned
# immediately so that it doesn't gain or lose any more time.  You
# generally want this, so it is uncommented.

driftfile /var/lib/chrony/drift

# If you want to enable NTP authentication with symmetric keys, you will need
# to uncomment the following line and edit the file to set up the keys.

! keyfile /etc/chrony.keys

# If you specify an NTP server with the nts option to enable authentication
# with the Network Time Security (NTS) mechanism, or enable server NTS with
# the ntsservercert and ntsserverkey directives below, the following line will
# allow the client/server to save the NTS keys and cookies in order to reduce
# the number of key establishments (NTS-KE sessions).

ntsdumpdir /var/lib/chrony

# If chronyd is configured to act as an NTP server and you want to enable NTS
# for its clients, you will need a TLS certificate and private key.  Uncomment
# and edit the following lines to specify the locations of the certificate and
# key.

! ntsservercert /etc/.../nts-server.crt
! ntsserverkey /etc/.../nts-server.key

# chronyd can save the measurement history for the servers to files when
# it exits.  This is useful in 2 situations:
#
# 1. If you stop chronyd and restart it with the '-r' option (e.g. after
# an upgrade), the old measurements will still be relevant when chronyd
# is restarted.  This will reduce the time needed to get accurate
# gain/loss measurements.
#
# 2. On Linux, if you use the RTC support and start chronyd with
# '-r -s' on bootup, measurements from the last boot will still be
# useful (the real time clock is used to 'flywheel' chronyd between
# boots).
#
# Uncomment the following line to use this.

! dumpdir /var/lib/chrony

# chronyd writes its process ID to a file.  If you try to start a second
# copy of chronyd, it will detect that the process named in the file is
# still running and bail out.  If you want to change the path to the PID
# file, uncomment this line and edit it.  The default path is shown.

! pidfile /var/run/chrony/chronyd.pid

# If the system timezone database is kept up to date and includes the
# right/UTC timezone, chronyd can use it to determine the current
# TAI-UTC offset and when will the next leap second occur.

leapsectz right/UTC

#######################################################################
### INITIAL CLOCK CORRECTION
# This option is useful to quickly correct the clock on start if it's
# off by a large amount.  The value '1.0' means that if the error is less
# than 1 second, it will be gradually removed by speeding up or slowing
# down your computer's clock until it is correct.  If the error is above
# 1 second, an immediate time jump will be applied to correct it.  The
# value '3' means the step is allowed only in the first three updates of
# the clock.  Some software can get upset if the system clock jumps
# (especially backwards), so be careful!

makestep 1.0 3

#######################################################################
### LEAP SECONDS
# A leap second is an occasional one-second correction of the UTC
# time scale.  By default, chronyd tells the kernel to insert/delete
# the leap second, which makes a backward/forward step to correct the
# clock for it.  As with the makestep directive, this jump can upset
# some applications.  If you prefer chronyd to make a gradual
# correction, causing the clock to be off for a longer time, uncomment
# the following line.

! leapsecmode slew

#######################################################################
### LOGGING
# If you want to log information about the time measurements chronyd has
# gathered, you might want to enable the following lines.  You probably
# only need this if you really enjoy looking at the logs, you want to
# produce some graphs of your system's timekeeping performance, or you
# need help in debugging a problem.

! logdir /var/log/chrony
! log measurements statistics tracking

# If you have real time clock support enabled (see below), you might want
# this line instead:

! log measurements statistics tracking rtc

#######################################################################
### ACTING AS AN NTP SERVER
# You might want the computer to be an NTP server for other computers.
#
# By default, chronyd does not allow any clients to access it.  You need
# to explicitly enable access using 'allow' and 'deny' directives.
#
# e.g. to enable client access from the 192.168.*.* class B subnet,

! allow 192.168/16

# .. but disallow the 192.168.100.* subnet of that,

! deny 192.168.100/24

# You can have as many allow and deny directives as you need.  The order
# is unimportant.

# If you want to present your computer's time for others to synchronise
# with, even if you don't seem to be synchronised to any NTP servers
# yourself, enable the following line.  The value 10 may be varied
# between 1 and 15.  You should avoid small values because you will look
# like a real NTP server.  The value 10 means that you appear to be 10
# NTP 'hops' away from an authoritative source (atomic clock, GPS
# receiver, radio clock etc).

! local stratum 10

# Normally, chronyd will keep track of how many times each client
# machine accesses it.  The information can be accessed by the 'clients'
# command of chronyc.  You can disable this facility by uncommenting the
# following line.  This will save a bit of memory if you have many
# clients and it will also disable support for the interleaved mode.

! noclientlog

# The clientlog size is limited to 512KB by default.  If you have many
# clients, you might want to increase the limit.

! clientloglimit 4194304

# By default, chronyd tries to respond to all valid NTP requests from
# allowed addresses.  If you want to limit the response rate for NTP
# clients that are sending requests too frequently, uncomment and edit
# the following line.

! ratelimit interval 3 burst 8

#######################################################################
### REPORTING BIG CLOCK CHANGES
# Perhaps you want to know if chronyd suddenly detects any large error
# in your computer's clock.  This might indicate a fault or a problem
# with the server(s) you are using, for example.
#
# The next option causes a message to be written to syslog when chronyd
# has to correct an error above 0.5 seconds (you can use any amount you
# like).

! logchange 0.5

# The next option will send email to the named person when chronyd has
# to correct an error above 0.5 seconds.  (If you need to send mail to
# several people, you need to set up a mailing list or sendmail alias
# for them and use the address of that.)

! mailonchange wibble@example.net 0.5

#######################################################################
### COMMAND ACCESS
# The program chronyc is used to show the current operation of chronyd
# and to change parts of its configuration whilst it is running.

# By default chronyd binds to the loopback interface.  Uncomment the
# following lines to allow receiving command packets from remote hosts.

! bindcmdaddress 0.0.0.0
! bindcmdaddress ::

# Normally, chronyd will only allow connections from chronyc on the same
# machine as itself.  This is for security.  If you have a subnet
# 192.168.*.* and you want to be able to use chronyc from any machine on
# it, you could uncomment the following line.  (Edit this to your own
# situation.)

! cmdallow 192.168/16

# You can add as many 'cmdallow' and 'cmddeny' lines as you like.  The
# syntax and meaning is the same as for 'allow' and 'deny', except that
# 'cmdallow' and 'cmddeny' control access to the chronyd's command port.

# Rate limiting can be enabled also for command packets.  (Note,
# commands from localhost are never limited.)

! cmdratelimit interval -4 burst 16

#######################################################################
### HARDWARE TIMESTAMPING
# On Linux, if the network interface controller and its driver support
# hardware timestamping, it can significantly improve the accuracy of
# synchronisation. It can be enabled on specified interfaces only, or it
# can be enabled on all interfaces that support it.

! hwtimestamp eth0
! hwtimestamp *

#######################################################################
### REAL TIME CLOCK
# chronyd can characterise the system's real-time clock.  This is the
# clock that keeps running when the power is turned off, so that the
# machine knows the approximate time when it boots again.  The error at
# a particular epoch and gain/loss rate can be written to a file and
# used later by chronyd when it is started with the '-s' option.
#
# You need to have 'enhanced RTC support' compiled into your Linux
# kernel.  (Note, these options apply only to Linux.)

! rtcfile /var/lib/chrony/rtc

# Your RTC can be set to keep Universal Coordinated Time (UTC) or local
# time.  (Local time means UTC +/- the effect of your timezone.)  If you
# use UTC, chronyd will function correctly even if the computer is off
# at the epoch when you enter or leave summer time (aka daylight saving
# time).  However, if you dual boot your system with Microsoft Windows,
# that will work better if your RTC maintains local time.  You take your
# pick!

rtconutc

# By default chronyd assumes that the enhanced RTC device is accessed as
# /dev/rtc.  If it's accessed somewhere else on your system (e.g. you're
# using devfs), uncomment and edit the following line.

! rtcdevice /dev/misc/rtc

# Alternatively, if not using the -s option, this directive can be used
# to enable a mode in which the RTC is periodically set to the system
# time, with no tracking of its drift.

rtcsync

#######################################################################
### REAL TIME SCHEDULER
# This directive tells chronyd to use the real-time FIFO scheduler with the
# specified priority (which must be between 0 and 100).  This should result
# in reduced latency.  You don't need it unless you really have a requirement
# for extreme clock stability.  Works only on Linux.  Note that the "-P"
# command-line switch will override this.

! sched_priority 1

#######################################################################
### LOCKING CHRONYD INTO RAM
# This directive tells chronyd to use the mlockall() syscall to lock itself
# into RAM so that it will never be paged out.  This should result in reduced
# latency.  You don't need it unless you really have a requirement
# for extreme clock stability.  Works only on Linux.  Note that the "-m"
# command-line switch will also enable this feature.

! lock_all

d.ALT · 2024-02-02 14:07:02

I don't know what chronyis, but have you take a look at?:

beroal wrote:

# To avoid changes being made to your computer's gain/loss compensation
# when the measurement history is too erratic, you might want to enable
# one of the following lines.  The first seems good with servers on the
# Internet, the second seems OK for a LAN environment.

! maxupdateskew 100
! maxupdateskew 5

just4arch · 2024-02-02 14:12:34

authselectmode require

You might want to change that.

loqs · 2024-02-02 14:18:56

beroal wrote:

All timeservers are marked with “?” which means “unusable”. And what does “unusable” mean?

https://man.archlinux.org/man/chronyc.1#Time_sources

? indicates a source which is not considered to be selectable for synchronisation for other reasons (e.g. unreachable, not synchronised, or does not have enough measurements).
The selectdata command can be used to get more details about the selection state.

beroal wrote:

In the first post,
chronyc sources
reported that “Last sample” was “-10.7s[ -10.7s] +/- 148ms”. Hence, it saw that my computer's time is off by 10.7 seconds, but didn't do anything about it.

The report from a source that chrony does not consider to be selectable for synchronisation.

beroal wrote:

So chrony reports that my computer's time is synchronized.

What in your first post leads you to conclude that?

Last edited by loqs (2024-02-02 14:19:54)

beroal · 2024-02-02 14:48:04

just4arch wrote:

authselectmode require
You might want to change that.

Thank you! This solved it.

ewaller · 2024-02-02 16:07:38

beroal wrote:

My Android smartphone's time and the web clocks differ by 2 seconds.

Why? That is not a good number, they should be closer by an order of magnitude if not two.

Arch Linux

#1 2024-02-02 11:15:00

[SOLVED] All timeservers are unusable with chrony

#2 2024-02-02 11:59:32

Re: [SOLVED] All timeservers are unusable with chrony

#3 2024-02-02 12:09:18

Re: [SOLVED] All timeservers are unusable with chrony

#4 2024-02-02 12:31:33

Re: [SOLVED] All timeservers are unusable with chrony

#5 2024-02-02 12:41:16

Re: [SOLVED] All timeservers are unusable with chrony

#6 2024-02-02 13:48:46

Re: [SOLVED] All timeservers are unusable with chrony

#7 2024-02-02 14:07:02

Re: [SOLVED] All timeservers are unusable with chrony

#8 2024-02-02 14:12:34

Re: [SOLVED] All timeservers are unusable with chrony

#9 2024-02-02 14:18:56

Re: [SOLVED] All timeservers are unusable with chrony

#10 2024-02-02 14:48:04

Re: [SOLVED] All timeservers are unusable with chrony

#11 2024-02-02 16:07:38

Re: [SOLVED] All timeservers are unusable with chrony

Board footer