Redundancy between NTP and Chrony for time synchronisation

[FroggyFlox]

During my preparation of #2235, I noticed a "redundancy" between ntpd and chronyd on the system when the user toggles the NTP service ON. Briefly, chronyd is active by default, and configuring and turning the NTP service ON leads to the deactivation of chronyd and activation of ntpd. Turning the NTP service OFF, leads to the deactivation of ntpd and activation of chronyd.

Everything behaves as intended, I believe, so no pressing matter here. I do wonder, however, whether or not we should consider switching fully to chrony as a replacement for NTP (chrony is the default in openSUSE afterall).

Here are some details below:

Fresh install (Rockstor 4.0.5 ISO)

chronyd is activated by default:

rockdev:~ # systemctl status ntpd chronyd
● ntpd.service - NTP Server Daemon
   Loaded: loaded (/usr/lib/systemd/system/ntpd.service; disabled; vendor preset: disabled)
   Active: inactive (dead)
     Docs: man:ntpd(1)

● chronyd.service - NTP client/server
   Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled; vendor preset: enabled)
   Active: active (running) since Tue 2021-01-26 15:26:42 EST; 39min ago
     Docs: man:chronyd(8)
           man:chrony.conf(5)
 Main PID: 600 (chronyd)
    Tasks: 1
   CGroup: /system.slice/chronyd.service
           └─600 /usr/sbin/chronyd

Configure & Start NTP service

journald logs show the deactivation of chronyd and activation of ntpd:

Jan 26 16:07:27 rockdev systemd[1]: Starting NTP Server Daemon...
Jan 26 16:07:27 rockdev systemd[1]: Stopping NTP client/server...
Jan 26 16:07:27 rockdev chronyd[600]: chronyd exiting
Jan 26 16:07:27 rockdev systemd[1]: Stopped NTP client/server.
Jan 26 16:07:27 rockdev ntpd[7645]: ntpd 4.2.8p15@1.3728-o Thu Jun 25 12:00:00 UTC 2020 (1): Starting
Jan 26 16:07:27 rockdev ntpd[7645]: Command line: /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
Jan 26 16:07:27 rockdev ntpd[7645]: ----------------------------------------------------
Jan 26 16:07:27 rockdev ntpd[7645]: ntp-4 is maintained by Network Time Foundation,
Jan 26 16:07:27 rockdev ntpd[7645]: Inc. (NTF), a non-profit 501(c)(3) public-benefit
Jan 26 16:07:27 rockdev ntpd[7645]: corporation.  Support and training for ntp-4 are
Jan 26 16:07:27 rockdev ntpd[7645]: available at https://www.nwtime.org/support
Jan 26 16:07:27 rockdev ntpd[7645]: ----------------------------------------------------
Jan 26 16:07:27 rockdev ntpd[7649]: proto: precision = 0.097 usec (-23)
Jan 26 16:07:27 rockdev ntpd[7649]: basedate set to 2020-06-13
Jan 26 16:07:27 rockdev ntpd[7649]: gps base set to 2020-06-14 (week 2110)
Jan 26 16:07:27 rockdev ntpd[7649]: restrict: ignoring line 57, mask '::' unusable.
Jan 26 16:07:27 rockdev ntpd[7649]: switching logging to file /var/log/ntp
Jan 26 16:07:27 rockdev start-ntpd[7639]: Starting network time protocol daemon (NTPD)
Jan 26 16:07:27 rockdev systemd[1]: Started NTP Server Daemon.
Jan 26 16:07:27 rockdev systemd[1]: Reloading.
Jan 26 16:07:27 rockdev systemd[1]: Binding to IPv6 address not available since kernel does not support IPv6.
Jan 26 16:07:27 rockdev systemd[1]: Binding to IPv6 address not available since kernel does not support IPv6.

rockdev:~ # systemctl status ntpd chronyd
● ntpd.service - NTP Server Daemon
   Loaded: loaded (/usr/lib/systemd/system/ntpd.service; enabled; vendor preset: disabled)
   Active: active (running) since Tue 2021-01-26 16:07:27 EST; 21s ago
     Docs: man:ntpd(1)
 Main PID: 7649 (ntpd)
    Tasks: 2
   CGroup: /system.slice/ntpd.service
           ├─7649 /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf
           └─7651 ntpd: asynchronous dns resolver

● chronyd.service - NTP client/server
   Loaded: loaded (/usr/lib/systemd/system/chronyd.service; disabled; vendor preset: enabled)
   Active: inactive (dead)
     Docs: man:chronyd(8)
           man:chrony.conf(5)

Stop NTP service

journald shows the deactivation of ntpd and activation of chronyd:

Jan 26 16:09:14 rockdev systemd[1]: Reloading.
Jan 26 16:09:14 rockdev systemd[1]: Binding to IPv6 address not available since kernel does not support IPv6.
Jan 26 16:09:14 rockdev systemd[1]: Binding to IPv6 address not available since kernel does not support IPv6.
Jan 26 16:09:14 rockdev systemd[1]: Stopping NTP Server Daemon...
Jan 26 16:09:14 rockdev systemd[1]: Stopped NTP Server Daemon.
Jan 26 16:09:14 rockdev systemd[1]: Reloading.
Jan 26 16:09:14 rockdev systemd[1]: Binding to IPv6 address not available since kernel does not support IPv6.
Jan 26 16:09:14 rockdev systemd[1]: Binding to IPv6 address not available since kernel does not support IPv6.
Jan 26 16:09:14 rockdev systemd[1]: Starting NTP client/server...
Jan 26 16:09:14 rockdev chronyd[8107]: chronyd version 3.2 starting (+CMDMON +NTP +REFCLOCK +RTC +PRIVDROP -SCFILTER +SECHASH -SIGND +ASYNCDNS +IPV6 -DEBUG)
Jan 26 16:09:14 rockdev chronyd[8107]: Could not open IPv6 command socket : Address family not supported by protocol
Jan 26 16:09:14 rockdev chronyd[8107]: Frequency 13.999 +/- 0.329 ppm read from /var/lib/chrony/drift
Jan 26 16:09:14 rockdev systemd[1]: Started NTP client/server.
Jan 26 16:09:22 rockdev chronyd[8107]: Selected source 204.9.54.119

rockdev:~ # systemctl status ntpd chronyd
● ntpd.service - NTP Server Daemon
   Loaded: loaded (/usr/lib/systemd/system/ntpd.service; disabled; vendor preset: disabled)
   Active: inactive (dead)
     Docs: man:ntpd(1)

● chronyd.service - NTP client/server
   Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled; vendor preset: enabled)
   Active: active (running) since Tue 2021-01-26 16:09:14 EST; 24s ago
     Docs: man:chronyd(8)
           man:chrony.conf(5)
  Process: 8110 ExecStartPost=/usr/lib/chrony/helper update-daemon (code=exited, status=0/SUCCESS)
  Process: 8105 ExecStart=/usr/sbin/chronyd $OPTIONS (code=exited, status=0/SUCCESS)
 Main PID: 8107 (chronyd)
    Tasks: 1
   CGroup: /system.slice/chronyd.service
           └─8107 /usr/sbin/chronyd

[phillxnet]

@FroggyFlox Nice find. And yes I think a move to chronyd is on the cards, plus NTP is now pretty dated actually.

Also see: https://github.com/rockstor/rockstor-core/issues/2098 "[openSUSE] add chronyc tracking output within Web-UI" #2098

for another reason to settle on chronyd/chronyc: more fancy capabilities; from that issue we have: "Chronyd/Chronyc are more modern variants of ntpd and are the default since openSUSE Leap 15."

Not sure if we should completely drop NTP and it's associated config though. But given our stance on simplicity it may well be the way to go to avoid having, as you say, un-required (for almost all users) redundancy.

Plus we establish a config in our ISO for chronyd: https://github.com/rockstor/rockstor-installer/blob/master/config.sh#L122-L124 but we had some early issues with it that I believe are not sorted via an update.

[Hooverdan96]

If we were to switch to chronyd/chronyc exclusively, would we still expose a server selection option for it? Or just use the upstream defaults and remove "time server configuration" as a service from the WebUI?

In both Leap and TW the /etc/chrony.conf has the reference to the "include" under /etc/chrony.d active, and there both contain the pool.conf file that points to the

pool 2.opensuse.pool.ntp.org iburst

So any config we would offer or create would be applicable for both LEAP and TW flavors. I assume, we can then use a similar approach like we're planning for SSH (albeit distro independent at this time) to either add new directives in a separate file, and/or comment out what's already there ...

In general, I would be in favor for the simple, chronyd only approach, without WebUI exposure since upstream already provides basic, working setup that probably covers a large majority of use cases. Users that do need special circumstances should know where to look (or we would point it out in the documentation). Downside of that of course is, that special chrony setups would not be part of a config backup ...

[FroggyFlox]

I too like going to the simpler approach. However, to the best of my knowledge, the NTP configuration option we offer now is critical to other services such as AD/LDAP or anything where 2 servers need to communicate really... they need to be on the same time server so our users may want to be able to configure this easily as we currently do.

[Hooverdan96]

ok, that could then mean to at least expose (or document) the time server config that comes standard in the include file ...