Wandering Thoughts archives

2018-03-05

Getting chrony to not try to use IPv6 time sources on Fedora

Ever since I switched over to chrony, one of the quiet little irritations of its setup on my office workstation has been that it tried to use IPv6 time sources along side the IPv4 ones. It got these time sources from the default Fedora pool I'd left it using along side our local time sources (because I'm the kind of person who thinks the more time sources the merrier), and at one level looking up IPv6 addresses as well as IPv4 addresses is perfectly sensible. At another level, though, it wasn't, because my office workstation has no IPv6 connectivity and even no IPv6 configuration. All of those IPv6 time sources that chrony was trying to talk to were completely unreachable and would never work. At a minimum they were clutter in 'chronyc sources' output, but probably they were also keeping chrony from picking up some additional IPv4 sources.

I started out by reading the chrony.conf manpage, on the assumption that that would be where you configured this. When I found nothing, I unwisely gave up and grumbled to myself, eventually saying something on Twitter. This caused @rt2800pci1 to suggest using systemd restrictions so that chronyd couldn't even use IPv6. This had some interesting results. On the one hand, chronyd definitely couldn't use IPv6 and it said as much:

chronyd[4097894]: Could not open IPv6 command socket : Address family not supported by protocol

On the other hand, this didn't stop chronyd from trying to use IPv6 addresses as time sources:

chronyd[4097894]: Source 2620:10a:800f::14 replaced with 2620:10a:800f::11

(I don't know why my office workstation has such high PIDs at the moment. Something odd is clearly going on.)

However, this failure caused me to actually read the chronyd manpage, where I finally noticed the -4 command line option, which tells chrony to only use IPv4 addresses for everything. On Fedora, you can configure what options are given to chronyd in /etc/sysconfig/chronyd, which is automatically used by the standard Fedora chronyd.service systemd service for chrony(d). A quick addition and chrony restart, and now it's not trying to use IPv6 and I'm happy.

There are a number of lessons here. One of them is my perpetual one, which is that I should read the manual pages more often (and make sure I read all of them). There was no reason to stop with just the chronyd.conf manpage; I simply assumed that not using IPv6 would be configured there if it was configurable at all. I was wrong and I could had my annoyance fixed quite a while ago if I'd looked harder.

Another one, on the flipside, is that completely disabling IPv6 doesn't necessarily stop modern programs from trying to use it. Perhaps this is a bug on chrony's part, but I suspect that its authors will be uninterested in fixing it. It's likely becoming a de facto standard that Linux systems have IPv6 enabled, even if they don't have it configured and can't reach anything with it. Someday we're going to see daemons that bind themselves only to the IPv6 localhost, not the IPv4 one.

linux/ChronyDisableIPv6 written at 22:28:36; Add Comment


Page tools: See As Normal.
Search:
Login: Password:
Atom Syndication: Recent Pages, Recent Comments.

This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.