Getting chrony to not try to use IPv6 time sources on Fedora

March 5, 2018

Ever since I switched over to chrony, one of the quiet little irritations of its setup on my office workstation has been that it tried to use IPv6 time sources along side the IPv4 ones. It got these time sources from the default Fedora pool I'd left it using along side our local time sources (because I'm the kind of person who thinks the more time sources the merrier), and at one level looking up IPv6 addresses as well as IPv4 addresses is perfectly sensible. At another level, though, it wasn't, because my office workstation has no IPv6 connectivity and even no IPv6 configuration. All of those IPv6 time sources that chrony was trying to talk to were completely unreachable and would never work. At a minimum they were clutter in 'chronyc sources' output, but probably they were also keeping chrony from picking up some additional IPv4 sources.

I started out by reading the chrony.conf manpage, on the assumption that that would be where you configured this. When I found nothing, I unwisely gave up and grumbled to myself, eventually saying something on Twitter. This caused @rt2800pci1 to suggest using systemd restrictions so that chronyd couldn't even use IPv6. This had some interesting results. On the one hand, chronyd definitely couldn't use IPv6 and it said as much:

chronyd[4097894]: Could not open IPv6 command socket : Address family not supported by protocol

On the other hand, this didn't stop chronyd from trying to use IPv6 addresses as time sources:

chronyd[4097894]: Source 2620:10a:800f::14 replaced with 2620:10a:800f::11

(I don't know why my office workstation has such high PIDs at the moment. Something odd is clearly going on.)

However, this failure caused me to actually read the chronyd manpage, where I finally noticed the -4 command line option, which tells chrony to only use IPv4 addresses for everything. On Fedora, you can configure what options are given to chronyd in /etc/sysconfig/chronyd, which is automatically used by the standard Fedora chronyd.service systemd service for chrony(d). A quick addition and chrony restart, and now it's not trying to use IPv6 and I'm happy.

There are a number of lessons here. One of them is my perpetual one, which is that I should read the manual pages more often (and make sure I read all of them). There was no reason to stop with just the chronyd.conf manpage; I simply assumed that not using IPv6 would be configured there if it was configurable at all. I was wrong and I could had my annoyance fixed quite a while ago if I'd looked harder.

Another one, on the flipside, is that completely disabling IPv6 doesn't necessarily stop modern programs from trying to use it. Perhaps this is a bug on chrony's part, but I suspect that its authors will be uninterested in fixing it. It's likely becoming a de facto standard that Linux systems have IPv6 enabled, even if they don't have it configured and can't reach anything with it. Someday we're going to see daemons that bind themselves only to the IPv6 localhost, not the IPv4 one.


Comments on this page:

From 78.58.206.110 at 2018-03-06 00:05:27:

Are you referring to PIDs wider than 16-bit in general, or just to them being higher than you expect for your workstation's uptime?

Linux kernel.pid_max goes up to 2^22, and perhaps your distro decided to make use of it? (I've been setting it to maximum for a long time just to see what breaks. Nothing broke. After all, pid_t is an int.)

By cks at 2018-03-06 08:06:31:

I'm mostly referring to the PIDs being so high, although I think this is the first time I've seen them exceed 16 bits on machines I've looked at. This machine has only been up a few days (it last rebooted Friday for a kernel update), so hitting 4 million (and then rapidly rolling over since then) is decidedly unusual. My logs suggest that it started happening right at boot; within half an hour after boot it had churned over 300,000 PIDs, and some evidence suggests it's kernel threads.

(This appears to be the first time it's happened on this machine. Certainly it didn't happen in recent boots, based on logs with PIDs in them.)

Written on 05 March 2018.
« The value locked up in the Unix API makes it pretty durable
The lie in Ubuntu source packages (and probably Debian ones as well) »

Page tools: View Source, View Normal, Add Comment.
Search:
Login: Password:
Atom Syndication: Recent Comments.

Last modified: Mon Mar 5 22:28:36 2018
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.