Hide Forgot
Description of problem: I have specified in my chrony.conf file the following: bindcmdaddress ::1 I have validated that no other bind* directives exist in the config file, and it does not appear that /etc/chrony.conf.d is a valid directory for specifying additional config files to load in, so there should be no other configs anywhere. Yet, after restarting chrony on my server, I find that in netstat -pln, the host is still bound to both loopback interfaces (IPv4 and IPv6) [root@jump keys]# netstat -pln |grep :323 udp 0 0 127.0.0.1:323 0.0.0.0:* 25813/chronyd udp6 0 0 ::1:323 :::* 25813/chronyd Version-Release number of selected component (if applicable): chrony-2.1.1-1.el7.centos.x86_64 How reproducible: 100% Steps to Reproduce: 1. Comment out the "bindcmdaddress 127.0.0.1" entry in the default /etc/chrony.conf file 2. Save the file 3. Restart chronyd 4. Check netstat as per the above example output Actual results: Chrony binds to both IPv4 and IPv6 addresses Expected results: Chrony should bind to only the IPv6 address Additional info: This is a VM I'm using to test IPv6 in my environment. Thusly, I'm looking to disable IPv4 binds wherever possible before looking into any potential sysctl parameters to completely disable IPv4. This is blocking that effort.
The IPv4 command port can be disabled by adding the -6 option on the chronyd command line (OPTIONS="-6" in /etc/sysconfig/chronyd). That will disable also the IPv4 NTP server port. Does it work for you?
Indeed, that does work, however I had to create the file. There's no mention in manpages or on RH Access that that file will be read in if it exists, and unlike in SysV setups where you could easily find out by catting out the init script, anyone new to systemd isn't necessarily going to know what file to cat in order to find out if it will be loaded or not. Would it be possible to get an empty/dummy file (OPTIONS="") placed in /etc/sysconfig during install of the package?
I think having no file in /etc/sysconfig is an approach recommended by systemd and is used by other packages in the distribution. Maybe it would be better to properly document it on the distribution level instead of adding the (empty) files back.
(In reply to Miroslav Lichvar from comment #3) > I think having no file in /etc/sysconfig is an approach recommended by > systemd and is used by other packages in the distribution. Maybe it would be > better to properly document it on the distribution level instead of adding > the (empty) files back. I don't think that we ever suggested to not ship a file. We have suggested that this way of a configuring service should go away. Every service should has its own options in its regular configuration file. Also /etc/sysconfig directory is quite redhat-specific, debian for example did something similar with /etc/default, so these environment files are a problem to upstream. So in general, if our customers has a such problem we really should push the upstream to implement all those settings to the regular configuration file. Anyway, I don't think that this should go to documentation, those environment files could be anywhere and the options in it are not standardized. We should really eradicate this type of configuration instead. So let's start with chrony :-) > There's no mention in manpages or on RH Access that that file will be read > in if it exists, and unlike in SysV setups where you could easily find out > by catting out the init script Well you can grep the unit file for EnvironmentFile or [lnykryn@notas system]$ systemctl cat nfs-lock.service | grep Environ EnvironmentFile=-/run/sysconfig/nfs-utils
Ok, so /run/sysconfig/nfs-utils is the proper environment file to use? Given that /run is not persistent, what is the proper way to make this setting stick across reboots?
(In reply to Lukáš Nykrýn from comment #5) > Anyway, I don't think that this should go to documentation, those > environment files could be anywhere and the options in it are not > standardized. The documentation could describe how to find these environment files. > We should really eradicate this type of configuration instead. > So let's start with chrony :-) That probably won't work for chrony. There are options like -r and -R that should be set only when the service is restarted, and options like -s that should be set only on the first start during boot. Modifying chrony.conf before each (re)start would be impractical. Unfortunately systemd doesn't support options specific to restart, but with other init systems that may be possible.
Specifically to this problem, I honestly feel that a documentation update would be fine while you work out what to do going forward internally. Should I go ahead and file a new bug and close this one?
I think we can keep this bug open for the suggestion to include in the package the /etc/sysconfig/chronyd config file, so admins can at least see it listed in the output of the "rpm -qc" command. If you think the documentation should explain the environment files in the distribution, please file a new bug.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2017:1908