-
Bug
-
Resolution: Unresolved
-
Major
-
None
-
4.17, 4.18
-
Important
-
None
-
False
-
-
Description of problem:
In the following documentation, the steps to disable the chrony time service are introduced: https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/machine_configuration/machine-configs-configure#cnf-disable-chronyd_machine-configs-configure However, in OpenShift 4.18 environment, these steps will cause chronyd.service to be Failed status.
Version-Release number of selected component (if applicable):
How reproducible:
Always
Steps to Reproduce:
$ oc debug node/ip-10-0-15-255.ap-northeast-1.compute.internal Temporary namespace openshift-debug-qzlkr is created for debugging node... Starting pod/ip-10-0-15-255ap-northeast-1computeinternal-debug-7zzrk ... To use host binaries, run `chroot /host` Pod IP: 10.0.15.255 If you don't see a command prompt, try pressing enter. sh-5.1# chroot /host sh-5.1# systemctl status chronyd ● chronyd.service - NTP client/server Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled; preset: enab> Drop-In: /usr/lib/systemd/system/chronyd.service.d mqplatform-chrony.conf Active: active (running) since Mon 2025-03-10 00:40:28 UTC; 3h 19min ago Docs: man:chronyd(8) man:chrony.conf(5) Main PID: 1054 (chronyd) Tasks: 1 (limit: 200392) Memory: 3.3M CPU: 204ms CGroup: /system.slice/chronyd.service mq1054 /usr/sbin/chronyd -F 2 -f /run/coreos/platform-chrony.confMar 10 00:40:28 localhost systemd[1]: Starting NTP client/server... Mar 10 00:40:28 localhost chronyd[1054]: chronyd version 4.5 starting (+CMDMON +NTP> Mar 10 00:40:28 localhost chronyd[1054]: Loaded 0 symmetric keys Mar 10 00:40:28 localhost chronyd[1054]: Frequency -18.173 +/- 7.819 ppm read from > Mar 10 00:40:28 localhost chronyd[1054]: Loaded seccomp filter (level 2) $ vi disable-chronyd.yaml $ cat disable-chronyd.yaml apiVersion: machineconfiguration.openshift.io/v1 kind: MachineConfig metadata: labels: machineconfiguration.openshift.io/role: master name: disable-chronyd spec: config: ignition: version: 3.2.0 systemd: units: - contents: | [Unit] Description=NTP client/server Documentation=man:chronyd(8) man:chrony.conf(5) After=ntpdate.service sntp.service ntpd.service Conflicts=ntpd.service systemd-timesyncd.service ConditionCapability=CAP_SYS_TIME [Service] Type=forking PIDFile=/run/chrony/chronyd.pid EnvironmentFile=-/etc/sysconfig/chronyd ExecStart=/usr/sbin/chronyd $OPTIONS ExecStartPost=/usr/libexec/chrony-helper update-daemon PrivateTmp=yes ProtectHome=yes ProtectSystem=full [Install] WantedBy=multi-user.target enabled: false name: "chronyd.service" $ oc create -f disable-chronyd.yaml machineconfig.machineconfiguration.openshift.io/disable-chronyd created $ oc get mcp NAME CONFIG UPDATED UPDATING DEGRADED MACHINECOUNT READYMACHINECOUNT UPDATEDMACHINECOUNT DEGRADEDMACHINECOUNT AGE master rendered-master-06003d2fd5f760543c44fd4393265c9e False True False 3 0 0 0 3h24m worker rendered-worker-03bbd525e5a60ed63e5ea8d37e0a0d6d True False False 0 0 0 0 3h24m $ oc get mcp NAME CONFIG UPDATED UPDATING DEGRADED MACHINECOUNT READYMACHINECOUNT UPDATEDMACHINECOUNT DEGRADEDMACHINECOUNT AGE master rendered-master-0e6cd449d5aa1c1603ba7960bc32287a True False False 3 3 3 0 3h43m worker rendered-worker-03bbd525e5a60ed63e5ea8d37e0a0d6d True False False 0 0 0 0 3h43m $ oc debug node/ip-10-0-15-255.ap-northeast-1.compute.internal Temporary namespace openshift-debug-4v6lr is created for debugging node... Starting pod/ip-10-0-15-255ap-northeast-1computeinternal-debug-bdlbr ... To use host binaries, run `chroot /host` Pod IP: 10.0.15.255 If you don't see a command prompt, try pressing enter. sh-5.1# chroot /hostsh-5.1 # systemctl status chronyd × chronyd.service - NTP client/server Loaded: loaded (/etc/systemd/system/chronyd.service; disabled; preset: enabled) Drop-In: /usr/lib/systemd/system/chronyd.service.d mqplatform-chrony.conf Active: failed (Result: exit-code) since Mon 2025-03-10 04:13:07 UTC; 14min ago Docs: man:chronyd(8) man:chrony.conf(5) Main PID: 1025 (code=exited, status=0/SUCCESS) CPU: 30msMar 10 04:13:07 ip-10-0-15-255 chronyd[1025]: chronyd version 4.5 starting (+CMDMON > Mar 10 04:13:07 ip-10-0-15-255 chronyd[1025]: Loaded 0 symmetric keys Mar 10 04:13:07 ip-10-0-15-255 chronyd[1025]: Frequency -17.759 +/- 0.090 ppm read f> Mar 10 04:13:07 ip-10-0-15-255 chronyd[1025]: Loaded seccomp filter (level 2) Mar 10 04:13:07 ip-10-0-15-255 systemd[1041]: chronyd.service: Failed to locate exec> Mar 10 04:13:07 ip-10-0-15-255 systemd[1041]: chronyd.service: Failed at step EXEC s> Mar 10 04:13:07 ip-10-0-15-255 chronyd[1025]: chronyd exiting Mar 10 04:13:07 ip-10-0-15-255 systemd[1]: chronyd.service: Control process exited, > Mar 10 04:13:07 ip-10-0-15-255 systemd[1]: chronyd.service: Failed with result 'exit> Mar 10 04:13:07 ip-10-0-15-255 systemd[1]: Failed to start NTP client/server.
Actual results:
The chronyd.service in failed status.
Expected results:
The chronyd.service doesn't start.
Additional info:
After further investigation, it is found that the `Wants=rpc-statd.service chrony-wait.service` line was added into the kubelet-dependencies.target.yaml file in release-4.17, which is considered to be the direct reason for this issue to happen: https://github.com/openshift/machine-config-operator/blob/release-4.17/templates/common/_base/units/kubelet-dependencies.target.yaml https://github.com/openshift/machine-config-operator/commit/acf4a9d96e9cc295eaf7c122f65d246e467cfec8 See also: $ oc debug node/ip-10-0-15-255.ap-northeast-1.compute.internal Temporary namespace openshift-debug-qzlkr is created for debugging node... Starting pod/ip-10-0-15-255ap-northeast-1computeinternal-debug-7zzrk ... To use host binaries, run `chroot /host` Pod IP: 10.0.15.255 If you don't see a command prompt, try pressing enter. sh-5.1# chroot /host sh-5.1# systemctl list-dependencies --reverse chronyd.service chronyd.service ● -- chrony-wait.service ● -- multi-user.target ● -- mqgraphical.target sh-5.1# systemctl cat chrony-wait.service # /usr/lib/systemd/system/chrony-wait.service [Unit] Description=Wait for chrony to synchronize system clock Documentation=man:chronyc(1) After=chronyd.service Requires=chronyd.service Before=time-sync.target Wants=time-sync.target[Service] Type=oneshot # Wait for chronyd to update the clock and the remaining # correction to be less than 0.1 seconds ExecStart=/usr/bin/chronyc -h 127.0.0.1,::1 waitsync 0 0.1 0.0 1 # Wait for at most 3 minutes TimeoutStartSec=180 RemainAfterExit=yes StandardOutput=nullCapabilityBoundingSet= DevicePolicy=closed #DynamicUser=yes IPAddressAllow=localhost IPAddressDeny=any LockPersonality=yes MemoryDenyWriteExecute=yes PrivateDevices=yes PrivateUsers=yes # /usr/lib/systemd/system/chrony-wait.service [Unit] Description=Wait for chrony to synchronize system clock Documentation=man:chronyc(1) After=chronyd.service Requires=chronyd.service Before=time-sync.target Wants=time-sync.target[Service] Type=oneshot # Wait for chronyd to update the clock and the remaining # correction to be less than 0.1 seconds ExecStart=/usr/bin/chronyc -h 127.0.0.1,::1 waitsync 0 0.1 0.0 1 # Wait for at most 3 minutes TimeoutStartSec=180 RemainAfterExit=yes StandardOutput=null sh-5.1# systemctl list-dependencies --reverse chrony-wait.service chrony-wait.service ● -- kubelet-dependencies.target ● -- crio.service ● -- kubelet.service sh-5.1# systemctl cat kubelet-dependencies.target # /etc/systemd/system/kubelet-dependencies.target [Unit] Description=Dependencies necessary to run kubelet Documentation=https://github.com/openshift/machine-config-operator/ Requires=basic.target network-online.target Wants=NetworkManager-wait-online.service crio-wipe.service Wants=rpc-statd.service chrony-wait.service
