[RHEL-85079] rhel-system-roles.timesync doesn't work when IPv6 is disabled in environment

Type: Story
Resolution: Unresolved
Priority: Normal
Fix Version/s: rhel-9.7
Affects Version/s: rhel-8.10
Component/s: rhel-system-roles
Labels:

Severity:
Moderate
Epic Link:
[Epic]: rhel-system-roles.timesync doesn't work when IPv6 is disabled in environment
Keywords:

EasyFix

Pool Team:

rhel-sst-system-roles

Story Points:
0
ACKs Check:

Dev ack
Blocked:
False
Product Documentation Required:
Yes
Products:

Red Hat Enterprise Linux
Sprint:
None

Preliminary Testing:
None
Test Coverage:
None

Release Note Type:
Unspecified Release Note Type - Unknown
Release Note Text:

Hide
Feature: Add support for timesync_ntp_ip_family to allow setting the `-4`
or `-6` OPTIONS in the chronyd or ntpd sysconfig file.

Reason: When IPv6 is disabled on the node, you must tell chronyd to
only listen for IPv4 using OPTIONS="-4" in the sysconfig file.
Otherwise, chronyd will log error messages when binding to IPv6 sockets
It's also useful to prevent the client from using IPv6 servers when IPv4
is known to work better (e.g. IPv6 over a tunnel).

Result: chronyd and ntpd can be configured to work correctly, and
the services will not log errors, when IPv6 (or IPv4) is disabled
on the node.

Signed-off-by: Rich Megginson <rmeggins@redhat.com>

Show
Feature: Add support for timesync_ntp_ip_family to allow setting the `-4` or `-6` OPTIONS in the chronyd or ntpd sysconfig file. Reason: When IPv6 is disabled on the node, you must tell chronyd to only listen for IPv4 using OPTIONS="-4" in the sysconfig file. Otherwise, chronyd will log error messages when binding to IPv6 sockets It's also useful to prevent the client from using IPv6 servers when IPv4 is known to work better (e.g. IPv6 over a tunnel). Result: chronyd and ntpd can be configured to work correctly, and the services will not log errors, when IPv6 (or IPv4) is disabled on the node. Signed-off-by: Rich Megginson < rmeggins@redhat.com >
Release Note Status:
Proposed

PX Impact Score:
SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

When the IPv6 is disabled on the node, we generally add the below in /etc/sysconfig/chronyd for the chronyd to work with IPv4.

OPTIONS="-4"

While we are using the rhel-system-roles.timesync role for the timesync purpose on the managed node, we do not have an option to mention OPTION="-4"

Unfortunately, the template used for this (templates/chronyd.sysconfig.j2) hardcodes the "OPTIONS" parameter to remain empty.

We will need either one of the option to be added:
1. Add a setting to the timesync role to disable IPv6.
2. Add a parameter so I can set the "OPTIONS" parameter myself via a default value.

links to

upstream PR

RHEL Jira bot added a comment - 2025/04/01 4:48 PM

This issue has been marked unblocked.

RHEL Jira bot added a comment - 2025/04/01 4:48 PM This issue has been marked unblocked.

Richard Megginson added a comment - 2025/03/31 8:21 PM

rhn-support-mramesh will the customer be ok with something like this? https://github.com/linux-system-roles/timesync/pull/277

Richard Megginson added a comment - 2025/03/31 8:21 PM rhn-support-mramesh will the customer be ok with something like this? https://github.com/linux-system-roles/timesync/pull/277

Miroslav Lichvar added a comment - 2025/03/27 8:57 AM

rmeggins@redhat.com , no, IPv6 can be disabled only by the command-line -4 option. It's more for the case when IPv6 is available, but should not be used for some reason, rather than disabling it when it's not available. Except for the error log message, it shouldn't make a difference in this case.

A new role variable to force IPv4 or IPv6 for the NTP client would make sense to me, e.g. timesync_ntp_ip_family: (all, IPv4, IPv6). ntpd has the same -4 and -6 options.

Miroslav Lichvar added a comment - 2025/03/27 8:57 AM rmeggins@redhat.com , no, IPv6 can be disabled only by the command-line -4 option. It's more for the case when IPv6 is available, but should not be used for some reason, rather than disabling it when it's not available. Except for the error log message, it shouldn't make a difference in this case. A new role variable to force IPv4 or IPv6 for the NTP client would make sense to me, e.g. timesync_ntp_ip_family: (all, IPv4, IPv6). ntpd has the same -4 and -6 options.

Richard Megginson added a comment - 2025/03/26 3:15 PM

rhn-support-mlichvar is there another way to do this?

Richard Megginson added a comment - 2025/03/26 3:15 PM rhn-support-mlichvar is there another way to do this?

Assignee:: Miroslav Lichvar

Reporter:: Manasa Ramesh

Developer:: Richard Megginson

QA Contact:: David Jez

Votes:: 0 Vote for this issue

Watchers:: 8 Start watching this issue

Created:: 2025/03/26 2:59 PM

Updated:: 2025/04/01 4:48 PM

Stale Date:: 2026/03/30

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

Collapse comment: RHEL Jira bot added a comment - 2025/04/01 4:48 PM

Expand comment: RHEL Jira bot added a comment - 2025/04/01 4:48 PM

Collapse comment: Richard Megginson added a comment - 2025/03/31 8:21 PM

Expand comment: Richard Megginson added a comment - 2025/03/31 8:21 PM

Collapse comment: Miroslav Lichvar added a comment - 2025/03/27 8:57 AM

Expand comment: Miroslav Lichvar added a comment - 2025/03/27 8:57 AM

Collapse comment: Richard Megginson added a comment - 2025/03/26 3:15 PM

Expand comment: Richard Megginson added a comment - 2025/03/26 3:15 PM

People

Dates