Set starting date of balena

Razikus · July 29, 2020, 9:23am

Hello

I have a problem with NTP and chrony time sync in my environment, so device can’t properly register to openbalena (cause of certificate is not yet valid)

Is there an option to set the starting date of balena os?

So device will start with 29 JUL instead of 5 FEB at first startup

Without this my devices can’t log in into balena, and i can’t login to vpn for example

mtoman · July 29, 2020, 12:00pm

Hi,
unfortunately at this moment it is only possible to do this manually on development images accessing the device via ssh on port 22222 or the console. We are working on an alternative for environments where NTP is not available but it is not ready yet: https://github.com/balena-os/meta-balena/issues/1337
When you say problem with NTP and chrony - is this because you are not able to access any NTP server or is this only the default ones? If you have some reachable NTP server on the local network you could specify it in config.json and the device would prefer it over the default ones. https://www.balena.io/docs/reference/OS/configuration/#sample-configjson

Razikus · July 29, 2020, 12:07pm

Hello

I don’t really know what is a problem here,

Time is just not synced

I tried a lot of commands
chronyc tracking
Ref erence ID : 00000000 ()
Stratum : 0
Ref time (UTC) : Thu Jan 01 00:00:00 1970
System time : 0.000000000 seconds fast of NTP time
Last offset : +0.000000000 seconds
RMS offset : 0.000000000 seconds
Frequency : 0.000 ppm slow
Residual freq : +0.000 ppm
Skew : 0.000 ppm
Root delay : 1.000000000 seconds
Root dispersion : 1.000000000 seconds
Update interval : 0.0 seconds
Leap status : Not synchronised

chronyc sources
root@2ce005f:~# chronyc sources
210 Number of sources = 4
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^? ntp2.tktelekom.pl 0 14 100 - +0ns[ +0ns] +/- 0ns
^? time.cloudflare.com 0 14 100 - +0ns[ +0ns] +/- 0ns
^? dc1-recdns02.bellmtsdata> 0 14 100 - +0ns[ +0ns] +/- 0ns
^? news-archive.icm.edu.pl 0 14 100 - +0ns[ +0ns] +/- 0ns

chronyc makestep
200 OK

I really don’t know what can be an issue here
Local server also doesn’t work

mtoman · July 29, 2020, 12:37pm

Hi,
thanks for coming back. So looking at the logs it really looks like the device can not access the NTP servers. Taking one step back - can you please confirm that your device has a working internet connection and working DNS? Are you able to ping any of the listed time servers - ntp2.tktelekom.pl, time.cloudflare.com, news-archive.icm.edu.pl (I assume the truncated one is dc1-recdns02.bellmtsdatacenters.com but let’s not rely on that one)?
Thanks

Razikus · July 29, 2020, 12:44pm

Hi i just reflashed devices

new sources:

===============================================================================
^? ip-159-253-242-123.rev.s> 0 14 40 - +0ns[ +0ns] +/- 0ns
^? 46.175.224.7.maxnet.net.> 0 14 40 - +0ns[ +0ns] +/- 0ns
^? ntp2.tktelekom.pl 0 14 40 - +0ns[ +0ns] +/- 0ns
^? 96-7.cpe.smnt.pl 0 14 40 - +0ns[ +0ns] +/- 0ns

pings:
root@3772483:~# ping 96-7.cpe.smnt.pl
PING 96-7.cpe.smnt.pl (94.154.96.7): 56 data bytes
64 bytes from 94.154.96.7: seq=0 ttl=55 time=13.468 ms
64 bytes from 94.154.96.7: seq=1 ttl=55 time=14.099 ms

root@3772483:~# ping 46.175.224.7.maxnet.net.pl
PING 46.175.224.7.maxnet.net.pl (46.175.224.7): 56 data bytes
64 bytes from 46.175.224.7: seq=0 ttl=55 time=15.634 ms
64 bytes from 46.175.224.7: seq=1 ttl=55 time=14.917 ms

root@3772483:~# ping ip-159-253-242-123.rev.snt.net.pl
PING ip-159-253-242-123.rev.snt.net.pl (159.253.242.123): 56 data bytes
64 bytes from 159.253.242.123: seq=0 ttl=58 time=8.092 ms
64 bytes from 159.253.242.123: seq=1 ttl=58 time=7.983 ms

tktelekom has timed out
root@3772483:~# ping ntp2.tktelekom.pl
PING ntp2.tktelekom.pl (213.199.225.40): 56 data bytes
^C
— ntp2.tktelekom.pl ping statistics —
2 packets transmitted, 0 packets received, 100% packet loss

mtoman · July 29, 2020, 1:30pm

Hi,
thanks, so it really looks like NTP access is blocked, in that case unfortunately there is no better solution than manually setting up the time or trying local NTP servers in config.json if you are able to get some from your connection provider or network administrator. As I said - this is a known issue and we are actively working on it.

zvin · July 29, 2020, 1:33pm

You can try installing ntpdate in a container and run ntpdate ntp2.tktelekom.pl (or any other ntp server) and see if it works.

Razikus · July 29, 2020, 1:47pm

It works in this case
apt install -y ntpdate

root@889e29ff8df0:/app# ntpdate ntp2.tktelekom.pl
29 Jul 13:46:14 ntpdate[18]: step time server 213.199.225.40 offset 15139717.831731 sec
root@889e29ff8df0:/app# date
Wed Jul 29 13:46:16 UTC 2020

Very strange

zvin · July 29, 2020, 2:04pm

Can you check chronyd logs with journalctl -u chronyd ?

Razikus · July 29, 2020, 2:07pm

Yes

– Logs begin at Fri 2020-01-31 09:20:37 UTC, end at Wed 2020-07-29 14:07:21 UTC. –
Feb 05 08:16:55 localhost chronyd[687]: 2020-02-05T08:16:55Z chronyd version 3.4 starting (+CMDMON +NTP +REFCLOCK +RTC -PRIVDROP -SCFILTER -SIGND +ASYNCDNS -SECHASH +IPV6 -DEBUG)
Jul 29 13:46:40 3772483 chronyd[687]: 2020-07-29T13:46:40Z Forward time jump detected!

zvin · July 29, 2020, 2:19pm

It looks like it works fine according to these logs.
Is the output of date correct ?
Is chronyc tracking still saying that it is not synchronized ?

Razikus · July 29, 2020, 2:25pm

Hi, date is correct, chronyc tracking not

root@3772483:~# chronyc tracking
Reference ID : 00000000 ()
Stratum : 0
Ref time (UTC) : Thu Jan 01 00:00:00 1970
System time : 0.000000000 seconds fast of NTP time
Last offset : +0.000000000 seconds
RMS offset : 0.000000000 seconds
Frequency : 0.000 ppm slow
Residual freq : +0.000 ppm
Skew : 0.000 ppm
Root delay : 1.000000000 seconds
Root dispersion : 1.000000000 seconds
Update interval : 0.0 seconds
Leap status : Not synchronised

date:

root@3772483:~# date
Wed Jul 29 14:25:28 UTC 2020

zvin · July 29, 2020, 2:35pm

I guess the time is correct only because you set it manually then.
Can you try the following:

systemctl stop chronyd
chronyd -q 'server pool.ntp.org iburst'

(or any other ntp server than pool.ntp.org)

Razikus · July 29, 2020, 2:39pm

root@3772483:~# chronyd -q “server pool.ntp.org iburst”
2020-07-29T14:36:26Z chronyd version 3.4 starting (+CMDMON +NTP +REFCLOCK +RTC -PRIVDROP -SCFILTER -SIGND +ASYNCDNS -SECHASH +IPV6 -DEBUG)
2020-07-29T14:36:38Z No suitable source for synchronisation
2020-07-29T14:36:38Z chronyd exiting

root@3772483:~# chronyd -q “server 0.resinio.pool.ntp.org iburst”
2020-07-29T14:37:22Z chronyd version 3.4 starting (+CMDMON +NTP +REFCLOCK +RTC -PRIVDROP -SCFILTER -SIGND +ASYNCDNS -SECHASH +IPV6 -DEBUG)
2020-07-29T14:37:49Z No suitable source for synchronisation
2020-07-29T14:37:49Z chronyd exiting

root@3772483:~# chronyd -q “server pl.pool.ntp.org iburst”
2020-07-29T14:38:13Z chronyd version 3.4 starting (+CMDMON +NTP +REFCLOCK +RTC -PRIVDROP -SCFILTER -SIGND +ASYNCDNS -SECHASH +IPV6 -DEBUG)
2020-07-29T14:38:26Z No suitable source for synchronisation
2020-07-29T14:38:26Z chronyd exiting

root@3772483:~# chronyd -q “server ntp2.tktelekom.pl iburst”
2020-07-29T14:38:45Z chronyd version 3.4 starting (+CMDMON +NTP +REFCLOCK +RTC -PRIVDROP -SCFILTER -SIGND +ASYNCDNS -SECHASH +IPV6 -DEBUG)
2020-07-29T14:38:56Z No suitable source for synchronisation
2020-07-29T14:38:56Z chronyd exiting

zvin · July 29, 2020, 2:50pm

This is quite strange: ntpdate ntp2.tktelekom.pl works but chronyd -q "server ntp2.tktelekom.pl iburst" doesn’t.
Can you try passing -4 or -6 to the chronyd command ?

Razikus · July 29, 2020, 2:55pm

Yes it’s strange

root@3772483:~# chronyd -4 -q “server ntp2.tktelekom.pl iburst”
2020-07-29T14:49:15Z chronyd version 3.4 starting (+CMDMON +NTP +REFCLOCK +RTC -PRIVDROP -SCFILTER -SIGND +ASYNCDNS -SECHASH +IPV6 -DEBUG)
2020-07-29T14:49:25Z No suitable source for synchronisation
2020-07-29T14:49:25Z chronyd exiting

root@3772483:~# chronyd -6 -q “server ntp2.tktelekom.pl iburst”
2020-07-29T14:49:40Z chronyd version 3.4 starting (+CMDMON +NTP +REFCLOCK +RTC -PRIVDROP -SCFILTER -SIGND +ASYNCDNS -SECHASH +IPV6 -DEBUG)
2020-07-29T14:49:50Z No suitable source for synchronisation
2020-07-29T14:49:50Z chronyd exiting

root@3772483:~# chronyd -6 -4 -q “server ntp2.tktelekom.pl iburst”
2020-07-29T14:50:04Z chronyd version 3.4 starting (+CMDMON +NTP +REFCLOCK +RTC -PRIVDROP -SCFILTER -SIGND +ASYNCDNS -SECHASH +IPV6 -DEBUG)
2020-07-29T14:50:14Z No suitable source for synchronisation
2020-07-29T14:50:14Z chronyd exiting

root@3772483:~# chronyd -6 -4 -q “server pool.ntp.org iburst”
2020-07-29T14:55:17Z chronyd version 3.4 starting (+CMDMON +NTP +REFCLOCK +RTC -PRIVDROP -SCFILTER -SIGND +ASYNCDNS -SECHASH +IPV6 -DEBUG)
2020-07-29T14:55:27Z No suitable source for synchronisation
2020-07-29T14:55:27Z chronyd exiting

ntpdate still works
root@889e29ff8df0:/app# ntpdate pool.ntp.org
29 Jul 14:54:56 ntpdate[17]: step time server 34.194.39.113 offset 230.527345 sec
root@889e29ff8df0:/app# ntpdate pool.ntp.org
29 Jul 14:55:07 ntpdate[18]: adjust time server 34.194.39.113 offset -0.000257 sec
root@889e29ff8df0:/app# exit

zvin · July 29, 2020, 3:07pm

I guess the next step would be to install chrony and tcpdump in the same container as ntpdate and run tcpdump -i <interface name> udp port 123 -vv -X while trying to sync date with both commands and compare the output.

Razikus · July 29, 2020, 3:21pm

chronyd

ntpdate

zvin · July 29, 2020, 3:22pm

I get a 404 for both urls

Razikus · July 29, 2020, 3:24pm

I just edited the links