[systemd-devel] Antw: [EXT] Re: systemd-timesyncd - use unprivileged ports
>>> Mantas Mikulenas schrieb am 11.03.2020 um 17:52 in Nachricht <12133_1583945545_5E691749_12133_1276_1_CAPWNY8XJRN7-U15LmgpgXbqBeFPWJokEDM==EXd 5hc-adn...@mail.gmail.com>: > Well, are you asking about the *source* port or about the *destination* > port? There are two on every UDP packet. > > The source port is *not* from the privileged range -- systemd-timesyncd > always just lets the OS choose a random port from the ephemeral range. (I > have seen some other NTP clients such as Windows insist on using 123 as > both source and destination, but that's not the case with systemd-timesyncd > nor with most other SNTP clients.) > > The destination port has to be from the privileged range (specifically 123) > because that's what NTP servers *listen on* -- the client cannot decide on > a different port entirely on its own; you'd need to run your own NTP server > configured to use a different port. > > Although if you already have an NTP server listening on a different port, > then unfortunately no, systemd-timesyncd does not currently have a config > option for that. It seems port 123 is hardcoded in manager_connect(), most > likely because that's what every public NTP server uses. There's some NTP paranoia spread: Here I also cannot use any external NTP server since serveral years. The central firewall blocks it all. > > (Really I can't really think of any good purpose for such a block -- if > anything, I'd expect to see the opposite, i.e. services on low ports > allowed, the rest blocked. Does your network block DNS on port 53, too?) > > On Wed, Mar 11, 2020 at 6:34 PM Jędrzej Dudkiewicz < > jedrzej.dudkiew...@gmail.com> wrote: > >> Hi, >> >> I have quite a few devices running Linux in client's network - so I >> have no control over it. It seems that all privileged UDP ports are >> blocked I have to use unprivileged port. I'd like to use >> systemd-timesyncd to synchronize time, thought I can't find a way to >> force it to use unprivileged port. Is there any way to do it? >> >> Thanks in advance, >> -- >> Jędrzej Dudkiewicz >> >> I really hate this damn machine, I wish that they would sell it. >> It never does just what I want, but only what I tell it. >> ___ >> systemd-devel mailing list >> systemd-devel@lists.freedesktop.org >> https://lists.freedesktop.org/mailman/listinfo/systemd-devel >> > > > -- > Mantas Mikulėnas ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] systemd-timesyncd - use unprivileged ports
On Thu, 12 Mar 2020, Jędrzej Dudkiewicz wrote: [...] > And one more question: what is systemd-timedated? It seems that is > exactly same thing, but I don't think this is true? It's the DBus service that most bits of timedatectl talk to. timedatectl doesn't modify system configuration directly. When you run `timedatectl set-time ...`, for instance, it's actually systemd-timedated that changes the system's time. There's a bunch of reasons for this split: privilege separation is a good idea in general; the privileged service can choose whether to perform or deny a request according to the system's polkit configuration; other non-timedatectl clients can have equal programmatic access to the same time-and-date settings. systemd-timedated doesn't actually have any relationship with systemd-timesyncd, despite the similar name.___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] Redirect logs from script to systemd's StandardOutput file
Hello, I am on Ubuntu 18.04.2, and I have systemd version 237. I have some common tasks which need to happen prestart and poststop which I have moved to a script. All unit files look like: StandardOutput=file:/var/log/my-.log ExecStartPre=/path/to/helper.sh -t prestart -u ExecStopPost=/path/to/helper.sh -t poststop -u ExecStart=/path/to/my/exe where is the name of the systemd unit file. I use systemd's directive to log stdout to file, and in the prestart and poststop actions also I try to write some logs to the same file with shell echo, like: echo "..." >> /var/log/my-.log The logs that is written by the script does not appear in the log file! Is there anything wrong here (missing something) ? -- Ani ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] systemd-timesyncd - use unprivileged ports
On Thu, Mar 12, 2020 at 8:29 AM Michael Chapman wrote: > > On Thu, 12 Mar 2020, Jędrzej Dudkiewicz wrote: > [...] > > And one more question: what is systemd-timedated? It seems that is > > exactly same thing, but I don't think this is true? > > It's the DBus service that most bits of timedatectl talk to. [...] > > systemd-timedated doesn't actually have any relationship with > systemd-timesyncd, despite the similar name. Ah, I understand now. Thank you very much. -- Jędrzej Dudkiewicz I really hate this damn machine, I wish that they would sell it. It never does just what I want, but only what I tell it. ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] Cannot find a way to get time read from RTC during boot
I've got some Debian Buster systems (so using the Debian systemd package 241-7), which have battery-backed RTCs. However the driver for these RTCs is loaded as a module, not built into the kernel. As a result the kernel's feature of reading the RTC to set the system clock is not available. Prior to systemd, with the 'hwclock' package installed, a udev rule would trigger reading of the RTC and setting the system clock when /dev/rtc0 appeared. With systemd running, the script run by that udev rule is suppressed, it doesn't do anything. I have systemd-timesyncd started at boot as well and syncing time with an NTP server; that works fine when the system clock is set to something reasonably close to the actual time. If it's not, then timesyncd can't adjust the time because it's too far off (and in addition I have the issue reported on GitHub where systemd-resolved can't resolve NTP server names due to DNSSEC failing because the clock is too far off...) The file that systemd-timesyncd stores for use on reboot helps a little, but if the system is shut off for a period of time (an hour or more) then the time at startup is quite far off from reality, which is why I have an RTC :) With a system using solely systemd-provided services, what's the proper mechanism to get the time read from an RTC whose driver is loaded by systemd-modules-load.service? ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] Networkd - how to augment an already configured interface
Hi, for a rather complex tunneling setup on a system that uses systemd-networkd and OpenVPN, I am trying to use networkd to augment the Interface that has been configured by OpenVPN. In OpenVPN, a daemon is started with a service unit, which connects to a remote side and creates a tunX interface and configures it according to what the other side says. The other side can push basic configuration like IP address and routes that go into the main routing table, but I need a RoutingPolicyRule and addiitonal Routes pushed into the configuration. I tried writing the following tunX.network unit: [Match] Name=tun1 [Network] Description=tun1 tunnel to old torres DHCP=no IPForward=yes IPv6AcceptRA=no [Route] Destination=0::/0 Gateway=2a01:238:4071:3202::1 Table=202 [RoutingPolicyRule] Priority=32100 From=2a01:238:4071:3280::/59 Table=202 [RoutingPolicyRule] Priority=32101 From=2a01:238:4071:32b0::/62 Table=202 but it looks like networkd wants full control over the network interface and flushes the IP addresses from the working interface, leaving it in a non-functional state. Is there any way to (a) tell networkd to just add the configuration from the unit to the already interface without cleaning up first, or (b) to have part of systemd just execute a single .network unit, probably as a sidekick unit that I can use to add configuration to my OpenVPN configuration? Or am I better off by just taking things away from systemd-networkd completely and use an "up" script from the OpenVPN configuration? Hoping for your opinions and a good discussion, cheers, Marc -- - Marc Haber | "I don't trust Computers. They | Mailadresse im Header Leimen, Germany| lose things."Winona Ryder | Fon: *49 6224 1600402 Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421 ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Cannot find a way to get time read from RTC during boot
On Thu, Mar 12, 2020 at 7:13 AM Kevin P. Fleming wrote: > Prior to systemd, with the 'hwclock' package installed, a udev rule > would trigger reading of the RTC and setting the system clock when > /dev/rtc0 appeared. With systemd running, the script run by that udev > rule is suppressed, it doesn't do anything. > > With a system using solely systemd-provided services, what's the > proper mechanism to get the time read from an RTC whose driver is > loaded by systemd-modules-load.service? Your use case is likely not covered by "systemd-provided" services. I think your best bet would be to "un-supress" that hwclock udev rule. ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Networkd - how to augment an already configured interface
https://www.freedesktop.org/software/systemd/man/systemd.network.html#KeepConfiguration= From: systemd-devel Date: Thursday, 12 March 2020 at 7:56 PM To: Systemd Subject: [systemd-devel] Networkd - how to augment an already configured interface Hi, for a rather complex tunneling setup on a system that uses systemd-networkd and OpenVPN, I am trying to use networkd to augment the Interface that has been configured by OpenVPN. In OpenVPN, a daemon is started with a service unit, which connects to a remote side and creates a tunX interface and configures it according to what the other side says. The other side can push basic configuration like IP address and routes that go into the main routing table, but I need a RoutingPolicyRule and addiitonal Routes pushed into the configuration. I tried writing the following tunX.network unit: [Match] Name=tun1 [Network] Description=tun1 tunnel to old torres DHCP=no IPForward=yes IPv6AcceptRA=no [Route] Destination=0::/0 Gateway=2a01:238:4071:3202::1 Table=202 [RoutingPolicyRule] Priority=32100 From=2a01:238:4071:3280::/59 Table=202 [RoutingPolicyRule] Priority=32101 From=2a01:238:4071:32b0::/62 Table=202 but it looks like networkd wants full control over the network interface and flushes the IP addresses from the working interface, leaving it in a non-functional state. Is there any way to (a) tell networkd to just add the configuration from the unit to the already interface without cleaning up first, or (b) to have part of systemd just execute a single .network unit, probably as a sidekick unit that I can use to add configuration to my OpenVPN configuration? Or am I better off by just taking things away from systemd-networkd completely and use an "up" script from the OpenVPN configuration? Hoping for your opinions and a good discussion, cheers, Marc -- - Marc Haber | "I don't trust Computers. They | Mailadresse im Header Leimen, Germany| lose things."Winona Ryder | Fon: *49 6224 1600402 Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421 ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.freedesktop.org%2Fmailman%2Flistinfo%2Fsystemd-devel&data=02%7C01%7Cssahani%40vmware.com%7C3f5cc148c7b8455fd72b08d7c691549a%7Cb39138ca3cee4b4aa4d6cd83d9dd62f0%7C0%7C1%7C637196199807183281&sdata=xXQl2HlQoQyYFfd0m8OLwXMLrKTA2T3DULh1edTWDss%3D&reserved=0 ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Cannot find a way to get time read from RTC during boot
Thanks, I agree. I could some up with something which ran timedatectl to set the system time from the RTC, but the hwclock tool is already there for that purpose. I'll need to investigate why this script exits without making any changes when systemd is running; either the authors expected some part of systemd to read the RTC, or they expect some other service/tool to do it. On Thu, Mar 12, 2020 at 2:02 PM Mike Gilbert wrote: > > On Thu, Mar 12, 2020 at 7:13 AM Kevin P. Fleming wrote: > > Prior to systemd, with the 'hwclock' package installed, a udev rule > > would trigger reading of the RTC and setting the system clock when > > /dev/rtc0 appeared. With systemd running, the script run by that udev > > rule is suppressed, it doesn't do anything. > > > > With a system using solely systemd-provided services, what's the > > proper mechanism to get the time read from an RTC whose driver is > > loaded by systemd-modules-load.service? > > Your use case is likely not covered by "systemd-provided" services. > > I think your best bet would be to "un-supress" that hwclock udev rule. ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Cannot find a way to get time read from RTC during boot
On Thu, 12 Mar 2020 17:35:16 -0400 "Kevin P. Fleming" wrote: > Thanks, I agree. I could some up with something which ran timedatectl > to set the system time from the RTC, but the hwclock tool is already > there for that purpose. > > I'll need to investigate why this script exits without making any > changes when systemd is running; either the authors expected some part > of systemd to read the RTC, or they expect some other service/tool to > do it. > > On Thu, Mar 12, 2020 at 2:02 PM Mike Gilbert > wrote: > > > > On Thu, Mar 12, 2020 at 7:13 AM Kevin P. Fleming > > wrote: > > > Prior to systemd, with the 'hwclock' package installed, a udev > > > rule would trigger reading of the RTC and setting the system > > > clock when /dev/rtc0 appeared. With systemd running, the script > > > run by that udev rule is suppressed, it doesn't do anything. > > > > > > With a system using solely systemd-provided services, what's the > > > proper mechanism to get the time read from an RTC whose driver is > > > loaded by systemd-modules-load.service? > > > > Your use case is likely not covered by "systemd-provided" services. > > > > I think your best bet would be to "un-supress" that hwclock udev > > rule. I'm not sure but you might be interested to read https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855203 ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Cannot find a way to get time read from RTC during boot
Indeed, I landed there later after my reply. I'm disappointed that it was never resolved, but I did add a service unit which works perfectly. - [Unit] Description=Set system clock from hardware clock After=systemd-modules-load.service [Service] Type=oneshot ExecStart=/sbin/hwclock --hctosys --utc [Install] WantedBy=basic.target On Thu, Mar 12, 2020 at 7:26 PM Dave Howorth wrote: > > On Thu, 12 Mar 2020 17:35:16 -0400 > "Kevin P. Fleming" wrote: > > Thanks, I agree. I could some up with something which ran timedatectl > > to set the system time from the RTC, but the hwclock tool is already > > there for that purpose. > > > > I'll need to investigate why this script exits without making any > > changes when systemd is running; either the authors expected some part > > of systemd to read the RTC, or they expect some other service/tool to > > do it. > > > > On Thu, Mar 12, 2020 at 2:02 PM Mike Gilbert > > wrote: > > > > > > On Thu, Mar 12, 2020 at 7:13 AM Kevin P. Fleming > > > wrote: > > > > Prior to systemd, with the 'hwclock' package installed, a udev > > > > rule would trigger reading of the RTC and setting the system > > > > clock when /dev/rtc0 appeared. With systemd running, the script > > > > run by that udev rule is suppressed, it doesn't do anything. > > > > > > > > With a system using solely systemd-provided services, what's the > > > > proper mechanism to get the time read from an RTC whose driver is > > > > loaded by systemd-modules-load.service? > > > > > > Your use case is likely not covered by "systemd-provided" services. > > > > > > I think your best bet would be to "un-supress" that hwclock udev > > > rule. > > I'm not sure but you might be interested to read > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855203 > ___ > systemd-devel mailing list > systemd-devel@lists.freedesktop.org > https://lists.freedesktop.org/mailman/listinfo/systemd-devel ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Redirect logs from script to systemd's StandardOutput file
12.03.2020 12:10, Ani A пишет: > Hello, > > I am on Ubuntu 18.04.2, and I have systemd version 237. I have some common > tasks > which need to happen prestart and poststop which I have moved to a > script. All unit > files look like: > > StandardOutput=file:/var/log/my-.log > ExecStartPre=/path/to/helper.sh -t prestart -u > ExecStopPost=/path/to/helper.sh -t poststop -u > ExecStart=/path/to/my/exe > > where is the name of the systemd unit file. > > I use systemd's directive to log stdout to file, and in the prestart > and poststop actions also > I try to write some logs to the same file with shell echo, like: > > echo "..." >> /var/log/my-.log > It is not clear where you are using this command. In one of scripts that are part of unit definition? In some other script that is run outside of running unit? In interactive shell session? > The logs that is written by the script does not appear in the log file! > Is there anything wrong here (missing something) ? > > -- > Ani > ___ > systemd-devel mailing list > systemd-devel@lists.freedesktop.org > https://lists.freedesktop.org/mailman/listinfo/systemd-devel > ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
