/etc/sysconfig/clock is removed after yum update in Amazon Linux 2

Simple version:

If you follow AWS guide Setting the Time for Your Linux Instance to use /etc/sysconfig/clock to configure the timezone in Amazon Linux 2, you may not be able to find it after a yum update. So the suggested way to adjust time is to use timedatectl. For example:

sudo timedatectl set-timezone Australia/Sydney

Detailed version:

I launched an instance from the Amazon Linux 2 AMI “ami-0b8b10b5bf11f3a22” in my test lab. Once I logged in to the instance, there were package updates available and hence I ran ‘yum update’ for the same. Before running yum update, I could confirm the presence of the file “/etc/sysconfig/clock”, however after the update, the file was deleted as can be seen below:

[root@ip-172-31-9-134 ~]# cat /etc/sysconfig/clock
cat: /etc/sysconfig/clock: No such file or directory

Moving further with the investigation, in order to figure out the deletion of the file ‘/etc/sysconfig/clock’, I went ahead and configured ‘auditd’ on the instance. As you might be aware that auditd is a userspace component to the Linux Auditing System and it is responsible for writing audit records to the disk. To configure audit rules, we need to add the below line in the file ‘/etc/audit/rules.d/audit.rules’:

-a always,exit -F arch=b32 -S unlink -S unlinkat -S rename -S renameat -S rmdir -k delete
-a always,exit -F arch=b64 -S unlink -S unlinkat -S rename -S renameat -S rmdir -k delete

We can then use the below command to check for any file deletion operations and could see the output related to the file /etc/sysconfig/clock:

[root@ip-172-31-9-134 audit]# cat audit.log | grep clock
type=PATH msg=audit(1581657495.974:838): item=1 name="/etc/sysconfig/clock" inode=12583015 dev=ca:01 mode=0100644 ouid=0 ogid=0 rdev=00:00 nametype=DELETE cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0

The above output shows that the file is getting deleted and in order to figure out the same as which of the packages might be deleting this file, I launched an another test instance with the same AMI and checked for the packages that are to be updated while running ‘yum update’ and could see the package ‘systemd.x86_64’ has an update as well as can be seen in the below output:

[root@ip-172-31-13-195 ~]# yum check-update | grep -i systemd
Failed to set locale, defaulting to C
systemd.x86_64 219-57.amzn2.0.12 amzn2-core
systemd-libs.x86_64 219-57.amzn2.0.12 amzn2-core
systemd-sysv.x86_64 219-57.amzn2.0.12 amzn2-core

The current systemd package version was ‘systemd-219-57.amzn2.0.9.x86_64’ and when I updated this package, the version installed was ‘systemd-219-57.amzn2.0.12.x86_64’ and after that I could see that the file ‘/etc/sysconfig/clock’ was removed. Below is the updated packages for systemd:

[root@ip-172-31-9-134 ~]# yum list | grep -i systemd
Failed to set locale, defaulting to C
rpm-plugin-systemd-inhibit.x86_64 4.11.3-40.amzn2.0.3 installed
systemd.x86_64 219-57.amzn2.0.12 @amzn2-core
systemd-libs.x86_64 219-57.amzn2.0.12 installed
systemd-sysv.x86_64 219-57.amzn2.0.12 installed

I went ahead and checked the details of the package systemd.x86_64 using the rpm changelog command which would show for any bug fixes or other issues related to the package. The command used as below and I am just providing the truncated output of the command:

rpm -q --changelog systemd-219-57.amzn2.0.12.x86_64 | grep -i clock
- Take possession of /etc/localtime, and remove /etc/sysconfig/clock

As you can see in the above output that the file /etc/sysconfig/clock should be taken over by the file /etc/localtime wherein you can set the time zone of the server, however in order to get a more clear picture of the issue, I went ahead and checked the RPM post installation script of the package and as per the below output, I could figure out the same about the behavior. Below is the truncated output of the command that I ran to check for the installation scripts:

 [root@ip-172-31-9-134 ~]# rpm -q --scripts systemd.x86_64 | grep -i clock
    rm -f /etc/systemd/system/sysinit.target.wants/hwclock-load.service >/dev/null 2>&1 || :
# Migrate /etc/sysconfig/clock
if [ ! -L /etc/localtime -a -e /etc/sysconfig/clock ] ; then
    . /etc/sysconfig/clock >/dev/null 2>&1 || :
rm -f /etc/sysconfig/clock >/dev/null 2>&1 || :

As per the above script, if there are no symlinks for the file ‘/etc/localtime ‘ to /etc/sysconfig/clock, then the file /etc/sysconfig/clock should be removed and that is why you are seeing this behavior in the Amazon Linux 2 AMI. You can see that the file /etc/locatime has the below symlink:

[root@ip-172-31-9-134 etc]# ls -la | grep -i localtime
lrwxrwxrwx 1 root root 25 Feb 13 08:12 localtime -> ../usr/share/zoneinfo/UTC

Also, as per the further research done regarding this behavior, I would like to explain you that the file ‘/etc/sysconfig/clock’ was used in rhel6 and now in the upstream, the file /etc/localtime is used mainly and that is the reason as to why the package is getting removed after the upgrade. There are also filed bugs against system-config-date and anaconda to stop creating the file /etc/sysconfig/clock.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s