Home » Mailing lists » Users » NTP Server in einer virtuellen Umgebung
NTP Server in einer virtuellen Umgebung [message #44487] |
Sun, 11 December 2011 15:09 |
Daniel Bauer
Messages: 37 Registered: February 2006
|
Member |
|
|
Hi @all,
I've a VPS for my internal LAN, which should also be used as a NTP
server.
The HN has already syncronized the time by de.pool.ntp.org, so the time
is also ok inside the VPS.
The NTP server inside the VPS stalled, ntpq -p shows:
remote refid st t when poll reach delay offset
jitter
============================================================ ==================
localhost .INIT. 16 l - 64 0 0.000 0.000
0.000
my /etc/ntp.conf looks like this:
driftfile /var/lib/ntp/ntp.drift
statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable
server 127.0.0.1
fudge 127.0.0.1 stratum 12
restrict -4 default kod notrap nomodify nopeer noquery
restrict -6 default kod notrap nomodify nopeer noquery
restrict 127.0.0.1
restrict ::1
restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
does anybody knows a solution?
Thanks
Daniel
|
|
|
|
Re: NTP Server in einer virtuellen Umgebung [message #44489 is a reply to message #44488] |
Sun, 11 December 2011 19:36 |
MailingListe
Messages: 29 Registered: May 2008
|
Junior Member |
|
|
Zitat von Daniel Pittman <daniel@rimspace.net>:
> On Sun, Dec 11, 2011 at 07:09, Daniel Bauer <mlist@dsb-gmbh.de> wrote:
>
>> I've a VPS for my internal LAN, which should also be used as a NTP server.
>> The HN has already syncronized the time by de.pool.ntp.org, so the time is
>> also ok inside the VPS.
>> The NTP server inside the VPS stalled, ntpq -p shows:
>
> You don't need NTP inside the container, just on the HN. The VE can't
> set the time anyhow.
Not really true. You need special capabilities assigned to the VE to
let it manage your system clock. So if you need ntp inside the VE you
should do something like "vzctl set <VEID> --capability sys_time:on",
install ntp inside the VE and deinstall it on the HN.
Regards
Andreas
-
Attachment: smime.p7s
(Size: 6.03KB, Downloaded 380 times)
|
|
|
Re: NTP Server in einer virtuellen Umgebung [message #44492 is a reply to message #44489] |
Sun, 11 December 2011 21:18 |
Daniel Bauer
Messages: 37 Registered: February 2006
|
Member |
|
|
From: <lst_hoe02@kwsoft.de>
> Zitat von Daniel Pittman <daniel@rimspace.net>:
>
>> On Sun, Dec 11, 2011 at 07:09, Daniel Bauer <mlist@dsb-gmbh.de>
>> wrote:
>>
>>> I've a VPS for my internal LAN, which should also be used as a NTP
>>> server.
>>> The HN has already syncronized the time by de.pool.ntp.org, so the
>>> time is
>>> also ok inside the VPS.
>>> The NTP server inside the VPS stalled, ntpq -p shows:
>>
>> You don't need NTP inside the container, just on the HN. The VE
>> can't
>> set the time anyhow.
>
> Not really true. You need special capabilities assigned to the VE to
> let it manage your system clock. So if you need ntp inside the VE you
> should do something like "vzctl set <VEID> --capability sys_time:on",
> install ntp inside the VE and deinstall it on the HN.
But that's not what I want.
I want the HN to be a NTP client, so that all (HN + VE) have a valid
time.
This works already.
I want the VE to be a NTP server for the local LAN, without beeing a NTP
Client.
That doesn't work.
Why?
No VE and also no LAN client have access to the HN.
I've 3 subnets with 3 gatesways (VE), all gateways should be a NTP
server and couln't be a NTP client.
Thanks
Daniel
|
|
|
Re: NTP Server in einer virtuellen Umgebung [message #44511 is a reply to message #44492] |
Mon, 12 December 2011 12:07 |
MailingListe
Messages: 29 Registered: May 2008
|
Junior Member |
|
|
Zitat von Daniel Bauer <mlist@dsb-gmbh.de>:
> From: <lst_hoe02@kwsoft.de>
>> Zitat von Daniel Pittman <daniel@rimspace.net>:
>>
>>> On Sun, Dec 11, 2011 at 07:09, Daniel Bauer <mlist@dsb-gmbh.de> wrote:
>>>
>>>> I've a VPS for my internal LAN, which should also be used as a NTP server.
>>>> The HN has already syncronized the time by de.pool.ntp.org, so the time is
>>>> also ok inside the VPS.
>>>> The NTP server inside the VPS stalled, ntpq -p shows:
>>>
>>> You don't need NTP inside the container, just on the HN. The VE can't
>>> set the time anyhow.
>>
>> Not really true. You need special capabilities assigned to the VE to
>> let it manage your system clock. So if you need ntp inside the VE you
>> should do something like "vzctl set <VEID> --capability sys_time:on",
>> install ntp inside the VE and deinstall it on the HN.
>
> But that's not what I want.
>
> I want the HN to be a NTP client, so that all (HN + VE) have a valid time.
> This works already.
>
> I want the VE to be a NTP server for the local LAN, without beeing a
> NTP Client.
> That doesn't work.
NTP by default only works as server if it has a valid timesource. By
default it does not use the "local clock" because its unreliable. On
the other hand NTP always try to adjust the local clock if it has a
valid timesource. This does not work in a VE if you don't set the
capability to adjust the clock, NTP will even run as "root" if it is
not able to adjust the local clock with the intended user.
If you insist on your network design your options are:
- Let the VE NTP get the time from the HN and let it run as root on the VE
- Try to hack NTP use the local clock as timesource and not try to update
Regards
Andreas
-
Attachment: smime.p7s
(Size: 6.03KB, Downloaded 373 times)
|
|
|
Re: NTP Server in einer virtuellen Umgebung - SOLVED [message #44524 is a reply to message #44511] |
Mon, 12 December 2011 18:54 |
Daniel Bauer
Messages: 37 Registered: February 2006
|
Member |
|
|
From: <lst_hoe02@kwsoft.de>
> Zitat von Daniel Bauer <mlist@dsb-gmbh.de>:
>
>> From: <lst_hoe02@kwsoft.de>
>>> Zitat von Daniel Pittman <daniel@rimspace.net>:
>>>
>>>> On Sun, Dec 11, 2011 at 07:09, Daniel Bauer <mlist@dsb-gmbh.de>
>>>> wrote:
>>>>
>>>>> I've a VPS for my internal LAN, which should also be used as a NTP
>>>>> server.
>>>>> The HN has already syncronized the time by de.pool.ntp.org, so the
>>>>> time is
>>>>> also ok inside the VPS.
>>>>> The NTP server inside the VPS stalled, ntpq -p shows:
>>>>
>>>> You don't need NTP inside the container, just on the HN. The VE
>>>> can't
>>>> set the time anyhow.
>>>
>>> Not really true. You need special capabilities assigned to the VE to
>>> let it manage your system clock. So if you need ntp inside the VE
>>> you
>>> should do something like "vzctl set <VEID> --capability
>>> sys_time:on",
>>> install ntp inside the VE and deinstall it on the HN.
>>
>> But that's not what I want.
>>
>> I want the HN to be a NTP client, so that all (HN + VE) have a valid
>> time.
>> This works already.
>>
>> I want the VE to be a NTP server for the local LAN, without beeing a
>> NTP Client.
>> That doesn't work.
>
> NTP by default only works as server if it has a valid timesource. By
> default it does not use the "local clock" because its unreliable. On
> the other hand NTP always try to adjust the local clock if it has a
> valid timesource. This does not work in a VE if you don't set the
> capability to adjust the clock, NTP will even run as "root" if it is
> not able to adjust the local clock with the intended user.
>
> If you insist on your network design your options are:
> - Let the VE NTP get the time from the HN and let it run as root on
> the
> VE
> - Try to hack NTP use the local clock as timesource and not try to
> update
the solution was not to take localhost, but
> server 127.127.1.0
> fudge 127.127.1.0 stratum 12
now it works.
Thanks a lot
Daniel
|
|
|
Re: NTP Server in einer virtuellen Umgebung - SOLVED [message #44528 is a reply to message #44524] |
Tue, 13 December 2011 08:44 |
MailingListe
Messages: 29 Registered: May 2008
|
Junior Member |
|
|
Zitat von Daniel Bauer <mlist@dsb-gmbh.de>:
> From: <lst_hoe02@kwsoft.de>
>> Zitat von Daniel Bauer <mlist@dsb-gmbh.de>:
>>
>>> From: <lst_hoe02@kwsoft.de>
>>>> Zitat von Daniel Pittman <daniel@rimspace.net>:
>>>>
>>>>> On Sun, Dec 11, 2011 at 07:09, Daniel Bauer <mlist@dsb-gmbh.de>
>>>>> wrote:
>>>>>
>>>>>> I've a VPS for my internal LAN, which should also be used as a NTP
>>>>>> server.
>>>>>> The HN has already syncronized the time by de.pool.ntp.org, so the
>>>>>> time is
>>>>>> also ok inside the VPS.
>>>>>> The NTP server inside the VPS stalled, ntpq -p shows:
>>>>>
>>>>> You don't need NTP inside the container, just on the HN. The VE
>>>>> can't
>>>>> set the time anyhow.
>>>>
>>>> Not really true. You need special capabilities assigned to the VE to
>>>> let it manage your system clock. So if you need ntp inside the VE you
>>>> should do something like "vzctl set <VEID> --capability sys_time:on",
>>>> install ntp inside the VE and deinstall it on the HN.
>>>
>>> But that's not what I want.
>>>
>>> I want the HN to be a NTP client, so that all (HN + VE) have a valid
>>> time.
>>> This works already.
>>>
>>> I want the VE to be a NTP server for the local LAN, without beeing a
>>> NTP Client.
>>> That doesn't work.
>>
>> NTP by default only works as server if it has a valid timesource. By
>> default it does not use the "local clock" because its unreliable. On
>> the other hand NTP always try to adjust the local clock if it has a
>> valid timesource. This does not work in a VE if you don't set the
>> capability to adjust the clock, NTP will even run as "root" if it is
>> not able to adjust the local clock with the intended user.
>>
>> If you insist on your network design your options are:
>> - Let the VE NTP get the time from the HN and let it run as root on the
>> VE
>> - Try to hack NTP use the local clock as timesource and not try to
>> update
>
> the solution was not to take localhost, but
>> server 127.127.1.0
>> fudge 127.127.1.0 stratum 12
> now it works.
But be aware that NTP inside the VE is running as "root" in this case.
Don't every expose it to untrusted networks this way.
Regards
Andreas
-
Attachment: smime.p7s
(Size: 6.03KB, Downloaded 393 times)
|
|
|
Goto Forum:
Current Time: Thu Oct 17 02:44:52 GMT 2024
Total time taken to generate the page: 0.06213 seconds
|