OpenVZ Forum: Users » NTP Server in einer virtuellen Umgebung

Home » Mailing lists » Users » NTP Server in einer virtuellen Umgebung

Show: Today's Messages :: Show Polls :: Message Navigator
E-mail to friend

Re: NTP Server in einer virtuellen Umgebung - SOLVED [message #44528 is a reply to message #44524]

Tue, 13 December 2011 08:44

MailingListe
Messages: 29
Registered: May 2008

Junior Member

Zitat von Daniel Bauer <mlist@dsb-gmbh.de>:

> From: <lst_hoe02@kwsoft.de>
>> Zitat von Daniel Bauer <mlist@dsb-gmbh.de>:
>>
>>> From: <lst_hoe02@kwsoft.de>
>>>> Zitat von Daniel Pittman <daniel@rimspace.net>:
>>>>
>>>>> On Sun, Dec 11, 2011 at 07:09, Daniel Bauer <mlist@dsb-gmbh.de>
>>>>> wrote:
>>>>>
>>>>>> I've a VPS for my internal LAN, which should also be used as a NTP
>>>>>> server.
>>>>>> The HN has already syncronized the time by de.pool.ntp.org, so the
>>>>>> time is
>>>>>> also ok inside the VPS.
>>>>>> The NTP server inside the VPS stalled, ntpq -p shows:
>>>>>
>>>>> You don't need NTP inside the container, just on the HN. The VE
>>>>> can't
>>>>> set the time anyhow.
>>>>
>>>> Not really true. You need special capabilities assigned to the VE to
>>>> let it manage your system clock. So if you need ntp inside the VE you
>>>> should do something like "vzctl set <VEID> --capability sys_time:on",
>>>> install ntp inside the VE and deinstall it on the HN.
>>>
>>> But that's not what I want.
>>>
>>> I want the HN to be a NTP client, so that all (HN + VE) have a valid
>>> time.
>>> This works already.
>>>
>>> I want the VE to be a NTP server for the local LAN, without beeing a
>>> NTP Client.
>>> That doesn't work.
>>
>> NTP by default only works as server if it has a valid timesource. By
>> default it does not use the "local clock" because its unreliable. On
>> the other hand NTP always try to adjust the local clock if it has a
>> valid timesource. This does not work in a VE if you don't set the
>> capability to adjust the clock, NTP will even run as "root" if it is
>> not able to adjust the local clock with the intended user.
>>
>> If you insist on your network design your options are:
>> - Let the VE NTP get the time from the HN and let it run as root on the
>> VE
>> - Try to hack NTP use the local clock as timesource and not try to
>> update
>
> the solution was not to take localhost, but
>> server 127.127.1.0
>> fudge 127.127.1.0 stratum 12
> now it works.

But be aware that NTP inside the VE is running as "root" in this case.
Don't every expose it to untrusted networks this way.

Regards

Andreas

Attachment: smime.p7s
(Size: 6.03KB, Downloaded 441 times)

Report message to a moderator

[Message index]

		NTP Server in einer virtuellen Umgebung By: Daniel Bauer on Sun, 11 December 2011 15:09
		Re: NTP Server in einer virtuellen Umgebung By: Daniel Pittman on Sun, 11 December 2011 18:58
		Re: NTP Server in einer virtuellen Umgebung By: MailingListe on Sun, 11 December 2011 19:36
		Re: NTP Server in einer virtuellen Umgebung By: Daniel Bauer on Sun, 11 December 2011 21:18
		Re: NTP Server in einer virtuellen Umgebung By: MailingListe on Mon, 12 December 2011 12:07
		Re: NTP Server in einer virtuellen Umgebung - SOLVED By: Daniel Bauer on Mon, 12 December 2011 18:54
		Re: NTP Server in einer virtuellen Umgebung - SOLVED By: MailingListe on Tue, 13 December 2011 08:44

Previous Topic:	NFQUEUE in VE
Next Topic:	Speed problems with a custom openvz template based debian testing

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

] [

]

Current Time: Wed Sep 10 08:07:57 GMT 2025

Total time taken to generate the page: 0.19350 seconds