Time inside container [message #51042] |
Mon, 06 January 2014 22:26  |
ilou
Messages: 2 Registered: January 2014
|
Junior Member |
|
|
I am new here, Hi to all.
I've got some Openvz VPS from some hosting provider.
The time was out by 2 hours, even though I did set the proper timezone from inside the container.
I contacted the support.
The answer was they need to run some cronjob (that they trigger twice a day) to sync the VMs to the hardware node. Indeed this is supposed to be required in case the VM has been reboot or reinstalled according to the support.
Is that the way it has to be done ?
My undrerstanding was rather that in anycase the container time was locked to the node time that it receives from it no matter what (reboot or reinstall) ?
I don't get the reason why the node would require some cron task to put things back in sync.
To me the HN would just need proper time (i.e. ntpd)
Or am I missing something ?
Thanks in advance for any clarification.
|
|
|
|
|
|
Re: Time inside container [message #51066 is a reply to message #51042] |
Wed, 15 January 2014 19:09   |
Paparaciz
Messages: 302 Registered: August 2009
|
Senior Member |
|
|
Hi,
Probably the time is wrong in HN, and hoster have to ensure that time in HN is right.
in CT you only have to set proper timezone.
running ntpd in CT will not help even with sys_time capability. few years ago I tried, but after ~1min time in CT changes back to HN time. dunno how this works today, but anyway this is wrong way to go.
|
|
|
|
Re: Time inside container [message #51244 is a reply to message #51042] |
Tue, 18 March 2014 09:18   |
Paparaciz
Messages: 302 Registered: August 2009
|
Senior Member |
|
|
Hi dipps,
don't remember exact details, but as I said:
running ntpd in CT will not help even with sys_time capability. few years ago I tried, but after ~1min time in CT changes back to HN time. dunno how this works today.
it is wrong way because time sync should be done in HN, not in CT.
|
|
|
Re: Time inside container [message #51245 is a reply to message #51244] |
Tue, 18 March 2014 11:38   |
dipps
Messages: 22 Registered: May 2013 Location: Out in the scrub
|
Junior Member |
|
|
Paparaciz wrote on Tue, 18 March 2014 19:48.. dunno how this works today.
Looks OK so far! (as the falling man said before he hit the ground)
Paparaciz wroteit is wrong way because time sync should be done in HN, not in CT.
I would like to run as little in the HN as possible, for security reasons. The full xntpd seems a pretty big deal. openntpd seems more lightweight, but I still like restricting it to a CT.
[Updated on: Tue, 18 March 2014 11:39] Report message to a moderator
|
|
|
Re: Time inside container [message #51246 is a reply to message #51042] |
Fri, 21 March 2014 14:26  |
blahugo@yahoo.de
Messages: 4 Registered: May 2013
|
Junior Member |
|
|
It is possible to run ntpd inside a container an sync the HN.
This is our standad setup.
You'll have to grant the container the capability sys_time.
# vzctl set VEID --capability sys_time:on --save
And configure your ntpd inside the container to sync the hardware clock.
On RHEL-based systems for example:
# /etc/sysconfig/ntpd
# Drop root to id 'ntp:ntp' by default.
OPTIONS="-u ntp:ntp -p /var/run/ntpd.pid"
# Set to 'yes' to sync hw clock after successful ntpdate.
SYNC_HWCLOCK=yes
Lookout for your Debian config file.
On RHEL6-based systems this is caused by the compile flag
CONFIG_SECURITY_FILE_CAPABILITIES=y.
Find this on the HN:
grep CAPABILITIES /boot/config-$(uname -r)
Hope this helps.
regards,
blahugo
|
|
|