NTP Server Best Practice (CT, Ubuntu, Chrony)?

[uberdome]

I planned to run an NTP server for my network as a container in Proxmox. However, I didn't consider how the CT uses the host clock.

After setting up a Container with Ubuntu and Chrony and checking the status, I receive this response:

@ntp1:~# systemctl status chronyd
* chrony.service - chrony, an NTP client/server
     Loaded: loaded (/lib/systemd/system/chrony.service; enabled; vendor preset: enabled)
     Active: active (running) since Tue 2022-03-29 23:29:20 EDT; 13h ago
       Docs: man:chronyd(8)
             man:chronyc(1)
             man:chrony.conf(5)
   Main PID: 16697 (chronyd)
      Tasks: 2 (limit: 4915)
     Memory: 1.4M
     CGroup: /system.slice/chrony.service
             |-16697 /usr/sbin/chronyd -F -1 -x
             `-16698 /usr/sbin/chronyd -F -1 -x

Mar 29 23:29:20 ntp1 systemd[1]: Starting chrony, an NTP client/server...
Mar 29 23:29:20 ntp1 chronyd-starter.sh[16692]: Warning: Running in a container, likely impossible and unintended to sync system clock
Mar 29 23:29:20 ntp1 chronyd-starter.sh[16692]: Adding -x as fallback disabling control of the system clock, see /usr/share/doc/chrony/README.container to override this behavior
Mar 29 23:29:20 ntp1 chronyd[16697]: chronyd version 3.5 starting (+CMDMON +NTP +REFCLOCK +RTC +PRIVDROP +SCFILTER +SIGND +ASYNCDNS +SECHASH +IPV6 -DEBUG)
Mar 29 23:29:20 ntp1 chronyd[16697]: Disabled control of system clock
Mar 29 23:29:20 ntp1 chronyd[16697]: Loaded seccomp filter
Mar 29 23:29:20 ntp1 systemd[1]: Started chrony, an NTP client/server.
Mar 29 23:29:28 ntp1 chronyd[16697]: Selected source 91.189.89.198
Mar 29 23:31:39 ntp1 chronyd[16697]: Selected source 23.157.160.168

The notable part is the warning:

Warning: Running in a container, likely impossible and unintended to sync system clock

I am looking for some guidance. To run a Chrony server, do I need to install it as a VM? Is the installation already functioning correctly just without updating the host clock?

Some digging suggests the CT will always sync time with the hypervisor - is there any reason to avoid having a VM sync time with a CT or VM running some version of an NTP server? I'm only asking about one for the purpose of discussion, I intend to have multiples... but need to solve how to do one reasonably first.

Thank you, Chris

 

[LnxBil]

To run a Chrony server, do I need to install it as a VM?

That's what I do. I also played around with just having the Host clock also inside of a VM via chrony clock source kvm, it should also work, so that you only have to sync our pve hosts, but I have not enough data (or any) to show for it. I monitor the clock drifft with ntpdate inside of the VMs and up to now, there was no "warning" about driffting clocks.

 

[Darius koissi]

That's what I do. I also played around with just having the Host clock also inside of a VM via chrony clock source kvm, it should also work, so that you only have to sync our pve hosts, but I have not enough data (or any) to show for it. I monitor the clock drifft with ntpdate inside of the VMs and up to now, there was no "warning" about driffting clocks.

Hello

I want to use proxmox's Chrony service to act as an NTP server for my domain.

is it feasible and logical?

 

[Darius koissi]

Hello

I want to use proxmox's Chrony service to act as an NTP server for my domain.

is it feasible and logical?

Hello

I want to use proxmox's Chrony service to act as an NTP server for my domain.

is it feasible and logical?

 

[bobmc]

Chrony is installed by default on the Proxmox host but is only configured as an NTP client. To enable the proxmox host to act as an NTP server you would need to add a few lines to the /etc/chrony/chrony.conf file

i.e

local stratum 8
manual
allow 192.168.1.0/24

then restart the chrony daemon

 

[Darius koissi]

Chrony is installed by default on the Proxmox host but is only configured as an NTP client. To enable the proxmox host to act as an NTP server you would need to add a few lines to the /etc/chrony/chrony.conf file

i.e

local stratum 8
manual
allow 192.168.1.0/24

then restart the chrony daemon

Hello

I want to use proxmox's Chrony service to act as an NTP server for my domain.

is it doable and logical?

Thanks for your feedback. I had forgotten to specify that it is a cluster of 9 servers. in this case should I activate the chrony service on the 9 servers? will there be an impact on the internal synchronization of the cluster?

 

[uberdome]

Chrony is installed by default on the Proxmox host but is only configured as an NTP client. To enable the proxmox host to act as an NTP server you would need to add a few lines to the /etc/chrony/chrony.conf file

i.e

local stratum 8
manual
allow 192.168.1.0/24

then restart the chrony daemon

Knowing that to run an NTP server, it also needs to sync as an NTP client... recognizing that the Containers are actually synced to the host, I got to wondering:

Would it be better to run a CT as an NTP server as it automatically syncs to the host which is already running chrony,
or
Would it be better to run a VM as a complete NTP server with both client and server functions?

I might end up trying it out. If I do, I will share results. Otherwise, I'd still be interested to know what others think or have done in such circumstances.