NTP Server Best Practice (CT, Ubuntu, Chrony)?

uberdome

Member
Mar 19, 2019
25
1
23
I planned to run an NTP server for my network as a container in Proxmox. However, I didn't consider how the CT uses the host clock.

After setting up a Container with Ubuntu and Chrony and checking the status, I receive this response:
Code:
@ntp1:~# systemctl status chronyd
* chrony.service - chrony, an NTP client/server
     Loaded: loaded (/lib/systemd/system/chrony.service; enabled; vendor preset: enabled)
     Active: active (running) since Tue 2022-03-29 23:29:20 EDT; 13h ago
       Docs: man:chronyd(8)
             man:chronyc(1)
             man:chrony.conf(5)
   Main PID: 16697 (chronyd)
      Tasks: 2 (limit: 4915)
     Memory: 1.4M
     CGroup: /system.slice/chrony.service
             |-16697 /usr/sbin/chronyd -F -1 -x
             `-16698 /usr/sbin/chronyd -F -1 -x

Mar 29 23:29:20 ntp1 systemd[1]: Starting chrony, an NTP client/server...
Mar 29 23:29:20 ntp1 chronyd-starter.sh[16692]: Warning: Running in a container, likely impossible and unintended to sync system clock
Mar 29 23:29:20 ntp1 chronyd-starter.sh[16692]: Adding -x as fallback disabling control of the system clock, see /usr/share/doc/chrony/README.container to override this behavior
Mar 29 23:29:20 ntp1 chronyd[16697]: chronyd version 3.5 starting (+CMDMON +NTP +REFCLOCK +RTC +PRIVDROP +SCFILTER +SIGND +ASYNCDNS +SECHASH +IPV6 -DEBUG)
Mar 29 23:29:20 ntp1 chronyd[16697]: Disabled control of system clock
Mar 29 23:29:20 ntp1 chronyd[16697]: Loaded seccomp filter
Mar 29 23:29:20 ntp1 systemd[1]: Started chrony, an NTP client/server.
Mar 29 23:29:28 ntp1 chronyd[16697]: Selected source 91.189.89.198
Mar 29 23:31:39 ntp1 chronyd[16697]: Selected source 23.157.160.168

The notable part is the warning:
Code:
Warning: Running in a container, likely impossible and unintended to sync system clock

I am looking for some guidance. To run a Chrony server, do I need to install it as a VM? Is the installation already functioning correctly just without updating the host clock?

Some digging suggests the CT will always sync time with the hypervisor - is there any reason to avoid having a VM sync time with a CT or VM running some version of an NTP server? I'm only asking about one for the purpose of discussion, I intend to have multiples... but need to solve how to do one reasonably first.

Thank you, Chris
 
To run a Chrony server, do I need to install it as a VM?
That's what I do. I also played around with just having the Host clock also inside of a VM via chrony clock source kvm, it should also work, so that you only have to sync our pve hosts, but I have not enough data (or any) to show for it. I monitor the clock drifft with ntpdate inside of the VMs and up to now, there was no "warning" about driffting clocks.
 
That's what I do. I also played around with just having the Host clock also inside of a VM via chrony clock source kvm, it should also work, so that you only have to sync our pve hosts, but I have not enough data (or any) to show for it. I monitor the clock drifft with ntpdate inside of the VMs and up to now, there was no "warning" about driffting clocks.
Hello

I want to use proxmox's Chrony service to act as an NTP server for my domain.

is it feasible and logical?
 
Chrony is installed by default on the Proxmox host but is only configured as an NTP client. To enable the proxmox host to act as an NTP server you would need to add a few lines to the /etc/chrony/chrony.conf file

i.e
Code:
local stratum 8
manual
allow 192.168.1.0/24

then restart the chrony daemon
 
  • Like
Reactions: d_G and LnxBil
Chrony is installed by default on the Proxmox host but is only configured as an NTP client. To enable the proxmox host to act as an NTP server you would need to add a few lines to the /etc/chrony/chrony.conf file

i.e
Code:
local stratum 8
manual
allow 192.168.1.0/24

then restart the chrony daemon

Hello

I want to use proxmox's Chrony service to act as an NTP server for my domain.

is it doable and logical?

Thanks for your feedback. I had forgotten to specify that it is a cluster of 9 servers. in this case should I activate the chrony service on the 9 servers? will there be an impact on the internal synchronization of the cluster?
 
Chrony is installed by default on the Proxmox host but is only configured as an NTP client. To enable the proxmox host to act as an NTP server you would need to add a few lines to the /etc/chrony/chrony.conf file

i.e
Code:
local stratum 8
manual
allow 192.168.1.0/24

then restart the chrony daemon

Knowing that to run an NTP server, it also needs to sync as an NTP client... recognizing that the Containers are actually synced to the host, I got to wondering:

Would it be better to run a CT as an NTP server as it automatically syncs to the host which is already running chrony,
or
Would it be better to run a VM as a complete NTP server with both client and server functions?

I might end up trying it out. If I do, I will share results. Otherwise, I'd still be interested to know what others think or have done in such circumstances.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!