[SOLVED] NTP server on LXC

[nywst]

Which Linux LXC can be configured to be NTP server?
I tried Fedora 39 LXC, seems it doesn't have NTP package.

Thanks.

[root@DNS-test ~]# cat /etc/redhat-release
Fedora release 39 (Thirty Nine)
[root@DNS-test ~]# dnf install ntp
Last metadata expiration check: 1:10:32 ago on Sat Jul  6 03:52:33 2024.
No match for argument: ntp
Error: Unable to find a match: ntp

 

[Kingneutron]

Any Debian, Ubuntu or SuSE (and derivatives) should be able to function as an NTP server. Even "firewall" distros like ipfire, pfsense and opnsense offer this as a feature.

However, a simple web search came up with this:

https://www.server-world.info/en/note?os=Fedora_39&p=ntp&f=1

 

[gfngfn256]

You could just use the PVE host for that. I know you should really use an LXC or a VM for any services you wish to add - but this one requires NO installation as basically it already exists inside the Debian-based PVE host.

To do that (my tried setup - from notes) just do the following:

NTP Time Server:

nano /etc/chrony/chrony.conf


# Added by ME for NTP Server
local stratum 8
manual
allow 192.168.1.0/24   # The network you wish to allow to access the NTP time server - change accordingly

# Save & Exit

systemctl restart chronyd

 

[apmuthu]

Did not work

apt install chrony
nano /etc/chrony/chrony.conf
# put in as appropriate for my network

# systemctl enable --now chronyd
Failed to enable unit: Refusing to operate on alias name or linked unit file: chronyd.service
root@tyrtest:~# systemctl status chrony.service
x chrony.service - chrony, an NTP client/server
     Loaded: loaded (/lib/systemd/system/chrony.service; enabled; preset: enabled)
     Active: failed (Result: exit-code) since Sun 2024-07-07 20:27:40 UTC; 7min ago
       Docs: man:chronyd(8)
             man:chronyc(1)
             man:chrony.conf(5)
    Process: 1550 ExecStart=/usr/sbin/chronyd $DAEMON_OPTS (code=exited, status=226/NAMESPACE)
        CPU: 4ms

Jul 07 20:27:40 tyrtest systemd[1]: Starting chrony.service - chrony, an NTP client/server...
Jul 07 20:27:40 tyrtest (chronyd)[1550]: chrony.service: Failed to set up mount namespacing: /run/systemd/unit-root/proc: Permission deni>
Jul 07 20:27:40 tyrtest (chronyd)[1550]: chrony.service: Failed at step NAMESPACE spawning /usr/sbin/chronyd: Permission denied
Jul 07 20:27:40 tyrtest systemd[1]: chrony.service: Control process exited, code=exited, status=226/NAMESPACE
Jul 07 20:27:40 tyrtest systemd[1]: chrony.service: Failed with result 'exit-code'.
Jul 07 20:27:40 tyrtest systemd[1]: Failed to start chrony.service - chrony, an NTP client/server.

 

[apmuthu]

Even the following did not work in Bookworm:
https://www.server-world.info/en/note?os=Fedora_39&p=ntp&f=1

 

[apmuthu]

This seemed better but still did not work:

apt install ntp -y
systemctl restart ntp
ntpq -p

 

[apmuthu]

Even this did not work

apt install systemd-timesyncd -y
systemctl start systemd-timesyncd
systemctl status systemd-timesyncd

* systemd-timesyncd.service - Network Time Synchronization
     Loaded: loaded (/lib/systemd/system/systemd-timesyncd.service; enabled; preset: enabled)
     Active: inactive (dead)
  Condition: start condition failed at Sun 2024-07-07 20:56:34 UTC; 33s ago
             `- ConditionVirtualization=!container was not met
       Docs: man:systemd-timesyncd.service(8)

Jul 07 18:35:31 tyrtest systemd[1]: systemd-timesyncd.service - Network Time Synchronization was skipped because of an unmet condition ch>
Jul 07 20:56:22 tyrtest systemd[1]: systemd-timesyncd.service - Network Time Synchronization was skipped because of an unmet condition ch>
Jul 07 20:56:34 tyrtest systemd[1]: systemd-timesyncd.service - Network Time Synchronization was skipped because of an unmet condition ch>

 

[nywst]

I installed chrony to get it done quickly; thanks.

 

[nywst]

btw, Ubuntu LXC is better than Fedora.

 

[lxiosjao]

Hello,
I'm trying to configure LXC (debian 12) as a ntp server.

I have this error with chronyc :

Feb 02 11:56:29 ntp chronyd[927]: chronyd version 4.3 starting (+CMDMON +NTP +REFCLOCK +RTC +PRIVDROP +SCFILTER +SIGND +ASYNCDNS +NTS +SECHASH +IPV6 -DEBUG)
Feb 02 11:56:29 ntp chronyd[927]: Fatal error : adjtimex(0x8001) failed : Operation not permitted
Feb 02 11:56:29 ntp chronyd[925]: adjtimex(0x8001) failed : Operation not permitted
Feb 02 11:56:29 ntp systemd[1]: chrony.service: Control process exited, code=exited, status=1/FAILURE

Which kind of privilege the ct need for that ?
I would like to avoid using a privileged ct, is it possible ?

Thx

 

[gfngfn256]

adjtimex(0x8001) failed : Operation not permitted

I believe this error is called because the container does not have permission to change system-clock, as would be expected.

You would need to start chronyd with the -x option to disable the control of the system clock - as shown here.