I'm migrating Ubuntu VMs to CTs, but ran into an issue trying to get systemd-timesyncd working. For the CT, I'm using the ubuntu-22.04-standard_22.04-1_amd64.tar.zst LXC available for download within LXC. I'm not sure where to report this issue, as it looks like these are Proxmox-provided LXCs, or if it's an upstream issue, so I figured I'd start here.
The first issue is that a provisioned CT cannot start timesyncd, instead producing an error such as the following:
The cause of this is the default value for line 5 in the systemd configuration in /etc/systemd/system/dbus-org.freedesktop.timesync1.service, where
Changing that setting does start timesyncd, but then the second issue pops up, in that
I would like to stick with the default timesyncd instead of ripping it out and trying to get ntp working instead, so any tips would be greatly appreciated!
The first issue is that a provisioned CT cannot start timesyncd, instead producing an error such as the following:
Bash:
root@ct-test:~$ systemctl status systemd-timesyncd
* systemd-timesyncd.service - Network Time Synchronization
Loaded: loaded (/lib/systemd/system/systemd-timesyncd.service; enabled; vendor preset: enabled)
Active: inactive (dead)
Condition: start condition failed at Fri 2023-01-06 13:31:37 UTC; 12h ago
`- ConditionVirtualization=!container was not met
Docs: man:systemd-timesyncd.service(8)
root@ct-test:~$The cause of this is the default value for line 5 in the systemd configuration in /etc/systemd/system/dbus-org.freedesktop.timesync1.service, where
ConditionVirtualization=!container (shown below) should instead be ConditionVirtualization=container
Bash:
[Unit]
Description=Network Time Synchronization
Documentation=man:systemd-timesyncd.service(8)
ConditionCapability=CAP_SYS_TIME
ConditionVirtualization=!container
DefaultDependencies=no
After=systemd-sysusers.service
Before=time-set.target sysinit.target shutdown.target
Conflicts=shutdown.target
Wants=time-set.target
[Service]
AmbientCapabilities=CAP_SYS_TIME
BusName=org.freedesktop.timesync1
CapabilityBoundingSet=CAP_SYS_TIME
# Turn off DNSSEC validation for hostname look-ups, since those need the
# correct time to work, but we likely won't acquire that without NTP. Let's
# break this chicken-and-egg cycle here.Changing that setting does start timesyncd, but then the second issue pops up, in that
clock_adjtime() is not permitted to be called, I'm assuming because of a permissions problem within systemd:
Bash:
root@ct-test:~# systemctl status systemd-timesyncd
* systemd-timesyncd.service - Network Time Synchronization
Loaded: loaded (/lib/systemd/system/systemd-timesyncd.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2023-01-06 14:05:35 UTC; 11h ago
Docs: man:systemd-timesyncd.service(8)
Main PID: 601 (systemd-timesyn)
Status: "Initial synchronization to time server 185.125.190.56:123 (ntp.ubuntu.com)."
Tasks: 2 (limit: 28575)
Memory: 1.3M
CPU: 77ms
CGroup: /system.slice/systemd-timesyncd.service
`-601 /lib/systemd/systemd-timesyncd
Jan 06 20:20:18 ct-test systemd-timesyncd[601]: Failed to call clock_adjtime(): Operation not permitted
Jan 06 20:54:26 ct-test systemd-timesyncd[601]: Failed to call clock_adjtime(): Operation not permitted
Jan 06 21:28:35 ct-test systemd-timesyncd[601]: Failed to call clock_adjtime(): Operation not permitted
Jan 06 22:02:43 ct-test systemd-timesyncd[601]: Failed to call clock_adjtime(): Operation not permitted
Jan 06 22:36:51 ct-test systemd-timesyncd[601]: Failed to call clock_adjtime(): Operation not permitted
Jan 06 23:10:59 ct-test systemd-timesyncd[601]: Failed to call clock_adjtime(): Operation not permittedI would like to stick with the default timesyncd instead of ripping it out and trying to get ntp working instead, so any tips would be greatly appreciated!
