Home Uncategorized Run ntp inside a container

Run ntp inside a container

by The Linux Digest Guy
Run NTP daemon inside a container

If you try to run ntp inside a container, like LXD or Docker, chances are, you are going to run into some errors. Errors like the following.

ntpd[xxxx]: adj_systime: Operation not permitted
ntpd[xxxx]: start_kern_loop: ntp_loopfilter.c line 1119: ntp_adjtime: Operation not permitted
ntpd[xxxx]: set_freq: ntp_loopfilter.c line 1082: ntp_adjtime: Operation not permitted
ntpd[xxxx]: Cannot set RLIMIT_MEMLOCK: Operation not permitted

The reason for these errors is that by default ntp tries to update the local time as well as serve the time to clients. But in the case of an unprivileged container, ntp does not have access to set the local time.

You could solve this by running ntp in a privileged container that has access to change the system clock. But it makes much more sense to have another process running on your host to update the clock there and have the container only serve the time to clients.

Use the local time as the clock source

Make sure you have an ntp daemon running on your host. If the clock on your host is not in sync, the time your container is serving will also be out of sync.

Next, comment out all lines in your /etc/ntp.conf that start with pool or server.

#pool 0.ubuntu.pool.ntp.org iburst
#pool 1.ubuntu.pool.ntp.org iburst
#pool 2.ubuntu.pool.ntp.org iburst
#pool 3.ubuntu.pool.ntp.org iburst

Now instruct ntp to use 127.127.1.0, which is your local clock, as a clock source. You do this by adding this line to your ntp.conf:

server  127.127.1.0 prefer

Living with errors

The errors, mentioned above, are mostly harmless. You can get rid of some of them by disabling precision-time kernel support. You do this by adding a disable kernel on a line by itself.

disable kernel

There is also an option called disable ntp. This instructs ntpd not to update the system clock. But in my case it also made the server report a stratum of 16 to clients. Which will cause many clients to ignore the time the server reports.

I hope this article helps you to run ntp inside a container. If you still run into problems, please add a comment and I will try to update the article.

3

Related Posts

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

Privacy & Cookies Policy