[PVE-User] PVE 5.2, time sync, container...
Marco Gaiarin
gaio at sv.lnf.it
Tue May 22 16:49:26 CEST 2018
Mandi! Marco Baldini - H.S. Amiata
In chel di` si favelave...
> Just install a little VM with a NTP server (i use chrony) and sync hosts
> with that. I went this route about two years ago and had no problem since
> then
After googling a bit better then yesterday, i've done:
root at clerk:~# lxc-info -n 100 -c lxc.cap.drop
lxc.cap.drop = mac_admin
mac_override
sys_time
sys_module
sys_rawio
and so i've added to /etc/pve/lxc/100.conf:
lxc.cap.drop:
lxc.cap.drop: mac_admin mac_override sys_module sys_rawio
and now:
root at clerk:~# lxc-info -n 100 -c lxc.cap.drop
lxc.cap.drop = mac_admin
mac_override
sys_module
sys_rawio
So now i can run a NTP on my container, providing probably that is the
only container with cap 'sys_time' enabled.
Clearly i can run ntp on the hostm, or in a VM, but an AD DC mandate
the presence of a ntp server, and probably having an NTP server that,
if needed, cannot write to HWclock, could be a source of troubles...
--
dott. Marco Gaiarin GNUPG Key ID: 240A3D66
Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/
Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN)
marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797
Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
More information about the pve-user
mailing list