On (15/01/15 09:01), Jan Pazdziora wrote:
>On Wed, Jan 14, 2015 at 08:18:02PM -0800, Nathan Kinder wrote:
>> Hi,
>> I'm running into a strange problem related to ntpd when trying to use
>> IPA in a container.  I'm using the adelton/freeipa-server:fedora-21 and
>> adelton/freeipa-client:fedora-21 docker images.  Basically, the client
>> install hangs when it runs ntpd.  This is reproducible on two different
>> docker hosts of mine, so it will probably easily reproduce for others as
>> The /sbin/ipa-server-configure-first entrypoint script for the server
>> image does a 'systemctl start-enabled' to bring up all of the services,
>> which results in this output in /var/log/systemctl.log:
>> --------------------------------------------------------------------
>> [start-enabled]
>> [start ntpd.service]
>> Running [export OPTIONS="-g -x"; /usr/sbin/ntpd -u ntp:ntp $OPTIONS]
>> Marked pid [15] for [ntpd.service]
>> Marked process name [/usr/sbin/ntpd] for [ntpd.service]
>> ...
>> --------------------------------------------------------------------
>> This is the same log output that is generated if I manually run
>> 'systemctl start ntpd.service' from within the container, but the ntpd
>> process stays around when I start it this way.  It's hard to tell what
>> might be happening to ntpd, as there is no journal in the container.
>> I'm continuing to debug this, but I thought I'd share my findings thus
>> far in case anyone else has seen this or has any ideas for tracking the
>> problem down.  Any ideas?
>You need to use --cap-add=SYS_TIME when running the server container
>or ntpd will fail.
