ntpd jail problem
Anybody know why ntpd might not work in a jail? I'm running an openntpd instance on the host machine, which syncs the clock from the pool at pool.ntp.org. From the log output, ntpd claims to be synced and the time does seem to be correct. I'm then running another openntpd in a jail which doesn't set the time, just serves it to clients. Something appears to be wrong, however. Any client that tries to get the time from the jailed openntpd simply says: $ sudo /usr/local/sbin/ntpd -ds listening on 127.0.0.1 ntp engine ready reply from 192.168.3.21: not synced, next query 615s The ntpd *never* appears to sync. Am I doing something fundamentally wrong, here? Is there some problem with jailed openntpd (that doesn't attempt to set the time) that I'm not aware of? Any help would be appreciated. ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ntpd jail problem
On 20080608 12:19:23, Steven Hartland wrote: I assume as it would effect the entire machine and hence should be run on the base machine instead, not the jail? I think you might've misunderstood. The ntpd I'm running on the host syncs the clock (and therefore the whole machine), the ntpd in the jail just publishes the time for the network (doesn't affect the clock). The problem is that the ntpd in the jail seems to believe that the host clock is out of sync (from what I can gather), even though it isn't. ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ntpd jail problem
I assume as it would effect the entire machine and hence should be run on the base machine instead, not the jail? - Original Message - From: [EMAIL PROTECTED] Anybody know why ntpd might not work in a jail? This e.mail is private and confidential between Multiplay (UK) Ltd. and the person or entity to whom it is addressed. In the event of misdirection, the recipient is prohibited from using, copying, printing or otherwise disseminating it or any information contained in it. In the event of misdirection, illegible or incomplete transmission please telephone +44 845 868 1337 or return the E.mail to [EMAIL PROTECTED] ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ntpd jail problem
On 2008-Jun-08 11:32:54 +0100, [EMAIL PROTECTED] wrote: I'm running an openntpd instance on the host machine, which syncs the clock from the pool at pool.ntp.org. From the log output, ntpd claims to be synced and the time does seem to be correct. I'm then running another openntpd in a jail which doesn't set the time, just serves it to clients. I've never used openntpd but for the base ntpd, you should be able to just use 'server 127.127.1.0' to make it trust (and not alter) the base system time. Note that this openntpd will not have access to the stratum information from the main ntpd but will have a fixed value and may need to be adjusted using a 'fudge' command (or equivalent). I'd be interested in knowing why you chose this approach rather than just syncing clients to the [open]ntpd instance in the host machine. -- Peter Jeremy Please excuse any delays as the result of my ISP's inability to implement an MTA that is either RFC2821-compliant or matches their claimed behaviour. pgpxEy6X1tjEd.pgp Description: PGP signature
Re: ntpd jail problem
On 20080608 19:56:03, Eugene Grosbein wrote: On Sun, Jun 08, 2008 at 12:25:00PM +0100, [EMAIL PROTECTED] wrote: The problem is that the ntpd in the jail seems to believe that the host clock is out of sync (from what I can gather), even though it isn't. That's because ntpd won't blindly assume that your host has right time. If you make client/server connection between your two copies of NTP daemons, the server insures the client that time is right and client will serve your network just right. Eugene Grosbein That would explain it... I'll make the adjustment now and see what happens. Thanks. ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ntpd jail problem
On 20080608 22:10:27, Peter Jeremy wrote: On 2008-Jun-08 11:32:54 +0100, [EMAIL PROTECTED] wrote: I'm running an openntpd instance on the host machine, which syncs the clock from the pool at pool.ntp.org. From the log output, ntpd claims to be synced and the time does seem to be correct. I'm then running another openntpd in a jail which doesn't set the time, just serves it to clients. I've never used openntpd but for the base ntpd, you should be able to just use 'server 127.127.1.0' to make it trust (and not alter) the base system time. Note that this openntpd will not have access to the stratum information from the main ntpd but will have a fixed value and may need to be adjusted using a 'fudge' command (or equivalent). Ok. Right. I'd be interested in knowing why you chose this approach rather than just syncing clients to the [open]ntpd instance in the host machine. Just basic paranoia really. Nothing on the host is network-visible, all the services are in jails. Thanks for the information. ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ntpd jail problem
On Sun, Jun 08, 2008 at 12:25:00PM +0100, [EMAIL PROTECTED] wrote: The problem is that the ntpd in the jail seems to believe that the host clock is out of sync (from what I can gather), even though it isn't. That's because ntpd won't blindly assume that your host has right time. If you make client/server connection between your two copies of NTP daemons, the server insures the client that time is right and client will serve your network just right. Eugene Grosbein ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
