NTPD in jail
dweimer
dweimer at dweimer.net
Tue Apr 7 14:23:22 UTC 2015
I understand that a jail can't update the servers time, but I recently
migrated a physical FreeBSD machine into a FreeBSD jail. That machine
was one of the 3 machines that I ran NTPD on to sync to internet time
servers, and pointed my internal machines at. I have configured the host
to sync to the internet time servers. And setup the jail to only have
the fake fudge 127.127.1.0 server, figuring that the host ntpd process
would keep the server synced and this would allow the internal clients
to sync to it without having to change them all to point at the hosts IP
address instead.
I have both processes limited to the correct external IPs to avoid port
conflicts, however the jails NTPD service periodically fails, the only
log entries I see are the "Apr 7 09:01:27 proxy1 ntpd[48446]:
local_clock: ntp_loopfilter.c line 709: ntp_adjtime: Operation not
permitted" but at some point it's no longer running to answer query's.
I plan to add DNS CNAMEs for NTP1, NTP2, NTP3 to reference the NTP
servers from the clients and update the CNAMEs if hosts change in the
future.
In the short term to make sure clients don't lose their time sync does
anyone have a work around that will allow NTPD to run on the jail?
--
Thanks,
Dean E. Weimer
http://www.dweimer.net/
More information about the freebsd-questions
mailing list