[Freeipa-users] Problems with ntpd when running FreeIPA in a Docker container
Nathan Kinder
nkinder at redhat.com
Thu Jan 15 17:13:14 UTC 2015
On 01/15/2015 08:56 AM, Nathan Kinder wrote:
>
>
> On 01/15/2015 12:01 AM, Jan Pazdziora wrote:
...
>> You need to use --cap-add=SYS_TIME when running the server container
>> or ntpd will fail.
>
> Thanks for the tip. This works. It would be handy to add this to the
> README for your freeipa-server container.
Nevermind. I just saw your reply to Lukas on this. If we can keep the
client install from hanging forever, then I agree that it's best to have
it be noticeable that time sync is not working in the client installer
output vs. hiding that it's not working.
>
>>
>> Even if you do that, SELinux will likely prevent ntpd doing its job
>> but at least it will stay around so that the client can connect to it.
>>
>> What is interesting though is the fact that the client hangs
>> indefinitely instead of reporting that it cannot sync the time and
>> proceeding.
>>
>
> I think this is simply a behavior difference between ntpdate and ntpd
> (which we are using now during the client install on f21). This issue
> should not be specific to using IPA in a container.
>
> Hanging indefinitely is never a good thing, so I think it would be nice
> to add a timeout in ipa-client-install in case we can't reach the server
> for ntp. I have filed a ticket for this:
>
> https://fedorahosted.org/freeipa/ticket/4842
>
> -NGK
>
More information about the Freeipa-users
mailing list