Details
-
Type:
New Feature
-
Status: Closed
-
Priority:
Major
-
Resolution: Fixed
-
Fix Version/s: Vz7.0-Update11
-
Component/s: Containers::Userspace
-
Security Level: Public
Description
2 OpenVZ users requested to reintroduce sys_time capability for a Container.
quotes:
https://lists.openvz.org/pipermail/users/2019-May/007604.html
"It is because we want to setup a NTP server in CT, and then let other servers to update their system time via ntpdate from this CT. However after install NTP server in this CT, it is unable to start NTP service."
https://lists.openvz.org/pipermail/users/2019-May/007609.html
"With commercial Virtuozzo, we deployed containers to various lans, where each container served ntp, among other things.The host itself is isolated.
Removal of this capability brings about a dead end scenario."
===========================================================
1. Feature
Date/time management from inside a Container.
https://jira.sw.ru/browse/OVZ-7096
2. Description
Time is not virtualized inside Containers, so by default Containers cannot change date/time.
At the same time there is a necessity to allow running ntp service inside some trusted Cointainers,
so a Container "time" feature is introduced to allow the Container to manage time (on the whole Hardware Node).
3. Products
Virtuozzo 7
Packages versions (or later):
vzkernel-3.10.0-957.12.2.vz7.96.5
libvzctl-7.0.521
4. Testing
1) - try to adjust date/time inside default Container (date -s "12:00").
The operation should fail.
2) - set "time" feature for the Container (vzctl set $CTID --feature time:on --save)
- restart the CT
- try to change the time inside the CT: date -s "12:00"
The operation should succeed.
- try to install/start ntpd service.
* "systemctl start ntpd" should return no errors
* "journalctl -u ntpd" should not show any errors in logs
* date inside a CT should be correct after after ntpd is started (i.e. not "12:00" as set previously)
3) check the feature can be removed from the CT via vzctl.
(vzctl set $CTID --feature time:off --save)
Check CT config and appropriate feature should not be there.
4) check prlctl can set/remove "time" feature properly.
5) check man pages for both vzctl and prlctl describe new feature correctly.
5. Known issues
Time is NOT virtualized, so when you change date/time inside a Container,
Hardware Node's date/time is changed accordingly.
6. What was checked by developer
khorenko@: Steps 1)-2) described in "Testing", but on a custom kernel with tweaked feature number and
without new libvzctl package.
7. Feature owner
Konstantin Khorenko <khorenko@virtuozzo.com>
quotes:
https://lists.openvz.org/pipermail/users/2019-May/007604.html
"It is because we want to setup a NTP server in CT, and then let other servers to update their system time via ntpdate from this CT. However after install NTP server in this CT, it is unable to start NTP service."
https://lists.openvz.org/pipermail/users/2019-May/007609.html
"With commercial Virtuozzo, we deployed containers to various lans, where each container served ntp, among other things.The host itself is isolated.
Removal of this capability brings about a dead end scenario."
===========================================================
1. Feature
Date/time management from inside a Container.
https://jira.sw.ru/browse/OVZ-7096
2. Description
Time is not virtualized inside Containers, so by default Containers cannot change date/time.
At the same time there is a necessity to allow running ntp service inside some trusted Cointainers,
so a Container "time" feature is introduced to allow the Container to manage time (on the whole Hardware Node).
3. Products
Virtuozzo 7
Packages versions (or later):
vzkernel-3.10.0-957.12.2.vz7.96.5
libvzctl-7.0.521
4. Testing
1) - try to adjust date/time inside default Container (date -s "12:00").
The operation should fail.
2) - set "time" feature for the Container (vzctl set $CTID --feature time:on --save)
- restart the CT
- try to change the time inside the CT: date -s "12:00"
The operation should succeed.
- try to install/start ntpd service.
* "systemctl start ntpd" should return no errors
* "journalctl -u ntpd" should not show any errors in logs
* date inside a CT should be correct after after ntpd is started (i.e. not "12:00" as set previously)
3) check the feature can be removed from the CT via vzctl.
(vzctl set $CTID --feature time:off --save)
Check CT config and appropriate feature should not be there.
4) check prlctl can set/remove "time" feature properly.
5) check man pages for both vzctl and prlctl describe new feature correctly.
5. Known issues
Time is NOT virtualized, so when you change date/time inside a Container,
Hardware Node's date/time is changed accordingly.
6. What was checked by developer
khorenko@: Steps 1)-2) described in "Testing", but on a custom kernel with tweaked feature number and
without new libvzctl package.
7. Feature owner
Konstantin Khorenko <khorenko@virtuozzo.com>