Allow an OpenVZ VE to Act as NTP Server

Common VEs are not allowed to update the system time
ve# ntpdate time.example.com
22 May 02:39:11 ntpdate[1895]: step-systime: Operation not permitted

Add the required privilege to a dedicated NTP VE
hn# vzctl stop 123
Stopping container ...
Container was stopped
Container is unmounted

hn# vzctl set 123 --capability sys_time:on --save
Saved parameters for CT 123

hn# vzctl start 123 Starting container ...
Container is mounted
Adding IP address(es): 192.168.1.123
Setting CPU units: 1000
Configure meminfo: 65536
Set hostname: ve123.example.com
File resolv.conf was modified
Container start in progress...

Try again…
hn# vzctl enter 123
entered into CT 123

ve# ntpdate time.example.com
22 May 02:43:04 ntpdate[3743]: step time server 12.12.12.12 offset -1.458977 sec

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s