Bug #5845

NTP in non-global zone

Added by Jonathan Adams almost 4 years ago. Updated over 3 years ago.

Status:NewStart date:2015-04-16
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:-
Target version:-
Difficulty:Medium Tags:needs-triage

Description

I recently tried to set up ntp in a non-global zone with private networking.

The global zone only has access to the internal network, the "router zone" has access to the internet and a private network, other zones talk to that private network, but not directly to the internet ...

anyway, following this blog: http://thegeekdiary.com/how-to-configure-ntp-client-in-solaris-8910-and-non-global-zones/

I added the "sys_time" privilege to the zone, and rebooted, but NTP still wouldn't work, because the NTP startup script (/lib/svc/method/ntp) has a check to see if it is running in the global zone, which it doesn't need:

smf_is_globalzone || exit $SMF_EXIT_OK

I modified the script, commenting out the line and NTP is working happily.

I noticed that before I added the privilege to the zone I was getting messages like "setppriv: Not owner" in the log file for the NTP startup script, meaning I wasn't sure if we even need the global-zone check, however it might be better to have the script structured like:

ppriv -v $$ | grep 'E: .*sys_time' > /dev/null 2>&1
if [[ $? > 0 ]]; then
        smf_is_globalzone || exit $SMF_EXIT_OK
fi

Related issues

Duplicated by OpenIndiana Distribution - Bug #5846: NTP in non-global zone Rejected 2015-04-16

History

#1 Updated by Yuri Pankov almost 4 years ago

service/network/ntp isn't part of illumos-gate, please file an issue against distribution you are using.

#2 Updated by Jonathan Adams almost 4 years ago

damn, it was so hard to find the "Create Issue" button I'd failed to noticed I wasn't in "Indiana" any more ...

Should I create a new bug since I'm assuming you can't move bugs to different areas?

#3 Updated by Marcel Telka almost 4 years ago

  • Project changed from illumos gate to OpenIndiana Distribution

#4 Updated by Marcel Telka almost 4 years ago

  • Duplicated by Bug #5846: NTP in non-global zone added

#5 Updated by Alexander Pyhalov almost 4 years ago

Can't reproduce on rather fresh Hipster:

# zlogin external pkg list osnet-incorporation ntp
NAME (PUBLISHER)                                  VERSION                    IFO
consolidation/osnet/osnet-incorporation           0.5.11-2015.0.0.14982      i--
service/network/ntp                               4.2.8.2-2015.0.1.0         i--

# zonecfg -z external set limitpriv="default,sys_time" 
# zoneadm -z external reboot
# zlogin external

external# echo "server my.ntp.server" > /etc/inet/ntp.conf
external# svcadm enable ntp
external# svcs ntp
STATE          STIME    FMRI
online         23:01:11 svc:/network/ntp:default

#6 Updated by Nikola M. over 3 years ago

Please be advised to include release number (Hipster lacks release numbers still),
BE date when it is installed/updated and/or illumos release string,
to help identify point in time when bug and testing is reported.

Without pointing in time when and by naming what Openindiana is used, it can not be tracked wither when bug started to appear or stopped to be a bug.

Also available in: Atom