Bug #5845
NTP in non-global zone
0%
Description
I recently tried to set up ntp in a non-global zone with private networking.
The global zone only has access to the internal network, the "router zone" has access to the internet and a private network, other zones talk to that private network, but not directly to the internet ...
anyway, following this blog: http://thegeekdiary.com/how-to-configure-ntp-client-in-solaris-8910-and-non-global-zones/
I added the "sys_time" privilege to the zone, and rebooted, but NTP still wouldn't work, because the NTP startup script (/lib/svc/method/ntp) has a check to see if it is running in the global zone, which it doesn't need:
smf_is_globalzone || exit $SMF_EXIT_OK
I modified the script, commenting out the line and NTP is working happily.
I noticed that before I added the privilege to the zone I was getting messages like "setppriv: Not owner" in the log file for the NTP startup script, meaning I wasn't sure if we even need the global-zone check, however it might be better to have the script structured like:
ppriv -v $$ | grep 'E: .*sys_time' > /dev/null 2>&1
if [[ $? > 0 ]]; then
smf_is_globalzone || exit $SMF_EXIT_OK
fi
Related issues
Updated by Yuri Pankov over 5 years ago
service/network/ntp isn't part of illumos-gate, please file an issue against distribution you are using.
Updated by Jonathan Adams over 5 years ago
damn, it was so hard to find the "Create Issue" button I'd failed to noticed I wasn't in "Indiana" any more ...
Should I create a new bug since I'm assuming you can't move bugs to different areas?
Updated by Marcel Telka over 5 years ago
- Project changed from illumos gate to OpenIndiana Distribution
Updated by Alexander Pyhalov over 5 years ago
Can't reproduce on rather fresh Hipster:
# zlogin external pkg list osnet-incorporation ntp NAME (PUBLISHER) VERSION IFO consolidation/osnet/osnet-incorporation 0.5.11-2015.0.0.14982 i-- service/network/ntp 4.2.8.2-2015.0.1.0 i-- # zonecfg -z external set limitpriv="default,sys_time" # zoneadm -z external reboot # zlogin external external# echo "server my.ntp.server" > /etc/inet/ntp.conf external# svcadm enable ntp external# svcs ntp STATE STIME FMRI online 23:01:11 svc:/network/ntp:default
Updated by Nikola M. over 5 years ago
Please be advised to include release number (Hipster lacks release numbers still),
BE date when it is installed/updated and/or illumos release string,
to help identify point in time when bug and testing is reported.
Without pointing in time when and by naming what Openindiana is used, it can not be tracked wither when bug started to appear or stopped to be a bug.