| Re: [chrony-users] Chrony launched with -x in Kubernetes |
[ Thread Index |
Date Index
| More chrony.tuxfamily.org/chrony-users Archives
]
- To: chrony-users@xxxxxxxxxxxxxxxxxxxx
- Subject: Re: [chrony-users] Chrony launched with -x in Kubernetes
- From: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
- Date: Mon, 21 Oct 2024 12:23:45 +0200
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1729506232; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=a0HJWeZchaPGxRSTr15tQpXSFSUYrJ1TTetFEScMbeI=; b=X1Z60lXFblXXXT5WMdjyxydPmyTrQoRX0HA1mKYTWKxlGjiKHxSROeBCf7WHigs3y5Nerc BVL00iC/NpQS1Arb7SztuNpvbAdi3UeTfCtvu8NN//b4saVRYCA9T0O9KCGjDaUH9+dkxa icLhSKn0X9ICrOHEdNCi9HrvBO9tXhc=
On Mon, Oct 21, 2024 at 11:42:04AM +0200, Nathan MALO wrote:
> Am I in a situation where "the snake bites its own tail" ?
> That somehow there is a loop between the chrony pod and the chrony in the
> OS running on the node that runs the chrony pod ?
Yes, there is a feedback loop between the two chronyd instances. The
one running with -x does not adjust the system clock, but it still
uses it as a reference and assumes it is reasonably stable.
You need to break the loop. The instance adjusting the clock needs to
synchronize to servers that don't have this clock in their
synchronization path.
Note that chronyd doesn't need to be started with root privileges to
be able to control the clock. See the -U option in the man page and
the example chronyd-restricted.service in the source code.
--
Miroslav Lichvar
--
To unsubscribe email chrony-users-request@xxxxxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject.
For help email chrony-users-request@xxxxxxxxxxxxxxxxxxxx
with "help" in the subject.
Trouble? Email listmaster@xxxxxxxxxxxxxxxxxxxx.