Chrony doesn´t start in Proxmox container

Question

I have created a container with Debian (Debian 11 template) on top of Proxmox 7.0.8. It is essential that the operating system keep the time synchronized and for this I installed chrony, but it does not start.

journalct -xe dump:

root@pamiweb:~# journalctl -xe
-- Support: https://www.debian.org/support
--
-- A start job for unit chrony.service has begun execution.
--
-- The job identifier is 1038110.
Jan 31 15:45:55 pamiweb systemd[77723]: chrony.service: Failed to set up mount namespacing: /run/systemd/unit-root/proc: Permission denied
Jan 31 15:45:55 pamiweb systemd[77723]: chrony.service: Failed at step NAMESPACE spawning /usr/sbin/chronyd: Permission denied
-- Subject: Process /usr/sbin/chronyd could not be executed
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- The process /usr/sbin/chronyd could not be executed and failed.
--
-- The error number returned by this process is ERRNO.
Jan 31 15:45:55 pamiweb systemd[1]: chrony.service: Control process exited, code=exited, status=226/NAMESPACE
-- Subject: Unit process exited
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- An ExecStart= process belonging to unit chrony.service has exited.
--
-- The process' exit code is 'exited' and its exit status is 226.
Jan 31 15:45:55 pamiweb systemd[1]: chrony.service: Failed with result 'exit-code'.
-- Subject: Unit failed
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- The unit chrony.service has entered the 'failed' state with result 'exit-code'.
Jan 31 15:45:55 pamiweb systemd[1]: Failed to start chrony, an NTP client/server.
-- Subject: A start job for unit chrony.service has failed
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- A start job for unit chrony.service has finished with a failure.
--
-- The job identifier is 1038110 and the job result is failed.
lines 6027-6062/6062 (END)

systemctl status chrony dump:

chrony.service - chrony, an NTP client/server
     Loaded: loaded (/lib/systemd/system/chrony.service; enabled; vendor preset: enabled)
     Active: failed (Result: exit-code) since Mon 2023-01-30 18:50:13 UTC; 20h ago
       Docs: man:chronyd(8)
             man:chronyc(1)
             man:chrony.conf(5)
    Process: 15390 ExecStart=/usr/sbin/chronyd $DAEMON_OPTS (code=exited, status=226/NAMESPACE)
        CPU: 7ms

Jan 30 18:50:13 pamiweb systemd[1]: Starting chrony, an NTP client/server...
Jan 30 18:50:13 pamiweb systemd[15390]: chrony.service: Failed to set up mount namespacing: /run/systemd/unit-root/proc: Permission denied
Jan 30 18:50:13 pamiweb systemd[15390]: chrony.service: Failed at step NAMESPACE spawning /usr/sbin/chronyd: Permission denied
Jan 30 18:50:13 pamiweb systemd[1]: chrony.service: Control process exited, code=exited, status=226/NAMESPACE
Jan 30 18:50:13 pamiweb systemd[1]: chrony.service: Failed with result 'exit-code'.
Jan 30 18:50:13 pamiweb systemd[1]: Failed to start chrony, an NTP client/server.

UPDATE: Following @NikitaKipriyanov's recommendations I have configured chrony on the proxmox host to update the time from an external server directly. So far so good, but I don't see the container updating the time. Both the proxmox host and the container have the same time zone in /etc/timezone. When I manually dpkg-reconfigure tzdata on the container, it instantly updates the time, but lags again. When doing systemctl status systemd-timesyncd.service, it throws:

systemd-timesyncd.service - Network Time Synchronization
   Loaded (/lib/systemd/system/systemd-timesyncd.service; enabled; vendor preset: enabled)
   Active: inactive (dead)
Condition: start condition failed at Wed 2023-03-08 15:34:55 CST; 7s ago
   ConditionVirtualization=!container was not met
Docs: man:systemd-timesyncd.service(8)

Mar  08 14:12:46 vmproxy-5 systemd[1]: Condition check resulted in Network Time Synchronization being skipped. 

Mar  08 15:34:55 vmproxy-5 systemd[1]: Condition check resulted in Network Time Synchronization being skipped.

Doesn't container pulls time from the host? It *is* the host, a partition of the host operating system. The "host environment" needs to have a time keeping service anyway, then magically all containers will have it too. The only thing you need is to set up time zone in each. — Nikita Kipriyanov, Feb 26 '23 at 04:41
@NikitaKipriyanov, the proxmox server doesn't access to external network to get time for some ntp server. The container is a proxy/gateway and for that reason i need a chrony service in it, to keep it on time sync with an external server. — Francisco, Mar 08 '23 at 01:38
This is bad. You should make host access time servers and updates. You can use a container as an internet gateway for that, but this is bad practice. — Nikita Kipriyanov, Mar 08 '23 at 03:26
@NikitaKipriyanov, then the easy or right way it's on keep sync the proxmox host directly!? — Francisco, Mar 08 '23 at 03:38
Configure NTP on the host and give it access to trusted time servers. — Nikita Kipriyanov, Mar 08 '23 at 14:10
@NikitaKipriyanov I have configured chrony on the proxmox host as you recommend, and it updates the time from the external resource, but the container does not update its time. I have updated the question with the error it gives me in the container, maybe you can clarify my error. — Francisco, Mar 09 '23 at 02:42
Now I suppose the valid action would be to go to Proxmox forum and ask there. In my Proxmox experience I've never had any problems with time in containers, and they were never using their own time keeping measures, only hosts. — Nikita Kipriyanov, Mar 09 '23 at 12:14
@NikitaKipriyanov thank you for the guide. I will research about. — Francisco, Mar 09 '23 at 14:15

Chrony doesn´t start in Proxmox container

0 Answers0