[ovirt-users] Time synchronization in guest OS for Hosted Engine VM (for Kerberos)
aleksey.maksimov at it-kb.ru
aleksey.maksimov at it-kb.ru
Mon Sep 26 15:22:19 EDT 2016
Hello oVirt guru`s!
I want to configure Kerberos authentication (via MS Active Directory) for the oVirt portal.
So I need to properly configure the time synchronization for my Hosted Engine VM.
I set up chronyd service in a HE VM for time synchronization from Active Directory domain controllers:
# cat /etc/chrony.conf | grep ^[^#\;]
server 10.1.0.9 iburst
server 10.1.6.8 iburst
stratumweight 0
driftfile /var/lib/chrony/drift
rtcsync
makestep 10 3
bindcmdaddress 127.0.0.1
keyfile /etc/chrony.keys
commandkey 1
generatecommandkey
noclientlog
logchange 0.5
logdir /var/log/chrony
# chronyc tracking
Reference ID : 10.1.0.9 (kom-dc01.holding.com)
Stratum : 4
Ref time (UTC) : Mon Sep 26 17:40:16 2016
System time : 0.000437915 seconds slow of NTP time
Last offset : -0.000789918 seconds
RMS offset : 0.001730987 seconds
Frequency : 13.612 ppm slow
Residual freq : -0.009 ppm
Skew : 0.166 ppm
Root delay : 0.078126 seconds
Root dispersion : 0.126046 seconds
Update interval : 1031.9 seconds
Leap status : Normal
It looks workable.
But I think that the service may conflict with the kvm-clock
# cat /sys/devices/system/clocksource/clocksource0/current_clocksource
kvm-clock
# dmesg | grep -i clock
[ 0.000000] kvm-clock: Using msrs 4b564d01 and 4b564d00
[ 0.000000] kvm-clock: cpu 0, msr 2:3ff84001, primary cpu clock
[ 0.000000] kvm-clock: using sched offset of 6567130420 cycles
[ 0.538339] kvm-clock: cpu 1, msr 2:3ff84041, secondary cpu clock
[ 0.571323] acpi PNP0A03:00: _OSC: OS supports [ASPM ClockPM Segments MSI]
[ 0.663452] Switching to clocksource kvm-clock
[ 1.065348] rtc_cmos 00:00: setting system clock to 2016-09-25 16:16:04 UTC (1474820164)
[ 1.988543] tsc: Refined TSC clocksource calibration: 3166.733 MHz
[ 16.792347] Adjusting kvm-clock more than 11% (9437295 vs 9311354)
Do I need to turn off kvm-clock in virtual machine properties? And how to do it?
Please explain the best practice.
More information about the Users
mailing list