Univention Bugzilla – Bug 49455
time source for virtual machines - time skew after suspend-to-disk / snapshots
Last modified: 2023-06-28 10:46:17 CEST
NTPd is stable, but there are requests to replace it (Bug #47939). We have one big issue with NTPd (as configured in UCS): - on suspend-to-disk and with snapshots of VMs the time is frozen as well, leading to time skew after resume. This breaks Kerberos and SAML (Bug #45560) on the 2nd day of each UCS technical training if the trainee PCs are not turned on early enough for NTPd to fix the time on the Backup VM. ~30 minutes are NOT enough. This might be fixed by switching from NTPd to some other NTP implementation like "timesyncd" (part of systemd and always installed by default) or "chrony". It might also be enough to turn off the LOCAL clock on VMs (Bug #30854). It might also help to install the "qemu-guest-agent" inside VMs to use "virsh domtime --now $VM". It might also help to setup a "vmgenid" to notify the VM when being restored from backup/snapshot / being cloned: <https://github.com/qemu/qemu/blob/master/docs/specs/vmgenid.txt> Only supported with libvirt-4.4: <https://libvirt.org/formatdomain.html#elementsMetadata> UCS Technical training 2019-05-08/09
Windows clients require the Samba/AD DC to provide SNTP. Timesyncd "only implements a client side". Chrony claims to support SNTP.
There is a nice summary on <https://serverfault.com/questions/334698/how-to-keep-time-on-resumed-kvm-guest-with-libvirt> for the suspend-to-disk problem: - timesyncd from systemd-232 on Debian-9-Stretch (UCS-4.4) is too old - chrony should work - UCR template for /etc/default/libvirt-guests was not updated in UCS-4 to contain SYNC_TIME=1 With NTPd even setting up 3 external NTP servers is not fast: it takes many minutes for NTPd to even detect, that the local time is lagging. it then takes more time until is is corrected.
UVMM and virtualization with UCS is deprecated and will no longer be developed in UCS 4.4; they have already been removed from UCS 5.0.