Reputation: 438
Getting Host NTP Information from Docker Image (Java)
I have a Java application in a Docker Container (Iron Alpine) running on a Oracle Linux 8 host. The service application needs to produce a message with the current time, the NTP Source address, and the NTP Last Update. The Host has chrony configured and syncing. Time on the Docker Container is in-sync with the host.
However, we are unable to query the NTP Source/Last Update information from with the Java Application on the Docker Container.
Note: I am aware this defeats the point of the containerization, and if I could run this locally on the machine, I would. However, I'm stuck with Docker and would be happy with really any solution. This only needs to survive about 3 months until we go live with our kubernetes version.
The code we have for the query is very similar to NTPTimesource.java, specifically, lines 108-114:
NTPUDPClient client = new NTPUDPClient();
client.setDefaultTimeout(DEFAULT_NTP_TIMEOUT_MS);// Timeout if a response takes longer than 10 seconds
client.open();
InetAddress address = InetAddress.getByName(ntpServer);
TimeInfo info = client.getTime(address);
info.computeDetails();
The main issue is that client.getTime(address) will hang if ntpServer is the IP Address of the Docker host (in our case, 172.18.0.1) or of the container itself (172.18.0.9).
java.net.SocketTimeoutException: Receive timed out
image-1 | at java.base/sun.nio.ch.DatagramChannelImpl.trustedBlockingReceive(DatagramChannelImpl.java:703)
image-1 | at java.base/sun.nio.ch.DatagramChannelImpl.blockingReceive(DatagramChannelImpl.java:633)
image-1 | at java.base/sun.nio.ch.DatagramSocketAdaptor.receive(DatagramSocketAdaptor.java:240)
image-1 | at java.base/java.net.DatagramSocket.receive(DatagramSocket.java:700)
image-1 | at org.apache.commons.net.ntp.NTPUDPClient.getTime(NTPUDPClient.java:89)
image-1 | at org.apache.commons.net.ntp.NTPUDPClient.getTime(NTPUDPClient.java:49)
Obviously, the address is not responding and I expect that is due to the fact there is nothing configured to respond on that address.
If we know ntpServer and punch that in directly, then the hang goes away and the system all works fine (except for the 172.18.0.* addresses). However, we are not guaranteed to know which NTP server is authoritative at that moment in time for the host, which defeats the flexibility of the solution.
Previously, when running on CentOS7, this worked. On the CentOS7 system, we were running ntpd, which is gone on Oracle Linux 8. The issue occurs whether or not selinux is enforcing.
I'm starting to run out of ideas (and Google search results) because I'm pretty sure how I'm going about this is just wrong.
- Should a container be able to query a hosts NTP information via the NTPUDPClient()?
- Are there ways of passing in the NTP information to the container and provide regular updates? I could write to a file and read it in at a frequency, but that has the issue of being out of sync with the world
- Any thoughts on why this worked with ntpd and not chrony?
Thank you!
Update I've paused on the whole Docker situation and went back to the drawing board. In simply using a Python script on the host itself, I'm not able to to an NTP Query on localhost (127.0.0.1) with chrony, even as root and with firewall off. Until I can run an NTP query locally and verify Chrony is configured correctly, I'm not going to stress about the Docker setup.
Upvotes: 0
Views: 23
Answers (0)
Related Questions
- How to copy files from host to Docker container?
- How to deal with persistent storage (e.g. databases) in Docker
- How to copy Docker images from one host to another without using a repository
- How to force Docker for a clean build of an image
- Copying files from Docker container to host
- How is Docker different from a virtual machine?
- How to get a Docker container's IP address from the host
- How do I call one constructor from another in Java?