
A Docker image contains the code used to create a Docker container, such as creating a Nginx web server, or a mySQL server, or a home grown app, and the list goes on. In this way, an image is like a template used to create a container. An image is kind of like a virtual machine, but much more light weight, using significantly less storage a memory (containers are usually megabytes in size).
The docker pull command can be used to pull down the latest chrony image.
~]# docker pull geoffh1977/chrony
Using default tag: latest
latest: Pulling from geoffh1977/chrony
8fb306bb3fa9: Pull complete
42a99ae5175a: Pull complete
6956051b6142: Pull complete
Digest: sha256:d878c9cb30fda0ad5655499558d105a62dfe2e616c1737a35961cf4b30296a6f
Status: Downloaded newer image for geoffh1977/chrony:latest
docker.io/geoffh1977/chrony:latest
Or you could create Dockerfile so that the Dockerfile contains something like this.
FROM chrony:latest
Then use the docker build command to create the image, running this command in the same directory as the Dockerfile.
docker build . --tag chrony:latest
The docker images command can be used to display the chrony image.
~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
geoffh1977/chrony latest 3bc8ac7cc043 4 years ago 186MB
The following command can then be used to create and start the Chrony container. Let's break down this command.
- The docker run command is used to create and start the Chrony container.
- The --detach flag is used to run the container in the background.
- The --cap-add SYS_TIME command is used to use system time.
- The --env option is used to set the ALLOW_CIDR variable to contain a value of <ip address>/<prefix> so that systems with an IP address in the subnet use the chrony container as it's NTP server.
- The --publish option is used to configure both the Docker server and Chrony container to listen on UDP port 123, which adds a rule to iptables to allow connections between the Docker system and container on port 123.
- The --volume option is used to mount the /etc/localtime file on the Docker system to the /etc/localtime in the container so that the container has the same localtime settings as the Docker system.
- The --name option is used to name the container chrony.
- The --restart unless-stopped option is used so that the container is started if the Docker server is restarted
- The geoffh1977/chrony image is used.
docker run
--detach
--cap-add SYS_TIME
--env ALLOW_CIDR=192.168.0.0/24
--publish 123:123/udp
--volume /etc/localtime:/etc/localtime:ro
--name chrony
--restart unless-stopped
geoffh1977/chrony
Use the docker container ls command to ensure the container is running.
~]# docker container ls -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ba2fff144f7f geoffh1977/chrony "tini -- /usr/local/…" 3 hours ago Up 3 hours 0.0.0.0:123->123/udp chrony
The docker exec command can be used to view the contents of the /etc/chrony.conf file in the container.
~]# docker exec chrony cat /etc/chrony.conf
cmdallow 127/8
pool pool.ntp.org iburst
initstepslew 10 pool.ntp.org
driftfile /var/lib/chrony/chrony.drift
local stratum 10
makestep 1.0 3
rtcsync
allow 192.168.0.0/24
The chronyc sources can be used to verify that chrony is able to connect to external NTP servers.
~]# docker exec chrony chronyc sources
210 Number of sources = 4
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^+ time.cloudflare.com 3 6 377 34 -588us[ -567us] +/- 48ms
^* ftp8.ofertadasorte.com.br 2 6 377 34 +945us[ +966us] +/- 33ms
^- tick.srs1.ntfo.org 3 6 377 36 -3144us[-3123us] +/- 130ms
^+ ntp.xtom.com 2 6 377 36 -1612us[-1591us] +/- 75ms
Use the chronyc tracking command to get the leap status. If Leap status is “normal”, the machine is synchronized with one of the external NTP servers. On the other hand, if leap status is “not synchronized”, the machine is not synchronized.
~]# docker exec chrony chronyc tracking
Reference ID : 68C2F2ED (ftp8.ofertadasorte.com.br)
Stratum : 3
Ref time (UTC) : Sat Aug 14 04:15:22 2021
System time : 0.000004047 seconds fast of NTP time
Last offset : +0.000098503 seconds
RMS offset : 0.000122952 seconds
Frequency : 13.058 ppm slow
Residual freq : +0.058 ppm
Skew : 1.090 ppm
Root delay : 0.064625211 seconds
Root dispersion : 0.000936881 seconds
Update interval : 64.3 seconds
Leap status : Normal
Did you find this article helpful?
If so, consider buying me a coffee over at