Allow to disable forced time synchronization between host and Docker for Mac VM

[toriningen]

• I have tried with the latest version of my channel (Stable or Edge)
• I have uploaded Diagnostics
• Diagnostics ID: 24DFC310-959B-4D1C-8975-E8F1EBC1E4D0/20180607-122532

Expected behavior

Docker allows privileged containers to override the time, global for Docker for Mac virtual machine. It should be possible to disable forced time synchronization between Docker for Mac virtual machine and host, via some sort of configuration/experimental option.

Actual behavior

Setting date in the Docker privileged container only updates it for 10 seconds or less, then it is automatically updated from the host. There is no way to turn off this behavior via any kind of configuration file.

Information

• macOS Version: 10.13.4
• Is it reproducible? Yes
• Is the problem new? Yes
• Did the problem appear with an update? Yes

Our project uses scheduled jobs that run at specific time intervals, often spanning a month or more. So, as part of our QA process, we are using date --set command in the privileged container to advance time in the whole Docker for Mac virtual machine, all at once, to trigger these scheduled jobs and verify they are working good.

An update that forces Docker for Mac virtual machine to always sync time with host breaks this process and makes it impossible to advance time and ensure the correct operation of scheduled jobs.

Diagnostic logs

Docker for Mac: version: 18.05.0-ce-mac66 (07d57837a9c0ad813a1042c9dc39bbc5961d031d)
macOS: version 10.13.4 (build: 17E202)
logs: /tmp/24DFC310-959B-4D1C-8975-E8F1EBC1E4D0/20180607-122532.tar.gz
[OK]     vpnkit
[OK]     virtualization hypervisor
[OK]     vmnetd
[OK]     dns
[OK]     driver.amd64-linux
[OK]     virtualization VT-X
[OK]     app
[OK]     moby
[OK]     system
[OK]     moby-syslog
[OK]     kubernetes
[OK]     files
[OK]     env
[OK]     virtualization kern.hv_support
[OK]     osxfs
[OK]     moby-console
[OK]     logs
[OK]     docker-cli
[OK]     disk

Steps to reproduce the behavior

Run this:

docker run --rm -it --privileged alpine /bin/sh -c '
  date --set "2020-01-01 00:00:00";
  sleep 30; # enough for NTP sync to kick in
  if date | grep -e "Wed Jan  1 00:00:\d\d UTC 2020"; then {
    echo "PASSED";
  } else {
    echo "FAILED";
  } fi
';

If time wasn't synced during the sleep, test will output PASSED, otherwise time has been altered externally, and test will output FAILED.

This fails on 18.05.0-ce-mac66 (24545) / edge / e4c62d3168, but passes on 18.04.0-ce-mac62 (23965) / edge / e0a85f64c1.

[djs55]

Thanks for your report and sorry the recent NTP fixes caused you problems.

I think the simplest way to disable the time sync is to kill the NTP client in the VM using a command like docker run -it --privileged --pid=host justincormack/nsenter1 to get a shell and then kill -9 $(pidof sntpc).

This will take effect until the next time the VM is rebooted.

Let me know if this works for you. In the meantime I'll tag this as a feature request for future consideration.

[toriningen]

@djs55, thanks David, your workaround did the job like a charm. For anybody else coming my steps, the one-liner to disable NTP would be docker run -it --privileged --pid=host justincormack/nsenter1 /bin/sh -c 'kill -9 "$(pidof sntpc)"';

[docker-robott]

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale comment.
Stale issues will be closed after an additional 30d of inactivity.

Prevent issues from auto-closing with an /lifecycle frozen comment.

If this issue is safe to close now please do so.

Send feedback to Docker Community Slack channels #docker-for-mac or #docker-for-windows.
/lifecycle stale

[docker-robott]

Closed issues are locked after 30 days of inactivity.
This helps our team focus on active issues.

If you have found a problem that seems similar to this, please open a new issue.

Send feedback to Docker Community Slack channels #docker-for-mac or #docker-for-windows.
/lifecycle locked