Add flag to podman run/create to automatically set the timezone in container to match host.

[rhatdan]

Something like?
--tz host
--tz image

Then in containers conf, we could allow setting this by default.

Thoughts?

[vrothberg]

Sounds great (also getting it into the containers.conf). I prefer a longer --timezone flag.

[TomSweeneyRedHat]

I don't know, tz == twilight zone right? I like the idea, but prefer the longer option. I'd be fine if we allowed both though.

[mheon]

I think the acronym is pretty well established, so I doubt we run into conflicts. My only question is how much work is involved - is this just an extra file to make and mount into the container, like resolv.conf? Does it differ at all between distros?

[rhatdan]

I have similar concerns. It could be just injecting the hosts TZ Environment, but copying the contents of /etc/localtime into container private data might be required as well.

[baude]

is the idea here that by default this would be false or true?

[mheon]

I would default to false for compatibility

…

On Sat, Feb 8, 2020, 16:50 Brent Baude ***@***.***> wrote: is the idea here that by default this would be false or true? — You are receiving this because you commented. Reply to this email directly, view it on GitHub <#5128>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AB3AOCFCJNS6I7AXOZAWWDLRB4SLTANCNFSM4KRO7EJA> .

[rhatdan]

Yes, false by default, but customizable in containers.conf.

[edsantiago]

One snag to be aware of: there are three scenarios here, not two:

• --tz=image - does nothing
• --tz=host - (presumably) bind-mounts /etc/localtime. This should be easy.
• --tz=user? - this is the case where the user has TZ explicitly set, overriding system /etc/localtime. This is, I believe, thorny.

podman could simply env-forward TZ, but that could yield unexpected results: e.g. alpine does not have /usr/share/zoneinfo, so time zone handling will be different from the host.

Another option is, if TZ is defined, have podman check if /usr/share/zoneinfo/$TZ exists, then bind-mount that as the container's /etc/localtime. First obvious caveat is that podman will have to be careful about path traversals (TZ=../../../dev/mem)

[edsantiago]

Groan. The obvious next step is that someone will want --tz=STRING, e.g. US/Eastern or EST5EDT or somesuch. This escalates quickly.

[rhatdan]

Sure, but I think we just keep it simple and mount the file pointed to by /etc/localtime into the container.

[psychic-toaster]

Suggest to avoid adding ambiguity, use 2 facets.

Contact timeserver, save in UTC
if no TServer avail, use /etc/localtime, but put F in front of the timezone. (I'm in EST, so my files would show modify times of FEST)

Here's why --
Contact a timeserver, and obtain UTC, then just store it in UTC [ removes cloud host "where in cloud was this done" part as well as gives the filesystem and investigators 'one truth' about change time] stops colleagues in Sydney modifying files in the 'future' and me from modifying files EST at same (or similar times in same day localtime, yet in 'real time' should be 16 hr later)
if no Timeserver avail then use local time, and mark timezone as "FEST" -- (stands for Forced Local EST as I pointed out above)
This flags to person investigating change's birth time -- "hey! timestamp is biased by whatever and whereever user created it"

[rhatdan]

@sspoddiglane would you like to attempt to create a PR for this?

/etc/localtime on my box is a binary file.

[psychic-toaster]

Be glad to when I get a moment. Is there a form you prefer?

…

On Tue, Feb 18, 2020 at 4:12 PM Daniel J Walsh ***@***.***> wrote: @sspoddiglane <https://github.com/sspoddiglane> would you like to attempt to create a PR for this? /etc/localtime on my box is a binary file. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#5128>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ALDUW2ODBJY5S7YLMLEJM6LRDRFL7ANCNFSM4KRO7EJA> .

-- Susan SpoddigLane Sr. Linux Admin IV NOAA/NESDIS Center for SaTellite Applications and Research (STAR) College Park Office:301-683-1328 cell: 202-394-8991 Email: [email protected] [image: noaa_logo_full.png] <https://www.noaa.gov/> <https://www.noaa.gov/>U.S. Department of Commerce <http://www.commerce.gov/> Enter Search

[rhatdan]

Awesome. Just a PR to github, if that is what you meant?

[github-actions]

A friendly reminder that this issue had no activity for 30 days.

[rhatdan]

@sspoddiglane Any movement on this, or should I look for someone else?

[psychic-toaster]

I'll get this out next week. Firefighting after ISP reloaded their routers w bad config..

…

On Mon, Mar 23, 2020 at 9:37 AM Daniel J Walsh ***@***.***> wrote: @sspoddiglane <https://github.com/sspoddiglane> Any movement on this, or should I look for someone else? — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#5128 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ALDUW2I57PI6EREZMVH4EIDRI5JZTANCNFSM4KRO7EJA> .

-- Susan SpoddigLane Sr. Linux Admin IV NOAA/NESDIS Center for SaTellite Applications and Research (STAR) College Park Office:301-683-1328 cell: 202-394-8991 Email: [email protected] [image: noaa_logo_full.png] <https://www.noaa.gov/> <https://www.noaa.gov/>U.S. Department of Commerce <http://www.commerce.gov/> Enter Search

[rhatdan]

@sspoddiglane Any movement on this?

[rhatdan]

@ashley-cui Want to take a look at this?

[dougsland]

@rhatdan

Hi,

Are you looking for something like?

Flags:

<snip>
--timezone-host                 Bind mount /etc/localtime from the underlying host
<snip>

[rhatdan]

I am actually thinking of both. Basically set the TZ Environment if not set and mount the /etc/localtime mountpoint into the container.
But this should also be wired into containers.conf so that this can be set to true on the system for all containers.