diff --git a/ansible/roles/baremetal/defaults/main.yml b/ansible/roles/baremetal/defaults/main.yml
index 6fa555bbb2..f74ae19f7d 100644
--- a/ansible/roles/baremetal/defaults/main.yml
+++ b/ansible/roles/baremetal/defaults/main.yml
@@ -60,11 +60,13 @@ ubuntu_pkg_removals:
  - lxc
  - libvirt-bin
  - open-iscsi
+ - "{% if enable_chrony | bool %}chrony{% endif %}"
 
 redhat_pkg_removals:
  - libvirt
  - libvirt-daemon
  - iscsi-initiator-utils
+ - "{% if enable_chrony | bool %}chrony{% endif %}"
 
 # Path to a virtualenv in which to install python packages. If None, a
 # virtualenv will not be used.
diff --git a/ansible/roles/baremetal/tasks/post-install.yml b/ansible/roles/baremetal/tasks/post-install.yml
index 6b2d2a0f19..2616a97344 100644
--- a/ansible/roles/baremetal/tasks/post-install.yml
+++ b/ansible/roles/baremetal/tasks/post-install.yml
@@ -146,6 +146,22 @@
     - ansible_distribution == "Ubuntu"
     - apparmor_libvirtd_profile.stat.exists
 
+- name: Get stat of chronyd apparmor profile
+  stat:
+    path: /etc/apparmor.d/usr.sbin.chronyd
+  register: apparmor_chronyd_profile
+  when:
+    - ansible_os_family == "Debian"
+    - enable_chrony | bool
+
+- name: Remove apparmor profile for chrony
+  command: apparmor_parser -R /etc/apparmor.d/usr.sbin.chronyd
+  become: True
+  when:
+    - ansible_os_family == "Debian"
+    - enable_chrony | bool
+    - apparmor_chronyd_profile.stat.exists
+
 - name: Create docker group
   group:
     name: docker
diff --git a/releasenotes/notes/bug-1882513-chrony-permission-denied-917b3bffc5cdb38d.yaml b/releasenotes/notes/bug-1882513-chrony-permission-denied-917b3bffc5cdb38d.yaml
new file mode 100644
index 0000000000..53a62d01d2
--- /dev/null
+++ b/releasenotes/notes/bug-1882513-chrony-permission-denied-917b3bffc5cdb38d.yaml
@@ -0,0 +1,6 @@
+---
+fixes:
+  - |
+    Removing chrony package and AppArmor profile from docker host if
+    containerized chrony is enabled.
+    `LP#1882513 <https://bugs.launchpad.net/kolla-ansible/+bug/1882513>`__