All Products
Search
Document Center

Elastic Compute Service:manage the time synchronization service

Last Updated:Mar 29, 2024

Time accuracy is important for Elastic Compute Service (ECS) instances in various scenarios, such as when instances need to execute accurate scheduled tasks and record correct log timestamps. To prevent data inconsistency, vulnerabilities, and business failures that occur when your business runs on ECS instances, Alibaba Cloud provides time synchronization services to ensure the accuracy of instance time.

Time synchronization service

A time synchronization service synchronizes time on ECS instances to Network Time Protocol (NTP) servers to ensure that the ECS instance time is accurate. The time synchronization service is implemented by using NTP. By default, ECS instances run chrony or NTP to synchronize time.

For more information, see the Chrony service and NTP service and Domain names of Alibaba Cloud NTP servers sections of this topic.

Manage the time synchronization service

Alibaba Cloud public images contain default time synchronization configurations. The ECS instances that are created from public images run chrony or NTP to implement time synchronization. In most cases, you do not need to intervene with the time synchronization service.

You can perform the following steps to check whether the time synchronization service works as expected on existing ECS instances. Then, you can perform related operations based on your business requirements.

  1. Check whether an ECS instance uses chrony or NTP. For more information, see the View the time synchronization service that an ECS instance runs section of this topic.

  2. Perform the following operations to check whether the time synchronization service runs as expected. If the time synchronization service runs as expected, you do not need to modify the related configurations. If your business is time sensitive, you can modify the configurations based on your business requirements.

View the status of the time synchronization service and check whether you need to modify related configurations

View the time synchronization service that an ECS instance runs

You can run the following command to view the time synchronization service that an ECS instance runs. If the ECS instance uses NTP but your business does not rely on NTP, we recommend that you use chrony.

sudo ps aux | grep -E "ntpd|chronyd"
  • If the chrony service is used, the output shown in the following figure is returned.

    image

  • If the NTP service is used, the output shown in the following figure is returned.

    Note

    The NTP service is configured for specific earlier versions of images such as CentOS 6 images of ECS instances. NTP is no longer maintained by the NTP community. If your business does not rely on NTP, we recommend that you use the chrony service.

    image

Check whether the current time is accurate

Run a command to check whether the current time is accurate. The command varies based on the time synchronization service that your ECS instance runs. The chrony and NTP services gradually adjust the time to avoid the risk of time jumping. If your business requires the current time on the instance to be accurate, perform time synchronization. For more information, see the Configure manual time synchronization section of this topic.

Chrony service

Run the following command to view information about the current time synchronization status, including the system time offset, the stability of the system time, and the time when the previous time synchronization was performed. You can evaluate whether the current time is accurate by viewing the System time value.

sudo chronyc tracking

Sample command output:

image

NTP service

Run the following command to view information about the configured NTP server and the corresponding status indicators. In the command output, the offset parameter indicates the difference between the NTP server time and the local time of the instance.

sudo ntpq -p

Sample command output:

image

Check whether you need to modify the address of the time synchronization server

Run a command to view the configured time synchronization server. The command varies based on the time synchronization service that your ECS instance runs. For information about how to configure a time synchronization server, see the Configure the NTP server address section of this topic.

Chrony service

cat /etc/chrony.conf

In the command output, server <NTP server> minpoll 4 maxpoll 10 iburst indicates the configured time synchronization server.

NTP service

cat /etc/ntp.conf

In the command output, server <NTP server> iburst minpoll 4 maxpoll 10 indicates the configured time synchronization server.

Configure the time synchronization service

Configure manual time synchronization

By default, the chrony or NTP service that runs on ECS instances gradually adjusts the time to avoid the risk of time jumping. We do not recommend that you manually synchronize time. If your business requires manual time synchronization, perform the following steps:

  1. View the time synchronization service used by an ECS instance. For more information, see the View the time synchronization service that an ECS instance runs section of this topic.

  2. You can run a command that corresponds to the time synchronization service to synchronize time on the instance.

    Chrony service

    sudo chronyc makestep

    If the chrony service is used to complete time synchronization, 200 OK is returned.

    image

    NTP service

    Important

    NTP is no longer maintained by the NTP community. If you run the ntpdate command to perform time synchronization, time jumping may occur. If you must run this command, to prevent the risk, specify at least three clock sources in the ntpdate command. For information about Alibaba Cloud NTP servers, see the Domain names of Alibaba Cloud NTP servers section of this topic.

    • Sample command for an instance that resides in a virtual private cloud (VPC):

      sudo ntpdate ntp.cloud.aliyuncs.com ntp7.cloud.aliyuncs.com ntp10.cloud.aliyuncs.com ntp11.cloud.aliyuncs.com ntp12.cloud.aliyuncs.com
    • Sample command for an instance that resides in the classic network:

      sudo ntpdate ntp1.cloud.aliyuncs.com ntp2.cloud.aliyuncs.com ntp3.cloud.aliyuncs.com ntp4.cloud.aliyuncs.com ntp5.cloud.aliyuncs.com

Configure the NTP server address

If your business does not have special requirements, you do not need to modify the NTP server address. If your business requires a specific time synchronization server, configure an NTP server address based on the time synchronization service running on your ECS instance. For information about how to view the time synchronization service running on a Linux instance, see the View the time synchronization service that an ECS instance runs section of this topic.

Linux instance that runs the chrony service

Instances that run CentOS 7 or Alibaba Cloud Linux 2 or later use the chrony service to synchronize time. The chrony service synchronizes the system time faster and more accurately, which minimizes the time and frequency differences between instances and time synchronization servers.

  1. Add an inbound rule to a security group to which the ECS instance belongs to allow traffic on UDP port 123. For more information, see Add a security group rule.

  2. Connect to a Linux instance.

    For more information, see Connect to a Linux instance by using a password or key.

  3. Configure the NTP server.

    If you want to use an Alibaba Cloud NTP server, configure the <NTP server> parameter. For more information, see the Domain names of Alibaba Cloud NTP servers section of this topic. For information about how to select an Alibaba Cloud NTP server address, see What do I do if NTP time synchronization becomes abnormal? in the "FAQ" section of this topic.

    1. Run the following command to access the chrony configuration file:

      sudo vim /etc/chrony.conf
    2. Mask NTP servers that you do not need. Find the server <NTP server> minpoll 4 maxpoll 10 iburst line that you want to mask in the configuration file and press the I key to enter the Insert mode. Then, add a pound key (#) at the beginning of the preceding line to comment out the line.

    3. Add an NTP server. You can add an NTP server to the configuration file in the format of server <NTP server> minpoll 4 maxpoll 10 iburst.

    4. Then, press the Esc key and enter :wq to save and close the configuration file.

  4. Activate the chrony service.

    1. Run the following commands in sequence to activate the chronyd service and enable the service to activate on system startup:

      sudo systemctl start chronyd.service
      sudo systemctl enable chronyd.service
    2. Run the following command to view the time synchronization status of the instance and check whether the chrony service is activated:

      sudo chronyc tracking
    3. Run the following command to view information about the time synchronization servers:

      sudo chronyc -n sources -v

Linux instance that runs the NTP service

On ECS instances, the NTP service is configured for specific ealier versions of images such as CentOS 6 images. If the time synchronization service of your instance runs as expected, you do not need to modify the configurations. If your business requires a specific time synchronization server, perform the following steps:

  1. Add an inbound rule to a security group to which the ECS instance belongs to allow traffic on UDP port 123. For more information, see Add a security group rule.

  2. Connect to a Linux instance.

    For more information, see Connect to a Linux instance by using a password or key.

  3. Configure the NTP server.

    If you want to configure an Alibaba Cloud NTP server, configure the <NTP server> parameter. For more information, see the Domain names of Alibaba Cloud NTP servers section of this topic. For information about how to select an Alibaba Cloud NTP server address, see What do I do if NTP time synchronization becomes abnormal? in the "FAQ" section of this topic.

    1. Run the following command to access the NTP configuration file:

      sudo vim /etc/ntp.conf
    2. Mask NTP servers that you do not need. Find the server <NTP server> iburst minpoll 4 maxpoll 10 line that you want to mask in the configuration file and press the I key to enter the Insert mode. Then, add a pound key (#) at the beginning of the preceding line to comment out the line.

    3. Add an NTP server. You can add an NTP server to the configuration file in the format of server <NTP server> iburst minpoll 4 maxpoll 10.

    4. Then, press the Esc key and enter :wq to save and close the configuration file.

  4. Activate the NTP service.

    1. Run the following commands in sequence to activate the NTP service and enable the service to activate on system startup:

      sudo service ntpd start
      sudo chkconfig ntpd on
    2. Run the following command to check the status of the NTP service:

      sudo ntpstat
    3. Run the following command to view NTP peers:

      sudo ntpq -p

Windows instance

By default, Windows Server operating systems are synchronized to the Microsoft NTP server (time.windows.com). However, synchronization errors may occur. When you use a Windows ECS instance, you can replace the default Microsoft NTP server with an internal NTP server provided by Alibaba Cloud. In this example, a Windows Server 2016 operating system is used. The following section describes how to modify the default NTP server address.

  1. Connect to a Windows instance.

    For more information, see Connect to a Windows instance by using a password or key.

  2. In the notification area of the taskbar, click Date and Time, and then click Date and time settings.

    image

  3. On the Settings page, click Add clocks with different time zones.

    image

  4. In the Date and Time dialog box, click the Internet Time tab and then click Change settings.

    image

  5. In the Internet Time Settings dialog box, select Synchronize with an Internet time server, enter the address of an Alibaba Cloud NTP server in the internal network, click Update now, and then click OK. For information about the NTP server addresses, see the Domain names of Alibaba Cloud NTP servers section of this topic.

    Important

    Time synchronization may fail due to third-party antivirus software on the instance. Disable the antivirus software and re-synchronize the time.

    image

  6. Click OK.

Appendix

Chrony service and NTP service

Time synchronization service

Scenario

Time synchronization precision

Stability

Description

Chrony service

Suitable for scenarios that require high precision, high stability, and automation.

High

Can handle high-latency and unstable network environments better.

Chrony is a software package that uses NTP to synchronize the computer system time with NTP servers around the world. Chrony is particularly well-suited in the changing network environment and is able to adjust the system time in a fast and efficient manner. For more information, see Chrony.

NTP service

Suitable for most scenarios that do not require high precision.

Medium

Can only handle network instability to a certain extent.

NTP is a classic time synchronization service and an implementation of the NTP protocol. NTP is suitable for long-running servers, especially in environments where network conditions are relatively stable. For more information, see NTP.

Domain names of Alibaba Cloud NTP servers

The following table describes the domain names of Alibaba Cloud NTP servers in various networks. These domain names support only IPv4. If you want to modify the Alibaba Cloud NTP server address, you can select one of the following addresses based on your business requirements.

Classic network (internal network)

VPC (internal network)

Internet

ntp1.cloud.aliyuncs.com

ntp2.cloud.aliyuncs.com

ntp3.cloud.aliyuncs.com

ntp4.cloud.aliyuncs.com

ntp5.cloud.aliyuncs.com

ntp6.cloud.aliyuncs.com

ntp.cloud.aliyuncs.com

ntp7.cloud.aliyuncs.com

ntp8.cloud.aliyuncs.com

ntp9.cloud.aliyuncs.com

ntp10.cloud.aliyuncs.com

ntp11.cloud.aliyuncs.com

ntp12.cloud.aliyuncs.com

ntp.aliyun.com

ntp1.aliyun.com

ntp2.aliyun.com

ntp3.aliyun.com

ntp4.aliyun.com

ntp5.aliyun.com

ntp6.aliyun.com

ntp7.aliyun.com

FAQ

Am I charged for using Alibaba Cloud NTP servers?

No, Alibaba Cloud NTP servers are free of charge. Alibaba Cloud public images contain default time synchronization configurations. By default, ECS instances that are created from public images run chrony or NTP for time synchronization.

What do I do if NTP time synchronization becomes abnormal?

Check the network type of your server. Select an NTP server address based on the network type. For information about the NTP server addresses, see the Domain names of Alibaba Cloud NTP servers section in this topic. The public NTP server address is used to provide the time synchronization service over the Internet. Compared with the public NTP server address, the private NTP server address can provide higher time accuracy and stability.

  • If the network type of your instance is VPC, select an NTP server address provided in the VPC (internal network) column of the preceding table.

  • If the network type of your instance is classic network, select an NTP server address provided in the Classic network (internal network) column in the preceding table.

References

For information about the time-related concepts and operations of the Linux operating systems or the time configuration changes to Linux public images, see Linux time and time zones.