Time accuracy and consistency are important for Elastic Compute Service (ECS) instances in various scenarios, such as when instances need to execute scheduled tasks punctually and record correct log timestamps. To prevent data inconsistency, vulnerabilities, and business failures that occur when your business runs on ECS instances, Alibaba Cloud provides a time synchronization service based on Network Time Protocol (NTP) to ensure the accuracy of instance time.
Time synchronization service
A time synchronization service synchronizes time on ECS instances to NTP servers to ensure that the ECS instance time is accurate. The time synchronization service is implemented by using NTP. By default, ECS instances run chrony or NTP to synchronize time.
For more information, see the chrony and NTP and Domain names of Alibaba Cloud NTP servers sections of this topic.
Manage the time synchronization service
Alibaba Cloud public images contain default time synchronization configurations. The ECS instances that are created from public images run chrony or NTP to implement time synchronization. In most cases, you do not need to intervene with the time synchronization service.
You can perform the following steps to check whether the time synchronization service works as expected on existing ECS instances. Then, you can perform related operations based on your business requirements.
Check whether an ECS instance runs chrony or NTP. For more information, see the View the time synchronization service run by an ECS instance section of this topic.
Perform the following operations to check whether the time synchronization service runs as expected. If the time synchronization service runs as expected, you do not need to modify the related configurations. If your business is time sensitive, you can modify the configurations based on your business requirements.
Check whether the current time is accurate. chrony and NTP gradually adjust the time to mitigate the risk of time jumps. If your business requires an accurate current time of the instance, perform time synchronization. For more information, see the Configure manual time synchronization section of this topic.
Check whether you need to modify the address of the time synchronization server. For information about how to configure a specific time synchronization server, see the Configure the NTP server address section of this topic.
View the status of the time synchronization service and check whether you need to modify related configurations
View the time synchronization service run by an ECS instance
Run the following command to view the time synchronization service run by an ECS instance. If the ECS instance runs NTP but your business does not require NTP, we recommend that you use chrony.
sudo ps aux | grep -E "ntpd|chronyd"
The following command output indicates that the ECS instance runs chrony.
The following command output indicates that the ECS instance runs NTP.
NoteNTP is configured for specific earlier versions of images, such as CentOS 6 images of ECS instances. NTP is no longer maintained by the NTP community. If your business does not require NTP, we recommend that you use chrony.
Check whether the current time is accurate
Run a command to check whether the current time is accurate. The command varies based on the time synchronization service run by your ECS instance. chrony and NTP gradually adjust the time to mitigate the risk of time jumps. If your business requires an accurate current time of the instance, perform time synchronization. For more information, see the Configure manual time synchronization section of this topic.
chrony
Run the following command to view information about the time synchronization status, including the system time offset, the stability of the system time, and the time when the previous time synchronization was performed. You can check whether the current time is accurate by viewing the System time value.
sudo chronyc tracking
Sample command output:
NTP
Run the following command to view information about the configured NTP server and the corresponding status indicators. In the command output, the offset parameter indicates the difference between the NTP server time and the local time of the ECS instance.
sudo ntpq -p
Sample command output:
Check whether you need to modify the address of the time synchronization server
Run a command to view the configured time synchronization server. The command varies based on the time synchronization service run by your ECS instance. For information about how to configure a time synchronization server, see the Configure the NTP server address section of this topic.
chrony
cat /etc/chrony.conf
In the command output, server <NTP server> minpoll 4 maxpoll 10 iburst
indicates the configured time synchronization server.
NTP
cat /etc/ntp.conf
In the command output, server <NTP server> iburst minpoll 4 maxpoll 10
indicates the configured time synchronization server.
Configure the time synchronization service
Configure manual time synchronization
By default, chrony or NTP that runs on ECS instances gradually adjusts the time to avoid the risk of time jumping. We recommend that you do not manually synchronize time. If your business requires manual time synchronization, perform the following steps:
View the time synchronization service run by an ECS instance. For more information, see the View the time synchronization service run by an ECS instance section of this topic.
Run a command based on the time synchronization service to synchronize time on the instance.
chrony
sudo chronyc makestep
If chrony is used to complete time synchronization,
200 OK
is returned.NTP
ImportantNTP is no longer maintained by the NTP community. If you run the
ntpdate
command to perform time synchronization, time jumps may occur. If you want to run this command, specify at least three clock sources in the ntpdate command to prevent time jumps. For information about Alibaba Cloud NTP servers, see the Domain names of Alibaba Cloud NTP servers section of this topic.Sample command for an ECS instance that resides in a virtual private cloud (VPC):
sudo ntpdate ntp.cloud.aliyuncs.com ntp7.cloud.aliyuncs.com ntp10.cloud.aliyuncs.com ntp11.cloud.aliyuncs.com ntp12.cloud.aliyuncs.com
Sample command for an ECS instance that resides in the classic network:
sudo ntpdate ntp1.cloud.aliyuncs.com ntp2.cloud.aliyuncs.com ntp3.cloud.aliyuncs.com ntp4.cloud.aliyuncs.com ntp5.cloud.aliyuncs.com
Configure the NTP server address
If your business does not have special requirements, you do not need to modify the NTP server address. If your business requires a specific time synchronization server, configure an NTP server address based on the time synchronization service run by your ECS instance. For information about how to view the time synchronization service run by a Linux instance, see the View the time synchronization service run by an ECS instance section of this topic.
Linux instance that runs chrony
Instances that run CentOS 7 or Alibaba Cloud Linux 2 or later use chrony to synchronize time. chrony synchronizes the system time in a faster and more accurate manner. This reduces the time and frequency differences between instances and time synchronization servers.
Add an inbound rule to a security group to which the ECS instance belongs to allow traffic on UDP port 123. For information about how to add an inbound security group rule, see Add a security group rule.
Connect to a Linux instance.
For more information, see Connect to a Linux instance by using a password or key.
Configure the NTP server.
If you want to configure an Alibaba Cloud NTP server, configure the
<NTP server>
parameter. For more information, see the Domain names of Alibaba Cloud NTP servers section of this topic. For information about how to select an Alibaba Cloud NTP server address, see What do I do if NTP time synchronization becomes abnormal? in the "FAQ" section of this topic.Run the following command to open the
chrony
configuration file:sudo vim /etc/chrony.conf
Mask NTP servers that you do not require. Find the
server <NTP server> minpoll 4 maxpoll 10 iburst
line that you want to mask in the configuration file and press theI
key to enter Insert mode. Add a number sign (#
) at the beginning of the preceding line to comment out the line.Add an NTP server. You can add an NTP server to the configuration file in the following format:
server <NTP server> minpoll 4 maxpoll 10 iburst
.Press the
Esc
key and enter:wq
to save and close the configuration file.
Start chrony.
Run the following commands in sequence to start the
chronyd
service and enable the service to run on system startup:sudo systemctl start chronyd.service sudo systemctl enable chronyd.service
Run the following command to view the time synchronization status of the instance and check whether chrony is started:
sudo chronyc tracking
Run the following command to view information about the time synchronization servers:
sudo chronyc -n sources -v
Linux instance that runs NTP
On ECS instances, NTP is configured for specific earlier versions of images, such as CentOS 6 images. If the time synchronization service of your instance runs as expected, you do not need to modify the configurations. If your business requires a specific time synchronization server, perform the following steps:
Add an inbound rule to a security group to which the ECS instance belongs to allow traffic on UDP port 123. For information about how to add an inbound security group rule, see Add a security group rule.
Connect to a Linux instance.
For more information, see Connect to a Linux instance by using a password or key.
Configure the NTP server.
If you want to configure an Alibaba Cloud NTP server, configure the
<NTP server>
parameter. For more information, see the Domain names of Alibaba Cloud NTP servers section of this topic. For information about how to select an Alibaba Cloud NTP server address, see What do I do if NTP time synchronization becomes abnormal? in the "FAQ" section of this topic.Run the following command to open the
NTP
configuration file:sudo vim /etc/ntp.conf
Mask NTP servers that you do not require. Find the
server <NTP server> iburst minpoll 4 maxpoll 10
line that you want to mask in the configuration file and press theI
key to enter Insert mode. Add a number sign (#
) at the beginning of the preceding line to comment out the line.Add an NTP server. You can add an NTP server to the configuration file in the following format:
server <NTP server> iburst minpoll 4 maxpoll 10
.Press the
Esc
key and enter:wq
to save and close the configuration file.
Start NTP.
Run the following commands in sequence to start
NTP
and enable NTP to run on system startup:sudo service ntpd start sudo chkconfig ntpd on
Run the following command to check the status of NTP:
sudo ntpstat
Run the following command to view NTP peers:
sudo ntpq -p
Windows
By default, Windows Server operating systems are synchronized to the Microsoft NTP server (time.windows.com). However, synchronization errors may occur. When you use a Windows ECS instance, you can replace the default Microsoft NTP server with an internal NTP server provided by Alibaba Cloud. In this example, a Windows Server 2016 operating system is used. The following section describes how to modify the default NTP server address:
Connect to a Windows instance.
For more information, see Connect to a Windows instance by using a password or key.
In the notification area of the taskbar, click Date and Time and then click Date and time settings.
On the Settings page, click Add clocks with different time zones.
In the Date and Time dialog box, click the Internet Time tab and then click Change settings.
In the Internet Time Settings dialog box, select Synchronize with an Internet time server, enter the address of an Alibaba Cloud NTP server in the internal network, click Update now, and then click OK. For information about the NTP server addresses, see the Domain names of Alibaba Cloud NTP servers section of this topic.
ImportantTime synchronization may fail due to third-party antivirus software on the instance. Disable the antivirus software and resynchronize the time.
Click OK in the message that appears.
Appendix
chrony and NTP
Time synchronization service | Scenario | Time synchronization precision | Stability | Description |
chrony | Suitable for scenarios that require high precision, high stability, and automation. | High | Suitable for high-latency and unstable network environments. | chrony is a software package that uses NTP to synchronize the computer system time with NTP servers around the world. chrony is suitable for changing network environments and can adjust the system time in a fast and efficient manner. For more information, see chrony. |
NTP | Suitable for most scenarios that do not require high precision. | Medium | Handles only a limited level of network instability. | NTP is a classic time synchronization service and an implementation of the NTP protocol. NTP is suitable for long-running servers, such as in environments in which network conditions are relatively stable. For more information, see NTP. |
Domain names of Alibaba Cloud NTP servers
The following table describes the domain names of Alibaba Cloud NTP servers in various networks. These domain names support only IPv4. If you want to modify the Alibaba Cloud NTP server address, you can select one of the following addresses based on your business requirements.
Classic network (internal network) | VPC (internal network) | Internet |
ntp1.cloud.aliyuncs.com ntp2.cloud.aliyuncs.com ntp3.cloud.aliyuncs.com ntp4.cloud.aliyuncs.com ntp5.cloud.aliyuncs.com ntp6.cloud.aliyuncs.com | ntp.cloud.aliyuncs.com ntp7.cloud.aliyuncs.com ntp8.cloud.aliyuncs.com ntp9.cloud.aliyuncs.com ntp10.cloud.aliyuncs.com ntp11.cloud.aliyuncs.com ntp12.cloud.aliyuncs.com | ntp.aliyun.com ntp1.aliyun.com ntp2.aliyun.com ntp3.aliyun.com ntp4.aliyun.com ntp5.aliyun.com ntp6.aliyun.com ntp7.aliyun.com |
FAQ
References
For information about the time-related concepts and operations of the Linux operating systems or the time configuration changes to Linux public images, see Linux time and time zones.