All Products
Search
Document Center

Elastic Compute Service:Manage the time synchronization service

Last Updated:Oct 14, 2024

Time accuracy and consistency are important for Elastic Compute Service (ECS) instances in various scenarios, such as when instances need to execute scheduled tasks punctually and record correct log timestamps. To prevent data inconsistency, vulnerabilities, and business failures that occur when your business runs on ECS instances, Alibaba Cloud provides a time synchronization service based on Network Time Protocol (NTP) to ensure the accuracy of instance time.

Time synchronization service

A time synchronization service synchronizes time on ECS instances to NTP servers to ensure that the ECS instance time is accurate. The time synchronization service is implemented by using NTP. By default, ECS instances run chrony or NTP to synchronize time.

For more information, see the chrony and NTP and Domain names of Alibaba Cloud NTP servers sections of this topic.

Manage the time synchronization service

Alibaba Cloud public images contain default time synchronization configurations. The ECS instances that are created from public images run chrony or NTP to implement time synchronization. In most cases, you do not need to intervene with the time synchronization service.

You can perform the following steps to check whether the time synchronization service works as expected on existing ECS instances. Then, you can perform related operations based on your business requirements.

  1. Check whether an ECS instance runs chrony or NTP. For more information, see the View the time synchronization service run by an ECS instance section of this topic.

  2. Perform the following operations to check whether the time synchronization service runs as expected. If the time synchronization service runs as expected, you do not need to modify the related configurations. If your business is time sensitive, you can modify the configurations based on your business requirements.

View the status of the time synchronization service and check whether you need to modify related configurations

View the time synchronization service run by an ECS instance

Run the following command to view the time synchronization service run by an ECS instance. If the ECS instance runs NTP but your business does not require NTP, we recommend that you use chrony.

sudo ps aux | grep -E "ntpd|chronyd"
  • The following command output indicates that the ECS instance runs chrony.

    image

  • The following command output indicates that the ECS instance runs NTP.

    Note

    NTP is configured for specific earlier versions of images, such as CentOS 6 images of ECS instances. NTP is no longer maintained by the NTP community. If your business does not require NTP, we recommend that you use chrony.

    image

Check whether the current time is accurate

Run a command to check whether the current time is accurate. The command varies based on the time synchronization service run by your ECS instance. chrony and NTP gradually adjust the time to mitigate the risk of time jumps. If your business requires an accurate current time of the instance, perform time synchronization. For more information, see the Configure manual time synchronization section of this topic.

chrony

Run the following command to view information about the time synchronization status, including the system time offset, the stability of the system time, and the time when the previous time synchronization was performed. You can check whether the current time is accurate by viewing the System time value.

sudo chronyc tracking

Sample command output:

image

NTP

Run the following command to view information about the configured NTP server and the corresponding status indicators. In the command output, the offset parameter indicates the difference between the NTP server time and the local time of the ECS instance.

sudo ntpq -p

Sample command output:

image

Check whether you need to modify the address of the time synchronization server

Run a command to view the configured time synchronization server. The command varies based on the time synchronization service run by your ECS instance. For information about how to configure a time synchronization server, see the Configure the NTP server address section of this topic.

chrony

cat /etc/chrony.conf

In the command output, server <NTP server> minpoll 4 maxpoll 10 iburst indicates the configured time synchronization server.

NTP

cat /etc/ntp.conf

In the command output, server <NTP server> iburst minpoll 4 maxpoll 10 indicates the configured time synchronization server.

Configure the time synchronization service

Configure manual time synchronization

By default, chrony or NTP that runs on ECS instances gradually adjusts the time to avoid the risk of time jumping. We recommend that you do not manually synchronize time. If your business requires manual time synchronization, perform the following steps:

  1. View the time synchronization service run by an ECS instance. For more information, see the View the time synchronization service run by an ECS instance section of this topic.

  2. Run a command based on the time synchronization service to synchronize time on the instance.

    chrony

    sudo chronyc makestep

    If chrony is used to complete time synchronization, 200 OK is returned.

    image

    NTP

    Important

    NTP is no longer maintained by the NTP community. If you run the ntpdate command to perform time synchronization, time jumps may occur. If you want to run this command, specify at least three clock sources in the ntpdate command to prevent time jumps. For information about Alibaba Cloud NTP servers, see the Domain names of Alibaba Cloud NTP servers section of this topic.

    • Sample command for an ECS instance that resides in a virtual private cloud (VPC):

      sudo ntpdate ntp.cloud.aliyuncs.com ntp7.cloud.aliyuncs.com ntp10.cloud.aliyuncs.com ntp11.cloud.aliyuncs.com ntp12.cloud.aliyuncs.com
    • Sample command for an ECS instance that resides in the classic network:

      sudo ntpdate ntp1.cloud.aliyuncs.com ntp2.cloud.aliyuncs.com ntp3.cloud.aliyuncs.com ntp4.cloud.aliyuncs.com ntp5.cloud.aliyuncs.com

Configure the NTP server address

If your business does not have special requirements, you do not need to modify the NTP server address. If your business requires a specific time synchronization server, configure an NTP server address based on the time synchronization service run by your ECS instance. For information about how to view the time synchronization service run by a Linux instance, see the View the time synchronization service run by an ECS instance section of this topic.

Linux instance that runs chrony

Instances that run CentOS 7 or Alibaba Cloud Linux 2 or later use chrony to synchronize time. chrony synchronizes the system time in a faster and more accurate manner. This reduces the time and frequency differences between instances and time synchronization servers.

  1. Add an inbound rule to a security group to which the ECS instance belongs to allow traffic on UDP port 123. For information about how to add an inbound security group rule, see Add a security group rule.

  2. Connect to a Linux instance.

    For more information, see Connect to a Linux instance by using a password or key.

  3. Configure the NTP server.

    If you want to configure an Alibaba Cloud NTP server, configure the <NTP server> parameter. For more information, see the Domain names of Alibaba Cloud NTP servers section of this topic. For information about how to select an Alibaba Cloud NTP server address, see What do I do if NTP time synchronization becomes abnormal? in the "FAQ" section of this topic.

    1. Run the following command to open the chrony configuration file:

      sudo vim /etc/chrony.conf
    2. Mask NTP servers that you do not require. Find the server <NTP server> minpoll 4 maxpoll 10 iburst line that you want to mask in the configuration file and press the I key to enter Insert mode. Add a number sign (#) at the beginning of the preceding line to comment out the line.

    3. Add an NTP server. You can add an NTP server to the configuration file in the following format: server <NTP server> minpoll 4 maxpoll 10 iburst.

    4. Press the Esc key and enter :wq to save and close the configuration file.

  4. Start chrony.

    1. Run the following commands in sequence to start the chronyd service and enable the service to run on system startup:

      sudo systemctl start chronyd.service
      sudo systemctl enable chronyd.service
    2. Run the following command to view the time synchronization status of the instance and check whether chrony is started:

      sudo chronyc tracking
    3. Run the following command to view information about the time synchronization servers:

      sudo chronyc -n sources -v

Linux instance that runs NTP

On ECS instances, NTP is configured for specific earlier versions of images, such as CentOS 6 images. If the time synchronization service of your instance runs as expected, you do not need to modify the configurations. If your business requires a specific time synchronization server, perform the following steps:

  1. Add an inbound rule to a security group to which the ECS instance belongs to allow traffic on UDP port 123. For information about how to add an inbound security group rule, see Add a security group rule.

  2. Connect to a Linux instance.

    For more information, see Connect to a Linux instance by using a password or key.

  3. Configure the NTP server.

    If you want to configure an Alibaba Cloud NTP server, configure the <NTP server> parameter. For more information, see the Domain names of Alibaba Cloud NTP servers section of this topic. For information about how to select an Alibaba Cloud NTP server address, see What do I do if NTP time synchronization becomes abnormal? in the "FAQ" section of this topic.

    1. Run the following command to open the NTP configuration file:

      sudo vim /etc/ntp.conf
    2. Mask NTP servers that you do not require. Find the server <NTP server> iburst minpoll 4 maxpoll 10 line that you want to mask in the configuration file and press the I key to enter Insert mode. Add a number sign (#) at the beginning of the preceding line to comment out the line.

    3. Add an NTP server. You can add an NTP server to the configuration file in the following format: server <NTP server> iburst minpoll 4 maxpoll 10.

    4. Press the Esc key and enter :wq to save and close the configuration file.

  4. Start NTP.

    1. Run the following commands in sequence to start NTP and enable NTP to run on system startup:

      sudo service ntpd start
      sudo chkconfig ntpd on
    2. Run the following command to check the status of NTP:

      sudo ntpstat
    3. Run the following command to view NTP peers:

      sudo ntpq -p

Windows

By default, Windows Server operating systems are synchronized to the Microsoft NTP server (time.windows.com). However, synchronization errors may occur. When you use a Windows ECS instance, you can replace the default Microsoft NTP server with an internal NTP server provided by Alibaba Cloud. In this example, a Windows Server 2016 operating system is used. The following section describes how to modify the default NTP server address:

  1. Connect to a Windows instance.

    For more information, see Connect to a Windows instance by using a password or key.

  2. In the notification area of the taskbar, click Date and Time and then click Date and time settings.

    image

  3. On the Settings page, click Add clocks with different time zones.

    image

  4. In the Date and Time dialog box, click the Internet Time tab and then click Change settings.

    image

  5. In the Internet Time Settings dialog box, select Synchronize with an Internet time server, enter the address of an Alibaba Cloud NTP server in the internal network, click Update now, and then click OK. For information about the NTP server addresses, see the Domain names of Alibaba Cloud NTP servers section of this topic.

    Important

    Time synchronization may fail due to third-party antivirus software on the instance. Disable the antivirus software and resynchronize the time.

    image

  6. Click OK in the message that appears.

Appendix

chrony and NTP

Time synchronization service

Scenario

Time synchronization precision

Stability

Description

chrony

Suitable for scenarios that require high precision, high stability, and automation.

High

Suitable for high-latency and unstable network environments.

chrony is a software package that uses NTP to synchronize the computer system time with NTP servers around the world. chrony is suitable for changing network environments and can adjust the system time in a fast and efficient manner. For more information, see chrony.

NTP

Suitable for most scenarios that do not require high precision.

Medium

Handles only a limited level of network instability.

NTP is a classic time synchronization service and an implementation of the NTP protocol. NTP is suitable for long-running servers, such as in environments in which network conditions are relatively stable. For more information, see NTP.

Domain names of Alibaba Cloud NTP servers

The following table describes the domain names of Alibaba Cloud NTP servers in various networks. These domain names support only IPv4. If you want to modify the Alibaba Cloud NTP server address, you can select one of the following addresses based on your business requirements.

Classic network (internal network)

VPC (internal network)

Internet

ntp1.cloud.aliyuncs.com

ntp2.cloud.aliyuncs.com

ntp3.cloud.aliyuncs.com

ntp4.cloud.aliyuncs.com

ntp5.cloud.aliyuncs.com

ntp6.cloud.aliyuncs.com

ntp.cloud.aliyuncs.com

ntp7.cloud.aliyuncs.com

ntp8.cloud.aliyuncs.com

ntp9.cloud.aliyuncs.com

ntp10.cloud.aliyuncs.com

ntp11.cloud.aliyuncs.com

ntp12.cloud.aliyuncs.com

ntp.aliyun.com

ntp1.aliyun.com

ntp2.aliyun.com

ntp3.aliyun.com

ntp4.aliyun.com

ntp5.aliyun.com

ntp6.aliyun.com

ntp7.aliyun.com

FAQ

Am I charged for using Alibaba Cloud NTP servers?

No, Alibaba Cloud NTP servers are free of charge. Alibaba Cloud public images contain default time synchronization configurations. By default, ECS instances that are created from public images run chrony or NTP for time synchronization.

What do I do if NTP time synchronization becomes abnormal?

Check the network type of your server. Then, select an NTP server address based on the network type. For information about NTP server addresses, see the Domain names of Alibaba Cloud NTP servers section in this topic. The public NTP server address is used to provide the time synchronization service over the Internet. Compared with the public NTP server address, the private NTP server address can provide higher time accuracy and stability.

  • If the network type of your instance is VPC, select an NTP server address provided in the VPC (internal network) column of the preceding table.

  • If the network type of your instance is classic network, select an NTP server address provided in the Classic network (internal network) column in the preceding table.

References

For information about the time-related concepts and operations of the Linux operating systems or the time configuration changes to Linux public images, see Linux time and time zones.