Time accuracy is important for Elastic Compute Service (ECS) instances in various scenarios, such as when instances need to execute accurate scheduled tasks and record correct log timestamps. To prevent data inconsistency, vulnerabilities, and business failures that occur when your business runs on ECS instances, Alibaba Cloud provides time synchronization services to ensure the accuracy of instance time.
Time synchronization service
A time synchronization service synchronizes time on ECS instances to Network Time Protocol (NTP) servers to ensure that the ECS instance time is accurate. The time synchronization service is implemented by using NTP. By default, ECS instances run chrony or NTP to synchronize time.
For more information, see the Chrony service and NTP service and Domain names of Alibaba Cloud NTP servers sections of this topic.
Manage the time synchronization service
Alibaba Cloud public images contain default time synchronization configurations. The ECS instances that are created from public images run chrony or NTP to implement time synchronization. In most cases, you do not need to intervene with the time synchronization service.
You can perform the following steps to check whether the time synchronization service works as expected on existing ECS instances. Then, you can perform related operations based on your business requirements.
Check whether an ECS instance uses chrony or NTP. For more information, see the View the time synchronization service that an ECS instance runs section of this topic.
Perform the following operations to check whether the time synchronization service runs as expected. If the time synchronization service runs as expected, you do not need to modify the related configurations. If your business is time sensitive, you can modify the configurations based on your business requirements.
Check whether the current time is accurate. The chrony and NTP services gradually adjust the time to avoid the risk of time jumping. If your business requires the current time on the instance to be accurate, perform time synchronization. For more information, see the Configure manual time synchronization section of this topic.
Check whether you need to modify the address of the time synchronization server. For information about how to configure a specific time synchronization server, see the Configure the NTP server address section of this topic.
View the status of the time synchronization service and check whether you need to modify related configurations
View the time synchronization service that an ECS instance runs
You can run the following command to view the time synchronization service that an ECS instance runs. If the ECS instance uses NTP but your business does not rely on NTP, we recommend that you use chrony.
sudo ps aux | grep -E "ntpd|chronyd"
If the chrony service is used, the output shown in the following figure is returned.
If the NTP service is used, the output shown in the following figure is returned.
NoteThe NTP service is configured for specific earlier versions of images such as CentOS 6 images of ECS instances. NTP is no longer maintained by the NTP community. If your business does not rely on NTP, we recommend that you use the chrony service.
Check whether the current time is accurate
Run a command to check whether the current time is accurate. The command varies based on the time synchronization service that your ECS instance runs. The chrony and NTP services gradually adjust the time to avoid the risk of time jumping. If your business requires the current time on the instance to be accurate, perform time synchronization. For more information, see the Configure manual time synchronization section of this topic.
Chrony service
Run the following command to view information about the current time synchronization status, including the system time offset, the stability of the system time, and the time when the previous time synchronization was performed. You can evaluate whether the current time is accurate by viewing the System time value.
sudo chronyc tracking
Sample command output:
NTP service
Run the following command to view information about the configured NTP server and the corresponding status indicators. In the command output, the offset parameter indicates the difference between the NTP server time and the local time of the instance.
sudo ntpq -p
Sample command output:
Check whether you need to modify the address of the time synchronization server
Run a command to view the configured time synchronization server. The command varies based on the time synchronization service that your ECS instance runs. For information about how to configure a time synchronization server, see the Configure the NTP server address section of this topic.
Chrony service
cat /etc/chrony.conf
In the command output, server <NTP server> minpoll 4 maxpoll 10 iburst
indicates the configured time synchronization server.
NTP service
cat /etc/ntp.conf
In the command output, server <NTP server> iburst minpoll 4 maxpoll 10
indicates the configured time synchronization server.
Configure the time synchronization service
Configure manual time synchronization
By default, the chrony or NTP service that runs on ECS instances gradually adjusts the time to avoid the risk of time jumping. We do not recommend that you manually synchronize time. If your business requires manual time synchronization, perform the following steps:
View the time synchronization service used by an ECS instance. For more information, see the View the time synchronization service that an ECS instance runs section of this topic.
You can run a command that corresponds to the time synchronization service to synchronize time on the instance.
Chrony service
sudo chronyc makestep
If the chrony service is used to complete time synchronization,
200 OK
is returned.NTP service
ImportantNTP is no longer maintained by the NTP community. If you run the
ntpdate
command to perform time synchronization, time jumping may occur. If you must run this command, to prevent the risk, specify at least three clock sources in the ntpdate command. For information about Alibaba Cloud NTP servers, see the Domain names of Alibaba Cloud NTP servers section of this topic.Sample command for an instance that resides in a virtual private cloud (VPC):
sudo ntpdate ntp.cloud.aliyuncs.com ntp7.cloud.aliyuncs.com ntp10.cloud.aliyuncs.com ntp11.cloud.aliyuncs.com ntp12.cloud.aliyuncs.com
Sample command for an instance that resides in the classic network:
sudo ntpdate ntp1.cloud.aliyuncs.com ntp2.cloud.aliyuncs.com ntp3.cloud.aliyuncs.com ntp4.cloud.aliyuncs.com ntp5.cloud.aliyuncs.com
Configure the NTP server address
If your business does not have special requirements, you do not need to modify the NTP server address. If your business requires a specific time synchronization server, configure an NTP server address based on the time synchronization service running on your ECS instance. For information about how to view the time synchronization service running on a Linux instance, see the View the time synchronization service that an ECS instance runs section of this topic.
Linux instance that runs the chrony service
Instances that run CentOS 7 or Alibaba Cloud Linux 2 or later use the chrony service to synchronize time. The chrony service synchronizes the system time faster and more accurately, which minimizes the time and frequency differences between instances and time synchronization servers.
Add an inbound rule to a security group to which the ECS instance belongs to allow traffic on UDP port 123. For more information, see Add a security group rule.
Connect to a Linux instance.
For more information, see Connect to a Linux instance by using a password or key.
Configure the NTP server.
If you want to use an Alibaba Cloud NTP server, configure the
<NTP server>
parameter. For more information, see the Domain names of Alibaba Cloud NTP servers section of this topic. For information about how to select an Alibaba Cloud NTP server address, see What do I do if NTP time synchronization becomes abnormal? in the "FAQ" section of this topic.Run the following command to access the
chrony
configuration file:sudo vim /etc/chrony.conf
Mask NTP servers that you do not need. Find the
server <NTP server> minpoll 4 maxpoll 10 iburst
line that you want to mask in the configuration file and press theI
key to enter the Insert mode. Then, add a pound key (#
) at the beginning of the preceding line to comment out the line.Add an NTP server. You can add an NTP server to the configuration file in the format of
server <NTP server> minpoll 4 maxpoll 10 iburst
.Then, press the
Esc
key and enter:wq
to save and close the configuration file.
Activate the chrony service.
Run the following commands in sequence to activate the
chronyd
service and enable the service to activate on system startup:sudo systemctl start chronyd.service sudo systemctl enable chronyd.service
Run the following command to view the time synchronization status of the instance and check whether the chrony service is activated:
sudo chronyc tracking
Run the following command to view information about the time synchronization servers:
sudo chronyc -n sources -v
Linux instance that runs the NTP service
On ECS instances, the NTP service is configured for specific ealier versions of images such as CentOS 6 images. If the time synchronization service of your instance runs as expected, you do not need to modify the configurations. If your business requires a specific time synchronization server, perform the following steps:
Add an inbound rule to a security group to which the ECS instance belongs to allow traffic on UDP port 123. For more information, see Add a security group rule.
Connect to a Linux instance.
For more information, see Connect to a Linux instance by using a password or key.
Configure the NTP server.
If you want to configure an Alibaba Cloud NTP server, configure the
<NTP server>
parameter. For more information, see the Domain names of Alibaba Cloud NTP servers section of this topic. For information about how to select an Alibaba Cloud NTP server address, see What do I do if NTP time synchronization becomes abnormal? in the "FAQ" section of this topic.Run the following command to access the
NTP
configuration file:sudo vim /etc/ntp.conf
Mask NTP servers that you do not need. Find the
server <NTP server> iburst minpoll 4 maxpoll 10
line that you want to mask in the configuration file and press theI
key to enter the Insert mode. Then, add a pound key (#
) at the beginning of the preceding line to comment out the line.Add an NTP server. You can add an NTP server to the configuration file in the format of
server <NTP server> iburst minpoll 4 maxpoll 10
.Then, press the
Esc
key and enter:wq
to save and close the configuration file.
Activate the NTP service.
Run the following commands in sequence to activate the
NTP
service and enable the service to activate on system startup:sudo service ntpd start sudo chkconfig ntpd on
Run the following command to check the status of the NTP service:
sudo ntpstat
Run the following command to view NTP peers:
sudo ntpq -p
Windows instance
By default, Windows Server operating systems are synchronized to the Microsoft NTP server (time.windows.com). However, synchronization errors may occur. When you use a Windows ECS instance, you can replace the default Microsoft NTP server with an internal NTP server provided by Alibaba Cloud. In this example, a Windows Server 2016 operating system is used. The following section describes how to modify the default NTP server address.
Connect to a Windows instance.
For more information, see Connect to a Windows instance by using a password or key.
In the notification area of the taskbar, click Date and Time, and then click Date and time settings.
On the Settings page, click Add clocks with different time zones.
In the Date and Time dialog box, click the Internet Time tab and then click Change settings.
In the Internet Time Settings dialog box, select Synchronize with an Internet time server, enter the address of an Alibaba Cloud NTP server in the internal network, click Update now, and then click OK. For information about the NTP server addresses, see the Domain names of Alibaba Cloud NTP servers section of this topic.
ImportantTime synchronization may fail due to third-party antivirus software on the instance. Disable the antivirus software and re-synchronize the time.
Click OK.
Appendix
Chrony service and NTP service
Time synchronization service | Scenario | Time synchronization precision | Stability | Description |
Chrony service | Suitable for scenarios that require high precision, high stability, and automation. | High | Can handle high-latency and unstable network environments better. | Chrony is a software package that uses NTP to synchronize the computer system time with NTP servers around the world. Chrony is particularly well-suited in the changing network environment and is able to adjust the system time in a fast and efficient manner. For more information, see Chrony. |
NTP service | Suitable for most scenarios that do not require high precision. | Medium | Can only handle network instability to a certain extent. | NTP is a classic time synchronization service and an implementation of the NTP protocol. NTP is suitable for long-running servers, especially in environments where network conditions are relatively stable. For more information, see NTP. |
Domain names of Alibaba Cloud NTP servers
The following table describes the domain names of Alibaba Cloud NTP servers in various networks. These domain names support only IPv4. If you want to modify the Alibaba Cloud NTP server address, you can select one of the following addresses based on your business requirements.
Classic network (internal network) | VPC (internal network) | Internet |
ntp1.cloud.aliyuncs.com ntp2.cloud.aliyuncs.com ntp3.cloud.aliyuncs.com ntp4.cloud.aliyuncs.com ntp5.cloud.aliyuncs.com ntp6.cloud.aliyuncs.com | ntp.cloud.aliyuncs.com ntp7.cloud.aliyuncs.com ntp8.cloud.aliyuncs.com ntp9.cloud.aliyuncs.com ntp10.cloud.aliyuncs.com ntp11.cloud.aliyuncs.com ntp12.cloud.aliyuncs.com | ntp.aliyun.com ntp1.aliyun.com ntp2.aliyun.com ntp3.aliyun.com ntp4.aliyun.com ntp5.aliyun.com ntp6.aliyun.com ntp7.aliyun.com |
FAQ
References
For information about the time-related concepts and operations of the Linux operating systems or the time configuration changes to Linux public images, see Linux time and time zones.