Configure NTP to ensure the accuracy of instance time - Elastic Compute Service

This topic describes time synchronization services and how to manage the services. If an exception occurs related to the system time of an Elastic Compute Service (ECS) instance or you want to ensure time consistency among multiple ECS instances in a distributed system, you can perform the operations that are described in this topic.

Methods for checking whether the system time is out of sync

When you manage and maintain ECS instances, time synchronization is a key factor in ensuring that operating systems run as expected. To check whether the system time of an ECS instance is out of sync, you can use the following methods:

Compare the system time with the real time. Compare the system time displayed on the ECS instance with the real time that you obtain from a reliable time service, such as a mobile phone or TV. If the system time differs significantly from the real time, the system time may be out of sync.
Monitor the execution of scheduled tasks. Periodically check scheduled tasks, such as cron jobs. If you find that specific tasks are not executed as scheduled, the system time may be inaccurate.
Check tracking logs. In a distributed system, tracking logs are used to record the order and status of transactions. If you find out-of-order transactions in tracking logs, such as records listed in reverse order or unpredictable timestamps, the system time may be out of sync across different nodes, which affects data consistency.
Check errors that occur during security authentication. If an error message, such as invalid timestamp or authentication failed, appears during security authentication, the system time of the ECS instance may be out of sync with the time of the authentication server. A number of authentication mechanisms, such as Kerberos, rely on timestamps to ensure the validity of requests.

Importance of time synchronization

Time accuracy and consistency are important for ECS instances in various scenarios, such as when instances must punctually execute scheduled tasks, record correct log timestamps, and maintain clock consistency in a distributed ECS cluster.

If the timestamps in system logs on different ECS instances or services are significantly different, identifying issues may become difficult, especially for troubleshooting. In addition, if the system time is out of sync, execution latency or exceptions may occur on applications that rely on timestamps, such as financial transaction systems, task scheduling, and scientific computing.
If data update conflicts or record overwrites occur in a distributed system, you must check the time settings of all devices in the system. In addition, when you conduct experiments or analyze data, time inconsistency across multiple devices may affect the accuracy and repeatability of results and then decision-making and business fault tolerance. You must regularly monitor and maintain time synchronization services. This ensures the stability and security of the system and improves the overall operation efficiency of your business. You must prioritize any time inconsistency issues in order to take measures at the earliest opportunity to maintain system time accuracy.

Time synchronization services

A time synchronization service synchronizes the system time of ECS instances with Network Time Protocol (NTP) servers by using NTP to ensure that the system time of the instances is accurate. A time synchronization service can synchronize the system time of an ECS instance with NTP servers around the world.

Linux operating system

chrony and NTP are common time synchronization tools for Linux instances. The following table describes the chrony and NTP services.

Time synchronization service	Description	Scenario	Time synchronization precision	Stability
chrony	The chrony service is a software package that implements the NTP protocol to synchronize the computer system time with NTP servers around the world. The chrony service is suitable for network environments with frequent changes and can adjust the system time in a fast and efficient manner.	Suitable for scenarios that require high precision, high stability, and automation.	High	Suitable for high-latency and unstable network environments.
NTP	The NTP service is a classic time synchronization service and an implementation of the NTP protocol. The NTP service is suitable for long-running servers, such as the servers in environments that have stable network connectivity.	Suitable for most scenarios that do not require high precision.	Medium	Tolerates only a limited level of network instability.

Default configurations of the time synchronization services

View the process of the time synchronization service

Alibaba Cloud public images contain default time synchronization configurations. ECS instances that are created from public images run the chrony service to implement time synchronization. In most cases, you do not need to intervene with the time synchronization service.

Note

The NTP service is configured for specific earlier versions of images, such as CentOS 6 images of ECS instances. The NTP service is no longer maintained by the NTP community. If an ECS instance runs the NTP service but your business does not rely on the NTP service, we recommend that you upgrade to the chrony service. For more information, see the Upgrade the NTP service to the chrony service section of this topic.

Run the following command to view the time synchronization service run by an ECS instance:

sudo ps aux | grep -E "ntpd|chronyd"

The following command output indicates that the ECS instance runs the chrony service.
The following command output indicates that the ECS instance runs the NTP service.

View the addresses of time synchronization servers

By default, the addresses of Alibaba Cloud NTP servers are configured in Alibaba Cloud public images. Run one of the following commands to view the addresses of the current time synchronization servers used by an ECS instance.

Run the following command to open the configuration file of the chrony service:
```
cat /etc/chrony/chrony.conf
```
Run the following command to open the configuration file of the NTP service:
```
cat /etc/ntp.conf
```

In the configuration file, find lines that start with server. Each line includes the address of an NTP server along with related parameters.

The configuration file can contain multiple NTP servers. This improves the reliability of the synchronized time and enhances fault tolerance.

Fault tolerance: Multiple NTP servers allow the system to obtain time from other available NTP servers if one NTP server is unavailable. This greatly reduces time synchronization failures due to unavailable time sources.
Reliability: Different NTP servers may have different time sources and network latencies. The chrony service can select the most stable and reliable time source among multiple NTP servers and use the time source to synchronize the system time, which provides more accurate time.
Load balancing: The chrony service can distribute requests among multiple NTP servers to prevent a single server from receiving excessive requests. This balances loads on the servers and improves the overall performance of the servers.
Synchronization acceleration: Multiple NTP servers can help accelerate time synchronization during initial startup or when a time deviation occurs. With multiple NTP servers, the chrony service can quickly determine the accurate time and adjust the system time accordingly.
Reduction of impacts caused by network latency: Multiple NTP servers help reduce the impacts caused by network latency. The chrony service can select the NTP server that delivers the highest response speed and use the server for time correction to ensure that the clock is always accurate.

View the current system time

Run the following commands to check whether the current system time is accurate.

The chrony service

Run the following command to view information about the time synchronization status, including the system time offset, the stability of the system time, and the time when time synchronization was last performed. You can check the System time parameter to check whether the current system time is accurate. In this example, the returned information (0.000025116 seconds slow of NTP time) indicates that the current system time is slower than the NTP time.

sudo chronyc tracking

The following sample command output is returned.

The NTP service

Run the following commands to view information about the configured NTP servers and the corresponding status metrics on an ECS instance. In the command output, the offset parameter indicates the difference between the NTP server time and the local system time of the ECS instance.

# Obtain all configured NTP servers and the corresponding status metrics.
sudo ntpd -p

#  sudo ntpd -p <server> Obtain the status metrics of a specific NTP server.
sudo ntpd -p ntp3.aliyun.com

The following sample command output is returned.

Take note of the following parameters:

remote: the address of the NTP server.
refid: the ID of the reference clock, such as GPS and Local Clock.
st: the stratum of the NTP server. A smaller value indicates a more accurate time source.
t: the connection type. A value of u indicates unicast, a value of m indicates multicast, and a value of b indicates broadcast.
when: the time elapsed since the last successful query. Unit: seconds.
poll: the interval at which NTP queries information from the NTP server. Unit: seconds.
reach: the status codes of the last eight queries, which indicate whether the queries are successful or not.
delay: the round-trip time for a request to travel from your system to the NTP server and the response to arrive.
offset: the difference between the local system time and the NTP server time.
jitter: the degree of time offset variation.

Manually synchronize the system time

By default, the chrony or NTP service that runs on ECS instances gradually adjusts the system time to reduce the risk of time jumps. We recommend that you do not manually synchronize the system time. If your business requires manual time synchronization, perform the following operations.

The chrony service

sudo chronyc makestep

If the chrony service completes time synchronization, 200 OK is returned.

The NTP service

Important

The NTP service is no longer maintained by the NTP community. If you run the ntpdate command to perform time synchronization, time jumps may occur. If you must run the command, specify at least three clock sources in the command to prevent time jumps. For information about Alibaba Cloud NTP servers, see the Domain names of Alibaba Cloud NTP servers section of this topic.

Manually synchronize the system time on an ECS instance in a virtual private cloud (VPC).

sudo ntpdate ntp.cloud.aliyuncs.com ntp7.cloud.aliyuncs.com ntp10.cloud.aliyuncs.com ntp11.cloud.aliyuncs.com ntp12.cloud.aliyuncs.com

Manually synchronize the system time on an ECS instance in the classic network.

sudo ntpdate ntp1.cloud.aliyuncs.com ntp2.cloud.aliyuncs.com ntp3.cloud.aliyuncs.com ntp4.cloud.aliyuncs.com ntp5.cloud.aliyuncs.com

Configure NTP server addresses

If you want to specify a specific NTP server for time synchronization, perform the following steps.

Note

To ensure clock consistency among the instances in a distributed cluster, make sure that all instances are configured with an address that points to the same or a reliable NTP server.

The chrony service

Connect to a Linux instance.
For more information, see Use Workbench to connect to a Linux instance over SSH.
Configure NTP servers.
If you want to configure an Alibaba Cloud NTP server, specify a server address that starts with ntp. For information about the available Alibaba Cloud NTP servers, see the Domain names of Alibaba Cloud NTP servers section of this topic. For information about how to select an Alibaba Cloud NTP server address, see What do I do if an exception occurs when NTP is used to synchronize the system time of an ECS instance? in the "FAQ" section of this topic.
1. Run the following command to open the chrony configuration file:
```
sudo vim /etc/chrony.conf
```
2. To block unnecessary NTP servers, comment out the unnecessary NTP servers in the configuration file, as shown in the following figure.
3. Add an NTP server. In this example, you add the NTP server at ntp12.cloud.aliyuncs.com to the configuration file, as shown in the following figure. For information about the available Alibaba Cloud NTP server addresses, see the Domain names of Alibaba Cloud NTP servers section of this topic.
4. Save and close the configuration file. Run the following commands in sequence to restart the chronyd process and enable the process to run on system startup:
```
sudo systemctl restart chronyd.service
sudo systemctl enable chronyd.service
```
View the status of the chrony service.
1. Run the following command to view the time synchronization status of the instance and check whether the chrony service is started:
```
sudo chronyc tracking
```
2. Run the following command to view information about the time synchronization servers:
```
sudo chronyc -n sources -v
```

The NTP service

Connect to a Linux instance.
For more information, see Use Workbench to connect to a Linux instance over SSH.
Configure NTP servers.
If you want to configure an Alibaba Cloud NTP server, specify a server address that starts with ntp. For information about the available Alibaba Cloud NTP servers, see the Domain names of Alibaba Cloud NTP servers section of this topic. For information about how to select an Alibaba Cloud NTP server address, see What do I do if an exception occurs when NTP is used to synchronize the system time of an ECS instance? in the "FAQ" section of this topic.
1. Run the following command to open the NTP configuration file:
```
sudo vim /etc/ntp.conf
```
2. To block unnecessary NTP servers, comment out the unnecessary NTP servers in the configuration file, as shown in the following figure.
3. Add an NTP server by running the server <NTP server address> minpoll <Minimum request interval> maxpoll <Maximum request interval> iburst command. In this example, the NTP server at ntp12.cloud.aliyuncs.com is added to the configuration file, as shown in the following figure. For information about the available Alibaba Cloud NTP server addresses, see the Domain names of Alibaba Cloud NTP servers section of this topic.
4. Save and close the configuration file. Run the following command to restart the ntpd daemon:
```
sudo service ntpd restart
```
Start the NTP service.
1. Run the following commands in sequence to start the NTP service and enable the service to start on system startup:
```
sudo service ntpd start
sudo chkconfig ntpd on
```
2. Run the following command to check the status of the NTP service:
```
sudo ntpstat
```
3. Run the following command to view NTP peers:
```
sudo ntpq -p
```

Upgrade the NTP service to the chrony service

Uninstall the ntpd daemon.
Before you upgrade to the chrony service, we recommend that you run one of the following commands based on the operating system to uninstall the ntpd daemon.
```
# Alibaba Cloud Linux, CentOS, or Red Hat Enterprise Linux (RHEL)
sudo yum remove ntp

# Ubuntu or Debian
sudo apt remove ntp
```

Run one of the following commands based on the operating system to install the chrony service.

# Alibaba Cloud Linux, CentOS, or RHEL
sudo yum install chrony

# Ubuntu or Debian
sudo apt install chrony

Configure the chrony service.
In most cases, the configuration file of the chrony service is stored in the /etc/chrony.conf path. In the configuration file, you can add NTP servers and related configurations. The following sample code provides an example of the chrony.conf configuration file:
```
# NTP server settings
server ntp4.aliyun.com minpoll 4 maxpoll 10 iburst
server ntp5.aliyun.com iburst

# Specify the location of the drift file.
driftfile /var/lib/chrony/drift

# Allow the local machine to access the chronyd daemon for time synchronization.
allow 127.0.0.1
```
Note
Take note of the following parameters:
- server ntp.cloud.aliyuncs.com: the domain name of the NTP server. The chrony service connects to the server to synchronize the system time with the server.
- minpoll: the minimum polling interval, which is a power of 2. minpoll 4 indicates that the minimum polling interval is 16 seconds, which is the fourth power of 2 (2⁴ = 16 seconds). This means that the chrony service sends a synchronization request to the NTP server at least every 16 seconds.
- maxpoll: the maximum polling interval. maxpoll 10 indicates that the maximum polling interval is 1,024 seconds, which is the 10th power of 2 (2¹⁰ = 1,024 seconds). The chrony service may adjust the polling interval to 1,024 seconds. However, in this example, the polling interval cannot be shorter than 16 seconds.
- iburst: This option is a supplemental parameter to speed up the initial synchronization process. When the chrony service is started, the service sends a group of quick requests (in most cases, eight requests) to quickly obtain the time of the NTP server. In this example, iburst indicates that the chrony service immediately sends multiple requests to the NTP server at ntp.cloud.aliyuncs.com after startup. This ensures that the chrony service can quickly obtain the accurate time.

Start the chrony service.

Run the following commands to start the chrony service and configure the service to automatically start on system startup.

# Start the chrony service.
sudo systemctl start chronyd

# Configure the chrony service to automatically start on system startup.
sudo systemctl enable chronyd

Check the status of the chrony service.

Run the following commands to use the chronyc tool to check the service status and synchronization status of the chrony service.

# Check the service status.
sudo systemctl status chronyd

# Use the chronyc tool to query the synchronization status.
chronyc tracking

# Query available time sources.
chronyc sources

Verify time synchronization.
After waiting a few minutes for time synchronization, you can run the chronyc tracking command to view the status of the primary server and the time deviation between the local system and the time server.

Windows operating system

Windows instances use the built-in time service for time synchronization, such as Windows Time Service or W32time.

View the current system time

Use CLI.
1. Press Win+R, enter cmd, and then press the Enter key to open CLI.
2. Run the following commands at the command prompt to view the current system time:
```
 date /t 
 time /t
```
  The date /t command returns the current date. The time /t command returns the current time.
Use GUI to view the taskbar. In the lower-right corner of the Windows taskbar, view the current date and time.
To change the date or time settings, right-click the date and time in the notification area of the taskbar and then click Adjust date/time. You can view and change the current date and time.

Manually synchronize the system time

CLI

Press Win+R, enter cmd, and then press the Enter key to open CLI.
Run the following command to manually synchronize the system time:
```
 w32tm /resync
```
The preceding command forcefully resynchronizes the time set by the Windows Time service with the configured NTP server.
Run the following command to view the synchronization status in the synchronization result:
```
 w32tm /query /status
```

GUI

In the notification area of the taskbar, click the date and time and then click Date and time settings.
View time settings. On the Date & time page, make sure that the Set time automatically parameter is set to On.
Manually synchronize the system time. On the Date & time page, click Sync now in the Synchronize your clock section to complete manual time synchronization.

Configure NTP servers

If you want to specify an NTP server for time synchronization, use one of the following methods based on your business requirements.

CLI

Open CLI as the administrator.
Run the following command to specify an NTP server.
In this example, the NTP server at ntp11.cloud.aliyuncs.com is used. For information about the available Alibaba Cloud NTP server addresses, see the Domain names of Alibaba Cloud NTP servers section of this topic.
```
 w32tm /config /manualpeerlist:"ntp11.cloud.aliyuncs.com" /syncfromflags:manual /reliable:YES /update
```
Run the following commands to restart the time synchronization service:
```
 net stop w32time
 net start w32time
```
Run the following command to resynchronize the time:
```
 w32tm /resync
```

GUI

By default, Windows Server operating systems are synchronized to the Microsoft NTP server (time.windows.com). However, synchronization errors may occur. When you use a Windows ECS instance, you can replace the default Microsoft NTP server with an internal NTP server provided by Alibaba Cloud. In this example, a Windows Server 2022 operating system is used. Perform the following steps to change the default NTP server address:

Connect to a Windows ECS instance.
For more information, see Use Workbench to connect to a Windows instance over RDP.
In the notification area of the taskbar, click the date and time and then click Date and time settings.
On the Settings page, click Add clocks for different time zones.
In the Date and Time dialog box, click the Internet Time tab and then click Change settings.
In the Internet Time Settings dialog box, select Synchronize with an Internet time server, enter the address of an Alibaba Cloud NTP server deployed in the internal network, click Update now, and then click OK. For information about Alibaba Cloud NTP server addresses, see the Domain names of Alibaba Cloud NTP servers section of this topic.
Important
Time synchronization may fail due to third-party antivirus software on the instance. Disable the antivirus software and resynchronize the time.
Click OK in the message that appears.

FAQ

Am I charged for using Alibaba Cloud NTP servers?

No, Alibaba Cloud NTP servers are free of charge. Alibaba Cloud public images contain default time synchronization configurations. By default, ECS instances that are created from public images run the chrony or NTP service for time synchronization.

What do I do if an exception occurs when NTP is used to synchronize the system time of an ECS instance?

Check the network type of your ECS instance. Select an NTP server address based on the network type. For information about Alibaba Cloud NTP server addresses, see the Domain names of Alibaba Cloud NTP servers section of this topic. Public NTP server addresses are used to provide time synchronization services over the Internet. Compared with public NTP server addresses, private NTP server addresses can provide more accurate time and greater stability.

If the network type of your instance is VPC, select an NTP server address provided in the VPC (internal network) column of the following table.
If the network type of your instance is classic network, select an NTP server address provided in the Classic network (internal network) column of the following table.

Appendix

Domain names of Alibaba Cloud NTP servers

The following table describes the domain names of Alibaba Cloud NTP servers in various networks. These domain names support only IPv4. If you want to modify the Alibaba Cloud NTP server address, you can select one of the following addresses based on your business requirements.

Classic network (internal network)	VPC (internal network)	Internet
ntp1.cloud.aliyuncs.com ntp2.cloud.aliyuncs.com ntp3.cloud.aliyuncs.com ntp4.cloud.aliyuncs.com ntp5.cloud.aliyuncs.com ntp6.cloud.aliyuncs.com Important Services related to ECS instances in the classic network will reach end of life (EOL) on February 28, 2025. For information about the discontinuation announcement and the VPC migration plan, see EOL notice for Alibaba Cloud ECS instances in the classic network.	ntp.cloud.aliyuncs.com ntp7.cloud.aliyuncs.com ntp8.cloud.aliyuncs.com ntp9.cloud.aliyuncs.com ntp10.cloud.aliyuncs.com ntp11.cloud.aliyuncs.com ntp12.cloud.aliyuncs.com	ntp.aliyun.com ntp1.aliyun.com ntp2.aliyun.com ntp3.aliyun.com ntp4.aliyun.com ntp5.aliyun.com ntp6.aliyun.com ntp7.aliyun.com

References

For information about the time-related concepts and operations of Linux operating systems or time configuration changes to Linux public images, see Linux time and time zones.