Does Linode provide a customer-facing NTP service?
Does Linode provide a customer-facing Network Time Protocol (NTP) service?
The existence of the ntp.linode.com and ntp.newark.linode.com hostnames internally looked promising, but none of these servers respond to NTP packets from my VM:
% dig +short ntp.linode.com
45.33.79.49
45.33.94.245
45.33.83.27
45.33.70.125
50.116.55.173
% for i in `dig +short ntp.linode.com`; do dig +short -x $i; done
ntp3.newark.linode.com.
ntp5.newark.linode.com.
ntp4.newark.linode.com.
ntp2.newark.linode.com.
ntp1.newark.linode.com.
% ntpdate -d -q -t 5 ntp.linode.com
28 Aug 21:51:22 ntpdate[1264757]: ntpdate 4.2.8p15@1.3728-o Wed Feb 16 17:13:02 UTC 2022 (1)
Looking for host ntp.linode.com and service ntp
50.116.55.173 reversed to ntp1.newark.linode.com
host found : ntp1.newark.linode.com
transmit(50.116.55.173)
transmit(45.33.79.49)
transmit(45.33.70.125)
transmit(45.33.94.245)
transmit(45.33.83.27)
50.116.55.173: Server dropped: no data
45.33.79.49: Server dropped: no data
45.33.70.125: Server dropped: no data
45.33.94.245: Server dropped: no data
45.33.83.27: Server dropped: no data
28 Aug 21:51:28 ntpdate[1264757]: no server suitable for synchronization found
(Yes, I'm certain that the responses aren't being blocked by a firewall/filter inside the VM.)
2 Replies
jhartman
Linode Staff
Old Forum discussions about NTP suggest that Linodes pull time from the host machine accurate to within one second. If your use-case requires the use of external NTP servers or are acting as the NTP servers for other Linodes/services, this post provides some instruction about NTP configuration:
If you encounter specific issues with the host-provided NTP that are affecting your workload (for example, Your system's clock is slow error messages), you can open a ticket with Support so that we can investigate.
I appreciate the reply, but I was skeptical that a 20 year old post about Linode in its UML days was still relevant to modern Linode running VMs on KVM. So I did some testing on a Linode VM: I configured Chrony to get time from NIST's NTP servers but not apply corrections to the system (Linux's) clock or the (virtualized) hardware real-time clock, then log RTC and NTP server statistics to disk.
According to Chrony's logs over the past eight weeks, the system time has drifted up to 6 seconds away from the NIST NTP servers and the virtualized RTC has drifted up to 14 seconds away from the system time. The system clock seems to run slightly faster or slower depending on the virtualization host's load, and the virtualized RTC exposed to the VM is showing multi-second steps at seemingly random times:
===============================================================================
Date (UTC) Time RTC fast (s) Val Est fast (s) Slope (ppm) Ns Nr Meas
===============================================================================
2024-10-24 01:48:31 -7.312555 1 -7.308337 -2.113 64 32 240
2024-10-24 01:52:33 -7.305309 1 -7.308600 -2.083 61 34 240
2024-10-24 01:56:35 -14.126784 1 -7.309342 -2.113 62 33 240
2024-10-24 02:00:37 -14.126582 1 -7.310224 -2.149 63 33 240
In short, neither the virtualized RTC exposed to the VM (which Linux will read the time from for its initial system time on every boot) nor the system clock (Linux's clock) in a VM stay within a second of UTC like a comment on that old forum post implies.
So, yeah, you need to run an NTP client and point it at reliable NTP servers if you care about accurate system time on a Linode VM. (Why do I care? Correlating logs across systems.)
The reason I asked about Linode NTP servers is that I used to have Chrony use three servers from [012].us.pool.ntp.org to synchronize my Linode VM. Unfortunately, Chrony would occasionally get into a state where it refused to synchronize to any of the three servers because it thought that all three servers were serving invalid time. I was hoping that Linode ran its own NTP servers that customers could use since they'd (hopefully) be less likely to start serving bogus time than rando NTP pool servers. Oh well.