Configure accurate time for Compute Engine VMs

Linux

Many software systems that depend on careful sequencing of events rely on a stable, consistent system clock, using system logs with timestamps to ensure time synchronization and debug issues as they occur. To help keep system clocks in sync, Compute Engine virtual machine (VM) instances are preconfigured to use network time protocol (NTP), a bundled solution of time synchronization hardware and software. If ensuring accurate time synchronization and monitoring the accuracy of your time synchronization are important for your goals, you can configure accurate time instead of NTP, to sync your VM's clock with the host clock by using chrony and ptp_kvm. This configuration is designed to achieve accuracy within 1 ms for supported setups.

Supported machine types

The following machine types support accurate time:

Supported operating systems

The following operating systems (OSes) support accurate time:

OS Versions Images
CentOS Stream 9 centos-stream-9
Container-Optimized OS COS 105 LTS, COS 109 LTS, COS 113 LTS, COS 117 LTS cos-105-lts, cos-109-lts, cos-113-lts, cos-117-lts
Debian 11 (Bullseye), 12 (Bookworm) debian-11, debian-12
Fedora Cloud 39 fedora-cloud-39
RHEL 8, 9 rhel-8-4-sap-ha, rhel-8-6-sap-ha, rhel-8-8-sap-ha, rhel-8-10-sap-ha, rhel-9, rhel-9-0-sap-ha, rhel-9-2-sap-ha, rhel-9-4-sap-ha
Rocky Linux 8, 9 rocky-linux-8, rocky-linux-8-optimized-gcp, rocky-linux-9-optimized-gcp, rocky-linux-9-optimized-gcp
SLES 15 sles-15, sles-15-sp2-byos, sles-15-sp2-sap, sles-15-sp3-byos, sles-15-sp3-sap, sles-15-sp4-byos, sles-15-sp4-sap, sles-15-sp5-byos, sles-15-sp5-sap
Ubuntu 22.04 LTS (Jammy Jellyfish), 24.04 LTS (Noble Numbat) ubuntu-2204-lts, ubuntu-2404-lts-amd64
Ubuntu Pro 2004 ubuntu-pro-2004-lts, ubuntu-pro-2004-lts-amd64

Supported zones

The following zones support accurate time:

Zone Location
europe-west1-b St. Ghislain, Belgium, Europe
europe-west1-c St. Ghislain, Belgium, Europe
europe-west2-b London, England, Europe
europe-west3-a Frankfurt, Germany, Europe
us-central1-a Council Bluffs, Iowa, North America
us-central1-b Council Bluffs, Iowa, North America
us-central1-c Council Bluffs, Iowa, North America
us-central1-f Council Bluffs, Iowa, North America
us-east1-b Moncks Corner, South Carolina, North America
us-east1-c Moncks Corner, South Carolina, North America
us-east4-c Ashburn, Virginia, North America
us-east5-a Columbus, Ohio, North America
us-south1-a Dallas, Texas, North America
us-west1-b The Dalles, Oregon, North America
us-west2-a Los Angeles, California, North America
us-west3-a Salt Lake City, Utah, North America

Configure accurate time synchronization

To configure accurate time synchronization for your project's VMs, complete the following tasks for each VM:

  • Configure chrony to use ptp-kvm as its time source.
  • Configure Google Cloud Ops Agent for data collection and analysis.

After you've completed both tasks, accurate time synchronization is set up for the VMs in your project.

For a sample script that creates a VM and completes both tasks to configure accurate time synchronization, see the VM creation script in GitHub.

Configure chrony to use ptp-kvm

To configure chrony to use ptp-kvm as its time source, run the following script inside each of your Google Cloud project's VMs:

#!/bin/bash
# Install chrony as needed
if!command-vchronyc&>/dev/null;then
# Detect the package manager and install chrony
ifcommand-vapt&>/dev/null;then
# Debian, Ubuntu, and derivatives
echo"Detected apt. Installing chrony..."
apt-getupdate
apt-getinstall-ychrony
elifcommand-vdnf&>/dev/null;then
# Fedora, RHEL 8+, CentOS 8+
echo"Detected dnf. Installing chrony..."
dnfinstall-ychrony
elifcommand-vyum&>/dev/null;then
# RHEL 7, CentOS 7
echo"Detected yum. Installing chrony..."
yuminstall-ychrony
elifcommand-vzypper&>/dev/null;then
# openSUSE, SLES
echo"Detected zypper. Installing chrony..."
zypperinstall-ychrony
else
echo"Please install chrony manually."
exit1
fi
fi
# Different distros place chrony config in
# different locations, detect this.
if[-f"/etc/chrony/chrony.conf"];then
CHRONY_CONF="/etc/chrony/chrony.conf"
else
CHRONY_CONF="/etc/chrony.conf"
fi
# Load PTP-KVM clock for high-accuracy clock synchronization
# PTP-KVM allows the VM to read a cross time-stamp of a platform
# provided clock and the VM CPU Clock (CycleCounter), providing
# resiliency from network and virtualization variability when
# synchronizing the realtime/wall clock
/sbin/modprobeptp_kvm
echo"ptp_kvm">/etc/modules-load.d/ptp_kvm.conf
# NTP servers might indicate the wrong time due to chrony
# greatly reducing the polling frequency, resulting in
# overall negative impact to the clock synchronization
# achieved, especially after live migration events.
#
# We disable NTP servers to prevent these issues.
#
# Customers interested in monitoring the clock accuracy compared to NTP sources
# should run a second instance of chrony in a no-change mode to do so.
# Disable NTP servers:
sed-i'/^server /d'$CHRONY_CONF
sed-i'/^pool /d'$CHRONY_CONF
sed-i'/^include /d'$CHRONY_CONF
#Disable DHCP based NTP config:
sed-i's/^NETCONFIG_NTP_POLICY="auto"/NETCONFIG_NTP_POLICY=""/'/etc/sysconfig/network/config
truncate-s0/var/run/netconfig/chrony.servers
echoPEERNTP=no|sudotee-a/etc/sysconfig/network
serviceNetworkManagerrestart
systemctldisablesystemd-timesyncd.service
timedatectlset-ntpfalse
# Configure PTP-KVM based HW refclock, with leap second smearing
# Google's clocks are doing leap second smearing, and therefor chrony shouldn't attempt to adjust
# the time received from PTP-KVM to adjust for leap seconds.
sed"s/^leapsectz/#leapsectz/"-i$CHRONY_CONF
echo"refclock PHC /dev/ptp_kvm poll -1">>$CHRONY_CONF
# For extra debugging logging, uncomment the following line
#echo "log measurements statistics tracking" >> $CHRONY_CONF
# Enable chrony's clock accuracy tracking log,
# for monitoring and auditing.
echo"log tracking">>$CHRONY_CONF
# Restart chrony (Ubuntu named it differently)
systemctlrestartchronyd
systemctlrestartchrony

Configure Google Cloud Ops Agent on your VM

To configure Google Cloud Ops Agent for data collection and analysis, run the following script inside each of your Google Cloud project's VMs:

#!/bin/bash
# From https://cloud.google.com/stackdriver/docs/solutions/agents/ops-agent/installation#install-latest-version
curl-sSOhttps://dl.google.com/cloudagents/add-google-cloud-ops-agent-repo.sh
bashadd-google-cloud-ops-agent-repo.sh--also-install
OPS_AGENT_CONF="
logging:
 receivers:
 chrony_tracking_receiver:
 type: files
 include_paths:
 - /var/log/chrony/tracking.log
 processors:
 chrony_tracking_processor:
 type: parse_regex
 regex: \"^.*PHC0.* (?<max_error>[-\d\.eE]+)$\"
 service:
 pipelines:
 chrony_tracking_pipeline:
 receivers: [chrony_tracking_receiver]
 processors: [chrony_tracking_processor]
"
OPS_AGENT_CONF_PATH="/etc/google-cloud-ops-agent/config.yaml"
echo"$OPS_AGENT_CONF">"$OPS_AGENT_CONF_PATH"
systemctlrestartgoogle-cloud-ops-agent

Configure time synchronization monitoring

To configure time synchronization monitoring for your Google Cloud project's VMs, run the logging and dashboard setup script for your Google Cloud project. This script helps you to complete the following tasks for your Google Cloud project:

  • It sets appropriate permissions on the service account associated with your VM's Google Cloud project.
  • It creates a log-based metric that chrony uses to ensure accuracy between the clocks on the VM and its host server.
  • It creates a dashboard measuring the VM clock's traceability to UTC by combining the following metrics:

To accomplish the preceding tasks, run the following script:

#!/bin/bash
if[-z"1ドル"];then
echo"Usage: time-sync-logging-dashboard.sh <project_id>">&2
exit1
fi
PROJECT_ID="1ドル"
PROJECT_NUMBER=$(gcloudprojectsdescribe"$PROJECT_ID"--format="value(projectNumber)")
SERVICE_ACCOUNT_EMAIL=${PROJECT_NUMBER}-compute@developer.gserviceaccount.com
gcloudprojectsadd-iam-policy-binding"${PROJECT_ID}"\
--member="serviceAccount:${SERVICE_ACCOUNT_EMAIL}"\
--role="roles/compute.instanceAdmin"
gcloudprojectsadd-iam-policy-binding"${PROJECT_ID}"\
--member="serviceAccount:${SERVICE_ACCOUNT_EMAIL}"\
--role="roles/monitoring.metricWriter"
gcloudprojectsadd-iam-policy-binding"${PROJECT_ID}"\
--member="serviceAccount:${SERVICE_ACCOUNT_EMAIL}"\
--role="roles/logging.logWriter"
cpclock-error-metric.json/tmp/clock-error-metric.json
sed-i"s/PROJECT_ID/${PROJECT_ID}/"/tmp/clock-error-metric.json
gcloudloggingmetricscreate--project"${PROJECT_ID}"phc-clock-max-error-gce--config-from-file=/tmp/clock-error-metric.json
gcloudmonitoringdashboardscreate--project"${PROJECT_ID}"--config-from-file=metric-dashboard.json

After the script completes running, use the dashboard it created to view clock accuracy data for your project's VMs.

What's next

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025年12月09日 UTC.