How to do proper VPS timekeeping?

Solution 1:

Short version: Timekeeping in containers (which is what most VPSes are) is the host's responsibility; you'll probably need to lobby your VPS provider to get this fixed.

Note: This advice does not apply if your VPS is a Xen (e.g. AWS), KVM (e.g. GCE), or Hyper-V (e.g. Azure) virtual machine. In that case, the kernel and its clock driver are virtualised, and you should treat them like you would a bare metal machine, and run an NTP client such as ntpd, chronyd, or systemd-timesyncd.

Longer version: If your VPS is a typical container, then NTP cannot discipline the local clock. The kernel clock is not containerised (namespaced), and most container managers (e.g. OpenVZ, Docker, LXC/LXD) do not grant the kernel time capability to containers. (See https://bugs.launchpad.net/ubuntu/+source/chrony/+bug/1589780 for discussion of this in the context of Ubuntu and Chrony.)

If you're renting your VPS from a typical provider, it sounds like they've either failed to configure NTP at all, or configured it poorly and aren't monitoring it.

You can use a configuration like https://gist.github.com/kuzetsa/4a64cd1a95260d0bc5cc1b8aeaba1878 to get ntpd to run in your container without trying to change the local clock (the disable kernel line is the important part). This will allow you to monitor the host's NTP server (if any); add pool.ntp.org or another public NTP service if you want to compare your VPS host's clock with some external sources.

Solution 2:

If you have access to the hardware, virtual (VM) or physical (bare metal/hypervisor), you can and should use NTP to sync.

Do your own experiments by configuring ntpd and enabling statistics on a variety of hosts. Compare to your favorite reference clocks and see how they perform.

There are operational challenges to very accurate timekeeping and VMs. However, these tend to only matter at orders of magnitude better than single digit seconds.