Because the Puppet master server acts as the certificate authority, a recommended best practice is to configure the Network Time Protocol (NTP) to accurately keep time on the master prior to installing Puppet. Otherwise, the master could issue certificates that the agents could treat as expired. For more information about managing NTP, see Enhancing System Performance Using Clock Synchronization and Web Caching in Oracle Solaris 11.3.
Perform the following procedure on the Puppet master prior to installing the Puppet IPS package.
In this procedure, the following four time servers are used, in the event that one time server fails.
# echo "server 0.pool.ntp.org" > /etc/inet/ntp.conf # echo "server 1.pool.ntp.org" >> /etc/inet/ntp.conf # echo "server 2.pool.ntp.org" >> /etc/inet/ntp.conf # echo "server 3.pool.ntp.org" >> /etc/inet/ntp.conf
# echo "driftfile /var/ntp/ntp.drift" >> /etc/inet/ntp.conf # echo "statsdir /var/ntp/ntpstats/" >> /etc/inet/ntp.conf # echo "filegen peerstats file peerstats type day enable" >> /etc/inet/ntp.conf # echo "filegen loopstats file loopstats type day enable" >> /etc/inet/ntp.conf
# ntpdate 0.pool.ntp.org
# svcadm enable ntp
# ntpq -p
Next Steps
As an alternative, you could also specify NTP configuration by using a Puppet manifest. See Writing Puppet Manifests, Classes, and Modules in Oracle Solaris.