How to Configure NTP on the Puppet Master

Language:

Because the Puppet master server acts as the certificate authority, a recommended best practice is to configure the Network Time Protocol (NTP) to accurately keep time on the master prior to installing Puppet. Otherwise, the master could issue certificates that the agents could treat as expired. For more information about managing NTP, see Enhancing System Performance Using Clock Synchronization and Web Caching in Oracle Solaris 11.3.

Perform the following procedure on the Puppet master prior to installing the Puppet IPS package.

Become an administrator who is assigned the Puppet Management rights profile or assume the root role.
Create a configuration file by editing the /etc/inet/ntp.client file and then copying the information to /etc/inet/ntp.conf.
In this procedure, the following four time servers are used, in the event that one time server fails.
```
# echo "server 0.pool.ntp.org" > /etc/inet/ntp.conf
# echo "server 1.pool.ntp.org" >> /etc/inet/ntp.conf
# echo "server 2.pool.ntp.org" >> /etc/inet/ntp.conf
# echo "server 3.pool.ntp.org" >> /etc/inet/ntp.conf
```

Add the required configuration parameters to the /etc/inet/ntp.conf file.

# echo "driftfile /var/ntp/ntp.drift" >> /etc/inet/ntp.conf
# echo "statsdir /var/ntp/ntpstats/" >> /etc/inet/ntp.conf
# echo "filegen peerstats file peerstats type day enable" >> /etc/inet/ntp.conf
# echo "filegen loopstats file loopstats type day enable" >> /etc/inet/ntp.conf

Force an initial time synchronization.
```
# ntpdate 0.pool.ntp.org
```
Enable the ntp SMF service.
```
# svcadm enable ntp
```
Verify that NTP is working.
```
# ntpq -p
```
Note - NTP start-up can take from 15 to 60 minutes, or longer.

Next Steps

As an alternative, you could also specify NTP configuration by using a Puppet manifest. See Writing Puppet Manifests, Classes, and Modules in Oracle Solaris.