We recently had a situation where servers weren't able to use their auto-sign'ed certificates because their local clock was months off from real-time. Of course, it was brand-new hardware straight off the dock and hadn't yet had a chance to have ntp sync the clock to the correct time because, well, puppet is what fires up NTP. :-)
Is there any way to recognize that puppet might be the thing in charge of bringing the clocks into sync, and allowing puppet to ignore certificate-verification failures that are based solely on the time-delta being too high? It certainly seems like it'd be a useful feature. D -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.