My solution was to run ntpdate before I ran the puppet join. Since all my client machines are ubuntu, I know it's pre-installed. After that, puppet installs the ntp service.
My "join" command looks something like: `apt-get install puppet -y && ntpdate pool.ntp.org && puppet agent --server puppet.company.com` -Jon On Mon, Feb 27, 2012 at 02:58, Derek J. Balling <dr...@megacity.org> wrote: > We recently had a situation where servers weren't able to use their > auto-sign'ed certificates because their local clock was months off from > real-time. Of course, it was brand-new hardware straight off the dock and > hadn't yet had a chance to have ntp sync the clock to the correct time > because, well, puppet is what fires up NTP. :-) > > Is there any way to recognize that puppet might be the thing in charge of > bringing the clocks into sync, and allowing puppet to ignore > certificate-verification failures that are based solely on the time-delta > being too high? It certainly seems like it'd be a useful feature. > > D > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- Jon [[User:ShakataGaNai]] / KJ6FNQ http://snowulf.com/ http://www.linkedin.com/in/shakataganai <http://twitter.com/shakataganai> -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.