On Wed, Aug 1, 2012 at 3:35 PM, Nick Fagerlund <
nick.fagerl...@puppetlabs.com> wrote:

> Hey, Mitchell,
>
> HMM. Sounds like the docs team needs to get on this.
>
> (<-- is 1/2 the docs team)
>
> I'm going to name some special directory or file names below. These are
> all puppet config settings, and you can get the current value for them on
> any machine by running puppet master --configprint <setting>.
>
> SSL STUFF:
>
> Location: "ssldir" (varies by distro; use --configprint to discover.)
>
> Important and irreplaceable. If you lose the SSL info on your CA puppet
> master, you'll have to go through all of your agent nodes, delete their
> ssldir, and request a new certificate. Doable, but a huge pain in the ass.
>
> There shouldn't be any crucial ssl info outside the ssldir, unless one of
> the "ca*" settings got messed with in your puppet.conf. Don't worry about
> ssl info on non-master nodes; you can decommission their old cert w/ puppet
> cert clean, and issue them a new one when you bring them back to life.
>
> MODULES AND MANIFESTS
>
> Location: every directory in "modulepath," the "manifest" file (AKA
> site.pp), and anything `import`-ed into the main manifest.
>
> Hopefully you have this under version control in an external git repo or
> something anyway, but yeah, make sure this is well-backed-up.
>
> PUPPET.CONF
>
> This might well have external service configurations, database passwords,
> all kinds of stuff. Probably back it up.
>
> AUTH.CONF
>
> Just because if you poked a hole for an external service, you'll want a
> reminder around about how it was rigged.
>
> HIERA/EXTLOOKUP DATA
>
> If you're using it, you probably know where it is. It is probably very
> important, and should probably also be in version control anyway.
>
> DASHBOARD/CONSOLE DATA
>
> You'll have to dump the MySQL databases on a regular basis. There are rake
> tasks to help with that.
>
> MCOLLECTIVE STUFF
>
> Hopefully you're managing your MCollective keys and plugins with puppet
> anyway, so you've already handled this by backing up your modules and hiera
> data.
>
> CUSTOM ENC DATA/CODE
>
> If you built an ENC, you should be backing up its data source.
>
>
> I feel like that's about it? Did I miss anything?
>

Looks good. Most of our data (hiera, modules, and conf) is in version
control so the only thing we really need to back up is SSL. Perfect!

Thanks,
Mitchelll


>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/puppet-users/-/fW14AzNzHZoJ.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Reply via email to