Chapter 4. Configuration Management HOWTO
Set up the following directories to hold your manifests:
/etc/puppet/
Main configuration directory. Holds client configuration (puppet.conf), as well as master configuration (puppet.conf, fileserver.conf, tagmail.conf), and directories and files relevant for the puppet master (manifests/).
/etc/puppet/manifests/
Holds the manifests the puppet master uses to determine the configuration to push to the client. At the very least, this directory should have a file named site.pp. This directory also contains nodes/, classes/, utils/, and groups/.
/etc/puppet/manifests/nodes/
Holds the declaration of nodes (clients) being managed, and what configuration should be included for these clients. An example node declaration looks like this:
node 'dummy.example.org' {
include some-class
}
which causes client dummy.example.org to include configuration held by the class some-class.
/etc/puppet/manifests/classes/
Holds the classes that are not modular. Using non-modular classes is a bad idea, and you should avoid it whenever possible. Although perfectly valid, it obfuscates the configuration applied to the clients and does not scale very well. In addition, it doesn't allow for a naming standard for the files such as the service or configuration item it is managing.
/etc/puppet/manifests/utils/
Particularly useful if the managed systems are somewhat homogeneous (they are all Linux?), so you can set defaults. Imagine you have to set the PATH for each Exec. Instead, defining in utils/exec.pp:
Exec {
path => [
"/bin/",
"/usr/bin/",
"/usr/local/bin/",
"/sbin/",
"/usr/sbin/",
"/usr/local/sbin/",
]
}
and importing it once (in site.pp) will save you from having to define the PATH over and over again.
/etc/puppet/manifests/groups/
Manifests for groups of systems. This defines the defaults for groups, such as a group "webserver", which should have the httpd package installed, and the service httpd running.
See also: Section 4.7, “Using Groups”
/var/lib/puppet/clientbucket/
The main server backup location (if configured). If you harvest replaced configuration files from your clients, this directory must also be backed up regularly.
/var/lib/puppet/facts/
Custom facts to distribute amongst your clients.
/var/lib/puppet/files/
Holds files distributed by the puppet master to the clients. The files in /var/lib/puppet/files/ are most likely to be distributed amongst all your clients. Fine for /etc/motd maybe, less so for files in /etc/pam.d/ or /etc/sudoers Like with the classes in /etc/puppet/manifests/classes/, putting files in here is generally a bad idea and should be avoided, as most files will fit right in with the module that controls them.
/var/lib/puppet/modules/
Holds modules. Subdirectories in modules hold different environments for your modules.
/var/lib/puppet/ssl/
Holds the puppet master and client certificate chain. VERY important to backup regularly.
/var/lib/puppet/private/
Holds your private configuration files only to be distributed amongst a subset of your clients. Especially useful in multi-domain environments where domain "company.com" does not want "evil.org" to have access to the configuration files like /etc/sudoers. Using the puppet modules from puppetmanaged.org, causes puppet to use the files in private/$domain/ instead of those shipped with the modules (which make nice defaults), or the files in /var/lib/puppet/files/.
See also: Section 4.6, “Setting Up puppetmanaged.org Modules”, Section 4.8.2, “Configuring the Fileserver”