HMM. Sounds like the docs team needs to get on this.
(<-- is 1/2 the docs team)
I'm going to name some special directory or file names below. These are all
puppet config settings, and you can get the current value for them on any
machine by running puppet master --configprint <setting>.
Location: "ssldir" (varies by distro; use --configprint to discover.)
Important and irreplaceable. If you lose the SSL info on your CA puppet
master, you'll have to go through all of your agent nodes, delete their
ssldir, and request a new certificate. Doable, but a huge pain in the ass.
There shouldn't be any crucial ssl info outside the ssldir, unless one of
the "ca*" settings got messed with in your puppet.conf. Don't worry about
ssl info on non-master nodes; you can decommission their old cert w/ puppet
cert clean, and issue them a new one when you bring them back to life.
MODULES AND MANIFESTS
Location: every directory in "modulepath," the "manifest" file (AKA
site.pp), and anything `import`-ed into the main manifest.
Hopefully you have this under version control in an external git repo or
something anyway, but yeah, make sure this is well-backed-up.
This might well have external service configurations, database passwords,
all kinds of stuff. Probably back it up.
Just because if you poked a hole for an external service, you'll want a
reminder around about how it was rigged.
If you're using it, you probably know where it is. It is probably very
important, and should probably also be in version control anyway.
You'll have to dump the MySQL databases on a regular basis. There are rake
tasks to help with that.
Hopefully you're managing your MCollective keys and plugins with puppet
anyway, so you've already handled this by backing up your modules and hiera
CUSTOM ENC DATA/CODE
If you built an ENC, you should be backing up its data source.
I feel like that's about it? Did I miss anything?