I'm interested in doing some modest local management using Puppet. I see some SA documentation on making small changes in Puppet to do various things, but they all seem to have the warning "this will be overwritten by upgrades." That seems unfortunate. I wonder if it would be possible to come up with a standard way to make local changes that RSA would agree to not step on. For example, instead of editing /etc/puppet/modules/base/manifests/init.pp to update ntp.conf as shown here: 000032169 - Setting additional NTP sources on RSA Security Analytics core appliances running 10.5.1 and then having it overwritten by upgrades, should a new module be generated like "base-local" that is included by the vendor "base?" My question is less about the mechanics of how to do something and more about strategy and organization.