How to Implement Chef roles using Chef server ?


What is Role?

A role is a way to define certain patterns and processes that exist across nodes in an organization as belonging to a single job function. Each role consists of zero (or more) attributes and a run-list. Each node can have zero (or more) roles assigned to it. When a role is run against a node, the configuration details of that node are compared against the attributes of the role, and then the contents of that role’s run-list are applied to the node’s configuration details. When a chef-client runs, it merges its own attributes and run-lists with those contained within each assigned role.

How to use Roles in Chef?

  1. Create a Role and add the cookbooks into it.
  2. Assign the role into each node or bootstrap new nodes using roles
  3. The the run list

How to create Role?

Method 1: In Chef Server directly

> knife role create client1


Add the run list e.g. “recipe[nginx]” under “run_list”

Save & exit

The role will be created in Chef Server.


{ "name": "client1", "description": "", "json_class": "Chef::Role", "default_attributes": { }, "override_attributes": { }, "chef_type": "role", "run_list": [ "recipe[nginx]", "recipe[phpapp::web]" ], "env_run_lists": { } } 

Let’s download the role from the Chef server so we have it locally in a Chef repository.

> knife role show client1 -d -Fjson > roles/client1.json

Now, Lets bootstrap the node using knife with roles

> knife bootstrap --run-list "role[client1]" --sudo hostname

How to edit the roles in chef Server?

> knife role edit client1

Method 2: In local repo under chef-repo folder

> vi webserver.rb

example –

name "web_server" description "Role for web servers" run_list(   "role[base]",   "recipe{web_server]" ) 

& Then upload to chef server using following commands.

> knife role from file path/to/role/file

How Assigning Roles to Nodes?

> knife node list
> knife node edit node_name

This will bring up the node’s definition file, which will allow us to add a role to its run_list:

{ "name": "client1", "chef_environment": "_default", "normal": { "tags": [  ] 	}, "run_list": [ 	"recipe[nginx]" ] } 

For instance, we can replace our recipe with our role in this file:

{ "name": "client1", "chef_environment": "_default", "normal": { "tags": [ ] }, "run_list": [ "role[web_server]" ] } 

How to bootstrap node using role?

> knife bootstrap {{address}} --ssh-user {{user}} --ssh-password '{{password}}' --sudo --use-sudo-password --node-name node1 --run-list 'role[production]'
> knife bootstrap --run-list "role[phpapp-web]" --sudo hostname

How to run roles against nodes?

You can run chef-client on multiple nodes via knife ssh command like, To query for all nodes that have the webserver role and then use SSH to run the command sudo chef-client, enter:

> knife ssh "role:webserver" "sudo chef-client"

To find the uptime of all of web servers running Ubuntu on the Amazon EC2 platform, enter:

> knife ssh "role:web" "uptime" -x ubuntu -a ec2.public_hostname


Tagged : / / / / / / / / / / / / /