What is Role?
A role is a way to define certain patterns and processes that exist across nodes in an organization as belonging to a single job function. Each role consists of zero (or more) attributes and a run-list. Each node can have zero (or more) roles assigned to it. When a role is run against a node, the configuration details of that node are compared against the attributes of the role, and then the contents of that role’s run-list are applied to the node’s configuration details. When a chef-client runs, it merges its own attributes and run-lists with those contained within each assigned role.
How to use Roles in Chef?
- Create a Role and add the cookbooks into it.
- Assign the role into each node or bootstrap new nodes using roles
- The the run list
How to create Role?
Method 1: In Chef Server directly
> knife role create client1
&
Add the run list e.g. “recipe[nginx]” under “run_list”
Save & exit
The role will be created in Chef Server.
Example
{ "name": "client1", "description": "", "json_class": "Chef::Role", "default_attributes": { }, "override_attributes": { }, "chef_type": "role", "run_list": [ "recipe[nginx]", "recipe[phpapp::web]" ], "env_run_lists": { } }
Let’s download the role from the Chef server so we have it locally in a Chef repository.
> knife role show client1 -d -Fjson > roles/client1.json
Now, Lets bootstrap the node using knife with roles
> knife bootstrap --run-list "role[client1]" --sudo hostname
How to edit the roles in chef Server?
> knife role edit client1
Method 2: In local repo under chef-repo folder
> vi webserver.rb
example –
name "web_server" description "Role for web servers" run_list( "role[base]", "recipe{web_server]" )
& Then upload to chef server using following commands.
> knife role from file path/to/role/file
How Assigning Roles to Nodes?
> knife node list
> knife node edit node_name
This will bring up the node’s definition file, which will allow us to add a role to its run_list:
{ "name": "client1", "chef_environment": "_default", "normal": { "tags": [ ] }, "run_list": [ "recipe[nginx]" ] }
For instance, we can replace our recipe with our role in this file:
{ "name": "client1", "chef_environment": "_default", "normal": { "tags": [ ] }, "run_list": [ "role[web_server]" ] }
How to bootstrap node using role?
> knife bootstrap {{address}} --ssh-user {{user}} --ssh-password '{{password}}' --sudo --use-sudo-password --node-name node1 --run-list 'role[production]'
> knife bootstrap --run-list "role[phpapp-web]" --sudo hostname
How to run roles against nodes?
You can run chef-client on multiple nodes via knife ssh command like, To query for all nodes that have the webserver role and then use SSH to run the command sudo chef-client, enter:
> knife ssh "role:webserver" "sudo chef-client"
To find the uptime of all of web servers running Ubuntu on the Amazon EC2 platform, enter:
> knife ssh "role:web" "uptime" -x ubuntu -a ec2.public_hostname
Reference
http://docs.chef.io/roles.html
https://docs.chef.io/knife_ssh.html
https://docs.chef.io/knife_role.html