What is Role?
A role is a way to define certain patterns and processes that exist across nodes in an organization as belonging to a single job function. Each role consists of zero (or more) attributes and a run-list. Each node can have zero (or more) roles assigned to it. When a role is run against a node, the configuration details of that node are compared against the attributes of the role, and then the contents of that role’s run-list are applied to the node’s configuration details. When a chef-client runs, it merges its own attributes and run-lists with those contained within each assigned role.
How to use Roles in Chef?
- Create a Role and add the cookbooks into it.
- Assign the role into each node or bootstrap new nodes using roles
- The the run list
How to create Role?
Method 1: In Chef Server directly
> knife role create client1
&
Add the run list e.g. “recipe[nginx]” under “run_list”
Save & exit
The role will be created in Chef Server.
Example
name "web_servers"
description "This role contains nodes, which act as web servers"
run_list "recipe[webserver]"
default_attributes 'ntp' => {
'ntpdate' => {
'disable' => true
}
}
Let’s download the role from the Chef server so we have it locally in a Chef repository.
> knife role show client1 -d -Fjson > roles/client1.json
Now, Lets bootstrap the node using knife with roles
> knife bootstrap --run-list "role[webserver]" --sudo hostname
How to edit the roles in chef Server?
> knife role edit client1
Method 2: In local repo under chef-repo folder
> vi webserver.rb
example –
name "web_servers"
description "This role contains nodes, which act as web servers"
run_list "recipe[webserver]"
default_attributes 'ntp' => {
'ntpdate' => {
'disable' => true
}
}
& Then upload to chef server using following commands.
$ knife role from file path/to/role/file $ knife role from file web_servers.rb
How Assigning Roles to Nodes?
> knife node list
$ knife node edit node_name
OR
# Assign the role to a node called server:
$ knife node run_list add server 'role[web_servers]'
This will bring up the node’s definition file, which will allow us to add a role to its run_list:
{ "name": "client1", "chef_environment": "_default", "normal": { "tags": [ ] }, "run_list": [ "recipe[nginx]" ] }
For instance, we can replace our recipe with our role in this file:
{ "name": "client1", "chef_environment": "_default", "normal": { "tags": [ ] }, "run_list": [ "role[web_server]" ] }
How to bootstrap node using role?
> knife bootstrap {{address}} --ssh-user {{user}} --ssh-password '{{password}}' --sudo --use-sudo-password --node-name node1 --run-list 'role[production]'
> knife bootstrap --run-list "role[phpapp-web]" --sudo hostname
How to run roles against nodes?
You can run chef-client on multiple nodes via knife ssh command like, To query for all nodes that have the webserver role and then use SSH to run the command sudo chef-client, enter:
> knife ssh "role:webserver" "sudo chef-client"
To find the uptime of all of web servers running Ubuntu on the Amazon EC2 platform, enter:
> knife ssh "role:web" "uptime" -x ubuntu -a ec2.public_hostname
Method 3: Using Chef Autotmate UI
Step 1 – Create a role
Step 2 – Add a List of Cookbooks
Step 3 – Edit a Node and Roles
Step 4 – Run knife command from workstation
$ knife ssh “role:webserver” “sudo chef-client”
How it works
You define a role in a Ruby file inside the roles
folder of your Chef repository. A role consists of a name
attribute and a description
attribute. Additionally, a role usually contains a role-specific run list and role-specific attribute settings.
Every node, which has a role in its run list, will have the role’s run list expanded into its own. This means that all the recipes (and roles), which are in the role’s run list, will be executed on your nodes.
You need to upload your role on your Chef server by using the knife role from file
command.
Only then should you add the role to your node’s run list.
Running the Chef client on a node having your role in its run list will execute all the recipes listed in the role.
Chef Attributes with Roles
Example of Role file
{
"name": "rajesh-node-1",
"chef_environment": "_default",
"normal": {
"tags": [
]
},
"policy_name": null,
"policy_group": null,
"run_list": [
"role[web-role]"
]
}
Reference
http://docs.chef.io/roles.html
https://docs.chef.io/knife_ssh.html
https://docs.chef.io/knife_role.html
- Best AI tools and websites to travel blogger or travel video & audio creator - January 12, 2025
- Deep Dive & Troubleshoot using Kubernetes logs & its Structure & Location - January 12, 2025
- Most popular video editing application - January 11, 2025