What is Role?
A role is a way to define certain patterns and processes that exist across nodes in an organization as belonging to a single job function. Each role consists of zero (or more) attributes and a run-list. Each node can have zero (or more) roles assigned to it. When a role is run against a node, the configuration details of that node are compared against the attributes of the role, and then the contents of that role’s run-list are applied to the node’s configuration details. When a chef-client runs, it merges its own attributes and run-lists with those contained within each assigned role.
How to use Roles in Chef?
- Create a Role and add the cookbooks into it.
- Assign the role into each node or bootstrap new nodes using roles
- The the run list
How to create Role?
Method 1: In Chef Server directly
> knife role create client1&
Add the run list e.g. “recipe[nginx]” under “run_list”
Save & exit
The role will be created in Chef Server.
Example
name "web_servers"
description "This role contains nodes, which act as web servers"
run_list "recipe[webserver]"
default_attributes 'ntp' => {
'ntpdate' => {
'disable' => true
}
}Code language: PHP (php)Let’s download the role from the Chef server so we have it locally in a Chef repository.
> knife role show client1 -d -Fjson > roles/client1.json
Now, Lets bootstrap the node using knife with roles
> knife bootstrap --run-list "role[webserver]" --sudo hostname
How to edit the roles in chef Server?
> knife role edit client1
Method 2: In local repo under chef-repo folder
> vi webserver.rbCode language: CSS (css)example –
name "web_servers"
description "This role contains nodes, which act as web servers"
run_list "recipe[webserver]"
default_attributes 'ntp' => {
'ntpdate' => {
'disable' => true
}
}Code language: PHP (php)& Then upload to chef server using following commands.
$ knife role from file path/to/role/file $ knife role from file web_servers.rb
How Assigning Roles to Nodes?
> knife node listCode language: PHP (php)$ knife node edit node_name
OR
# Assign the role to a node called server:
$ knife node run_list add server 'role[web_servers]'Code language: PHP (php)This will bring up the node’s definition file, which will allow us to add a role to its run_list:
{ "name": "client1", "chef_environment": "_default", "normal": { "tags": [ ] }, "run_list": [ "recipe[nginx]" ] } Code language: JSON / JSON with Comments (json)For instance, we can replace our recipe with our role in this file:
{ "name": "client1", "chef_environment": "_default", "normal": { "tags": [ ] }, "run_list": [ "role[web_server]" ] } Code language: JSON / JSON with Comments (json)How to bootstrap node using role?
> knife bootstrap {{address}} --ssh-user {{user}} --ssh-password '{{password}}' --sudo --use-sudo-password --node-name node1 --run-list 'role[production]'Code language: JavaScript (javascript)> knife bootstrap --run-list "role[phpapp-web]" --sudo hostnameCode language: PHP (php)How to run roles against nodes?
You can run chef-client on multiple nodes via knife ssh command like, To query for all nodes that have the webserver role and then use SSH to run the command sudo chef-client, enter:
> knife ssh "role:webserver" "sudo chef-client"Code language: JavaScript (javascript)To find the uptime of all of web servers running Ubuntu on the Amazon EC2 platform, enter:
> knife ssh "role:web" "uptime" -x ubuntu -a ec2.public_hostnameCode language: JavaScript (javascript)Method 3: Using Chef Autotmate UI
Step 1 – Create a role
Step 2 – Add a List of Cookbooks
Step 3 – Edit a Node and Roles
Step 4 – Run knife command from workstation
$ knife ssh “role:webserver” “sudo chef-client”
How it works
You define a role in a Ruby file inside the roles folder of your Chef repository. A role consists of a name attribute and a description attribute. Additionally, a role usually contains a role-specific run list and role-specific attribute settings.
Every node, which has a role in its run list, will have the role’s run list expanded into its own. This means that all the recipes (and roles), which are in the role’s run list, will be executed on your nodes.
You need to upload your role on your Chef server by using the knife role from file command.
Only then should you add the role to your node’s run list.
Running the Chef client on a node having your role in its run list will execute all the recipes listed in the role.
Chef Attributes with Roles
Example of Role file
{
"name": "rajesh-node-1",
"chef_environment": "_default",
"normal": {
"tags": [
]
},
"policy_name": null,
"policy_group": null,
"run_list": [
"role[web-role]"
]
}Code language: JSON / JSON with Comments (json)Reference
http://docs.chef.io/roles.html
https://docs.chef.io/knife_ssh.html
https://docs.chef.io/knife_role.html
I’m a DevOps/SRE/DevSecOps/Cloud Expert passionate about sharing knowledge and experiences. I have worked at Cotocus. I share tech blog at DevOps School, travel stories at Holiday Landmark, stock market tips at Stocks Mantra, health and fitness guidance at My Medic Plus, product reviews at TrueReviewNow , and SEO strategies at Wizbrand.
Do you want to learn Quantum Computing?
Please find my social handles as below;
Rajesh Kumar Personal Website
Rajesh Kumar at YOUTUBE
Rajesh Kumar at INSTAGRAM
Rajesh Kumar at X
Rajesh Kumar at FACEBOOK
Rajesh Kumar at LINKEDIN
Rajesh Kumar at WIZBRAND
Find Trusted Cardiac Hospitals
Compare heart hospitals by city and services — all in one place.
Explore Hospitals
