[chef-dev] Re: help on best practices for roles and wrappers


Chronological Thread 
  • From: Ranjib Dey < >
  • To: Sean McKenna < >
  • Cc: " " < >
  • Subject: [chef-dev] Re: help on best practices for roles and wrappers
  • Date: Fri, 18 Jan 2013 16:02:18 -0800

I have always tried to use role to compose recipes together, to alter their behaviour i have used overridden attributes. This enforces two basic design principles,
1) cookbooks are like object, and follows OCP. Open for extension (via attributes) and closed for modifications.
2) different version requirements are enforced via different environments.

In many cases i fail to do so. If i need decision making (if , else etc) and i need them on the fly,  i'll fall back to wrapper recipes/cookbooks. But this also means i am loosing readability , i feel a role or a set of role should  give an unique type of instances in my infrastructure, and when applied against an environment (which might have cookbook version constrains) , will always give identical instances.

I also use this principle(or role as an abstraction) to build other tooling, like firewalls(think of security groups in aws), monitoring etc. I always develop a complementary firewall rule having same name as the role (and similar things for network). So a role in short help me understand configuration (via chef), network requirements (like `database` should allow ingress tcp traffic from `web` at port 3306).

But in general, i think you can choose any of the two approaches, but whatever you choose, try to follow them strictly, and exploit that convention to build/scaffold higher order system.

best,
ranjib  


On Fri, Jan 18, 2013 at 3:37 PM, Sean McKenna < " target="_blank"> > wrote:

Hi,

 

We have been using Chef for a while at my company and have been very happy with it.

 

We’ve come to a point where we are making a few changes to the way we use Chef.

 

I’d like to use wrapper cookbooks to wrap generic cookbooks that we can contribute back to upstream. I’d also like to use role cookbooks so that we can version our roles and make incremental changes to the runlists of our machines without risking blowing up prod and without having to do the role-renaming dance. At least that is my thought as of right now.

 

We’ve actually had a good deal of debate on the subject and are working on coming to a consensus, which brings me to the point. Besides the Gangnam-style one (http://devopsanywhere.blogspot.com/2012/11/how-to-write-reusable-chef-cookbooks.html) and a few other high level articles, I haven’t been able to find anything on how people are really doing this (i.e. versioning roles by using role cookbooks and / or using wrapper cookbooks) and what the best practices are.

 

Any help or direction to info sources would be much appreciated.

 

Thanks!

Sean

 





Archive powered by MHonArc 2.6.16.

§