[chef] Re: Should I be using roles?

[JOHN HASTY < >]

I quit using roles to trigger running recipes. My roles now contain a single recipe that is a no-op.

I did this because:

1)  Using roles for executing recipes makes restarts more difficult
2)  I am moving toward an orchestration engine (Urban Code Deploy). It will execute the scripts in order and is easier to restart.
3)  I do use roles to indicate the type of resources on a node, such as db or web server.



JOHN HASTY
Software as a Service - DevOps
Software Group

Phone: 1-512-804-9968 E-mail:  " target="_blank">	2407 S Congress Ave Ste E-350 Austin, TX 78704 United States

Greg Barker ---09/15/2014 03:21:26 PM---After googling around and reading various blog posts about roles, I'm still not sure if I should be

From:	Greg Barker <
 >
To:	
 
Date:	09/15/2014 03:21 PM
Subject:	[chef] Should I be using roles?

---

After googling around and reading various blog posts about roles, I'm still not sure if I should be using them. Since I'm new to chef, I wanted to describe my line of thinking and hear if maybe I'm going about things the wrong way.

There are certain things I think might be the same on all my servers, so I created a base_role.rb. It's fairly simple: specifies set_fqdn=*.mycompany.com, some openssh & postfix attributes, and a run_list of hostname, openssh, fail2ban, and postfix.

So now I want to spin up a jenkins server. I see there is a popular community cookbook with some LWRPs that I'll probably use, so I run `berks cookbook mycompany-jenkins` to create my jenkins cookbook and add "depends 'jenkins'" to the metadata.rb file. But I also need the stuff from my base_role on the jenkins server, so I create a new role, mycompany_jenkins.rb. Inside that role I specify some attributes for the java version, and the run_list is role[base_role], java, maven, jenkins, and mycompany-jenkins. Or maybe the attributes I specified in the role should actually be in the mycompany-jenkins cookbook default attributes?

Now I go back to the mycompany-jenkins metadata.rb file and start adding more depends lines for hostname, openssh, fail2ban, postfix, java, and maven. Even though the mycompany-jenkins cookbook doesn't have anything in it yet, it depends on all these things because of the role. But the role doesn't even live inside the cookbook, why should the cookbook have to declare all those dependencies. Now I'm thinking that maybe my base_role should be a recipe instead? Then berks could figure out all those dependencies for me. Or should the run_list I put in the rule actually be a couple of include_recipe lines in my default.rb? That would make all the depends lines in the metadata make more sense.

The 2nd google result for "chef roles" is this article that states versioned roles are likely coming with Chef 12. I was thinking maybe that is something that will help me here. So I googled "chef 12 versioned roles" and it led me to CHEF-4837. It didn't really add much clarity though, I am still confused where the discussion ends and it doesn't seem to pick up on github.

At any rate, hopefully this describes some of my confusion with the use of roles. Please help steer me in the right direction.

Thanks in advance!