[chef] Re: Should I be using roles?

[AJ Christensen < >]

Yo,

Forgive my reply-all!

Roles are fine, use whatever you like. I use them all the time! They're 
awesome.

If you don't use roles you'll end up half ass inventing them with
application/library/wrapper shenanigan cookbooks, or other external
stuff -- You could put run lists in a custom API, Consul, or etcd, for
example.

I semi-expect Chef to offer some more guidance officially soon with
regard to version-able policy representing the cookbooks, attributes,
version locks and execution order.

Chef-RFC RFC019 [0] is worth looking at regarding workflows and the
ChefDK, "the berkshelf way".

I would also urge you to read Dan's proposal regarding Arbitrary
cookbook identifiers which is used for his (experimental? prototype?)
Policyfile implementation. It's the way I hope we all choose to
proceed, personally. [1]

regards,

--aj (fujin)

[0] 
https://github.com/opscode/chef-rfc/blob/6a239ff5dc223290d4488d76fadaeeb6d14f5ab1/rfc019-chef-workflows.md
[1] https://github.com/opscode/chef-rfc/pull/20

On Tue, Sep 16, 2014 at 8:20 AM, Greg Barker 
<
 >
 wrote:
> After googling around and reading various blog posts about roles, I'm still
> not sure if I should be using them. Since I'm new to chef, I wanted to
> describe my line of thinking and hear if maybe I'm going about things the
> wrong way.
>
> There are certain things I think might be the same on all my servers, so I
> created a base_role.rb. It's fairly simple: specifies
> set_fqdn=*.mycompany.com, some openssh & postfix attributes, and a run_list
> of hostname, openssh, fail2ban, and postfix.
>
> So now I want to spin up a jenkins server. I see there is a popular
> community cookbook with some LWRPs that I'll probably use, so I run `berks
> cookbook mycompany-jenkins` to create my jenkins cookbook and add "depends
> 'jenkins'" to the metadata.rb file. But I also need the stuff from my
> base_role on the jenkins server, so I create a new role,
> mycompany_jenkins.rb. Inside that role I specify some attributes for the
> java version, and the run_list is role[base_role], java, maven, jenkins, and
> mycompany-jenkins. Or maybe the attributes I specified in the role should
> actually be in the mycompany-jenkins cookbook default attributes?
>
> Now I go back to the mycompany-jenkins metadata.rb file and start adding
> more depends lines for hostname, openssh, fail2ban, postfix, java, and
> maven. Even though the mycompany-jenkins cookbook doesn't have anything in
> it yet, it depends on all these things because of the role. But the role
> doesn't even live inside the cookbook, why should the cookbook have to
> declare all those dependencies. Now I'm thinking that maybe my base_role
> should be a recipe instead? Then berks could figure out all those
> dependencies for me. Or should the run_list I put in the rule actually be a
> couple of include_recipe lines in my default.rb? That would make all the
> depends lines in the metadata make more sense.
>
> The 2nd google result for "chef roles" is this article that states versioned
> roles are likely coming with Chef 12. I was thinking maybe that is something
> that will help me here. So I googled "chef 12 versioned roles" and it led me
> to CHEF-4837. It didn't really add much clarity though, I am still confused
> where the discussion ends and it doesn't seem to pick up on github.
>
> At any rate, hopefully this describes some of my confusion with the use of
> roles. Please help steer me in the right direction.
>
> Thanks in advance!