[chef] Re: Re: Re: Should I be using roles?

[Mark Harrison < >]

Hi Greg, that makes more sense after your explanation. Depending on
how you get the cookbooks vendored into the VM (I'm assuming some
variant on manually running 'berks vendor'), using a 'global'
Berksfile might work for you. If you decide to try this out, you would
do something like the following in your Berksfile, which would be
outside of any specific cookbook (probably at the root of your chef
repository):

source "https://supermarket.getchef.com";

# Internal/local cookbooks
cookbook "mycompany-jenkins", ">= 0.0.0", { :path =>
"./cookbooks/mycompany-jenkins" }
# Supermarket cookbooks
cookbook "openssh", "~> 1.2.0" # Put whatever version you need here
cookbook "...", "~> ..." # Add the rest of your dependencies here


On Tue, Sep 16, 2014 at 4:48 AM, Greg Barker 
<
 >
 wrote:
> Thank you for all the feedback. Very helpful to hear all these different
> perspectives on the matter.
>
> Regarding Mark's comments, perhaps the problem is that I am not using knife
> or chef server yet, this is just using a Vagrantfile & Berksfile that live
> in the mycompany-jenkins cookbook. If I don't include the dependencies of
> base_role in the metadata.rb for the mycompany-jenkins cookbook, berkshelf
> does not make vendor the dependency cookbooks into the VM and my run fails
> with: Chef::Exceptions::CookbookNotFound - Cookbook hostname not found. That
> kinda makes sense though, because base_role doesn't have a Berksfile tied to
> it, so how would my chef run know where to get those cookbooks from?
>
>
> On Mon, Sep 15, 2014 at 6:37 PM, Mark Harrison 
> <
 >
>  wrote:
>>
>> > Now I go back to the mycompany-jenkins metadata.rb file and start adding
>> > more depends lines for hostname, openssh, fail2ban, postfix, java, and
>> > maven. Even though the mycompany-jenkins cookbook doesn't have anything
>> > in
>> > it yet, it depends on all these things because of the role. But the role
>> > doesn't even live inside the cookbook, why should the cookbook have to
>> > declare all those dependencies.
>>
>> This seems to be the source of your confusion, and your question is
>> valid. Why _do_ you have to declare all of these unrelated
>> dependencies inside the mycompany-jenkins cookbook? If I'm
>> understanding you correctly, you can leave out hostname, openssh,
>> fail2ban etc from the metadata.rb of mycompany-jenkins and just leave
>> them in the run list of your base role, and things will just work. You
>> add your base role (or the mycompany_jenkins role, which has the base
>> role in its run list) to your node's run list, and chef will pull in
>> the relevant cookbooks during the chef run.
>>
>> Now, you still need to make sure these cookbooks (hostname, openssh
>> and so on) get onto the chef server somehow, and I suspect this is
>> where your desire to put the cookbooks in an unrelated metadata.rb
>> stems from. One option (and the way things have been done in the past)
>> is to put these cookbooks in your chef repository and use knife
>> cookbook upload (or knife upload) to get them on the server. However,
>> it can be tricky to manage and update a repository like that, and this
>> is where berkshelf can help. To make use of berkshelf, you create a
>> Berksfile in the root of your chef repository, and add your cookbooks
>> to that file, then you can use berks install, berks update and berks
>> upload to get your cookbooks onto the server without inventing fake
>> dependencies.
>>
>> None of the above precludes you using roles, or eschewing roles
>> altogether. There are some good reasons, mentioned by others in this
>> thread, for using role cookbooks, but you don't have to let your
>> current problem dictate that, and you will probably be perfectly happy
>> to continue to use roles in your repository.
>
>