We have been using Chef in a single “logical” site config for a couple of years in the sense that all of our nodes share a set of “global” attributes that for better or worse come from (here it comes) roles. We test changes to the “global” attributes by overriding them in host or group specific roles before modifying anything in the global scope.
We know about the concept of role cookbooks and the possible benefits this can give in terms of versioning and dynamic/programatic capabilities that cookbooks can provide. Moving all our roles to role cookbooks is not something we want to do right now from both the amount of work this would take and dealing the precedence changes that moving from role file to attribute/cookbook files would cause
New Situation
We have grown our environment and now are moving into a multi site configuration where there is much smaller “global” role data and now site level role data for each location that we have servers in. In the past the first entry in all our nodes run_list was simply “role[server_base]” What we want now is for all our servers to have two entries as the first part of the overall run_list “role[server_base], role[server_base_site]” where site is the actual name of the site that a server lives in.
The Question
There are a few way that I can accomplish this but I want to find out of the way that I want to accomplish this is possible.
We have a custom Ohai plugin that gives us the site name as an automatic attribute. What I want to do is at the start of every chef run inspect the run_list, set the 1st two entries of the run_list if not correct, save the node and restart the convergence within an existing convergence.
I believe that I can modify and save the run_list during a convergence via the simple paradigm of
node.run_list.add(‘role[foo]’)
node.save
What I do not know how to do is restart the convergence within the run itself. Can someone tell me if this is possible. All and any help is greatly appreciated. Thanks!
I’m far unsure tweaking this to work as you describe will be less work than using role cookbook and then doing things like:
include_recipe "server_base_#{node['site_name']}"
If you really have a problem with precedence a simple dump of role attributes into a cookbook attributes file and role runlist as include_recipes in default recipe, I’d like to understand them as it sounds strange.
You’re heading toward a hard path, I can think of a bunch of way, from the knife exec to update runlist according to site attribute to an external orchestrator for 2 run, first with a runlist setter cookbook and one to run the new runlist, all likely to be a pain.
There are actually quite a few ways you can accomplish what you want.
I have a slight variation of your scheme working on my system.
I have a cookbook “main” that does the following:
Identify the site, and load the site-specific attributes. That allows me to use the same cookbook for all sites; I don’t need to restart the converge based on the site data.
Originally, main went further and also called all the role cookbooks using include_recipe, but that ended up leading to dependency hell.
Today, my main does manipulate the run list, adding “normal” role cookbooks to each node. I do not restart the converge for those cookbooks to become active; I simply wait for the next chef run.
Well, one way that I have been thinking to implement the same in our setup is to create a one off job and schedule it to run after a few minutes (enough time for the first run to set the runlist), this job can be created in your first run and will run Chef client again after a few minutes and do the desired thing. This is useful if you don’t want to set your node to auto converge on periodic intervals on its own.
Again, this is just another way of doing it. I have been looking for different options that could help and also been wondering if it is a good idea to set the Chef client to periodically run on all nodes, and I just have to worry about setting the run lists on Chef server externally from my workstation and every run cleans up the run list in the end.
Well i do a default file install then use chef users to create users however you can modify a user whilenlogged in. So i add chef-client with a one min when i bootstrap with a spraybof 30 secons. Then when the next run aftet adding the role. I set to 60 mins with a spray of 5.
If you are interested ill send my configs tomorrow when at office.
-------- Original message --------
From: Rahul Gupta
Date: 2017/11/24 18:54 (GMT+02:00)
To: donovan@atstech.co.za
Subject: Re: [chef] Chef dyamic run_list and automatic reconverge
Well, one way that I have been thinking to implement the same in our setup is to create a one off job and schedule it to run after a few minutes (enough time for the first run to set the runlist), this job can be created in your first run and will run Chef client again after a few minutes and do the desired thing. This is useful if you don’t want to set your node to auto converge on periodic intervals on its own.
Again, this is just another way of doing it. I have been looking for different options that could help and also been wondering if it is a good idea to set the Chef client to periodically run on all nodes, and I just have to worry about setting the run lists on Chef server externally from my workstation and every run cleans up the run list in the end.