Chef run recipe on multiple nodes using environment or OS

Is there a way to run a recipe on all nodes that fall into one environment? So far i see that i can add recipes to run_list but this affects only the node from the command

you can use roles, and add recipes to the roles

So how would you execute a recipe against a role without referencing a node or it’s credentials? I get how to assign nodes to roles but don’t know how to execute against a role.

Roles are just items on the run_list like any other recipe, the trick is that they can be “expanded”.

Example run_list:

recipe[cookbook_a], role[role_b]

The run_list would be expanded to include any recipes, let’s say B and C, called by the role:

recipe[cookbook_a], recipe[cookbook_b], recipe[cookbook_c]

One doesn’t really assign nodes to roles, it’s more that roles are added to a node or role run_list. The nodes themselves will run whatever is in the run_list or more accurately the expanded run_list at runtime.

The “node” is the list of detected, deduced, manually set, attributes used to describe the host on which chef-client or chef-solo or chef-zero are run. The list of tasks to perform, the recipes from various cookbooks, is the “run list”, is listed in the node’s attributes. A role is an organized set of attributes and recipes to run, and helps organize them in conceptual sets. An environment can also collect a set of attributes, also applied, to assemble the configuration for that node at run time.

Roles aren’t automatically selected to be parsed and applied to a set of nodes. Nodes are configured, by the chef administrator, to include and run specific sets of roles and recipes. It’s certainly possible to use some structure to select specific node configurations to run on certain hosts: I’ve done this with chef-solo to use a node “template” for all hosts with a certain type of hostname, and pick a certain node to run locally. But in general, a node configuration is what the chef administrator applies to a node to select roles and recipes for their run list.

The roles are useful: By assembling the recipes and attributes with them, roles can provide a well organized and very useful set of clearly distinguished configurations. But generally, the admin adds the role to a node configuration and runs everything in the node’s run_list, especially to set any attributes that may overlap in node or role specific settings. Running a role all on its lonesome at run time can be done locally with “chef-client -o ‘role[whatever]’”, but it can get confusing if other roles or recipes would reset shared attributes. Chef is very much based on running all the node’s designated run_list at run time.

Yes, roles are nice but its still difficult when creating a new role and having to assign it to each individual existing node. I have hundreds of nodes and creating a new role that needs to go on them isn’t ideal. There needs to be a way to assign a new role/recipe to multiple nodes all at the same time.

We do have this and it's called knife exec. Docs and Examples

1 Like

That’s where you create a wrapper cookbook that picks and chooses which roles or recipes to run. It can be based on hostname, on system attributes, or any other detected system attributes.

As a side but on a similar note, I would advise looking into the role cookbook paradigm documented here: