Environment run_list

This is my node:

{
“name”: “SV-API”,
“chef_environment”: “Producao”,
“run_list”: [
“role[Api]”
],
“normal”: {
“tags”: [

]

}
}

This is my Role:

{
“name”: “Api”,
“description”: “”,
“json_class”: “Chef::Role”,
“default_attributes”: {
},
“override_attributes”: {
},
“chef_type”: “role”,
“run_list”: [
“role[Web]”,
“recipe[php::module_ldap]”,
“recipe[set_hosts]”,
“recipe[web_app::apache2_web_app]”
],
“env_run_lists”: {
“Producao”: [

]

}
}

As I understand, according to
http://docs.getchef.com/essentials_roles.html#set-per-environment-run-lists,
if the env_run_lists of an environment is empty, the default run-list will
be applied. But, when I execute chef-client in my node SV-API, the run-list
is empty. Why?

root@SV-API:~# chef-client

Starting Chef Client, version 11.12.8
resolving cookbooks for run list: []
Synchronizing Cookbooks:
Compiling Cookbooks…
Converging 0 resources

Running handlers:
Running handlers complete

Chef Client finished, 0/0 resources updated in 6.925981801 seconds

What I need is to have a set of recipes and roles that can be executed in
every node, independent if the node is part of an environment defined by me
or part of _default environment. So, If the node is part of an environment
defined by me (in my case Producao), I could, for example, add some roles
or recipes that will be merged with the default run-list defined in
"run_list" key, avoiding duplications.

Is it possible to make Chef work in this way?

–
Att.
Bruno Galindro da Costa

On Monday, November 17, 2014 at 9:15 AM, Bruno Galindro da Costa wrote:

This is my node:

{
"name": "SV-API",
"chef_environment": "Producao",
"run_list": [
"role[Api]"
],
"normal": {
"tags": [

]
}
}

This is my Role:

{
"name": "Api",
"description": "",
"json_class": "Chef::Role",
"default_attributes": {
},
"override_attributes": {
},
"chef_type": "role",
"run_list": [
"role[Web]",
"recipe[php::module_ldap]",
"recipe[set_hosts]",
"recipe[web_app::apache2_web_app]"
],
"env_run_lists": {
"Producao": [

]
}
}

As I understand, according to http://docs.getchef.com/essentials_roles.html#set-per-environment-run-lists, if the env_run_lists of an environment is empty, the default run-list will be applied. But, when I execute chef-client in my node SV-API, the run-list is empty. Why?

The example code is maybe a little confusing. Anyway, what you’ve done is specified an empty run list for that environment. If you want to use the default in the ‘Producao’ environment, then remove that key from env_run_lists.

root@SV-API:~# chef-client

Starting Chef Client, version 11.12.8
resolving cookbooks for run list:
Synchronizing Cookbooks:
Compiling Cookbooks...
Converging 0 resources

Running handlers:
Running handlers complete

Chef Client finished, 0/0 resources updated in 6.925981801 seconds

What I need is to have a set of recipes and roles that can be executed in every node, independent if the node is part of an environment defined by me or part of _default environment. So, If the node is part of an environment defined by me (in my case Producao), I could, for example, add some roles or recipes that will be merged with the default run-list defined in "run_list" key, avoiding duplications.

Is it possible to make Chef work in this way?
Environment run_lists in roles are pretty ugly. Do you have a lot of these nodes? Could you just manage the run lists on the relevant nodes instead?

--
Att.
Bruno Galindro da Costa

--
Daniel DeLeo

I think that I want to do something similar.

I want to run a specific recipe (a base cookbook) to all my nodes in an environment (_default or another), WITHOUT to associate a role to a each node in my organization.

There is a way to do this?

Thanks!

No. It sounds like you should have a cookbook that you put into the run_list of every new node during bootstrap that will do things based on what environment the node is in (and/or based on the attributes for that environment). We have a cookbook like that called global-base.

Just stack your roles… base stuff in base role on every node… the environment run list is useful when you have multiple environments on a chef server that require specific other things…

like if your environment was for example _default (whatever) aws-production vmware-production in the role… you can have it install different things in aws vs vmware… perhaps in vmware you want some ‘vmwaretools’ or something… while in aws you want something for cloudinit or something like that…

thats in the end the idea of it…

I’m already using a role[base] to run some stuffs on every node, But, I must to associate this role to every new node that “born” in my network. I want that this role (or recipe) be automatically associated to all current nodes and to all new nodes inside an environment (or _default).

There is a way to do this?

Thanks!

Yes, do your bootstrap with a default run_list in your ~/.chef/knife.rb

knife[:run_list] = ‘recipe[base-cookbook]’

The only way that I am aware of to ensure that a role is applied to all
machines in an organization, is to ensure that the role is added when the
machine is bootstrapped, either with the manual bootstrap process, or by
using an automation / orchestration product to provide the bootstrap and
the initial role.

because chef is just enforcing your policy it cannot guess that you want to apply something to it because it exists somewhere.

Whatever makes your nodes be “born” should also ensure its loading the role … you can also just add the role to all nodes… after the fact… it sounds like a one time problem that you really shouldn’t spend much time on … modify all existing nodes to have the role… .and modify whatever ‘makes new nodes’ on your environment to ensure they have the role too… (knife bootstrap / chef provisoining / whatever other method)