I’m new to Chef, and I realized that as I include cookbooks, sometimes
I’m adding the recipe to the role’s run_list and using
default_attributes to control it, and sometimes I’m adding it to a
site-cookbook recipe I’ve created specifically for the role. For example…
Directly on the role:
In a role-specific recipe:
sudo “jlevitt” do
Does anyone have a good philosophy or idiomatic advice as to what goes
where? So far, I’m thinking:
- There are some cookbooks that are controlled purely through node/role
attributes. I’m not sure it’s kosher to set those from my own recipe.
- If it’s not kosher, I’ve now arbitrarily split up cookbooks based on
their API. That feels icky.
- OTOH, for cookbooks with LWRPs, I do like the idea of keeping the
attributes near the provider call; in the sudo example, I was actually
using the run_list+attribute syntax, and when I moved the recipe to a
different role, I forgot to move the attributes with it.
- On the gripping hand, the second syntax means that I have not only a
run_list per role, but a recipe per role. That doesn’t seem DRY.