Separate role for each real server (virtual machine)?


#1

What do you think about separate role for each real server (virtual
machine) ?

For example we have domain example.com,
nodes:
server1.example.com,
server2.example.com

We define a role for each of this server:

role[server1_example_com]
runlist_of_role: recipe[apt], recipe[sqlserver]

role[server2_example_com]
runlist_of_role: recipe[apt], recipe[mysqlserver]

And suppose I am use a custom script, which is set run list for each
rule in chef-repo/roles/example.com role’s node

#!/bin/bash

This script setup node’s run_list to role[_] for nodes

with defined roles in …/roles directory.

Only for roles beginning with _ (underline symbol)

Define roles dir

By default search a chef-repo/roles directory

CONFIGDIR="…/roles"

for role in $CONFIGDIR/example.com.rb
do
node=basename $role | sed -r 's/^(.*)(.example.com.rb$)/\1/'
knife node run_list set “$node.example.com
‘role[’$node’.example.com"]’

done

In this case we does not worry about node’s run_lists and nodes when
reinstalling chef server.

Is i am right ?

And what do you think about one abstract role for one real server ?


Best regards,

CVision Lab System Administrator
Vladmir Skubriev


#2

what will happen if two servers are exactly same? there fqdn cant be same,
but you might want to apply the same run list. how you will do that? I have
never seen infra with all nodes being unique. also same role does mean same
top level run list, but the expanded run list can be different, you can
have recipe inclusion based on environments and many other modes.

On Thu, Dec 12, 2013 at 6:05 AM, Vladimir Skubriev
skubriev@cvisionlab.comwrote:

What do you think about separate role for each real server (virtual
machine) ?

For example we have domain example.com,
nodes:
server1.example.com,
server2.example.com

We define a role for each of this server:

role[server1_example_com]
runlist_of_role: recipe[apt], recipe[sqlserver]

role[server2_example_com]
runlist_of_role: recipe[apt], recipe[mysqlserver]

And suppose I am use a custom script, which is set run list for each rule
in chef-repo/roles/example.com role’s node

#!/bin/bash

This script setup node’s run_list to role[_] for nodes

with defined roles in …/roles directory.

Only for roles beginning with _ (underline symbol)

Define roles dir

By default search a chef-repo/roles directory

CONFIGDIR="…/roles"

for role in $CONFIGDIR/example.com.rb
do
node=basename $role | sed -r 's/^(.*)(.example.com.rb$)/\1/'
knife node run_list set “$node.example.com” ‘role[’$node’.
example.com"]’

done

In this case we does not worry about node’s run_lists and nodes when
reinstalling chef server.

Is i am right ?

And what do you think about one abstract role for one real server ?


Best regards,

CVision Lab System Administrator
Vladmir Skubriev


#3

12.12.2013 22:10, Ranjib Dey пишет:

what will happen if two servers are exactly same? there fqdn cant be
same, but you might want to apply the same run list. how you will do that?
There is no problem I Created a role with needed run_list, for example

role[‘superservice’]

And then include this role to both node’s.

I mean that I will create only one role for each node with the name of
node, that satisfies node name regexp mathcing.

And in this role with node name i set run_list for node.

There will also be the usual roles: ntp_server, openvpn_server,
samba_server.

Which will be set to needed role of node, which is correspond to needed
node.

For example now i has such a node with name callisto.example.local

this is a ordinary desktop computer in out private local network.

This node run list include only one role named callisto_example_local

This role is only one
Call it “super role” for this node.

And run_list of this role is:

role[defaultdesktopclient_role_applied_to_all_desktops_in_example_local]
role[ups_apc_11217273_client]
role[ldap_client]
etc…

I have never seen infra with all nodes being unique.
I agree, that most of our desktop machines and not uniq.
Most of them has only one role.
There is:
role[defaultdesktopclient_role_applied_to_all_desktops_in_example_local]

also same role does mean same top level run list, but the expanded run
list can be different, you can have recipe inclusion based on
environments and many other modes.

What does you mean? I can’t understand excusme. )

Can you answer me more ?

What do you think about next use case:

I has an environment, named production.

Production environment has a run list with role applied to all nodes in
my environment.

Next We have one role for a node, which is for define node specific
additional roles and recipe and maybe some other attributes overriding
from default (or environment).

And what does you mean about “many other modes”? What such “other modes”?

May be you mean node’s run_lists. But node’s doesn’t saved in chef-repo.
This is no recommended use case.

It turns out we have tools, but the list of affairs is absent.

The essence of my ideas that I want to keep a run list of each node in
the chef-repo as a separate role for each node.

This this because I think that all what we need to setup our
infrastructure must be in one place, for example git repo.

The fact that the store node in the repository is not quite right. But I
can override this with a my idea of one role for one node and script
which is setup node’s runlists with corresponding role.

Theoretically, you can also keep the script(in chef-repo), which is set
run_list manually for each node.

And I would like to say that I can not remember: “Which one has a list
of run”

Excusme for bad english.

I hope you understand me )


Best regards,

CVision Lab System Administrator
Vladmir Skubriev


#4

You can do it this way, or just manage the node data (ie, run list,
environment) directly in the chef repo with JSON files and “knife node from
file nodes/*.json”. You can seed these files initially with knife-backup of
your current nodes.

On Thursday, December 12, 2013, Vladimir Skubriev wrote:

12.12.2013 22:10, Ranjib Dey пишет:

what will happen if two servers are exactly same? there fqdn cant be
same, but you might want to apply the same run list. how you will do that?

There is no problem I Created a role with needed run_list, for example

role[‘superservice’]

And then include this role to both node’s.

I mean that I will create only one role for each node with the name of
node, that satisfies node name regexp mathcing.

And in this role with node name i set run_list for node.

There will also be the usual roles: ntp_server, openvpn_server,
samba_server.

Which will be set to needed role of node, which is correspond to needed
node.

For example now i has such a node with name callisto.example.local

this is a ordinary desktop computer in out private local network.

This node run list include only one role named callisto_example_local

This role is only one
Call it “super role” for this node.

And run_list of this role is:

role[defaultdesktopclient_role_applied_to_all_desktops_in_example_local]
role[ups_apc_11217273_client]
role[ldap_client]
etc…

I have never seen infra with all nodes being unique.

I agree, that most of our desktop machines and not uniq.
Most of them has only one role.
There is:
role[defaultdesktopclient_role_applied_to_all_desktops_in_example_local]

also same role does mean same top level run list, but the expanded run

list can be different, you can have recipe inclusion based on environments
and many other modes.

What does you mean? I can’t understand excusme. )

Can you answer me more ?

What do you think about next use case:

I has an environment, named production.

Production environment has a run list with role applied to all nodes in my
environment.

Next We have one role for a node, which is for define node specific
additional roles and recipe and maybe some other attributes overriding from
default (or environment).

And what does you mean about “many other modes”? What such “other modes”?

May be you mean node’s run_lists. But node’s doesn’t saved in chef-repo.
This is no recommended use case.

It turns out we have tools, but the list of affairs is absent.

The essence of my ideas that I want to keep a run list of each node in the
chef-repo as a separate role for each node.

This this because I think that all what we need to setup our
infrastructure must be in one place, for example git repo.

The fact that the store node in the repository is not quite right. But I
can override this with a my idea of one role for one node and script which
is setup node’s runlists with corresponding role.

Theoretically, you can also keep the script(in chef-repo), which is set
run_list manually for each node.

And I would like to say that I can not remember: “Which one has a list of
run”

Excusme for bad english.

I hope you understand me )


Best regards,

CVision Lab System Administrator
Vladmir Skubriev

~~ StormeRider ~~

“Every world needs its heroes […] They inspire us to be better than we
are. And they protect from the darkness that’s just around the corner.”

(from Smallville Season 6x1: “Zod”)

On why I hate the phrase “that’s so lame”… http://bit.ly/Ps3uSS


#5

13.12.2013 10:49, Morgan Blackthorne пишет:

You can do it this way, or just manage the node data (ie, run list,
environment) directly in the chef repo with JSON files and “knife node
from file nodes/*.json”. You can seed these files initially with
knife-backup of your current nodes.
Thank you for support.
Just in case, here is my working script:

#!/bin/bash

This script setup node’s run_list to role[node_domain_name>] for nodes

with defined roles in …/roles directory.

Only for roles with domain name as _cvision_lab

Define roles dir

By default search a chef-repo/roles directory

CONFIGDIR="…/roles"

for role in $CONFIGDIR/_cvision_lab.rb
do
node=basename $role | sed -r 's/^(.*)(_cvision_lab.rb$)/\1/'
knife node run_list set “$node.cvision.lab”
‘role[’$node’_cvision_lab]’

done

)))

I verify this method. It works.


Best regards,

CVision Lab System Administrator
Vladmir Skubriev