I am trying to find a best way to group nodes within an organization and manage them seperatly with respect to recipes. Is moving the nodes into seperate organization of its own is the only way to seperate nodes?
Thanks
Organizations are the strongest separation for your nodes. There's no sharing of cookbooks across those boundaries. That said, you can get strong separation of cookbooks by using Policyfiles and isolating the nodes with different policy groups, because cookbooks in policyfiles are kept in unique archives and not exposed outside of the policy name/group combination.
Thank you MattRay, I will try that.
I am getting following error when I am trying to update the node with new policy
Unexpected Error:
Chef::PolicyBuilder::Policyfile::UnsupportedFeature: Policyfile does not support setting the run_list in json data.
{
"revision_id": "...",
"name": "customapp",
"run_list": [
"recipe[customapp::default]"
],
"included_policy_locks": [
],
"cookbook_locks": {
"customapp": {
"version": "0.1.0",
"identifier": "----",
"dotted_decimal_identifier": "...",
"source": ".",
"cache_key": null,
"scm_info": {
"scm": "git",
"remote": null,
"revision": null,
"working_tree_clean": true,
"published": false,
"synchronized_remote_branches": [
]
},
"source_options": {
"path": "."
}
},
"my_base_xx": {
"version": "0.1.0",
"identifier": "fddfdf",
"dotted_decimal_identifier": "zzzz",
"source": "../my_base_xx",
"cache_key": null,
"scm_info": {
"scm": "git",
"remote": null,
"revision": null,
"working_tree_clean": true,
"published": false,
"synchronized_remote_branches": [
]
},
"source_options": {
"path": "../my_base_xx"
}
}
},
"default_attributes": {
},
"override_attributes": {
},
"solution_dependencies": {
"Policyfile": [
[
"customapp",
">= 0.0.0"
],
[
"my_base_xx",
">= 0.0.0"
]
],
"dependencies": {
"customapp (0.1.0)": [
[
"my_base_xx",
">= 0.0.0"
]
],
"my_base_xx (0.1.0)": [
]
}
}
}
I am getting following error
"Unexpected Error: ----------------- Chef::PolicyBuilder::Policyfile::UnsupportedFeature: Policyfile does not support setting the run_list in json data."
here are the steps I followed
include_recipe 'basecookbook::default'
directory 'C:/ProgramData/ChefFiles' do
inherits true
action :create
end
Updated cooksbooks metadata to specify dependency on base
The policy file is as follows cookbooks/test01/Policyfile.rb Changed the policy file to
name 'test01'
run_list 'test01::default'
cookbook 'test01', path: '.'
cookbook 'basecookbook', path: '../basecookbook'
the policyfile.lock.json file is as follows
"name": "test01",
"run_list": [
"recipe[test01::default]"
],
"included_policy_locks": [
],
"cookbook_locks": {
"test01": {
I pushed the policy to chef and set the node to policy group and policy
chef push test01 .\cookbooks\test01\Policyfile.lock.json
knife node policy set NodeName 'test01' 'test01'
When I run the chef client on the node, I am getting following error
Unexpected Error: Chef::PolicyBuilder::Policyfile::UnsupportedFeature: Policyfile does not support setting the run_list in json data.
Thank you for your help in advance