Automated role updates with knife

In this example we want to update a role, this is the basics you will need to automate the actually edit of the json file in whatever language you like

In this example we want to update a role, this is the basics you will need to automate the actually edit of the json file in whatever language you like

List the roles, no sample role

joshua-millers-macbook-pro:chef jmiller$ knife role list
[
“APACHE_ROLE”,
“APPBASE_ROLE”,
“APTREPO_ROLE”,
“WEBSERVER_ROLE”
]
joshua-millers-macbook-pro:chef jmiller$

Dump the BASE_ROLE so we can use it to create a new role

joshua-millers-macbook-pro:chef jmiller$ knife role show BASE_ROLE > SAMPLE_ROLE.json
joshua-millers-macbook-pro:chef jmiller$

Edit the role; going to do it manually here but could be done with perl …

joshua-millers-macbook-pro:chef jmiller$ cat SAMPLE_ROLE.json
{
“name”: “SAMPLE_ROLE”,
“default_attributes”: {
},
“json_class”: “Chef::Role”,
“run_list”: [
],
“description”: “All nodes wiil get this base”,
“chef_type”: “role”,
“override_attributes”: {
“authorization”: {
“sudo”: {
“groups”: [
“dev”
],
“users”: [

]
}
},
“chef”: {
“client_splay”: “20”,
“client_interval”: “900”,
“server_fqdn”: “chef.example.com”
},
“postfix”: {
“myorigin”: “mail.example.com”,
“relayhost”: “mailrelay.example.com”,
“mydomain”: “example.com”
},
“ntp”: {
“is_server”: false,
“service”: “ntpd”,
“servers”: [
“time01.example.com”,
“time02.example.com”
]
}
}
}
joshua-millers-macbook-pro:chef jmiller$

I am creating the role so it going to generate a “Not Found” error

joshua-millers-macbook-pro:chef jmiller$ knife role from file SAMPLE_ROLE.json
WARN: HTTP Request Returned 404 Not Found: Cannot load role SAMPLE_ROLE
WARN: Updated Role SAMPLE_ROLE!
joshua-millers-macbook-pro:chef jmiller$

Sample role created:

joshua-millers-macbook-pro:chef jmiller$ knife role list | grep SAMPLE
“SAMPLE_ROLE”,
joshua-millers-macbook-pro:chef jmiller$

Here is what we have:

joshua-millers-macbook-pro:chef jmiller$ knife role show SAMPLE_ROLE
{
“name”: “SAMPLE_ROLE”,
“default_attributes”: {
},
“json_class”: “Chef::Role”,
“run_list”: [

],
“description”: “All nodes wiil get this base”,
“chef_type”: “role”,
“override_attributes”: {
“authorization”: {
“sudo”: {
“groups”: [
“dev”
],
“users”: [

]
}
},
“chef”: {
“client_splay”: “20”,
“client_interval”: “900”,
“server_fqdn”: “chef.example.com”
},
“postfix”: {
“myorigin”: “mail.example.com”,
“relayhost”: “mailrelay.example.com”,
“mydomain”: “example.com”
},
“ntp”: {
“is_server”: false,
“service”: “ntpd”,
“servers”: [
“time01.example.com”,
“time02.example.com”
]
}
}
}
joshua-millers-macbook-pro:chef jmiller$

I update the role ( could be automated with a script ) and update chef

joshua-millers-macbook-pro:chef jmiller$ vi SAMPLE_ROLE.json

joshua-millers-macbook-pro:chef jmiller$ cat SAMPLE_ROLE.json
{
“name”: “SAMPLE_ROLE”,
“default_attributes”: {
},
“json_class”: “Chef::Role”,
“run_list”: [
],
“description”: “All nodes wiil get this base”,
“chef_type”: “role”,
“override_attributes”: {
“ntp”: {
“is_server”: false,
“service”: “ntpd”,
“servers”: [
“time01.example.com”,
“time02.example.com”
]
}
}
}
joshua-millers-macbook-pro:chef jmiller$ knife role from file SAMPLE_ROLE.json
WARN: Updated Role SAMPLE_ROLE!
joshua-millers-macbook-pro:chef jmiller$ knife role show SAMPLE_ROLE
{
“name”: “SAMPLE_ROLE”,
“default_attributes”: {
},
“json_class”: “Chef::Role”,
“run_list”: [

],
“description”: “All nodes wiil get this base”,
“chef_type”: “role”,
“override_attributes”: {
“ntp”: {
“is_server”: false,
“service”: “ntpd”,
“servers”: [
“time01.example.com”,
“time02.example.com”
]
}
}
}
joshua-millers-macbook-pro:chef jmiller$

It looks like we should be able to use the following to do the role edit on the chef server … or create another client pem for just this task …

root@chef:~# knife role show SAMPLE_ROLE -s http://chef.example.com:4000 -u chef-webui -k /etc/chef/webui.pem
{
“name”: “SAMPLE_ROLE”,
“default_attributes”: {

},
“json_class”: “Chef::Role”,
“run_list”: [

],
“description”: “All nodes wiil get this base”,
“chef_type”: “role”,
“override_attributes”: {
“ntp”: {
“is_server”: false,
“service”: “ntpd”,
“servers”: [
“time01.example.com”,
“time02.example.com”
]
}
}
}
root@chef:~# knife role show SAMPLE_ROLE -s http://chef.example.com:4000 -u chef-webui -k /etc/chef/webui.pem > SAMPLE_ROLE.json
root@chef:~# vi SAMPLE_ROLE.json
root@chef:~# knife role from file SAMPLE_ROLE.json -s http://chef.example.com:4000 -u chef-webui -k /etc/chef/webui.pem
WARN: Updated Role SAMPLE_ROLE!
root@chef:~# knife role show SAMPLE_ROLE -s http://chef.example.com:4000 -u chef-webui -k /etc/chef/webui.pem
{
“name”: “SAMPLE_ROLE”,
“default_attributes”: {

},
“json_class”: “Chef::Role”,
“run_list”: [

],
“description”: “A sample role”,
“chef_type”: “role”,
“override_attributes”: {
“ntp”: {
“is_server”: false,
“service”: “ntpd”,
“servers”: [
“time01.example.com”,
“time02.example.com”
]
}
}
}
root@chef:~#

One thought on “Automated role updates with knife”

  1. Spidaman points out the use of the Rest API , although I still think the knife option was faster to implement 🙂

    =================== start ============
    #!/usr/bin/env ruby

    require ‘rubygems’
    require ‘chef/node’
    require ‘chef/rest’

    # set chef_server_url and node_name & get the path to key file
    # look in ~/.chef/knife.rb

    Chef::Config[:client_key] = “/home/jmiller/.chef/jmiller.pem”
    rest = Chef::REST.new(“http://chef.example.com:4000”, “jmiller”)
    results = rest.get_rest(“search/node?q=role:WEBSERVER_ROLE”)
    # got search meta data, an array of nodes is under the ‘rows’ key
    nodes = results[‘rows’]

    puts nodes.sort
    =============== End =======

Leave a Reply

Your email address will not be published. Required fields are marked *