Note
This topic is about using the Chef management console to manage roles.
A role is a way to define certain patterns and processes that exist across nodes in an organization as belonging to a single job function. Each role consists of zero (or more) attributes and a run-list. Each node can have zero (or more) roles assigned to it. When a role is run against a node, the configuration details of that node are compared against the attributes of the role, and then the contents of that role’s run-list are applied to the node’s configuration details. When a chef-client runs, it merges its own attributes and run-lists with those contained within each assigned role.
Roles can be managed from the Chef management console web user interface.
To add a role:
Open the Chef management console.
Click Policy.
Click Roles.
Click Create.
In the Create Role dialog box, enter the name of the role and a description.
Click Next.
Optional. Build the run-list from the list of available roles and recipes:
Click Next.
Optional. Add default attributes as JSON data:
Click Next.
Optional. Add override attributes as JSON data:
Click Create Role.
To delete a role:
Open the Chef management console.
Click Policy.
Click Roles.
Select a role.
Click Delete.
To view all roles uploaded to the Chef server organization:
A run-list defines all of the information necessary for Chef to configure a node into the desired state. A run-list is:
To edit the run-list for a role:
Open the Chef management console.
Click Policy.
Click Roles.
Select a role.
Click Edit Run List.
Make your changes.
Click Save Run List.
A default
attribute is automatically reset at the start of every chef-client run and has the lowest attribute precedence. Use default
attributes as often as possible in cookbooks.
To edit default attributes for a role:
Open the Chef management console.
Click Policy.
Click Roles.
Select a role.
Click the Attributes tab.
Under Default Attributes, click Edit.
In the Edit Role Attributes dialog box, enter the JSON data that defines the attribute (or attributes).
Click Save Attributes.
To view default attributes for a role:
An override
attribute is automatically reset at the start of every chef-client run and has a higher attribute precedence than default
, force_default
, and normal
attributes. An override
attribute is most often specified in a recipe, but can be specified in an attribute file, for a role, and/or for an environment. A cookbook should be authored so that it uses override
attributes only when required.
To edit override attributes for a role:
Open the Chef management console.
Click Policy.
Click Roles.
Select a role.
Click the Attributes tab.
Under Override Attributes, click Edit.
In the Edit Role Attributes dialog box, enter the JSON data that defines the attribute (or attributes).
Click Save Attributes.
To view role details:
Permissions are used in the Chef server to define how users and groups can interact with objects on the server. Permissions are configured per-organization.
The Chef server includes the following object permissions:
Permission | Description |
---|---|
Delete | Use the Delete permission to define which users and groups may delete an object. This permission is required for any user who uses the knife [object] delete [object_name] argument to interact with objects on the Chef server. |
Grant | Use the Grant permission to define which users and groups may configure permissions on an object. This permission is required for any user who configures permissions using the Administration tab in the Chef management console. |
Read | Use the Read permission to define which users and groups may view the details of an object. This permission is required for any user who uses the knife [object] show [object_name] argument to interact with objects on the Chef server. |
Update | Use the Update permission to define which users and groups may edit the details of an object. This permission is required for any user who uses the knife [object] edit [object_name] argument to interact with objects on the Chef server and for any chef-client to save node data to the Chef server at the conclusion of a chef-client run. |
To set permissions list for a role object:
To update the permissions list for a role object:
To view permissions for a role object:
© Chef Software, Inc.
Licensed under the Creative Commons Attribution 3.0 Unported License.
The Chef™ Mark and Chef Logo are either registered trademarks/service marks or trademarks/servicemarks of Chef, in the United States and other countries and are used with Chef Inc's permission.
We are not affiliated with, endorsed or sponsored by Chef Inc.
https://docs-archive.chef.io/release/server_12-8/server_manage_roles.html