Skip to main content

Manage Roles

Link to Chef Automate documentation.

Warning

Chef Manage is deprecated and no longer under active development. It is supported on Chef Automate installations up to version 1.8 and replaced by Chef Automate 2.0. Contact your Chef account representative for information about upgrading your system. See our Automate documentation to learn more about Chef Automate 2.

This document is no longer maintained.

Note

This topic is about using the Chef management console to manage roles.
A role is a way to define certain patterns and processes that exist across nodes in an organization as belonging to a single job function. Each role consists of zero (or more) attributes and a run-list. Each node can have zero (or more) roles assigned to it. When a role is run against a node, the configuration details of that node are compared against the attributes of the role, and then the contents of that role’s run-list are applied to the node’s configuration details. When a Chef Infra Client runs, it merges its own attributes and run-lists with those contained within each assigned role.

Manage

Roles can be managed from the Chef management console web user interface.

Add Role

To add a role:

  1. Open the Chef management console.

  2. Click Policy.

  3. Click Roles.

  4. Click Create.

  5. In the Create Role dialog box, enter the name of the role and a description.

    image

    Click Next.

  6. Optional. Build the run-list from the list of available roles and recipes:

    image

    Click Next.

  7. Optional. Add default attributes as JSON data:

    image

    Click Next.

  8. Optional. Add override attributes as JSON data:

    image

  9. Click Create Role.

Delete Role

To delete a role:

  1. Open the Chef management console.

  2. Click Policy.

  3. Click Roles.

  4. Select a role.

  5. Click Delete.

    image

View All Roles

To view all roles uploaded to the Chef Infra Server organization:

  1. Open the Chef management console.
  2. Click Policy.
  3. Click Roles.

Run-lists

A run-list defines all of the information necessary for Chef to configure a node into the desired state. A run-list is:

  • An ordered list of roles and/or recipes that are run in the exact order defined in the run-list; if a recipe appears more than once in the run-list, Chef Infra Client will not run it twice
  • Always specific to the node on which it runs; nodes may have a run-list that is identical to the run-list used by other nodes
  • Stored as part of the node object on the Chef server
  • Maintained using knife and then uploaded from the workstation to the Chef Infra Server, or maintained using Chef Automate

Edit Role Run-list

To edit the run-list for a role:

  1. Open the Chef management console.

  2. Click Policy.

  3. Click Roles.

  4. Select a role.

  5. Click Edit Run List.

    image

  6. Make your changes.

  7. Click Save Run List.

Default Attributes

A default attribute is automatically reset at the start of every Chef Infra Client run and has the lowest attribute precedence. Use default attributes as often as possible in cookbooks.

Edit Default Attributes

To edit default attributes for a role:

  1. Open the Chef management console.

  2. Click Policy.

  3. Click Roles.

  4. Select a role.

  5. Click the Attributes tab.

  6. Under Default Attributes, click Edit.

  7. In the Edit Role Attributes dialog box, enter the JSON data that defines the attribute (or attributes).

    image

  8. Click Save Attributes.

View Default Attributes

To view default attributes for a role:

  1. Open the Chef management console.
  2. Click Policy.
  3. Click Roles.
  4. Select a role.
  5. Click the Attributes tab.

Override Attributes

An override attribute is automatically reset at the start of every Chef Infra Client run and has a higher attribute precedence than default, force_default, and normal attributes. An override attribute is most often specified in a recipe, but can be specified in an attribute file, for a role, and/or for an environment. A cookbook should be authored so that it uses override attributes only when required.

Edit Override Attributes

To edit override attributes for a role:

  1. Open the Chef management console.

  2. Click Policy.

  3. Click Roles.

  4. Select a role.

  5. Click the Attributes tab.

  6. Under Override Attributes, click Edit.

  7. In the Edit Role Attributes dialog box, enter the JSON data that defines the attribute (or attributes).

    image

  8. Click Save Attributes.

View Override Attributes

To view role details:

  1. Open the Chef management console.
  2. Click Policy.
  3. Click Roles.
  4. Select a role.
  5. Click the Details tab.

Permissions

Permissions are used in the Chef Infra Server to define how users and groups can interact with objects on the server. Permissions are configured for each organization.

The Chef Infra Server includes the following object permissions:

PermissionDescription
DeleteUse the Delete permission to define which users and groups may delete an object. This permission is required for any user who uses the knife [object] delete [object_name] argument to interact with objects on the Chef Infra Server.
GrantUse the Grant permission to define which users and groups may configure permissions on an object. This permission is required for any user who configures permissions using the Administration tab in the Chef management console.
ReadUse the Read permission to define which users and groups may view the details of an object. This permission is required for any user who uses the knife [object] show [object_name] argument to interact with objects on the Chef Infra Server.
UpdateUse the Update permission to define which users and groups may edit the details of an object. This permission is required for any user who uses the knife [object] edit [object_name] argument to interact with objects on the Chef Infra Server and for any Chef Infra Client to save node data to the Chef Infra Server at the conclusion of a Chef Infra Client run.

Set

To set permissions list for a role object:

  1. Open the Chef management console.
  2. Click Policy.
  3. Click Roles.
  4. Select a role.
  5. Click the Permissions tab.
  6. For each group listed under Name, select or de-select the Read, Update, Delete, and Grant permissions.

Update

To update the permissions list for a role object:

  1. Open the Chef management console.
  2. Click Policy.
  3. Click Roles.
  4. Select a role.
  5. Click the Permissions tab.
  6. Click the + Add button and enter the name of the user or group to be added.
  7. Select or de-select Read, Update, Delete, and Grant to update the permissions list for the user or group.

View

To view permissions for a role object:

  1. Open the Chef management console.
  2. Click Policy.
  3. Click Roles.
  4. Select a role.
  5. Click the Permissions tab.
  6. Set the appropriate permissions: Delete, Grant, Read, and/or Update.
Edit this page on GitHub

Thank you for your feedback!

×









Search Results