Here we will construct our three roles, one each for our base server configuration, database server, and web server. Each role will have a set of recipes to run, with the base server providing the user accounts, SSH keys, and other common components, and then the others providing configuration data for PostgreSQL and nginx, respectively.
The key bits that are of interest in our base server role are the run list and the configuration data that specify which group to populate users for. If you look at the file roles/base_server.json
, you will see that we have defined one group of users to pull from our data bags:
"override_attributes": { "shell_users": { "group": "webapp" } }
And then, the recipe we want to use that will populate the users on the host is in the run list:
"run_list": [ "users::shell_users" ],
In order to load the role into Chef, you can issue a from file
command:
knife role from file base_server.json Updated Role base _server...