Food Fight

The Podcast where DevOps chefs do battle

Roles, Environments, Attributes, and Data Bags - Part 2

Show Date: Tuesday, January 22, 2013

This episode is a continuation of our discussion of Roles, Environments, Attributes and Data Bags. The episode was recorded as a Google+ Hangout and streamed live on YouTube.

You can now subscribe to the Food Fight Show email newsletter.

Watch Now



This show was a roundtable discussion of some of the components within Chef. We start with a definition of each object, taken from the docs site and give each panelist a few minutes to discuss.


A role is a way to define certain patterns and processes that exist across nodes in a Chef organization as belonging to a single job function. Each role may contain attributes and/or a run list. Each node can have zero (or more) roles assigned to it. When a role is run against a node, the configuration details of that node are compared against the attributes of the role, and then the contents of that role’s run list are applied to the node’s configuration details. When a chef-client runs, it merges its own attributes and run lists with those contained within each assigned role.


An environment is a way to map an organization’s real-life workflow to what can be configured and managed when using Chef server. Every Chef organization begins with a single environment called the _default environment, which cannot be modified (or deleted). Additional environments can be created, such as production, staging, testing, and development. Generally, an environment is also associated with one (or more) cookbook versions.


An attribute is a specific detail about a node, such as an IP address, a host name, a desired application setting, a list of loaded kernel modules, the version(s) of available programming languages that are available, and so on. Attributes can be maintained in a variety of ways, such as by re-loading a cookbook (that contains new attributes), by using Knife, or by using JSON data. During a Chef run, the chef-client gets attributes from Ohai, the node object on the Chef server, roles, recipes, and environments. These attributes are compared and then updated based on attribute precedence rules that are defined for each attribute. At the end of a Chef run, the chef-client will save the node object (and all of its attributes) to the Chef server so they can be indexed for search.

Types of attributes:

Data Bags

A data bag is a global variable that is stored as JSON data and is accessible from a Chef server. A data bag is indexed for searching and can be loaded by a recipe or accessed during a search. The contents of a data bag can vary, but they often include sensitive information (such as database passwords).








Music Notes