How to Group nodes via “Projects” in Chef Automate

By

“Projects” on Chef Automate provides users the ability to organize nodes into groups giving better insights into the status of the fleet and an easier way to distinguish and visualize nodes on Automate.

Projects allow for filtering and segregation of your node data with a set of rules. Users can combine multiple rules in one project.  After applying the project rules, one can find the created project in a dropdown on the top right corner of the Automate dashboard. Selecting one of the projects will show the nodes mapped to the project.

How to select project in Chef Automate to show nodes mapped to project

Projects and Policies (IAM)

Projects gives the ability to restrict users from accessing all the nodes in the fleet. Creating projects also produce policies (IAM) in the policies section. These  can be assigned to specific users to receive permission to view/edit only those nodes belonging to the project(s) they have access to.


Criteria to group nodes under projects

A user can create a rule to group nodes by event or node resource type.

Resource type dropdown example for rule in Chef Automate

Nodes can be grouped by one of the following methods.

  • Chef Organization
  • Chef Infra Server
  • Environment
  • Chef Role
  • Chef Tag
  • Chef Policyname
  • Chef Policygroup

 

Example of selecting node attribute for Chef project rule

How to use projects to group nodes?

We will walkthrough grouping of nodes using “Projects” by two methods

  • Grouping nodes with a tag
  • Grouping nodes via policyfile or policy group

Grouping nodes using a tag

A Chef tag can be created and applied to nodes by using knife tag command or with a tag resource in a recipe file. For example, in the cookbook (in this example, ‘custom’), the below line can be added in one of the recipe files:

Example Chef cookbook with Chef tag


This recipe file can be added to an existing cookbook and then add the recipe to the run list for all the nodes that need to be tagged with it.

Create a rule targeting the tag:

  • Navigate to Settings in Automate dashboard and click on Projects.
  • Create a project.
How to create new project in Chef Automate

  • Click on the project name to open the project.
  • Click on create rule and add conditions.
How to create rule for project in Chef Automate
  • Select Resource type as node.
  • Select node attribute as “Chef Tag”.
  • Add the value to match and save the rule.
Add condition values for nodes in Chef Automate
  • Click on Update Projects in the bottom bar to apply the rules from the modified (or in this case, newly created) projects.
List of Projects in Chef Automate


Depending on the number of nodes managed by Automate, it may take time to apply all the rules. Once the project rules are applied, find the project in a dropdown on the top right corner of the screen.

How to find project in dropdown of Chef Automate

Grouping nodes via policyfile or policy group

If a group of nodes have a common policyfile or policygroup assigned, projects can be created accordingly with same steps as above (refer section: Grouping nodes with a tag) but choose policyfile or policygroup as the node attribute while selecting the condition. A rule that targets multiple policies and groups can be created using the “member of” check in the condition.

Where can Projects be used?

Nodes can be grouped in many ways depending on the organization needs. Some of the scenarios where Projects can be used are:

  1. Grouping nodes based on region
  2. Grouping nodes by Operating System
  3. Segregating nodes on different environments (Dev/Acceptance/Production)
  4. For team/department specific views.
  5. To differentiate different types of nodes like Desktop/Kiosks/Servers
  6. To Group nodes with identical configurations Etc.

Here is an example of how you can segregate desktop and server nodes with Projects. To view desktops and servers separately on a single Automate instance using projects, it is recommended that the nodes be segregated by one of the following attributes.

Chef Tag-:

  • Create a recipe which adds a “desktop” tag
  • Add the recipe to the runlist of all desktop nodes and create a project with the tag.
  • Similarly, can create a recipe to apply “server” tag , add to the runlist of all server nodes and create a project.

Chef Policy name/Policy group-:

  • Maintain separate Policyfiles for desktops and servers.
  • Create projects with their respective Policyfiles.

The nodes can also be grouped based on Chef organizations and Chef servers. However, if there is no segregation in place between desktop and server nodes, moving nodes of a particular type from one server to another or moving them under a different organization is a comparatively bigger effort than simply assigning a policy or a tag for segregating desktop from server nodes. Likewise, Projects can be used for other use cases where it is necessary to distinguish or group nodes.



Posted in:
Tags:
Chef Automate Chef Desktop group nodes

Chaithra Mailankody

Chaithra is an Associate Product Manager – Chef Desktop at Progress Software Corporation.

Categories

INTERNET US

Company
Using Chef
Legal
Connect with us
Contact Us

Chef is part of the Progress product portfolio. Progress is the leading provider of application development and digital experience technologies.

Copyright © 2024 Progress Software Corporation and/or its subsidiaries or affiliates. All Rights Reserved.

Progress, Telerik, Ipswitch, Chef, Kemp, Flowmon, MarkLogic, Semaphore and certain product names used herein are trademarks or registered trademarks of Progress Software Corporation and/or one of its subsidiaries or affiliates in the U.S. and/or other countries. See Trademarks for appropriate markings.

Do Not Sell or Share My Personal Information

Powered by Progress Sitefinity