The document discusses best practices for defining roles and profiles in a technical context, emphasizing the importance of clarity, naming conventions, and modular design for system interoperability. It outlines strategies for complex situations, such as establishing a complexity escalation path and parameterizing profiles. Additionally, it addresses the need to minimize complications and encourages practices that reduce friction among teams.

1. “Best Practices”- Roles & Profiles
Gary Larizza

8. Knowing your Role(s)
…and your Profile(s)

9. Best Practice-ish: Roles & Profiles 9

10. class profile::jenkins {
$jenkins_port = hiera(’jenkins_port’)
$java_dist = hiera(’java_dist’)
$java_version = hiera(’java_version’)
class { ’::jenkins’:
install_java => false,
port => $jenkins_port,
}
class { ’::java’:
distribution => $java_dist,
version => $java_version,
before => Class[‘jenkins’],
}
}

11. class role::ci_server {
include profile::jenkins
include profile::myorg
include profile::hubot
}

12. 1.Lots of tech
2.Lots of terms
3.Lots of variations

13. “Best Practices”
(i.e. “Some people do this - not me, but some people…”)

14. CS-STANDARDS

15. CS-STANDARDS

16. Best Practice-ish: Roles & Profiles 16
● Focus on having a “complexity escalation path”
● Module in Control Repo? Module in its own Repo?
● Package in profile::mycorp::packages -> package in its own
module
● Team interoperability and comprehension
● i.e. “Do we need a profile for simple, one-module tech?”
● Minimize magic
Your Standard

17. Profile(s)(to s or not to s…)

18. Best Practice-ish: Roles & Profiles 18
● In the Control Repo
● Escalation: Separate
module
● Escalation: Separate
module for each
profile
Profiles - storage

19. Best Practice-ish: Roles & Profiles 18
● In the Control Repo
● Escalation: Separate
module
● Escalation: Separate
module for each
profile
Profiles - storage

20. Best Practice-ish: Roles & Profiles 18
● In the Control Repo
● Escalation: Separate
module
● Escalation: Separate
module for each
profile
Profiles - storage

21. Best Practice-ish: Roles & Profiles 19
● Name the module “profile”
● Or “profiles”
● Or “lamp”
● (i.e. It doesn’t matter because I don’t work with you)
●Escalation: prepend each profile module
●wrapper_apache
●profile_apache
Profiles - naming

22. Best Practice-ish: Roles & Profiles 20
● Name each profile according to tech
● profile::{nginx,apache}
● Escalation: May extend to implementation if it makes
sense
● profile::ssh::{server,client}
Profiles - naming

23. Best Practice-ish: Roles & Profiles 21
Profiles may be parameterized to
provide an API to the implementation
Profiles - usage

24. Best Practice-ish: Roles & Profiles 22
Limit resource-style declaration of a profile
Profiles - usage
class { ‘profile::ntp’: }
include profile::ntp

25. Best Practice-ish: Roles & Profiles 23
Profiles may declare other profiles
Profiles - usage

26. Best Practice-ish: Roles & Profiles 24
●Only site-specific resources
declared in profiles
●Certificates
●Credentials
●Customizations
Profiles - usage

28. Best Practice-ish: Roles & Profiles 26
Profiles may be platform-based
Profiles - usage
● profile::windows::iis
● profile::linux::ntp
● profile::osx::loginwindow

29. Best Practice-ish: Roles & Profiles 27
Profiles may be single-point-of-entry
Profiles - usage
profile::dns_nameservers ->
profile::dns_nameservers::{linux,windows}

30. Roles(and if we don’t get no tolls…)

31. Best Practice-ish: Roles & Profiles 29
Roles - naming
sfnetdevap12-01

32. Best Practice-ish: Roles & Profiles 30
Roles - naming
sfnetdevap12-01

33. Best Practice-ish: Roles & Profiles 31
Roles - naming
sfnetdevap12-01

34. Best Practice-ish: Roles & Profiles 32
Roles - naming
sfnetdevap12-01

35. Best Practice-ish: Roles & Profiles 33
Roles - naming
sfnetdevap12-01

36. Best Practice-ish: Roles & Profiles 34
Roles - naming
sfnetdevap12-01

37. Best Practice-ish: Roles & Profiles 35
Roles - naming
role::app_server

38. Best Practice-ish: Roles & Profiles 36
Roles are named according to type
Roles - naming

39. Best Practice-ish: Roles & Profiles 37
Roles may be namespaced for clarity
Roles - naming
● role::app_server::pci
● These names are to assist YOU

40. Best Practice-ish: Roles & Profiles 38
Roles - storage
● In the Control Repo
● Single ‘role’ module
● Escalation: Separate module
● Escalation: Separate module for
each role

42. Best Practice-ish: Roles & Profiles 40
Can roles contain conditional logic?
Roles - naming
● If Windows then IIS profile, if Linux then JBoss
● Separate roles per platform
● What’s more important to track/visualize?

43. Best Practice-ish: Roles & Profiles 41
Can roles be inherited?
Roles - naming

44. Best Practice-ish: Roles & Profiles 42
Summary
DO WHAT CAUSES LESS FRICTION
BETWEEN TEAMS AND IS EASY TO
FOLLOW!

45. Best Practice-ish: Roles & Profiles 43
Questions?

46. Best Practice-ish: Roles & Profiles 44
Summary
●Everything is terrible
●No one is happy