Finding obsolete and unused Roles in Chef

If your Chef environment has grown and its time for a cleanup, here is an easy way to find unused and obsolete Roles.
This works as long as the roles/*.rb files are named exactly like the roles.

# in roles/ directory do
for f in *.rb; do echo $f; done | cut -d'.' -f1 | tr '\n' '\0'|xargs -0 -L1 -I '$' sh -c "echo '$:';knife search node 'role:$'|grep Node" > result.txt
# then
for f in *.rb; do echo $f; done | cut -d'.' -f1 | tr '\n' '\0'|xargs -0 -L1 -I '$' sh -c "echo '$:';knife search node 'roles:$'|grep Node" > result2.txt

This will output role name and the hosts using it. Roles not having nodes in both result files are unused and can be removed.

Sample output

auth-app:
Node Name:   auth-app2.prod1.example.lan
Node Name:   auth-app3.prod1.example.lan
Node Name:   auth-app1.prod2.example.lan
unused-role:
ch-elasticsearch:
Node Name:   ch-esearch3.prod1.example.lan
Node Name:   ch-esearch2.prod2.example.lan

Reason why you need to run it twice is first command searches for nodes having exactly that role and second one searching in expanded run lists.

  1. No comments yet.

  1. No trackbacks yet.