Manage a node cohort

A node cohort defines skills and settings installed on every node in a cohort.

After you create a cohort, you assign nodes to the cohort during node enrollment, and Chef 360 Platform installs or removes the skills and settings on every node accordingly.

Prerequisites

To create a node cohort, you’ll need:

Role requirements

To create or manage a cohort, you must have a profile with the node-manager role.

Default cohort

When you create a new organization with default node settings, Chef 360 Platform creates a cohort called sample-node-cohort with the default skill assembly and default override settings.

Get cohorts in an organization

To get all cohorts in an organization, use the find-all-cohorts command:

chef-node-management-cli management cohort find-all-cohorts --profile <NODE_MANAGER_PROFILE_NAME>

Create a node cohort

To create a node cohort, follow these steps:

Create a JSON file that defines a node cohort using the skill assembly ID and the settings ID it should be associated with.
- Default cohort definition
- Cohort definition for node self enrollment
Use this definition file for all forms of node enrollment other than self enrollment.
```
{
 "name": "<NODE_COHORT_NAME>",
 "description": "<NODE_COHORT_DESCRIPTION>",
 "settingId": "<OVERRIDE_SETTINGS_ID>",
 "skillAssemblyId":"<SKILL_ASSEMBLY_ID>"
}
```
Replace:
- <NODE_COHORT_NAME> with a name for the node cohort
- <NODE_COHORT_DESCRIPTION> with a description of the node cohort
- <OVERRIDE_SETTINGS_ID> with a skill override settings ID
- <SKILL_ASSEMBLY_ID> with a skill assembly ID
Use this definition file if you’ll use self enrollment to enroll nodes into the cohort you’re creating.
```
{
 "name": "<NODE_COHORT_NAME>",
 "description": "<NODE_COHORT_DESCRIPTION>",
 "settingId": "<OVERRIDE_SETTINGS_ID>",
 "skillAssemblyId":"<SKILL_ASSEMBLY_ID>",
 "approvalNeeded": <APPROVAL_NEEDED>,
 "ipRanges": "<IP_RANGES>",
 "ipCIDRs": "<IP_CIDRS>",
 "macAddresses": "<MAC_ADDRESS>",
 "allowedPlatforms": "<ALLOWED_PLATFORM>"
}
```
Replace:
- <NODE_COHORT_NAME> with a name for the node cohort
- <NODE_COHORT_DESCRIPTION> with a description of the node cohort
- <OVERRIDE_SETTINGS_ID> with a skill override settings ID
- <SKILL_ASSEMBLY_ID> with a skill assembly ID
- <APPROVAL_NEEDED> with true if approval is required for self enrolled node, or false if not.
- <IP_RANGES> with a comma-separated list of IP address ranges to include in the cohort. For example, 192.168.1.1-192.168.1.100. Only IP addresses and ranges present in the network configuration values in the machine are supported.
- <IP_CIDRS> with a comma-separated list of CIDR blocks to include in the cohort. For example, 192.168.1.0/24,10.0.0.0/8. Only CIDR blocks present in the network configuration values in the machine are supported.
- <MAC_ADDRESS> with a comma-separated list of MAC addresses to include in the cohort.
- <ALLOWED_PLATFORM> with a comma-separated list of allowed platforms. For example, linux,windows.

Create the node cohort with the management cohort create-cohort subcommand:

chef-node-management-cli management cohort create-cohort --body-file <PATH_TO_NODE_COHORT_DEFINITION_FILE> --profile <NODE_MANAGER_PROFILE_NAME>

The response is similar to the following:

{
"item": {
    "cohortId": "86628101-0f31-48aa-b035-a8889232e568"
  }
}

Save the cohort ID value, you’ll use it to enroll nodes into the cohort.

Update a node cohort

Assign a skill assembly to a node cohort

To update or assign a new skill assembly to an existing node cohort, use the management cohort assign-skillAssembly subcommand:

chef-node-management-cli management cohort assign-skillAssembly \
  --skillAssemblyId <SKILL_ASSEMBLY_ID> \
  --cohortId <COHORT_ID> \
  --profile <NODE_MANAGER_PROFILE_NAME>

Assign a set of override settings to a node cohort

To update or assign new setting to an existing node cohort, use the management cohort assign-setting subcommand:

chef-node-management-cli management cohort assign-setting \
  --settingId <settingId> \
  --cohortId <COHORT_ID> \
  --profile <NODE_MANAGER_PROFILE_NAME>

Update cohort details

You can update the details of an existing node cohort, except for the skill assembly ID and override settings ID. To update cohort details, follow these steps:

Create a JSON file with the fields you want to update. You can update any of the fields except skillAssemblyId and settingId.

{
  "name": "Updated Cohort Name",
  "description": "Updated description for the cohort.",
  "approvalNeeded": false,
  "ipRanges": "192.168.2.1-192.168.2.100",
  "ipCIDRs": "192.168.2.0/24",
  "macAddresses": "00:1A:2B:3C:4D:5E",
  "allowedPlatforms": "linux,windows"
}

Update the cohort with the management cohort update-cohort subcommand:

chef-node-management-cli management cohort update-cohort \
  --cohortId <COHORT_ID> \
  --body-file <PATH_TO_UPDATE_FILE> \
  --profile <NODE_MANAGER_PROFILE_NAME>

The response confirms the updated cohort details.

Troubleshooting

To verify that the skill assembly was created or updated, use the management cohort find-one-cohort subcommand:

chef-node-management-cli management cohort find-one-cohort \
  --cohortId <COHORT_ID> \
  --profile <NODE_MANAGER_PROFILE_NAME>