One of the major reasons why roles aren't popular is due to the fact that it's hard to maintain versioned run lists. For example, you might have created web servers with the role webserver that had a run list containing the base and nginx recipes. Now, today you needed to add another recipe, say logstash, to these servers. So you went ahead and added the recipe to the run list in your role and triggered a chef-client run either automatically or manually. This is where you didn't realize that your new recipe code had a bug and now all your ten servers are in a messed-up state.

There are many ways to overcome this issue; however, I like to use environment run lists just for this very purpose. I split my infrastructure into different environments such as dev, staging, and production. Whenever I write a new piece of Chef code, I ensure that I push it into the run list associated with the dev environment initially for local testing. Once it has passed there, I add the recipe...