Chef Server Sync
This playbook used to sync two running Chef Infra servers. For instance if you want to keep a primary server in sync with a DR one.
This Ansible play operates by utilizing the knife-ec-backup gem. Information about that can be found here: https://github.com/chef/knife-ec-backup. Below are the steps general steps that this play takes:
- The
pre_checksrole checks all systems to see where in the process the play might have ended previously. - The
create_backuprole creates a backup of flat files on the Primary Chef server located in/var/opt/chef-backup/, which it then compresses. It also compresseschef_admin’s~/.chefdirectory for the PEM files. - The
create_restore_accountrole creates a temporary user namedrestoreon the Secondary Chef server; this is used as the account from which to restore from so that the account isn’t overwritten during the restore. It also creates a temporary ssh key pair between the two Chef servers. - The
restore_backuprole pushes the archived backups to/var/opt/chef-backup/on the Secondary Chef server, extracts them, and then runs the restore command. - Finally the
cleanuprole goes through and removes the backup directories on both servers, deletes therestoreuser from the Secondary Chef server, and removes the temporary ssh keys from the Primary Chef server.
---
- name: Chef Server Sync Playbook
hosts: "{{ chefsrv_bkup | lower }}"
vars:
- time_stamp: "{{ ansible_date_time.epoch }}"
- ansible_svc_acct: <ansible_account>
- ansible_svc_acct_home: <ansible_home>
- chef_org: <chef_org_name>
- chef_home: <chef_admin_home>
- chef_user: <chef_admin>
gather_facts: True
become_flags: '-i'
become: True
pre_tasks:
- name: Verify if a host is a valid chef server
fail:
msg: Host is not an intended chef server.
when: inventory_hostname is not regex("^(chef|chef-lab).*")
tasks:
roles:
- pre_checks
- create_backup
- create_restore_account
- restore_backup
- cleanup
...