Cleanup Role
The cleanup
role goes through and removes the backup directories and their contents on both servers, deletes the restore
user from the Secondary Chef server, and removes the temporary ssh keys from the Primary Chef server and the authorized key from the Secondary Chef server.
---
# Cleanup files.
- import_tasks: cleanup.yml
tags:
- cleanup
...
---
- name: Removing the backup directory on both chef servers.
file:
path: /var/opt/chef-backup/
state: absent
delegate_to: "{{ item }}"
loop:
- "{{ chefsrv_bkup | lower }}"
- "{{ chefsrv_main | lower }}"
- name: "Cleanup temp keys on {{ chefsrv_main | lower }}"
file:
path: "{{ item }}"
state: absent
loop:
- "{{ ansible_svc_acct_home }}/.ssh/id_tmp_ssh_rsa"
- "{{ ansible_svc_acct_home }}/.ssh/id_tmp_ssh_rsa.pub"
delegate_to: "{{ chefsrv_main | lower }}"
- name: "Remove public key from authorized_keys on {{ ansible_hostname }}"
lineinfile:
path: "{{ ansible_svc_acct_home }}/.ssh/authorized_keys"
regexp: "^{{ keypair_info.public_key }}$"
state: absent
- name: Check for restore user
command: chef-server-ctl user-list
register: chef_user_list
- name: Delete existing restore user
command: chef-server-ctl user-delete restore -y
when:
- chef_user_list.stdout.find('restore') != -1
- name: Verify the restore pem file has been removed.
file:
path: /root/chef/restore/.chef/restore.pem
state: absent
- name: "Restart chef-client on {{ ansible_hostname }}."
service:
name: chef-client
state: started
...