Cleanup Role

The cleanup role goes through and removes the backup directories and their contents on both servers, deletes the restore user from the Secondary Chef server, and removes the temporary ssh keys from the Primary Chef server and the authorized key from the Secondary Chef server.

main.yml

---

# Cleanup files.
- import_tasks: cleanup.yml
 tags:
   - cleanup

...

cleanup.yml

---

- name: Removing the backup directory on both chef servers.
  file:
    path: /var/opt/chef-backup/
    state: absent
  delegate_to: "{{ item }}"
  loop:
    - "{{ chefsrv_bkup | lower }}"
    - "{{ chefsrv_main | lower }}"

- name: "Cleanup temp keys on {{ chefsrv_main | lower }}"
  file:
    path: "{{ item }}"
    state: absent
  loop:
    - "{{ ansible_svc_acct_home }}/.ssh/id_tmp_ssh_rsa"
    - "{{ ansible_svc_acct_home }}/.ssh/id_tmp_ssh_rsa.pub"
  delegate_to: "{{ chefsrv_main | lower }}"

- name: "Remove public key from authorized_keys on {{ ansible_hostname }}"
  lineinfile:
    path: "{{ ansible_svc_acct_home }}/.ssh/authorized_keys"
    regexp: "^{{ keypair_info.public_key }}$"
    state: absent

- name: Check for restore user
  command: chef-server-ctl user-list
  register: chef_user_list

- name: Delete existing restore user
  command: chef-server-ctl user-delete restore -y
  when:
    - chef_user_list.stdout.find('restore') != -1

- name: Verify the restore pem file has been removed.
  file:
    path: /root/chef/restore/.chef/restore.pem
    state: absent

- name: "Restart chef-client on {{ ansible_hostname }}."
  service:
    name: chef-client
    state: started

...