Create Backup Role

The create_backup role uses the knife ec backup feature to create a backup of an existing chef server and places it in /var/opt/chef-backup/, which it then compresses. It also compresses Chef admin user’s ~/.chef directory for the PEM files.

main.yml

---

- import_tasks: create_backup.yml
  tags:
    - create_backup

...

create_backup.yml

---

# Create backup of existing Chef server.
- name: "Backup tasks on {{ chefsrv_main | lower }}"
  block:
    - name: Creating a working directory on old Chef server.
      file:
        path: /var/opt/chef-backup
        state: directory
        owner: "{{ ansible_svc_acct }}"
        group: "{{ ansible_svc_acct }}"
        mode: '0700'

    - name: "Create a backup on {{ chefsrv_main | lower }}"
      shell:
        cmd: /opt/opscode/bin/knife ec backup --config /etc/chef/client.rb /var/opt/chef-backup/

    - name: "Cleanup backup on {{ chefsrv_main | lower }}"
      shell:
        cmd: /opt/opscode/bin/knife tidy backup clean --backup-path /var/opt/chef-backup/

    - name: Create a lock file
      file:
        path: /var/opt/chef-backup/backup_complete.lock
        state: touch

  delegate_to: "{{ chefsrv_main | lower }}"
  run_once: True
  when: orig_backup_check.stat.exists == False

# Create backup of existing chef admin pems from original server.
- name: "Create backup archives on {{ chefsrv_main | lower }}."
  block:
    - name: "Compress backup directory on {{ chefsrv_main | lower }}"
      archive:
        path: /var/opt/chef-backup/*
        dest: "/var/opt/chef-backup/chef-backup-{{ time_stamp }}.tgz"
        exclude_path:
          - /var/opt/chef-backup/chef*
      when: chef_backup_ark.stat.exists == False

    - name: "Backup tasks {{ chef_admin }} user pem files on {{ chefsrv_main | lower }}."
      archive:
        path: "{{ chef_home }}/.chef"
        dest: "/var/opt/chef-backup/chef_admin_pem_{{ chefsrv_main | lower }}-{{ time_stamp }}.tgz"
      when: chef_admin_pem_ark.stat.exists == False

    - name: "Update permissions to backup on {{ chefsrv_main | lower }}."
      file:
        path: /var/opt/chef-backup
        state: directory
        owner: "{{ ansible_svc_acct }}"
        group: "{{ ansible_svc_acct }}"
        recurse: True
  delegate_to: "{{ chefsrv_main | lower }}"
  run_once: True

- name: "Discovery tasks on {{ chefsrv_main | lower }}."
  block:
    - name: "Find the backup file on {{ chefsrv_main | lower }}."
      find:
        paths: /var/opt/chef-backup/
        patterns: 'chef-backup-*.tgz'
      register: found_files_ark

    - name: "Get latest file on {{ chefsrv_main | lower }}."
      set_fact:
        latest_file_ark: "{{ (found_files_ark.files|sort(attribute='mtime')|last).path }}"

    - name: "Stat a file on {{ chefsrv_main | lower }}."
      stat:
        path: "{{ latest_file_ark }}"
      register: chef_backup_ark

    - name: "Find the pem ark on {{ chefsrv_main | lower }}."
      find:
        paths: /var/opt/chef-backup/
        patterns: 'chef_admin_pem_*.tgz'
      register: found_pem_ark

    - name: "Get latest pem ark on {{ chefsrv_main | lower }}."
      set_fact:
        latest_pem_ark: "{{ (found_pem_ark.files|sort(attribute='mtime')|last).path }}"

    - name: "Stat pem ark on {{ chefsrv_main | lower }}."
      stat:
        path: "{{ latest_pem_ark }}"
      register: chef_admin_pem_ark

    - name: "Install rsync on {{ chefsrv_main | lower }}."
      package:
        name: rsync
        state: present
  delegate_to: "{{ chefsrv_main | lower }}"

- name: Updating chef_backup_ark filename fact.
  set_fact:
    chef_backup_ark_filename: "{{ chef_backup_ark.stat.path | basename }}"

- name: Updating chef_admin_pem_ark filename fact.
  set_fact:
    chef_admin_pem_ark_filename: "{{ chef_admin_pem_ark.stat.path | basename }}"

...