Create Restore Account Role

---

- name: Add vault to vars
 include_vars: ../vars/vault.yml
 tags:
   - create_restore_account
   - restore_backup

- import_tasks: create_restore_account.yml
 tags:
   - create_restore_account
   - restore_backup

...

restore_pass: foo-pass.

---

- name: Create a directory for the restore user
  file:
    path: /root/chef/restore/.chef
    state: directory
    recurse: True
    mode: '0750'
    owner: root
    group: root

- name: Check if the restore.pem file exists
  stat:
    path: /root/chef/restore/.chef/restore.pem
  register: restore_acct_pem

- name: Check for restore user
  command: chef-server-ctl user-list
  register: chef_user_list

- name: Delete existing restore user
  command: chef-server-ctl user-delete restore -y
  when:
    - restore_acct_pem.stat.exists == False
    - chef_user_list.stdout.find('restore') != -1

- name: Create restore user
  command: "chef-server-ctl user-create restore 'Chef' 'Restore' restore@example.com '{{ restore_pass }}' --filename /root/chef/restore/.chef/restore.pem"
  when: restore_acct_pem.stat.exists == False
  no_log: True

- name: Create /root/chef/restore/.chef/knife.rb
  template:
    src: knife.rb.j2
    dest: /root/chef/restore/.chef/knife.rb
    owner: root
    group: root
    mode: '0640'

# Stop chef on destination server.
- name: "Stop chef-client on {{ ansible_hostname }}."
  service:
    name: chef-client
    state: stopped

# Create temporary SSH Key Pairs for transfer.
- name: Create a temporary key pair for file transfers
  openssh_keypair:
    path: "{{ ansible_svc_acct_home }}/.ssh/id_tmp_ssh_rsa"
    owner: "{{ ansible_svc_acct }}"
    group: "{{ ansible_svc_acct }}"
  register: keypair_info
  delegate_to: "{{ chefsrv_main | lower }}"

- name: "Add public key to authorized_keys on {{ ansible_hostname }}"
  lineinfile:
    path: "{{ ansible_svc_acct_home }}/.ssh/authorized_keys"
    line: "{{ keypair_info.public_key }}"

...

gdoc_arrow_left_alt Create Backup Role Restore Backup Role gdoc_arrow_right_alt