Create Restore Account Role
The create_restore_account
role creates a temporary user named restore
on the Secondary Chef server; this is used as the account from which to restore from so that the account isn’t overwritten during the restore. It also creates a temporary ssh key pair between the two Chef servers.
---
- name: Add vault to vars
include_vars: ../vars/vault.yml
tags:
- create_restore_account
- restore_backup
- import_tasks: create_restore_account.yml
tags:
- create_restore_account
- restore_backup
...
You need to supply the credentials to be used by the restore user.
restore_pass: foo-pass.
---
- name: Create a directory for the restore user
file:
path: /root/chef/restore/.chef
state: directory
recurse: True
mode: '0750'
owner: root
group: root
- name: Check if the restore.pem file exists
stat:
path: /root/chef/restore/.chef/restore.pem
register: restore_acct_pem
- name: Check for restore user
command: chef-server-ctl user-list
register: chef_user_list
- name: Delete existing restore user
command: chef-server-ctl user-delete restore -y
when:
- restore_acct_pem.stat.exists == False
- chef_user_list.stdout.find('restore') != -1
- name: Create restore user
command: "chef-server-ctl user-create restore 'Chef' 'Restore' restore@example.com '{{ restore_pass }}' --filename /root/chef/restore/.chef/restore.pem"
when: restore_acct_pem.stat.exists == False
no_log: True
- name: Create /root/chef/restore/.chef/knife.rb
template:
src: knife.rb.j2
dest: /root/chef/restore/.chef/knife.rb
owner: root
group: root
mode: '0640'
# Stop chef on destination server.
- name: "Stop chef-client on {{ ansible_hostname }}."
service:
name: chef-client
state: stopped
# Create temporary SSH Key Pairs for transfer.
- name: Create a temporary key pair for file transfers
openssh_keypair:
path: "{{ ansible_svc_acct_home }}/.ssh/id_tmp_ssh_rsa"
owner: "{{ ansible_svc_acct }}"
group: "{{ ansible_svc_acct }}"
register: keypair_info
delegate_to: "{{ chefsrv_main | lower }}"
- name: "Add public key to authorized_keys on {{ ansible_hostname }}"
lineinfile:
path: "{{ ansible_svc_acct_home }}/.ssh/authorized_keys"
line: "{{ keypair_info.public_key }}"
...