Restore Backup Role

The restore_backup role pushes the archived backups from the original Chef server to to /var/opt/chef-backup/ on the Secondary Chef server, extracts them, and then uses the knife ec restore command to restore the backup.

main.yml

---

- import_tasks: restore_backup.yml
 tags:
   - restore_backup

...

restore_backup.yml

---

# Pull down the backup archives from the Ansible server to the secondary Chef server.
- name: "Install rsync on {{ ansible_hostname }}"
  package:
    name: rsync
    state: present

- name: "Creating a working directory on {{ ansible_hostname }}"
  file:
    path: /var/opt/chef-backup
    state: directory
    owner: "{{ ansible_svc_acct }}"
    group: "{{ ansible_svc_acct }}"
    mode: '0700'

- name: "Push the backup file to {{ ansible_hostname }}"
  synchronize:
    src: "/var/opt/chef-backup/{{ chef_backup_ark_filename }}"
    dest: /var/opt/chef-backup/
    private_key: "{{ ansible_svc_acct_home }}/.ssh/id_tmp_ssh_rsa"
  become_user: "{{ ansible_svc_acct }}"
  become: True
  become_flags: "-i"
  delegate_to: "{{ chefsrv_main | lower }}"
  when:
    - new_svr_ark_filename not in chef_backup_ark_filename

- name: "Push the {{ chef_admin }} pem archive to {{ ansible_hostname }}"
  synchronize:
    src: "/var/opt/chef-backup/{{ chef_admin_pem_ark_filename }}"
    dest: /var/opt/chef-backup/
    private_key: "{{ ansible_svc_acct_home }}/.ssh/id_tmp_ssh_rsa"
  become_user: "{{ ansible_svc_acct }}"
  become: True
  become_flags: "-i"
  delegate_to: "{{ chefsrv_main | lower }}"
  when:
    - new_pem_ark_filename not in chef_admin_pem_ark_filename

# Extract archives.
- name: "Verify backup archive on {{ ansible_hostname }}"
  stat:
    path: "/var/opt/chef-backup/{{ chef_backup_ark_filename }}"
  register: restore_backup

- name: "Verify pem archive on {{ ansible_hostname }}"
  stat:
    path: "/var/opt/chef-backup/{{ chef_admin_pem_ark_filename }}"
  register: restore_chef_admin_pem

- name: "Extract chef_admin pem archive onto {{ ansible_hostname }}"
  unarchive:
    src: "/var/opt/chef-backup/{{ chef_admin_pem_ark_filename }}"
    dest: "{{ chef_home }}/"
    remote_src: True
  when: restore_chef_admin_pem.stat.exists == True

- name: "Extract chef backup archive onto {{ ansible_hostname }}"
  unarchive:
    src: "/var/opt/chef-backup/{{ chef_backup_ark_filename }}"
    dest: /var/opt/chef-backup/
    creates: /var/opt/chef-backup/backup_complete.lock
    remote_src: True
  when: restore_backup.stat.exists == True

# Restore backup onto secondary server.
- name: Check if the restore.pem file exists
  stat:
    path: /root/chef/restore/.chef/restore.pem
  register: restore_acct_pem

- name: "See if the backup ark was extracted on {{ ansible_hostname }}"
  stat:
    path: /var/opt/chef-backup/backup_complete.lock
  register: extract_check

- name: "Restore backup onto {{ ansible_hostname }}"
  shell:
    cmd: /opt/opscode/bin/knife ec restore --concurrency 1 --config /root/chef/restore/.chef/knife.rb /var/opt/chef-backup/
  when:
    - restore_acct_pem.stat.exists == True
    - extract_check.stat.exists == True

# When doing a restore the restore user would be overwritten/deleted.
# That means it needs to be recreated before each restore attempt.
- name: Delete files to note restore was successful.
  file:
    path: "{{ item }}"
    state: absent
  loop:
    - /root/chef/restore/.chef/restore.pem
    - /var/opt/chef-backup/backup_complete.lock

...