Update restore scripts

2025-01-15 16:36:58 +01:00 · 2025-01-15 16:36:58 +01:00 · 261bb179f4
commit 261bb179f4
parent 9917613fc4
4 changed files with 62 additions and 9 deletions
--- a/global/overlay/etc/puppet/modules/net/files/baas2_restoretest/run-failed-restore.expect
+++ b/global/overlay/etc/puppet/modules/net/files/baas2_restoretest/run-failed-restore.expect
@ -0,0 +1,22 @@
+#!/usr/bin/expect
+set nodename [lindex $argv 0]
+
+set exit_val 1
+set enc_password "bogus_password"
+
+spawn dsmc restore /opt/backup-test/ /opt/restore-target/ -asnodename=$nodename -subdir=yes
+expect "Action \\\[1,2,3,A\\\] : " {
+  send -- "1\r"
+  expect -exact "Enter encryption key password: "
+  send -- "$enc_password\r"
+  expect -exact "Confirm encryption key password: "
+  send -- "$enc_password\r"
+}
+expect "ANS8013I Invalid encryption key password" {
+  set exit_val 0
+  expect "Action \\\[1,2,3,A\\\] : "
+  send -- "A\r"
+}
+
+expect eof
+exit $exit_val
--- a/global/overlay/etc/puppet/modules/net/files/baas2_restoretest/run-restore.expect
+++ b/global/overlay/etc/puppet/modules/net/files/baas2_restoretest/run-restore.expect
@ -1,7 +0,0 @@
-#!/usr/bin/expect
-set nodename [lindex $argv 0]
-set enc_password [lindex $argv 1]
-
-spawn dsmc restore /opt/backup-test/ /opt/restore-target/ -asnodename=$nodename -subdir=yes
-expect -exact "Action [1,2,3,A] : "
-send -- "$enc_password\r"
--- a/global/overlay/etc/puppet/modules/net/files/baas2_restoretest/run-successful-restore.expect
+++ b/global/overlay/etc/puppet/modules/net/files/baas2_restoretest/run-successful-restore.expect
@ -0,0 +1,20 @@
+#!/usr/bin/expect
+set nodename [lindex $argv 0]
+set enc_password [lindex $argv 1]
+
+set exit_val 1
+
+spawn dsmc restore /opt/backup-test/ /opt/restore-target/ -asnodename=$nodename -subdir=yes
+expect "Action \\\[1,2,3,A\\\] : " {
+  send -- "1\r"
+  expect -exact "Enter encryption key password: " {
+    send -- "$enc_password\r"
+  }
+  expect -exact "Confirm encryption key password: " {
+    send -- "$enc_password\r"
+  }
+  expect "Restore processing finished." {
+    set exit_val 0
+  }
+}
+exit $exit_val
--- a/global/overlay/etc/puppet/modules/net/files/baas2_restoretest/validate-backup-files
+++ b/global/overlay/etc/puppet/modules/net/files/baas2_restoretest/validate-backup-files
@ -1,11 +1,29 @@
 #!/usr/bin/env bash
+# This script is intended to validate that:
+#  - restore of an encrypted backup is unsuccessuful if wrong encrypted password is provided
+#  - restore of an encypted backup is successfil if the correct encryption password is provided
 nodename=$1

+if [ -z "$nodename" ]; then
+  echo "usage: $0 <nodename>"
+  exit 1
+fi
+
 set -eu

 restoretarget=/opt/restore-target
-rm /opt/restore-target/*

+# We want to start clean without files for each run to avoid getting qeustions about replace
+rm -f $restoretarget/*
+
+# Get the encryption password for the server that we want to do "proxy" restore from
 enc_password=$(eyaml decrypt -f /etc/hiera/data/local.eyaml --pkcs7-private-key=/etc/hiera/eyaml/private_key.pkcs7.pem --pkcs7-public-key=/etc/hiera/eyaml/public_certkey.pkcs7.pem | awk '/^baas2_restoretest_encryption_password: /{print $2}')

-/opt/baas2/run-restore.expect $nodename $enc_password
+# Run expect script that should do a failed restore (wrong password) (and exit 0 if it failes)
+/opt/baas2/run-failed-restore.expect "$nodename"
+
+# Run expect script that cancel any pending/open restores (which is an excpected result of the failed restore above)
+/opt/baas2/cancel-restore.expect "$nodename"
+
+# Run expect script that uses the correct encryption password and does a successful restore
+/opt/baas2/run-successful-restore.expect "$nodename" "$enc_password"