Extend validate-backup-files script

global/overlay/etc/puppet/modules/net/files/baas2_restoretest/validate-backup-files

@@ -12,18 +12,44 @@ fi
 set -eu
 
 restoretarget=/opt/restore-target
+status_file=/opt/baas2/validate-backup-status
+checksum_file=checksums.sha256
+status_critical="critical"
+status_ok="ok"
 
-# We want to start clean without files for each run to avoid getting qeustions about replace
+function exit_if_failed($) {
+  if [ $1 -ne 0 ]; then
+    echo $status_critical > "$status_file.tmp"
+    mv $status_file.tmp $status_file
+    exit 1
+  fi
+}
+
+# We want to start clean without files for each run to avoid getting questions about replace
 rm -f $restoretarget/*
+exit_if_failed "$?"
 
 # Get the encryption password for the server that we want to do "proxy" restore from
 enc_password=$(eyaml decrypt -f /etc/hiera/data/local.eyaml --pkcs7-private-key=/etc/hiera/eyaml/private_key.pkcs7.pem --pkcs7-public-key=/etc/hiera/eyaml/public_certkey.pkcs7.pem | awk '/^baas2_restoretest_encryption_password: /{print $2}')
 
 # Run expect script that should do a failed restore (wrong password) (and exit 0 if it failes)
 /opt/baas2/run-failed-restore.expect "$nodename"
+exit_if_failed "$?"
 
 # Run expect script that cancel any pending/open restores (which is an excpected result of the failed restore above)
 /opt/baas2/cancel-restore.expect "$nodename"
+exit_if_failed "$?"
 
 # Run expect script that uses the correct encryption password and does a successful restore
 /opt/baas2/run-successful-restore.expect "$nodename" "$enc_password"
+exit_if_failed "$?"
+
+# Validate checksums genereted by the backup node for all restored files
+cd $restoretarget
+sha256sum -c $checksum_file
+exit_if_failed "$?"
+
+# If all is good, exit 0
+echo $status_ok > "$status_file.tmp"
+mv $status_file.tmp $status_file
+exit 0