#!/usr/bin/env bash # restore.sh — CONTRACT_004 §4.6 restore verifier (operator orchestrator). # # ./backup/restore.sh [rfs|off] # # Pulls the bundle (default from RustFS; `off` checks the offsite copy) and asserts # it reconstructs into scratch resources — NON-DESTRUCTIVE, it never touches the # live platform. The real disaster restore is dr/restore-to-fresh-vm.sh (T13). set -euo pipefail ROOT="$(cd "$(dirname "$0")/.." && pwd)" DIR="$ROOT/bootstrap" TS="${1:?usage: restore.sh [rfs|off]}" SRC="${2:-rfs}" export PULUMI_BACKEND_URL="file://${DIR}/state" export PULUMI_CONFIG_PASSPHRASE="$(pass olsitec-foundation/PULUMI_CONFIG_PASSPHRASE)" KEY="${SSH_PRIVATE_KEY_PATH:-${HOME}/.ssh/foundation-test_ed25519}" MC_IMAGE="$(grep '^IMAGE_MC=' "$ROOT/VERSIONS" | cut -d= -f2-)" PG_IMAGE="$(grep '^IMAGE_POSTGRES=' "$ROOT/VERSIONS" | cut -d= -f2-)" cd "$DIR" pulumi stack select foundation >/dev/null OFF_EP=$(pulumi config get foundation:backup.offsiteEndpoint) OFF_AK=$(pulumi config get foundation:backup.offsiteAccessKey) OFF_SK=$(pulumi config get foundation:backup.offsiteSecretKey) BUCKET=$(pulumi config get foundation:backup.bucket) HOST=$(pulumi config get foundation:vm.host) PORT=$(pulumi config get foundation:vm.sshPort) SUSER=$(pulumi config get foundation:vm.user) SSHX="ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o ConnectTimeout=15 -i $KEY -p $PORT $SUSER@$HOST" $SSHX "cat > /tmp/restore-remote-$TS.sh" < "$ROOT/backup/restore-remote.sh" printf '%s\n%s\n%s\n%s\n' "$OFF_EP" "$OFF_AK" "$OFF_SK" "$BUCKET" \ | $SSHX "sh /tmp/restore-remote-$TS.sh '$TS' '$MC_IMAGE' '$PG_IMAGE' '$SRC'; rm -f /tmp/restore-remote-$TS.sh"