@@ -1072,6 +1072,225 @@ jobs:
10721072 # for etc, state , copy the backup to docker FS then restore via tar at the correct location
10731073 # for kvdump , we need to copy backup to /opt/splunk/var/lib/splunk/kvstorebackup/backupconfsplunk-kvdump-toberestored.tar.gz
10741074 # at first start splunkconf-backup app will restore the content automatically
1075+ echo "=== Restoring backup files into the new Splunk container ==="
1076+ echo "Splunk type: ${{ matrix.splunk_type }}"
1077+ echo "Context type: ${{ matrix.context_type }}"
1078+ echo "SPLUNK_HOME: ${SPLUNK_HOME}"
1079+ echo "IS_UF: ${IS_UF}"
1080+ echo ""
1081+
1082+ # ------------------------------------------------------------
1083+ # Helper: find the most recent file matching a glob pattern
1084+ # ------------------------------------------------------------
1085+ find_latest() {
1086+ local pattern="$1"
1087+ # List matching files with mtime, sort descending, return the newest
1088+ ls -1t ./test_output/${pattern} 2>/dev/null | head -n 1 || true
1089+ }
1090+
1091+ # ------------------------------------------------------------
1092+ # Helper: choose tar decompression flag based on extension
1093+ # ------------------------------------------------------------
1094+ tar_extract_cmd() {
1095+ local archive="$1"
1096+ local target="$2"
1097+ case "$archive" in`
1098+ *.tar.zst)
1099+ # zstd must be available inside the container.
1100+ # Splunk Enterprise images typically have it; fallback otherwise.
1101+ echo "tar -I zstd -xf '${archive}' -C '${target}'"
1102+ ;;
1103+ *.tar.gz|*.tgz)
1104+ echo "tar -xzf '${archive}' -C '${target}'"
1105+ ;;
1106+ *.tar)
1107+ echo "tar -xf '${archive}' -C '${target}'"
1108+ ;;
1109+ *)
1110+ # Best-effort auto-detect
1111+ echo "tar -xf '${archive}' -C '${target}' 2>/dev/null || tar -xzf '${archive}' -C '${target}' 2>/dev/null || tar -I zstd -xf '${archive}' -C '${target}'"
1112+ ;;
1113+ esac
1114+ }
1115+
1116+ # ------------------------------------------------------------
1117+ # Helper: copy a backup into the container and extract at SPLUNK_HOME
1118+ # Creates SPLUNK_HOME if missing, and chowns to splunk user afterwards.
1119+ # ------------------------------------------------------------
1120+ restore_archive_to_splunk_home() {
1121+ local local_path="$1"
1122+ local label="$2"
1123+
1124+ if [ -z "$local_path" ] || [ ! -f "$local_path" ]; then
1125+ echo " ⚠️ ${label}: no archive provided or file does not exist (${local_path})"
1126+ return 1
1127+ fi
1128+
1129+ local fname
1130+ fname=$(basename "$local_path")
1131+ echo ""
1132+ echo " ⚠️ ¦ Restoring ${label} backup: ${fname}"
1133+ echo " Source: ${local_path}"
1134+ echo " Target: ${SPLUNK_HOME}/ (inside container)"
1135+
1136+ # Make sure SPLUNK_HOME exists in the container (it does for normal images,
1137+ # but safe-guard in case of unusual layouts)
1138+ docker exec --user root splunk bash -c "mkdir -p '${SPLUNK_HOME}'"
1139+
1140+ # Copy archive to /tmp inside the container
1141+ docker cp "${local_path}" "splunk:/tmp/${fname}"
1142+
1143+ # Build and execute the appropriate extract command (as splunk so we dont have to fix permissions
1144+ local extract_cmd
1145+ extract_cmd=$(tar_extract_cmd "/tmp/${fname}" "${SPLUNK_HOME}")
1146+ echo " Extract: ${extract_cmd}"
1147+
1148+ docker exec --user splunk splunk bash -c "${extract_cmd}"
1149+ local rc=$?
1150+ if [ $rc -ne 0 ]; then
1151+ echo " 💥 Extraction failed for ${label} (rc=${rc})"
1152+ return 1
1153+ fi
1154+
1155+ # Cleanup tmp file
1156+ docker exec --user root splunk bash -c "rm -f '/tmp/${fname}'"
1157+
1158+ echo " ✅ ${label} backup extracted successfully."
1159+ return 0
1160+ }
1161+
1162+ # ------------------------------------------------------------
1163+ # 1) Restore the latest ETC backup
1164+ # ------------------------------------------------------------
1165+ echo "--- Locating latest ETC backup ---"
1166+ LATEST_ETC=$(find_latest "backupconfsplunk-*-etc-targeted-*.tar.gz")
1167+ if [ -z "$LATEST_ETC" ]; then
1168+ LATEST_ETC=$(find_latest "backupconfsplunk-*-etc-targeted-*.tar.zst")
1169+ fi
1170+ if [ -z "$LATEST_ETC" ]; then
1171+ LATEST_ETC=$(find_latest "backupconfsplunk-*-etc-targeted-*.tar")
1172+ fi
1173+ echo "Latest ETC backup: ${LATEST_ETC:-<none>}"
1174+
1175+ if [ -n "$LATEST_ETC" ]; then
1176+ restore_archive_to_splunk_home "$LATEST_ETC" "ETC" || {
1177+ echo "â ERROR: Failed to restore ETC backup"
1178+ exit 1
1179+ }
1180+ else
1181+ echo "â ERROR: No ETC backup found in ./test_output/ â cannot proceed with restore"
1182+ ls -la ./test_output/ || true
1183+ exit 1
1184+ fi
1185+
1186+ # ------------------------------------------------------------
1187+ # 2) Restore the latest STATE backup
1188+ # ------------------------------------------------------------
1189+ echo ""
1190+ echo "--- Locating latest STATE backup ---"
1191+ LATEST_STATE=$(find_latest "backupconfsplunk-*-state-*.tar.gz")
1192+ if [ -z "$LATEST_STATE" ]; then
1193+ LATEST_STATE=$(find_latest "backupconfsplunk-*-state-*.tar.zst")
1194+ fi
1195+ if [ -z "$LATEST_STATE" ]; then
1196+ LATEST_STATE=$(find_latest "backupconfsplunk-*-state-*.tar")
1197+ fi
1198+ echo "Latest STATE backup: ${LATEST_STATE:-<none>}"
1199+
1200+ if [ -n "$LATEST_STATE" ]; then
1201+ restore_archive_to_splunk_home "$LATEST_STATE" "STATE" || {
1202+ echo "💥 ERROR: Failed to restore STATE backup"
1203+ exit 1
1204+ }
1205+ else
1206+ echo "💥 ERROR: No STATE backup found in ./test_output/"
1207+ ls -la ./test_output/ || true
1208+ exit 1
1209+ fi
1210+
1211+ # ------------------------------------------------------------
1212+ # 3) Restore the latest KVDUMP backup (Enterprise only, kvstore enabled)
1213+ # For kvdump we DO NOT extract: we drop the archive into
1214+ # ${SPLUNK_HOME}/var/lib/splunk/kvstorebackup/ with the special name
1215+ # backupconfsplunk-kvdump-toberestored.tar.gz so splunkconf-backup
1216+ # auto-restores it on first start.
1217+ # ------------------------------------------------------------
1218+ echo ""
1219+ echo "--- KVDUMP restore decision ---"
1220+ if [ "${IS_UF}" = "1" ]; then
1221+ echo " ⚠️ Universal Forwarder: skipping KVDUMP restore (not applicable)"
1222+ elif [ "${{ matrix.context_type }}" = "kvstore_disabled" ]; then
1223+ echo " ⚠️ kvstore_disabled context: skipping KVDUMP restore"
1224+ else
1225+ echo "--- Locating latest KVDUMP backup ---"
1226+ LATEST_KVDUMP=$(find_latest "backupconfsplunk-kvdump-*.tar.gz")
1227+ if [ -z "$LATEST_KVDUMP" ]; then
1228+ LATEST_KVDUMP=$(find_latest "backupconfsplunk-kvdump-*.tgz")
1229+ fi
1230+ echo "Latest KVDUMP backup: ${LATEST_KVDUMP:-<none>}"
1231+
1232+ if [ -n "$LATEST_KVDUMP" ]; then
1233+ KV_DEST_DIR="${SPLUNK_HOME}/var/lib/splunk/kvstorebackup"
1234+ KV_DEST_NAME="backupconfsplunk-kvdump-toberestored.tar.gz"
1235+
1236+ echo " ✅ ¦ Placing KVDUMP backup for auto-restore"
1237+ echo " Source: ${LATEST_KVDUMP}"
1238+ echo " Target: ${KV_DEST_DIR}/${KV_DEST_NAME}"
1239+
1240+ # Make sure target directory exists with correct ownership
1241+ docker exec --user root splunk bash -c "mkdir -p '${KV_DEST_DIR}'"
1242+
1243+ # Copy with the special "toberestored" name so the app picks it up
1244+ docker cp "${LATEST_KVDUMP}" "splunk:${KV_DEST_DIR}/${KV_DEST_NAME}"
1245+
1246+ # Fix ownership so splunk user can read it
1247+ docker exec --user root splunk bash -c \
1248+ "chown -R ${SPLUNK_USER:-splunk}:${SPLUNK_USER:-splunk} '${KV_DEST_DIR}'"
1249+
1250+ echo " ✅ KVDUMP backup placed for auto-restore on first start."
1251+ else
1252+ echo " ⚠️ WARNING: No KVDUMP backup found in ./test_output/ (continuing without it)"
1253+ fi
1254+ fi
1255+
1256+ # ------------------------------------------------------------
1257+ # 4) Fix ownership across SPLUNK_HOME so Splunk can start cleanly
1258+ # ------------------------------------------------------------
1259+ echo ""
1260+ echo "--- Fixing ownership of ${SPLUNK_HOME} ---"
1261+ docker exec --user root splunk bash -c \
1262+ "chown -R ${SPLUNK_USER:-splunk}:${SPLUNK_USER:-splunk} '${SPLUNK_HOME}'" || {
1263+ echo "⚠️ WARNING: chown failed (may be ok depending on image)"
1264+ }
1265+
1266+ # ------------------------------------------------------------
1267+ # 5) Sanity-check: list a few key restored locations
1268+ # ------------------------------------------------------------
1269+ echo ""
1270+ echo "--- Post-restore sanity checks ---"
1271+ echo "Apps directory:"
1272+ docker exec --user root splunk bash -c "ls -la '${SPLUNK_HOME}/etc/apps/' 2>/dev/null | head -30" || true
1273+ echo ""
1274+ echo "splunkconf-backup app present?"
1275+ docker exec --user root splunk bash -c \
1276+ "test -d '${SPLUNK_HOME}/etc/apps/${{ env.APP_NAME }}' && echo 'YES' || echo 'NO'"
1277+ echo ""
1278+ echo "testapp present?"
1279+ docker exec --user root splunk bash -c \
1280+ "test -f '${SPLUNK_HOME}/etc/apps/testapp/local/props.conf' && echo 'YES' || echo 'NO'"
1281+ echo ""
1282+ if [ "${IS_UF}" = "0" ] && [ "${{ matrix.context_type }}" != "kvstore_disabled" ]; then
1283+ echo "KVDUMP staging directory:"
1284+ docker exec --user root splunk bash -c \
1285+ "ls -la '${SPLUNK_HOME}/var/lib/splunk/kvstorebackup/' 2>/dev/null" || true
1286+ fi
1287+ echo ""
1288+ echo "Fishbucket present (state restore check)?"
1289+ docker exec --user root splunk bash -c \
1290+ "test -d '${SPLUNK_HOME}/var/lib/splunk/fishbucket' && echo 'YES' || echo 'NO'"
1291+
1292+ echo ""
1293+ echo "✅ Restore step complete."
10751294
10761295# -------------------------------------------------------
10771296 # Step 19: Run ansible and start splunk inside container
0 commit comments