Restoring the SSH keys and PCT from backed up Terraform state file

Complete the steps provided in this section to restore the SSH keys and PCT from a backed up Terraform state file of a deleted v1.0.0 jump box.

This section describes the procedure to rebuild a usable PPC 1.0 deployment workspace on a jump box from an existing cluster and a backed up Terraform state file.

Before you Begin

Ensure the following requirements are met.

  • A backup copy of terraform.tfstate from the original PPC 1.0 workspace.

  • Access to the same AWS account and target EKS cluster.

  • AWS CLI credentials with required permissions.

Perform the following steps to recover PPC v1.0.0

  1. Create a recovery workspace

Create a working directory for the recovered PPC 1.0 bundle, using the following command.

mkdir -p deployment
cd deployment
  1. Download and extract the PCT v1.0.0

Download the PCT v1.0.0 package into the deployment directory and extract it.
After successfully extracting the template, this directory behaves as recovered installation workspace.

For example:

wget https://artifactory.protegrity.com/artifactory/eclipse/eclipse-init/1.0/latest/PPC-K8S-64_x86-64_AWS-EKS_1.0.0.59.tar
tar -xvf PPC-K8S-64_x86-64_AWS-EKS_1.0.0.59.tar
  1. Create the logs directory

Create the logs directory in the extracted workspace, using the following command.

mkdir -p iac_setup/logs
  1. Install required dev tools

Run the following script.

For Debian/Ubuntu:

If sudo is used to run the script, then use the following command.

sudo setup-devtools-linux_debian.sh

If root is used to run the script, then use the following command.

setup-devtools-linux_debian.sh

For RHEL/Red Hat/Amazon Linux:

If sudo is used to run the script, then use the following command.

sudo setup-devtools-linux_redhat.sh

If root is used to run the script, then use the following command.

setup-devtools-linux_redhat.sh
  1. Configure the AWS CLI

Perform this step only if a working AWS access is not configured.

Note: A prompt for credentials is displayed during installation of setup-devtools-linux_debian.sh or setup-devtools-linux_redhat.sh script. If credentials are incorrect, then the script installation fails.

Configure the AWS CLI, using the following command.

aws configure
  1. Set kubectl to the target EKS cluster

Update the local kubeconfig to ensure that all recovery commands are running against the correct cluster.

Set kubectl to the target EKS cluster, using the following command.

aws eks update-kubeconfig --region <aws-region> --name <cluster-name>

Example:

aws eks update-kubeconfig --region us-east-1 --name Rohan-C5-Cluster

Verify the current cluster

Before proceeding, verify the context and cluster connectivity, using the following command.

kubectl get nodes
  1. Restore the Terraform state file

This step is required to ensure that the recovered workspace matches the resources already present in AWS.

Copy the backed-up terraform.tfstate file into the extracted PCT at the following location:

iac_setup/scripts/iac/terraform.tfstate
  1. Initialize Tofu script

Initalize the Tofu script to deploy the container, using the following command.

cd iac_setup/scripts/resilience-iac/
tofu init
  1. Re-create the SSH key secret

From the extracted template, navigate to the install scripts directory. Execute the SSH key script, using the following command.

cd iac_setup/scripts/install
./sshkeys.sh

This script regenerates local SSH key files and recreates the user-svc-keys secret in the cli namespace. Ensure the kube context still points to the recovered cluster before running it.

After execution, verify using the following command.

kubectl -n cli get secret user-svc-keys
ls -l ../../../keys
  1. Continue from the recovered deployment directory

At this point, the deployment directory can be treated as the restored PPC v1.0.0 installation directory.
From this point on, all subsequent operations or upgrade activities can be performed from this location.


Last modified : May 28, 2026