From 208d78d5085fd1840dc66b0b13977a1d9f17a313 Mon Sep 17 00:00:00 2001 From: cclohmar Date: Wed, 18 Mar 2026 13:40:08 +0000 Subject: [PATCH] chore: auto-commit 2026-03-18 13:40 --- wallarm-deploy-ct.sh | 178 ++++++++++++++++++++++++------------------- 1 file changed, 101 insertions(+), 77 deletions(-) diff --git a/wallarm-deploy-ct.sh b/wallarm-deploy-ct.sh index 7da88db..68d9464 100644 --- a/wallarm-deploy-ct.sh +++ b/wallarm-deploy-ct.sh @@ -1,55 +1,39 @@ #!/bin/bash # ============================================================================== -# Wallarm Bulletproof Deployer - Banking Hardened (Manual Binary Support) +# SECHPOINT WALLARM SMART DEPLOYER - BULLETPROOF V3 +# ============================================================================== +# Support: Manual Docker/Podman | Auto-Port Mapping | Persistence # ============================================================================== +# --- UI COLORS --- +BLUE='\033[0;34m' +CYAN='\033[0;36m' YELLOW='\033[1;33m' GREEN='\033[0;32m' RED='\033[0;31m' -NC='\033[0m' +NC='\033[0m' # No Color +BOLD='\033[1m' -# --- 1. PRE-FLIGHT: CONNECTIVITY & ENGINE --- +clear +echo -e "${BLUE}${BOLD}==========================================================${NC}" +echo -e "${BLUE}${BOLD} WALLARM NODE - ENTERPRISE POC DEPLOYER ${NC}" +echo -e "${BLUE}${BOLD}==========================================================${NC}" -check_connectivity() { - echo -e "\n${YELLOW}[1/5] Checking Connectivity & Registry...${NC}" - - # Cloud Selection - read -p "Wallarm Cloud (US/EU) [US]: " CLOUD; CLOUD=${CLOUD^^}; CLOUD=${CLOUD:-US} - API_HOST=$([[ "$CLOUD" == "EU" ]] && echo "api.wallarm.com" || echo "us1.api.wallarm.com") - - # Test Docker Hub Reachability - REGISTRY_REACHABLE=true - curl -skI --connect-timeout 5 "https://registry-1.docker.io/v2/" > /dev/null 2>&1 || REGISTRY_REACHABLE=false - - if [ "$REGISTRY_REACHABLE" = false ]; then - echo -e "${RED}[ALERT]${NC} Docker Hub is CLOSED." - if ls *.tar >/dev/null 2>&1; then - echo -e "${GREEN}[INFO]${NC} Local .tar found. Will attempt 'docker load'." - else - echo -e "${RED}[ERROR]${NC} No internet and no local .tar image found. Please upload the wallarm-node image."; exit 1 - fi - else - echo -e "${GREEN}[PASS]${NC} Docker Hub is reachable." - fi -} +# --- 1. PRE-FLIGHT CHECKS --- -setup_engine() { - echo -e "\n${YELLOW}[2/5] Hardening Container Engine...${NC}" +check_env() { + echo -e "\n${CYAN}[STEP 1/5] Checking Environment...${NC}" - # Check if Docker or Podman is already running + # Engine Detection if sudo docker info > /dev/null 2>&1; then - ENGINE="docker" - echo -e "${GREEN}[INFO]${NC} Existing Docker Engine detected." + ENGINE="docker"; echo -e " ${GREEN}✓${NC} Docker Engine detected" elif sudo podman info > /dev/null 2>&1; then - ENGINE="podman" - echo -e "${GREEN}[INFO]${NC} Existing Podman Engine detected." + ENGINE="podman"; echo -e " ${GREEN}✓${NC} Podman Engine detected" else - # No engine found, configure the manual Docker binaries - echo "No engine active. Setting up manual Docker Service..." + echo -e " ${YELLOW}!${NC} No engine active. Setting up manual Docker service..." if [ ! -f "/usr/bin/dockerd" ]; then - echo -e "${RED}[FAIL]${NC} /usr/bin/dockerd not found. Ensure binaries were moved."; exit 1 + echo -e " ${RED}✗ FATAL: /usr/bin/dockerd not found.${NC}"; exit 1 fi - sudo tee /etc/systemd/system/docker.service > /dev/null < /dev/null 2>&1 || REGISTRY_REACHABLE=false + if [ "$REGISTRY_REACHABLE" = true ]; then + echo -e " ${GREEN}✓${NC} Docker Hub is reachable" + else + echo -e " ${YELLOW}!${NC} Docker Hub offline. Looking for local image..." + if ! ls *.tar >/dev/null 2>&1; then + echo -e " ${RED}✗ FATAL: No internet and no .tar image found.${NC}"; exit 1 + fi + fi } -# --- 2. CONFIGURATION --- +# --- 2. USER INPUT --- -get_params() { - echo -e "\n${YELLOW}[3/5] Instance Configuration...${NC}" - read -p "Wallarm Token: " TOKEN - read -p "Instance ID [1]: " ID; ID=${ID:-1} - read -p "App IP [127.0.0.1]: " APP_IP; APP_IP=${APP_IP:-127.0.0.1} - read -p "App Port [80]: " APP_PORT; APP_PORT=${APP_PORT:-80} +get_config() { + echo -e "\n${CYAN}[STEP 2/5] Configuration Settings...${NC}" + + read -p " Enter Wallarm Token: " TOKEN + read -p " Inbound Traffic Port [80]: " IN_PORT + IN_PORT=${IN_PORT:-80} + + # Auto-calculate Monitoring Port + MON_PORT=$((IN_PORT + 10)) + echo -e " ${YELLOW}i${NC} Monitoring port set to: ${BOLD}$MON_PORT${NC}" - INSTANCE_DIR="/opt/wallarm/$ID" - sudo mkdir -p "$INSTANCE_DIR" + read -p " App IP (Upstream) [127.0.0.1]: " APP_IP + APP_IP=${APP_IP:-127.0.0.1} + read -p " App Port (Upstream) [8080]: " APP_PORT + APP_PORT=${APP_PORT:-8080} + + # Verify ports are free + for p in $IN_PORT $MON_PORT; do + if sudo netstat -tulpn | grep -q ":$p "; then + echo -e " ${RED}✗ FATAL: Port $p is already in use.${NC}"; exit 1 + fi + done } -# --- 3. PERSISTENCE ARTIFACTS --- +# --- 3. ARTIFACT GENERATION --- -generate_artifacts() { - echo -e "\n${YELLOW}[4/5] Building Persistence Layers...${NC}" +generate_files() { + echo -e "\n${CYAN}[STEP 3/5] Generating Persistence Layers...${NC}" + + INSTANCE_DIR="/opt/wallarm/poc_$IN_PORT" + sudo mkdir -p "$INSTANCE_DIR" # Nginx Conf sudo tee "$INSTANCE_DIR/nginx.conf" > /dev/null < /dev/null </dev/null - -echo "Launching Wallarm Node..." +sudo $ENGINE rm -f wallarm-node-$IN_PORT 2>/dev/null sudo $ENGINE run -d \\ - --name wallarm-node-$ID \\ + --name wallarm-node-$IN_PORT \\ --restart always \\ - -p 80:80 -p 90:90 \\ + -p $IN_PORT:80 -p $MON_PORT:90 \\ -e WALLARM_API_TOKEN=$TOKEN \\ - -e WALLARM_API_HOST=$API_HOST \\ -v "$INSTANCE_DIR/nginx.conf:/etc/nginx/http.d/default.conf:ro" \\ wallarm/node:latest EOF sudo chmod +x "$INSTANCE_DIR/start.sh" + echo -e " ${GREEN}✓${NC} Created artifacts in $INSTANCE_DIR" } -# --- 4. EXECUTION --- +# --- 4. DEPLOYMENT --- -run_poc() { - echo -e "\n${YELLOW}[5/5] Executing Deployment...${NC}" +deploy() { + echo -e "\n${CYAN}[STEP 4/5] Pulling and Launching...${NC}" if [ "$REGISTRY_REACHABLE" = true ]; then - echo "Pulling latest image..." sudo $ENGINE pull wallarm/node:latest else - echo "Loading image from local storage..." sudo $ENGINE load < *.tar fi sudo "$INSTANCE_DIR/start.sh" +} - sleep 15 - echo -n "Verifying Node Status... " - if curl -s http://localhost:90/wallarm-status | grep -q "requests"; then - echo -e "${GREEN}✅ POC ACTIVE${NC}" +# --- 5. VERIFICATION --- + +verify() { + echo -e "\n${CYAN}[STEP 5/5] Final Handshake...${NC}" + sleep 12 + + if curl -s "http://localhost:$MON_PORT/wallarm-status" | grep -q "requests"; then + echo -e "\n${GREEN}${BOLD}==========================================================${NC}" + echo -e "${GREEN}${BOLD} ✅ DEPLOYMENT SUCCESSFUL ${NC}" + echo -e "${GREEN}${BOLD}==========================================================${NC}" + echo -e " Traffic Entry: ${BOLD}http://:$IN_PORT${NC}" + echo -e " Node Status: ${BOLD}http://localhost:$MON_PORT/wallarm-status${NC}" + echo -e " Config Dir: $INSTANCE_DIR" + echo -e "${GREEN}${BOLD}==========================================================${NC}\n" else - echo -e "${RED}❌ FAILED${NC}. Check logs: sudo $ENGINE logs wallarm-node-$ID" + echo -e "\n${RED}${BOLD}==========================================================${NC}" + echo -e "${RED}${BOLD} ❌ DEPLOYMENT FAILED ${NC}" + echo -e "${RED}${BOLD}==========================================================${NC}" + echo -e " The container started but is not responding." + echo -e " Check logs: ${BOLD}sudo $ENGINE logs wallarm-node-$IN_PORT${NC}" + echo -e "${RED}${BOLD}==========================================================${NC}\n" fi } # --- RUN --- -check_connectivity -setup_engine -get_params -generate_artifacts -run_poc \ No newline at end of file +check_env +get_config +generate_files +deploy +verify \ No newline at end of file