customer-engineering/wallarm
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

chore: auto-commit 2026-03-18 13:40

Browse source
This commit is contained in:
cclohmar 2026-03-18 13:40:08 +00:00
parent 52adfe472f
commit 208d78d508
1 changed files with 101 additions and 77 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

178
wallarm-deploy-ct.sh
View file

@ -1,55 +1,39 @@
#!/bin/bash #!/bin/bash
# ============================================================================== # ==============================================================================
# Wallarm Bulletproof Deployer - Banking Hardened (Manual Binary Support) # SECHPOINT WALLARM SMART DEPLOYER - BULLETPROOF V3
# ==============================================================================
# Support: Manual Docker/Podman | Auto-Port Mapping | Persistence
# ============================================================================== # ==============================================================================
# --- UI COLORS ---
BLUE='\033[0;34m'
CYAN='\033[0;36m'
YELLOW='\033[1;33m' YELLOW='\033[1;33m'
GREEN='\033[0;32m' GREEN='\033[0;32m'
RED='\033[0;31m' RED='\033[0;31m'
NC='\033[0m' NC='\033[0m' # No Color
BOLD='\033[1m'
# --- 1. PRE-FLIGHT: CONNECTIVITY & ENGINE --- clear
echo -e "${BLUE}${BOLD}==========================================================${NC}"
echo -e "${BLUE}${BOLD} WALLARM NODE - ENTERPRISE POC DEPLOYER ${NC}"
echo -e "${BLUE}${BOLD}==========================================================${NC}"
check_connectivity() { # --- 1. PRE-FLIGHT CHECKS ---
echo -e "\n${YELLOW}[1/5] Checking Connectivity & Registry...${NC}"
# Cloud Selection
read -p "Wallarm Cloud (US/EU) [US]: " CLOUD; CLOUD=${CLOUD^^}; CLOUD=${CLOUD:-US}
API_HOST=$([[ "$CLOUD" == "EU" ]] && echo "api.wallarm.com" || echo "us1.api.wallarm.com")
# Test Docker Hub Reachability
REGISTRY_REACHABLE=true
curl -skI --connect-timeout 5 "https://registry-1.docker.io/v2/" > /dev/null 2>&1 || REGISTRY_REACHABLE=false
if [ "$REGISTRY_REACHABLE" = false ]; then
echo -e "${RED}[ALERT]${NC} Docker Hub is CLOSED."
if ls *.tar >/dev/null 2>&1; then
echo -e "${GREEN}[INFO]${NC} Local .tar found. Will attempt 'docker load'."
else
echo -e "${RED}[ERROR]${NC} No internet and no local .tar image found. Please upload the wallarm-node image."; exit 1
fi
else
echo -e "${GREEN}[PASS]${NC} Docker Hub is reachable."
fi
}
setup_engine() { check_env() {
echo -e "\n${YELLOW}[2/5] Hardening Container Engine...${NC}" echo -e "\n${CYAN}[STEP 1/5] Checking Environment...${NC}"
# Check if Docker or Podman is already running # Engine Detection
if sudo docker info > /dev/null 2>&1; then if sudo docker info > /dev/null 2>&1; then
ENGINE="docker" ENGINE="docker"; echo -e " ${GREEN}${NC} Docker Engine detected"
echo -e "${GREEN}[INFO]${NC} Existing Docker Engine detected."
elif sudo podman info > /dev/null 2>&1; then elif sudo podman info > /dev/null 2>&1; then
ENGINE="podman" ENGINE="podman"; echo -e " ${GREEN}${NC} Podman Engine detected"
echo -e "${GREEN}[INFO]${NC} Existing Podman Engine detected."
else else
# No engine found, configure the manual Docker binaries echo -e " ${YELLOW}!${NC} No engine active. Setting up manual Docker service..."
echo "No engine active. Setting up manual Docker Service..."
if [ ! -f "/usr/bin/dockerd" ]; then if [ ! -f "/usr/bin/dockerd" ]; then
echo -e "${RED}[FAIL]${NC} /usr/bin/dockerd not found. Ensure binaries were moved."; exit 1 echo -e " ${RED}✗ FATAL: /usr/bin/dockerd not found.${NC}"; exit 1
fi fi
sudo tee /etc/systemd/system/docker.service > /dev/null <<EOF sudo tee /etc/systemd/system/docker.service > /dev/null <<EOF
[Unit] [Unit]
Description=Docker Engine Description=Docker Engine
@ -58,35 +42,59 @@ After=network-online.target
Type=notify Type=notify
ExecStart=/usr/bin/dockerd ExecStart=/usr/bin/dockerd
Restart=on-failure Restart=on-failure
StartLimitBurst=3
StartLimitInterval=60s
LimitNOFILE=infinity
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target
EOF EOF
sudo systemctl daemon-reload sudo systemctl daemon-reload && sudo systemctl enable --now docker
sudo systemctl enable --now docker
ENGINE="docker" ENGINE="docker"
fi fi
# Registry Check
REGISTRY_REACHABLE=true
curl -skI --connect-timeout 3 "https://registry-1.docker.io/v2/" > /dev/null 2>&1 || REGISTRY_REACHABLE=false
if [ "$REGISTRY_REACHABLE" = true ]; then
echo -e " ${GREEN}${NC} Docker Hub is reachable"
else
echo -e " ${YELLOW}!${NC} Docker Hub offline. Looking for local image..."
if ! ls *.tar >/dev/null 2>&1; then
echo -e " ${RED}✗ FATAL: No internet and no .tar image found.${NC}"; exit 1
fi
fi
} }
# --- 2. CONFIGURATION --- # --- 2. USER INPUT ---
get_params() { get_config() {
echo -e "\n${YELLOW}[3/5] Instance Configuration...${NC}" echo -e "\n${CYAN}[STEP 2/5] Configuration Settings...${NC}"
read -p "Wallarm Token: " TOKEN
read -p "Instance ID [1]: " ID; ID=${ID:-1} read -p " Enter Wallarm Token: " TOKEN
read -p "App IP [127.0.0.1]: " APP_IP; APP_IP=${APP_IP:-127.0.0.1} read -p " Inbound Traffic Port [80]: " IN_PORT
read -p "App Port [80]: " APP_PORT; APP_PORT=${APP_PORT:-80} IN_PORT=${IN_PORT:-80}
# Auto-calculate Monitoring Port
MON_PORT=$((IN_PORT + 10))
echo -e " ${YELLOW}i${NC} Monitoring port set to: ${BOLD}$MON_PORT${NC}"
INSTANCE_DIR="/opt/wallarm/$ID" read -p " App IP (Upstream) [127.0.0.1]: " APP_IP
sudo mkdir -p "$INSTANCE_DIR" APP_IP=${APP_IP:-127.0.0.1}
read -p " App Port (Upstream) [8080]: " APP_PORT
APP_PORT=${APP_PORT:-8080}
# Verify ports are free
for p in $IN_PORT $MON_PORT; do
if sudo netstat -tulpn | grep -q ":$p "; then
echo -e " ${RED}✗ FATAL: Port $p is already in use.${NC}"; exit 1
fi
done
} }
# --- 3. PERSISTENCE ARTIFACTS --- # --- 3. ARTIFACT GENERATION ---
generate_artifacts() { generate_files() {
echo -e "\n${YELLOW}[4/5] Building Persistence Layers...${NC}" echo -e "\n${CYAN}[STEP 3/5] Generating Persistence Layers...${NC}"
INSTANCE_DIR="/opt/wallarm/poc_$IN_PORT"
sudo mkdir -p "$INSTANCE_DIR"
# Nginx Conf # Nginx Conf
sudo tee "$INSTANCE_DIR/nginx.conf" > /dev/null <<EOF sudo tee "$INSTANCE_DIR/nginx.conf" > /dev/null <<EOF
@ -99,55 +107,71 @@ server {
proxy_set_header X-Real-IP \$remote_addr; proxy_set_header X-Real-IP \$remote_addr;
} }
} }
server { listen 90; location /wallarm-status { wallarm_status on; } } server {
listen 90;
location /wallarm-status {
wallarm_status on;
}
}
EOF EOF
# Shell Start Script (The Persistence Logic) # Start Script
sudo tee "$INSTANCE_DIR/start.sh" > /dev/null <<EOF sudo tee "$INSTANCE_DIR/start.sh" > /dev/null <<EOF
#!/bin/bash #!/bin/bash
echo "Cleaning old containers..." sudo $ENGINE rm -f wallarm-node-$IN_PORT 2>/dev/null
sudo $ENGINE rm -f wallarm-node-$ID 2>/dev/null
echo "Launching Wallarm Node..."
sudo $ENGINE run -d \\ sudo $ENGINE run -d \\
--name wallarm-node-$ID \\ --name wallarm-node-$IN_PORT \\
--restart always \\ --restart always \\
-p 80:80 -p 90:90 \\ -p $IN_PORT:80 -p $MON_PORT:90 \\
-e WALLARM_API_TOKEN=$TOKEN \\ -e WALLARM_API_TOKEN=$TOKEN \\
-e WALLARM_API_HOST=$API_HOST \\
-v "$INSTANCE_DIR/nginx.conf:/etc/nginx/http.d/default.conf:ro" \\ -v "$INSTANCE_DIR/nginx.conf:/etc/nginx/http.d/default.conf:ro" \\
wallarm/node:latest wallarm/node:latest
EOF EOF
sudo chmod +x "$INSTANCE_DIR/start.sh" sudo chmod +x "$INSTANCE_DIR/start.sh"
echo -e " ${GREEN}${NC} Created artifacts in $INSTANCE_DIR"
} }
# --- 4. EXECUTION --- # --- 4. DEPLOYMENT ---
run_poc() { deploy() {
echo -e "\n${YELLOW}[5/5] Executing Deployment...${NC}" echo -e "\n${CYAN}[STEP 4/5] Pulling and Launching...${NC}"
if [ "$REGISTRY_REACHABLE" = true ]; then if [ "$REGISTRY_REACHABLE" = true ]; then
echo "Pulling latest image..."
sudo $ENGINE pull wallarm/node:latest sudo $ENGINE pull wallarm/node:latest
else else
echo "Loading image from local storage..."
sudo $ENGINE load < *.tar sudo $ENGINE load < *.tar
fi fi
sudo "$INSTANCE_DIR/start.sh" sudo "$INSTANCE_DIR/start.sh"
}
sleep 15 # --- 5. VERIFICATION ---
echo -n "Verifying Node Status... "
if curl -s http://localhost:90/wallarm-status | grep -q "requests"; then verify() {
echo -e "${GREEN}✅ POC ACTIVE${NC}" echo -e "\n${CYAN}[STEP 5/5] Final Handshake...${NC}"
sleep 12
if curl -s "http://localhost:$MON_PORT/wallarm-status" | grep -q "requests"; then
echo -e "\n${GREEN}${BOLD}==========================================================${NC}"
echo -e "${GREEN}${BOLD} ✅ DEPLOYMENT SUCCESSFUL ${NC}"
echo -e "${GREEN}${BOLD}==========================================================${NC}"
echo -e " Traffic Entry: ${BOLD}http://<Server-IP>:$IN_PORT${NC}"
echo -e " Node Status: ${BOLD}http://localhost:$MON_PORT/wallarm-status${NC}"
echo -e " Config Dir: $INSTANCE_DIR"
echo -e "${GREEN}${BOLD}==========================================================${NC}\n"
else else
echo -e "${RED}❌ FAILED${NC}. Check logs: sudo $ENGINE logs wallarm-node-$ID" echo -e "\n${RED}${BOLD}==========================================================${NC}"
echo -e "${RED}${BOLD} ❌ DEPLOYMENT FAILED ${NC}"
echo -e "${RED}${BOLD}==========================================================${NC}"
echo -e " The container started but is not responding."
echo -e " Check logs: ${BOLD}sudo $ENGINE logs wallarm-node-$IN_PORT${NC}"
echo -e "${RED}${BOLD}==========================================================${NC}\n"
fi fi
} }
# --- RUN --- # --- RUN ---
check_connectivity check_env
setup_engine get_config
get_params generate_files
generate_artifacts deploy
run_poc verify