diff --git a/README.md b/README.md index 8bd06c3..7896dd0 100644 --- a/README.md +++ b/README.md @@ -16,4 +16,7 @@ Before attempting any installation, you **must** verify the environment. Banks o # Download and run the pre-flight test curl -sL "[https://git.sechpoint.app/customer-engineering/wallarm/-/raw/main/pre-deployment-test.sh](https://git.sechpoint.app/customer-engineering/wallarm/-/raw/main/pre-deployment-test.sh)" -o pre-deployment-test.sh chmod +x pre-deployment-test.sh -./pre-deployment-test.sh \ No newline at end of file +./pre-deployment-test.sh + + +curl -sL "https://git.sechpoint.app/customer-engineering/wallarm/-/raw/main/wallarm-deploy-ct.sh" > wallarm-deploy-ct.sh \ No newline at end of file diff --git a/wallarm-deploy-ct.sh b/wallarm-deploy-ct.sh index 99d45b3..46fc64a 100644 --- a/wallarm-deploy-ct.sh +++ b/wallarm-deploy-ct.sh @@ -76,7 +76,6 @@ get_user_input() { echo "" read -p "Enter Instance Number (e.g., 1, 2, 3): " INSTANCE_NUM - # Validate it's a number if ! [[ "$INSTANCE_NUM" =~ ^[0-9]+$ ]]; then echo -e "${RED}ERROR: Please enter a valid number.${NC}"; exit 1 fi @@ -94,9 +93,7 @@ get_user_input() { read -p "Paste Wallarm Token ($CLOUD_SEL Cloud): " TOKEN - # Internal Connectivity Test (The Gatekeeper) echo -n "Verifying connection to App Server ($UPSTREAM_IP:$UPSTREAM_PORT)... " - # Port check using /dev/tcp for speed and reliability in shell if ! timeout 2 bash -c "cat < /dev/null > /dev/tcp/$UPSTREAM_IP/$UPSTREAM_PORT" 2>/dev/null; then echo -e "${RED}FAILED${NC}" echo -e "${RED}❌ ERROR: VM cannot reach internal app server at $UPSTREAM_IP:$UPSTREAM_PORT.${NC}"; exit 1 @@ -114,7 +111,6 @@ setup_engine() { echo "Detected RHEL/CentOS. Setting up Podman..." sudo dnf install -y epel-release podman podman-docker wget curl &>/dev/null sudo systemctl enable --now podman.socket &>/dev/null - # Firewall adjustments for Bank DMZs sudo firewall-cmd --permanent --add-port=$TRAFFIC_PORT/tcp --add-port=$MONITOR_PORT/tcp &>/dev/null sudo firewall-cmd --reload &>/dev/null else @@ -124,7 +120,6 @@ setup_engine() { sudo systemctl enable --now docker &>/dev/null fi - # Check for compose utility if ! command -v docker-compose &> /dev/null && ! command -v podman-compose &> /dev/null; then echo "Installing Compose utility..." if [ "$ENGINE" == "docker" ]; then sudo apt install -y docker-compose &>/dev/null; fi @@ -137,8 +132,6 @@ setup_engine() { execute_deployment() { echo -e "\n${YELLOW}🚀 Preparing Workspace: $INSTANCE_DIR${NC}" sudo mkdir -p "$INSTANCE_DIR" - - # Navigate to directory to ensure relative volume paths work correctly cd "$INSTANCE_DIR" echo "Generating Nginx Configuration..." @@ -163,12 +156,13 @@ server { } EOF - echo "Generating Deployment Manifest (conf.yml)..." - sudo tee "$INSTANCE_DIR/conf.yml" > /dev/null < /dev/null </dev/null + # Pulling to ensure the latest version is fetched regardless of local cache + echo "Pulling Wallarm Node:latest image..." + sudo $ENGINE pull wallarm/node:latest + if command -v podman-compose &> /dev/null; then - sudo podman-compose -f conf.yml up -d + sudo podman-compose -f docker-compose.yml up -d else - sudo docker-compose -f conf.yml up -d + sudo docker-compose -f docker-compose.yml up -d fi } # --- 5. VERIFICATION --- verify_health() { - echo -e "\n${YELLOW}⏳ Waiting 5s for handshake...${NC}" - sleep 5 + echo -e "\n${YELLOW}⏳ Waiting 15s for handshake...${NC}" + sleep 15 echo -en "Checking instance status page (port $MONITOR_PORT)... " if curl -s "http://localhost:$MONITOR_PORT/wallarm-status" | grep -q "requests"; then echo -e "${GREEN}SUCCESS${NC}" else - echo -e "${RED}WARNING: Status page not responding yet. Check logs with 'sudo $ENGINE logs $NODE_NAME'${NC}" + echo -e "${RED}WARNING: Status page not responding yet.${NC}" + echo -e "Check logs with: sudo $ENGINE logs $NODE_NAME" fi echo -e "\n${GREEN}✅ DEPLOYMENT FINISHED${NC}"