update
This commit is contained in:
SechPoint
parent
4183d2ea69
commit
322299b513
2 changed files with 18 additions and 17 deletions
|
|
@ -16,4 +16,7 @@ Before attempting any installation, you **must** verify the environment. Banks o
|
|||
# Download and run the pre-flight test
|
||||
curl -sL "[https://git.sechpoint.app/customer-engineering/wallarm/-/raw/main/pre-deployment-test.sh](https://git.sechpoint.app/customer-engineering/wallarm/-/raw/main/pre-deployment-test.sh)" -o pre-deployment-test.sh
|
||||
chmod +x pre-deployment-test.sh
|
||||
./pre-deployment-test.sh
|
||||
./pre-deployment-test.sh
|
||||
|
||||
|
||||
curl -sL "https://git.sechpoint.app/customer-engineering/wallarm/-/raw/main/wallarm-deploy-ct.sh" > wallarm-deploy-ct.sh
|
||||
|
|
@ -76,7 +76,6 @@ get_user_input() {
|
|||
echo ""
|
||||
|
||||
read -p "Enter Instance Number (e.g., 1, 2, 3): " INSTANCE_NUM
|
||||
# Validate it's a number
|
||||
if ! [[ "$INSTANCE_NUM" =~ ^[0-9]+$ ]]; then
|
||||
echo -e "${RED}ERROR: Please enter a valid number.${NC}"; exit 1
|
||||
fi
|
||||
|
|
@ -94,9 +93,7 @@ get_user_input() {
|
|||
|
||||
read -p "Paste Wallarm Token ($CLOUD_SEL Cloud): " TOKEN
|
||||
|
||||
# Internal Connectivity Test (The Gatekeeper)
|
||||
echo -n "Verifying connection to App Server ($UPSTREAM_IP:$UPSTREAM_PORT)... "
|
||||
# Port check using /dev/tcp for speed and reliability in shell
|
||||
if ! timeout 2 bash -c "cat < /dev/null > /dev/tcp/$UPSTREAM_IP/$UPSTREAM_PORT" 2>/dev/null; then
|
||||
echo -e "${RED}FAILED${NC}"
|
||||
echo -e "${RED}❌ ERROR: VM cannot reach internal app server at $UPSTREAM_IP:$UPSTREAM_PORT.${NC}"; exit 1
|
||||
|
|
@ -114,7 +111,6 @@ setup_engine() {
|
|||
echo "Detected RHEL/CentOS. Setting up Podman..."
|
||||
sudo dnf install -y epel-release podman podman-docker wget curl &>/dev/null
|
||||
sudo systemctl enable --now podman.socket &>/dev/null
|
||||
# Firewall adjustments for Bank DMZs
|
||||
sudo firewall-cmd --permanent --add-port=$TRAFFIC_PORT/tcp --add-port=$MONITOR_PORT/tcp &>/dev/null
|
||||
sudo firewall-cmd --reload &>/dev/null
|
||||
else
|
||||
|
|
@ -124,7 +120,6 @@ setup_engine() {
|
|||
sudo systemctl enable --now docker &>/dev/null
|
||||
fi
|
||||
|
||||
# Check for compose utility
|
||||
if ! command -v docker-compose &> /dev/null && ! command -v podman-compose &> /dev/null; then
|
||||
echo "Installing Compose utility..."
|
||||
if [ "$ENGINE" == "docker" ]; then sudo apt install -y docker-compose &>/dev/null; fi
|
||||
|
|
@ -137,8 +132,6 @@ setup_engine() {
|
|||
execute_deployment() {
|
||||
echo -e "\n${YELLOW}🚀 Preparing Workspace: $INSTANCE_DIR${NC}"
|
||||
sudo mkdir -p "$INSTANCE_DIR"
|
||||
|
||||
# Navigate to directory to ensure relative volume paths work correctly
|
||||
cd "$INSTANCE_DIR"
|
||||
|
||||
echo "Generating Nginx Configuration..."
|
||||
|
|
@ -163,12 +156,13 @@ server {
|
|||
}
|
||||
EOF
|
||||
|
||||
echo "Generating Deployment Manifest (conf.yml)..."
|
||||
sudo tee "$INSTANCE_DIR/conf.yml" > /dev/null <<EOF
|
||||
# Standardized to wallarm/node:latest
|
||||
echo "Generating Deployment Manifest (docker-compose.yml)..."
|
||||
sudo tee "$INSTANCE_DIR/docker-compose.yml" > /dev/null <<EOF
|
||||
version: '3.8'
|
||||
services:
|
||||
node:
|
||||
image: docker.io/wallarm/node:4.10-latest
|
||||
image: wallarm/node:latest
|
||||
container_name: $NODE_NAME
|
||||
restart: always
|
||||
ports:
|
||||
|
|
@ -182,26 +176,30 @@ services:
|
|||
EOF
|
||||
|
||||
echo -e "${YELLOW}🚀 Launching Instance $INSTANCE_NUM ($NODE_NAME)...${NC}"
|
||||
# Remove existing container if it exists to allow re-runs
|
||||
sudo $ENGINE rm -f "$NODE_NAME" &>/dev/null
|
||||
|
||||
# Pulling to ensure the latest version is fetched regardless of local cache
|
||||
echo "Pulling Wallarm Node:latest image..."
|
||||
sudo $ENGINE pull wallarm/node:latest
|
||||
|
||||
if command -v podman-compose &> /dev/null; then
|
||||
sudo podman-compose -f conf.yml up -d
|
||||
sudo podman-compose -f docker-compose.yml up -d
|
||||
else
|
||||
sudo docker-compose -f conf.yml up -d
|
||||
sudo docker-compose -f docker-compose.yml up -d
|
||||
fi
|
||||
}
|
||||
|
||||
# --- 5. VERIFICATION ---
|
||||
|
||||
verify_health() {
|
||||
echo -e "\n${YELLOW}⏳ Waiting 5s for handshake...${NC}"
|
||||
sleep 5
|
||||
echo -e "\n${YELLOW}⏳ Waiting 15s for handshake...${NC}"
|
||||
sleep 15
|
||||
echo -en "Checking instance status page (port $MONITOR_PORT)... "
|
||||
if curl -s "http://localhost:$MONITOR_PORT/wallarm-status" | grep -q "requests"; then
|
||||
echo -e "${GREEN}SUCCESS${NC}"
|
||||
else
|
||||
echo -e "${RED}WARNING: Status page not responding yet. Check logs with 'sudo $ENGINE logs $NODE_NAME'${NC}"
|
||||
echo -e "${RED}WARNING: Status page not responding yet.${NC}"
|
||||
echo -e "Check logs with: sudo $ENGINE logs $NODE_NAME"
|
||||
fi
|
||||
|
||||
echo -e "\n${GREEN}✅ DEPLOYMENT FINISHED${NC}"
|
||||
|
|
|
|||
Loading…
Reference in a new issue