customer-engineering/wallarm
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

chore: auto-commit 2026-05-04 12:12

Browse source
This commit is contained in:
administrator 2026-05-04 12:12:38 +01:00
parent c07c7afd6d
commit 4881759fd6
3 changed files with 155 additions and 81 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
.env Normal file
View file

@ -0,0 +1,15 @@
# Wallarm Preflight Check Results
# Generated: 2026-04-21 15:47:43
# Script: ./wallarm-ct-check.sh
result=pass
os_name=darwin
os_version=25.3.0
architecture=x86_64
init_system=darwin
us_cloud_reachable=true
eu_cloud_reachable=true
registry_reachable=false
download_reachable=false
git_reachable=true

189
wallarm-ct-check.sh
View file

@ -115,6 +115,7 @@ write_env_file() {
local eu_cloud_reachable="$6"
local registry_reachable="$7"
local download_reachable="$8"
local git_reachable="${9:-false}"
# Create .env file
cat > "$ENV_FILE" << EOF
@ -131,6 +132,7 @@ us_cloud_reachable=$us_cloud_reachable
eu_cloud_reachable=$eu_cloud_reachable
registry_reachable=$registry_reachable
download_reachable=$download_reachable
git_reachable=$git_reachable
EOF
@ -152,12 +154,24 @@ EOF
validate_sudo_access() {
log_message "INFO" "Validating sudo access..."
# Detect OS
local os_name
os_name=$(uname -s | tr '[:upper:]' '[:lower:]')
# Check if user can run sudo
if ! command -v sudo >/dev/null 2>&1; then
add_error "sudo command not found"
return 1
fi
# On macOS, we can't reliably test sudo authentication without prompting
# Skip the actual authentication test but warn
if [ "$os_name" = "darwin" ]; then
log_message "WARNING" "macOS detected: sudo authentication test skipped (may prompt during deployment)"
log_message "INFO" "Note: macOS is not a supported deployment target. This check is for Linux servers."
return 0
fi
# Test sudo with password prompt if needed
if ! sudo -v; then
add_error "sudo authentication failed"
@ -173,6 +187,10 @@ validate_required_commands() {
local missing_commands=()
# Detect OS
local os_name
os_name=$(uname -s | tr '[:upper:]' '[:lower:]')
# Core commands required for both check and deployment scripts
local core_commands=(
"tar" # Required for extracting Docker binaries in deployment
@ -191,12 +209,18 @@ validate_required_commands() {
"tee" # Required for writing configuration files
"cp" # Required for copying Docker binaries
"rm" # Required for cleanup operations
"getent" # Required for checking group existence
"groupadd" # Required for creating docker group (sudo)
"usermod" # Required for adding user to docker group (sudo)
"iptables" # Required for Docker network bridge creation (Docker static binaries v1.4+)
)
# Linux-specific commands (not available on macOS)
if [ "$os_name" != "darwin" ]; then
core_commands+=(
"getent" # Required for checking group existence
"groupadd" # Required for creating docker group (sudo)
"usermod" # Required for adding user to docker group (sudo)
"iptables" # Required for Docker network bridge creation (Docker static binaries v1.4+)
)
fi
# Helper function to check if a command exists (including system directories)
command_exists() {
local cmd="$1"
@ -222,39 +246,47 @@ validate_required_commands() {
done
# Check for port checking utility (ss or netstat)
if ! command_exists ss && ! command_exists netstat; then
missing_commands+=("ss or netstat")
# On macOS, netstat is available, ss is not
if [ "$os_name" != "darwin" ]; then
if ! command_exists ss && ! command_exists netstat; then
missing_commands+=("ss or netstat")
fi
fi
# Detect init system and validate its control command
local init_system
init_system=$(detect_init_system)
case "$init_system" in
"systemd")
if ! command_exists systemctl; then
missing_commands+=("systemctl")
fi
;;
"openrc")
if ! command_exists rc-service; then
missing_commands+=("rc-service")
fi
;;
"sysvinit")
if ! command_exists service; then
missing_commands+=("service")
fi
;;
"upstart")
if ! command_exists initctl; then
missing_commands+=("initctl")
fi
;;
*)
log_message "WARNING" "Unknown init system '$init_system', cannot validate init command"
;;
esac
# Skip on macOS as it's not a deployment target
if [ "$os_name" != "darwin" ]; then
local init_system
init_system=$(detect_init_system)
case "$init_system" in
"systemd")
if ! command_exists systemctl; then
missing_commands+=("systemctl")
fi
;;
"openrc")
if ! command_exists rc-service; then
missing_commands+=("rc-service")
fi
;;
"sysvinit")
if ! command_exists service; then
missing_commands+=("service")
fi
;;
"upstart")
if ! command_exists initctl; then
missing_commands+=("initctl")
fi
;;
*)
log_message "WARNING" "Unknown init system '$init_system', cannot validate init command"
;;
esac
else
log_message "INFO" "Skipping init system validation on macOS (not a deployment target)"
fi
# Report any missing commands
if [ ${#missing_commands[@]} -gt 0 ]; then
@ -266,29 +298,34 @@ validate_required_commands() {
fi
# Special check: iptables version must be 1.4 or higher for Docker static binaries
log_message "INFO" "Checking iptables version (requires 1.4+ for Docker)..."
if command_exists iptables; then
local iptables_version
iptables_version=$(iptables --version 2>/dev/null | head -1 | grep -o '[0-9]\+\.[0-9]\+' | head -1)
if [ -n "$iptables_version" ]; then
log_message "INFO" "Found iptables version $iptables_version"
# Compare version numbers (basic check for 1.4 or higher)
local major_version minor_version
major_version=$(echo "$iptables_version" | cut -d. -f1)
minor_version=$(echo "$iptables_version" | cut -d. -f2)
if [ "$major_version" -lt 1 ] || ([ "$major_version" -eq 1 ] && [ "$minor_version" -lt 4 ]); then
add_error "iptables version $iptables_version is too old. Docker requires iptables 1.4 or higher."
log_message "ERROR" "Please upgrade iptables to version 1.4 or higher."
return 1
# Skip on macOS as it's not a deployment target
if [ "$os_name" != "darwin" ]; then
log_message "INFO" "Checking iptables version (requires 1.4+ for Docker)..."
if command_exists iptables; then
local iptables_version
iptables_version=$(iptables --version 2>/dev/null | head -1 | grep -o '[0-9]\+\.[0-9]\+' | head -1)
if [ -n "$iptables_version" ]; then
log_message "INFO" "Found iptables version $iptables_version"
# Compare version numbers (basic check for 1.4 or higher)
local major_version minor_version
major_version=$(echo "$iptables_version" | cut -d. -f1)
minor_version=$(echo "$iptables_version" | cut -d. -f2)
if [ "$major_version" -lt 1 ] || ([ "$major_version" -eq 1 ] && [ "$minor_version" -lt 4 ]); then
add_error "iptables version $iptables_version is too old. Docker requires iptables 1.4 or higher."
log_message "ERROR" "Please upgrade iptables to version 1.4 or higher."
return 1
fi
else
log_message "WARNING" "Could not determine iptables version, continuing anyway"
fi
else
log_message "WARNING" "Could not determine iptables version, continuing anyway"
# Should not happen since iptables is in required commands, but just in case
add_error "iptables command not found (required for Docker network bridge)"
return 1
fi
else
# Should not happen since iptables is in required commands, but just in case
add_error "iptables command not found (required for Docker network bridge)"
return 1
log_message "INFO" "Skipping iptables check on macOS (not a deployment target)"
fi
log_message "SUCCESS" "All required system commands are available"
@ -372,7 +409,11 @@ detect_init_system() {
local init_system="unknown"
if command -v systemctl >/dev/null 2>&1 && systemctl --version >/dev/null 2>&1; then
# Detect macOS/Darwin first
if [ "$(uname -s)" = "Darwin" ]; then
init_system="darwin"
log_message "SUCCESS" "Init system: darwin (macOS)"
elif command -v systemctl >/dev/null 2>&1 && systemctl --version >/dev/null 2>&1; then
init_system="systemd"
log_message "SUCCESS" "Init system: systemd"
elif [ -d /etc/init.d ] && [ -x /sbin/initctl ] || [ -x /sbin/init ]; then
@ -385,8 +426,8 @@ detect_init_system() {
init_system="upstart"
log_message "SUCCESS" "Init system: upstart"
else
log_message "WARNING" "Could not determine init system (assuming systemd)"
init_system="systemd" # Default assumption
log_message "WARNING" "Could not determine init system"
init_system="unknown"
fi
echo "$init_system"
@ -450,7 +491,10 @@ test_connectivity() {
if [[ ! "$host" =~ ^https?:// ]]; then
url="https://$host"
fi
if curl -sI $CURL_INSECURE_FLAG --connect-timeout "$timeout" "$url" >/dev/null 2>&1; then
# Use -sL (GET + follow redirects) instead of -sI (HEAD only)
# HEAD requests may not work reliably on all Forgejo/Gitea raw endpoints.
# GET with -L follows redirects, and output goes to /dev/null.
if curl -sL $CURL_INSECURE_FLAG --connect-timeout "$timeout" "$url" >/dev/null 2>&1; then
log_message "SUCCESS" "$description is reachable"
return 0
else
@ -485,15 +529,7 @@ test_cloud_endpoints() {
perform_network_tests() {
log_message "INFO" "=== NETWORK CONNECTIVITY TESTING ==="
# Test Git Repositorys connectivity (primary artifact source)
log_message "INFO" "Testing connectivity to Git Repositorys artifact repository..."
GIT_REACHABLE="false"
if test_connectivity "$GIT_BASE_URL" "Git Repositorys artifact repository"; then
GIT_REACHABLE="true"
log_message "SUCCESS" "Git Repositorys artifact repository is reachable (primary source)"
else
log_message "WARNING" "Git Repositorys artifact repository is not reachable - will use fallback sources"
fi
# Test US cloud endpoints
local us_reachable
@ -658,6 +694,16 @@ main() {
# Phase 2: Network connectivity testing
log_message "INFO" "=== PHASE 2: NETWORK CONNECTIVITY TESTING ==="
# Test Git Repositorys connectivity (primary artifact source)
log_message "INFO" "Testing connectivity to Git Repositorys artifact repository..."
GIT_REACHABLE="false"
if test_connectivity "$GIT_DOCKER_BINARY_URL" "Git Repositorys Docker artifact"; then
GIT_REACHABLE="true"
log_message "SUCCESS" "Git Repositorys Docker artifact is reachable (primary source)"
else
log_message "WARNING" "Git Repositorys Docker artifact is not reachable - will use fallback sources"
fi
local network_results
network_results=$(perform_network_tests)
local us_reachable
@ -705,7 +751,7 @@ main() {
if [ "$has_local_docker" = "false" ]; then
log_message "ERROR" "No Docker binary source available"
log_message "ERROR" " - Git Repositorys unreachable: $GIT_BASE_URL"
log_message "ERROR" " - Git Repositorys artifacts unreachable: $GIT_RAW_URL"
log_message "ERROR" " - Local binaries not found in $LOCAL_BINARY_DIR/ or current directory"
has_sufficient_resources=false
@ -713,7 +759,7 @@ main() {
if [ "$has_local_wallarm" = "false" ]; then
log_message "ERROR" "No Wallarm image source available"
log_message "ERROR" " - Git Repositorys unreachable: $GIT_BASE_URL"
log_message "ERROR" " - Git Repositorys artifacts unreachable: $GIT_RAW_URL"
log_message "ERROR" " - Local images not found in $LOCAL_IMAGE_DIR/ or current directory"
has_sufficient_resources=false
@ -723,7 +769,7 @@ main() {
add_error "Insufficient resources: Need at least one source for Docker and Wallarm artifacts.
Possible sources:
1. Git Repositorys (primary): Ensure network access to $GIT_BASE_URL
1. Git Repositorys (primary): Ensure network access to $GIT_RAW_URL
2. Local files: Place artifacts in:
- Docker binary: $LOCAL_BINARY_DIR/docker-29.2.1.tgz or current directory
- Wallarm image: $LOCAL_IMAGE_DIR/wallarm-node-6.11.0-rc1.tar.gz or current directory"
@ -731,7 +777,7 @@ Possible sources:
fi
log_message "SUCCESS" "Network testing completed:"
log_message "SUCCESS" " Git Repositorys Artifact Repository: $GIT_REACHABLE"
log_message "SUCCESS" " Git Repositorys Artifacts Reachable: $GIT_REACHABLE"
log_message "SUCCESS" " US Cloud Reachable: $us_reachable"
log_message "SUCCESS" " EU Cloud Reachable: $eu_reachable"
log_message "SUCCESS" " Fallback Registry Reachable: $registry_reachable"
@ -741,7 +787,8 @@ Possible sources:
log_message "INFO" "=== PHASE 3: WRITING RESULTS ==="
write_env_file "$os_name" "$os_version" "$architecture" "$init_system" \
"$us_reachable" "$eu_reachable" "$registry_reachable" "$download_reachable"
"$us_reachable" "$eu_reachable" "$registry_reachable" "$download_reachable" \
"$GIT_REACHABLE"
# Final summary
if [ "$CHECK_RESULT" = "pass" ]; then

32
wallarm-ct-deploy.sh
View file

@ -91,6 +91,7 @@ US_CLOUD_REACHABLE="false"
EU_CLOUD_REACHABLE="false"
REGISTRY_REACHABLE="false"
DOWNLOAD_REACHABLE="false"
GIT_REACHABLE="false"
# ==============================================================================
# LOGGING & ERROR HANDLING FUNCTIONS
@ -273,6 +274,7 @@ verify_preflight_check() {
eu_cloud_reachable) EU_CLOUD_REACHABLE="$value" ;;
registry_reachable) REGISTRY_REACHABLE="$value" ;;
download_reachable) DOWNLOAD_REACHABLE="$value" ;;
git_reachable) GIT_REACHABLE="$value" ;;
esac
done < "$ENV_FILE"
@ -293,6 +295,7 @@ verify_preflight_check() {
log_message "SUCCESS" " EU Cloud Reachable: $EU_CLOUD_REACHABLE"
log_message "SUCCESS" " Registry Reachable: $REGISTRY_REACHABLE"
log_message "SUCCESS" " Download Reachable: $DOWNLOAD_REACHABLE"
log_message "SUCCESS" " Git Repositorys Reachable: $GIT_REACHABLE"
# Check for local artifact directories
if [ -d "$LOCAL_BINARY_DIR" ]; then
@ -325,17 +328,20 @@ verify_preflight_check() {
fi
# Validate we have resources for Docker/Wallarm
if [ "$REGISTRY_REACHABLE" = "false" ] && [ "$DOWNLOAD_REACHABLE" = "false" ]; then
log_message "WARNING" "Neither registry nor download server reachable"
log_message "INFO" "Checking for local resources..."
# Primary source: Git Repositorys; fallback: local directories
if [ "$GIT_REACHABLE" = "false" ]; then
log_message "WARNING" "Git Repositorys not reachable, checking for local resources..."
local has_local_resources=true
if [ -z "$(ls docker-*.tgz 2>/dev/null)" ]; then
# Check local binaries directory first, then current directory as fallback
if [ ! -f "$LOCAL_BINARY_DIR/docker-29.2.1.tgz" ] && [ -z "$(ls docker-*.tgz 2>/dev/null)" ]; then
log_message "ERROR" "No local Docker binary found"
has_local_resources=false
fi
if [ -z "$(ls wallarm-node-*.tar 2>/dev/null)" ]; then
# Check local images directory first, then current directory as fallback
if [ ! -f "$LOCAL_IMAGE_DIR/wallarm-node-6.11.0-rc1.tar.gz" ] && [ -z "$(ls wallarm-node-*.tar.gz wallarm-node-*.tar 2>/dev/null)" ]; then
log_message "ERROR" "No local Wallarm image found"
has_local_resources=false
fi
@ -343,10 +349,16 @@ verify_preflight_check() {
if [ "$has_local_resources" = "false" ]; then
fail_with_remediation "Insufficient resources for deployment" \
"Please provide either:
1. Network access to $DOCKER_REGISTRY_HOST
2. Network access to $DOCKER_DOWNLOAD_HOST
3. Local files: docker-*.tgz and wallarm-node-*.tar in current directory"
1. Network access to Git Repositorys: $GIT_RAW_URL
2. Local files in binaries/ and images/ directories:
- $LOCAL_BINARY_DIR/docker-29.2.1.tgz
- $LOCAL_IMAGE_DIR/wallarm-node-6.11.0-rc1.tar.gz
3. Local files in current directory as fallback:
- docker-*.tgz
- wallarm-node-*.tar.gz or wallarm-node-*.tar"
fi
else
log_message "SUCCESS" "Git Repositorys reachable - will download artifacts from $GIT_RAW_URL"
fi
}
@ -760,7 +772,7 @@ setup_docker_engine() {
if [ -z "$binary_path" ]; then
fail_with_remediation "No Docker binary available" \
"Please provide a Docker static binary using one of these methods:
1. Git Repositorys (primary): Ensure network access to $GIT_BASE_URL
1. Git Repositorys (primary): Ensure network access to $GIT_RAW_URL
2. Local binaries directory: Place docker-29.2.1.tgz and .sha256 in $LOCAL_BINARY_DIR/
3. Current directory: Place any docker-*.tgz file in current directory
@ -1482,7 +1494,7 @@ deploy_wallarm_node() {
if [ "$image_loaded" = "false" ]; then
fail_with_remediation "No Wallarm image available" \
"Please provide a Wallarm Docker image using one of these methods:
1. Git Repositorys (primary): Ensure network access to $GIT_BASE_URL
1. Git Repositorys (primary): Ensure network access to $GIT_RAW_URL
2. Local images directory: Place wallarm-node-6.11.0-rc1.tar.gz and .sha256 in $LOCAL_IMAGE_DIR/
3. Current directory: Place wallarm-node-*.tar.gz or wallarm-node-*.tar file in current directory