From 4881759fd6763026d09047e07310a40c854e1c0d Mon Sep 17 00:00:00 2001 From: administrator Date: Mon, 4 May 2026 12:12:38 +0100 Subject: [PATCH] chore: auto-commit 2026-05-04 12:12 --- .env | 15 ++++ wallarm-ct-check.sh | 189 +++++++++++++++++++++++++++---------------- wallarm-ct-deploy.sh | 32 +++++--- 3 files changed, 155 insertions(+), 81 deletions(-) create mode 100644 .env diff --git a/.env b/.env new file mode 100644 index 0000000..5d98f9c --- /dev/null +++ b/.env @@ -0,0 +1,15 @@ +# Wallarm Preflight Check Results +# Generated: 2026-04-21 15:47:43 +# Script: ./wallarm-ct-check.sh + +result=pass +os_name=darwin +os_version=25.3.0 +architecture=x86_64 +init_system=darwin +us_cloud_reachable=true +eu_cloud_reachable=true +registry_reachable=false +download_reachable=false +git_reachable=true + diff --git a/wallarm-ct-check.sh b/wallarm-ct-check.sh index 2645932..c9e087e 100755 --- a/wallarm-ct-check.sh +++ b/wallarm-ct-check.sh @@ -115,6 +115,7 @@ write_env_file() { local eu_cloud_reachable="$6" local registry_reachable="$7" local download_reachable="$8" + local git_reachable="${9:-false}" # Create .env file cat > "$ENV_FILE" << EOF @@ -131,6 +132,7 @@ us_cloud_reachable=$us_cloud_reachable eu_cloud_reachable=$eu_cloud_reachable registry_reachable=$registry_reachable download_reachable=$download_reachable +git_reachable=$git_reachable EOF @@ -152,12 +154,24 @@ EOF validate_sudo_access() { log_message "INFO" "Validating sudo access..." + # Detect OS + local os_name + os_name=$(uname -s | tr '[:upper:]' '[:lower:]') + # Check if user can run sudo if ! command -v sudo >/dev/null 2>&1; then add_error "sudo command not found" return 1 fi + # On macOS, we can't reliably test sudo authentication without prompting + # Skip the actual authentication test but warn + if [ "$os_name" = "darwin" ]; then + log_message "WARNING" "macOS detected: sudo authentication test skipped (may prompt during deployment)" + log_message "INFO" "Note: macOS is not a supported deployment target. This check is for Linux servers." + return 0 + fi + # Test sudo with password prompt if needed if ! sudo -v; then add_error "sudo authentication failed" @@ -173,6 +187,10 @@ validate_required_commands() { local missing_commands=() + # Detect OS + local os_name + os_name=$(uname -s | tr '[:upper:]' '[:lower:]') + # Core commands required for both check and deployment scripts local core_commands=( "tar" # Required for extracting Docker binaries in deployment @@ -191,12 +209,18 @@ validate_required_commands() { "tee" # Required for writing configuration files "cp" # Required for copying Docker binaries "rm" # Required for cleanup operations - "getent" # Required for checking group existence - "groupadd" # Required for creating docker group (sudo) - "usermod" # Required for adding user to docker group (sudo) - "iptables" # Required for Docker network bridge creation (Docker static binaries v1.4+) ) + # Linux-specific commands (not available on macOS) + if [ "$os_name" != "darwin" ]; then + core_commands+=( + "getent" # Required for checking group existence + "groupadd" # Required for creating docker group (sudo) + "usermod" # Required for adding user to docker group (sudo) + "iptables" # Required for Docker network bridge creation (Docker static binaries v1.4+) + ) + fi + # Helper function to check if a command exists (including system directories) command_exists() { local cmd="$1" @@ -222,39 +246,47 @@ validate_required_commands() { done # Check for port checking utility (ss or netstat) - if ! command_exists ss && ! command_exists netstat; then - missing_commands+=("ss or netstat") + # On macOS, netstat is available, ss is not + if [ "$os_name" != "darwin" ]; then + if ! command_exists ss && ! command_exists netstat; then + missing_commands+=("ss or netstat") + fi fi # Detect init system and validate its control command - local init_system - init_system=$(detect_init_system) - - case "$init_system" in - "systemd") - if ! command_exists systemctl; then - missing_commands+=("systemctl") - fi - ;; - "openrc") - if ! command_exists rc-service; then - missing_commands+=("rc-service") - fi - ;; - "sysvinit") - if ! command_exists service; then - missing_commands+=("service") - fi - ;; - "upstart") - if ! command_exists initctl; then - missing_commands+=("initctl") - fi - ;; - *) - log_message "WARNING" "Unknown init system '$init_system', cannot validate init command" - ;; - esac + # Skip on macOS as it's not a deployment target + if [ "$os_name" != "darwin" ]; then + local init_system + init_system=$(detect_init_system) + + case "$init_system" in + "systemd") + if ! command_exists systemctl; then + missing_commands+=("systemctl") + fi + ;; + "openrc") + if ! command_exists rc-service; then + missing_commands+=("rc-service") + fi + ;; + "sysvinit") + if ! command_exists service; then + missing_commands+=("service") + fi + ;; + "upstart") + if ! command_exists initctl; then + missing_commands+=("initctl") + fi + ;; + *) + log_message "WARNING" "Unknown init system '$init_system', cannot validate init command" + ;; + esac + else + log_message "INFO" "Skipping init system validation on macOS (not a deployment target)" + fi # Report any missing commands if [ ${#missing_commands[@]} -gt 0 ]; then @@ -266,29 +298,34 @@ validate_required_commands() { fi # Special check: iptables version must be 1.4 or higher for Docker static binaries - log_message "INFO" "Checking iptables version (requires 1.4+ for Docker)..." - if command_exists iptables; then - local iptables_version - iptables_version=$(iptables --version 2>/dev/null | head -1 | grep -o '[0-9]\+\.[0-9]\+' | head -1) - if [ -n "$iptables_version" ]; then - log_message "INFO" "Found iptables version $iptables_version" - # Compare version numbers (basic check for 1.4 or higher) - local major_version minor_version - major_version=$(echo "$iptables_version" | cut -d. -f1) - minor_version=$(echo "$iptables_version" | cut -d. -f2) - - if [ "$major_version" -lt 1 ] || ([ "$major_version" -eq 1 ] && [ "$minor_version" -lt 4 ]); then - add_error "iptables version $iptables_version is too old. Docker requires iptables 1.4 or higher." - log_message "ERROR" "Please upgrade iptables to version 1.4 or higher." - return 1 + # Skip on macOS as it's not a deployment target + if [ "$os_name" != "darwin" ]; then + log_message "INFO" "Checking iptables version (requires 1.4+ for Docker)..." + if command_exists iptables; then + local iptables_version + iptables_version=$(iptables --version 2>/dev/null | head -1 | grep -o '[0-9]\+\.[0-9]\+' | head -1) + if [ -n "$iptables_version" ]; then + log_message "INFO" "Found iptables version $iptables_version" + # Compare version numbers (basic check for 1.4 or higher) + local major_version minor_version + major_version=$(echo "$iptables_version" | cut -d. -f1) + minor_version=$(echo "$iptables_version" | cut -d. -f2) + + if [ "$major_version" -lt 1 ] || ([ "$major_version" -eq 1 ] && [ "$minor_version" -lt 4 ]); then + add_error "iptables version $iptables_version is too old. Docker requires iptables 1.4 or higher." + log_message "ERROR" "Please upgrade iptables to version 1.4 or higher." + return 1 + fi + else + log_message "WARNING" "Could not determine iptables version, continuing anyway" fi else - log_message "WARNING" "Could not determine iptables version, continuing anyway" + # Should not happen since iptables is in required commands, but just in case + add_error "iptables command not found (required for Docker network bridge)" + return 1 fi else - # Should not happen since iptables is in required commands, but just in case - add_error "iptables command not found (required for Docker network bridge)" - return 1 + log_message "INFO" "Skipping iptables check on macOS (not a deployment target)" fi log_message "SUCCESS" "All required system commands are available" @@ -372,7 +409,11 @@ detect_init_system() { local init_system="unknown" - if command -v systemctl >/dev/null 2>&1 && systemctl --version >/dev/null 2>&1; then + # Detect macOS/Darwin first + if [ "$(uname -s)" = "Darwin" ]; then + init_system="darwin" + log_message "SUCCESS" "Init system: darwin (macOS)" + elif command -v systemctl >/dev/null 2>&1 && systemctl --version >/dev/null 2>&1; then init_system="systemd" log_message "SUCCESS" "Init system: systemd" elif [ -d /etc/init.d ] && [ -x /sbin/initctl ] || [ -x /sbin/init ]; then @@ -385,8 +426,8 @@ detect_init_system() { init_system="upstart" log_message "SUCCESS" "Init system: upstart" else - log_message "WARNING" "Could not determine init system (assuming systemd)" - init_system="systemd" # Default assumption + log_message "WARNING" "Could not determine init system" + init_system="unknown" fi echo "$init_system" @@ -450,7 +491,10 @@ test_connectivity() { if [[ ! "$host" =~ ^https?:// ]]; then url="https://$host" fi - if curl -sI $CURL_INSECURE_FLAG --connect-timeout "$timeout" "$url" >/dev/null 2>&1; then + # Use -sL (GET + follow redirects) instead of -sI (HEAD only) + # HEAD requests may not work reliably on all Forgejo/Gitea raw endpoints. + # GET with -L follows redirects, and output goes to /dev/null. + if curl -sL $CURL_INSECURE_FLAG --connect-timeout "$timeout" "$url" >/dev/null 2>&1; then log_message "SUCCESS" "$description is reachable" return 0 else @@ -485,15 +529,7 @@ test_cloud_endpoints() { perform_network_tests() { log_message "INFO" "=== NETWORK CONNECTIVITY TESTING ===" - # Test Git Repositorys connectivity (primary artifact source) - log_message "INFO" "Testing connectivity to Git Repositorys artifact repository..." -GIT_REACHABLE="false" - if test_connectivity "$GIT_BASE_URL" "Git Repositorys artifact repository"; then - GIT_REACHABLE="true" - log_message "SUCCESS" "Git Repositorys artifact repository is reachable (primary source)" - else - log_message "WARNING" "Git Repositorys artifact repository is not reachable - will use fallback sources" - fi + # Test US cloud endpoints local us_reachable @@ -658,6 +694,16 @@ main() { # Phase 2: Network connectivity testing log_message "INFO" "=== PHASE 2: NETWORK CONNECTIVITY TESTING ===" + # Test Git Repositorys connectivity (primary artifact source) + log_message "INFO" "Testing connectivity to Git Repositorys artifact repository..." + GIT_REACHABLE="false" + if test_connectivity "$GIT_DOCKER_BINARY_URL" "Git Repositorys Docker artifact"; then + GIT_REACHABLE="true" + log_message "SUCCESS" "Git Repositorys Docker artifact is reachable (primary source)" + else + log_message "WARNING" "Git Repositorys Docker artifact is not reachable - will use fallback sources" + fi + local network_results network_results=$(perform_network_tests) local us_reachable @@ -705,7 +751,7 @@ main() { if [ "$has_local_docker" = "false" ]; then log_message "ERROR" "No Docker binary source available" - log_message "ERROR" " - Git Repositorys unreachable: $GIT_BASE_URL" + log_message "ERROR" " - Git Repositorys artifacts unreachable: $GIT_RAW_URL" log_message "ERROR" " - Local binaries not found in $LOCAL_BINARY_DIR/ or current directory" has_sufficient_resources=false @@ -713,7 +759,7 @@ main() { if [ "$has_local_wallarm" = "false" ]; then log_message "ERROR" "No Wallarm image source available" - log_message "ERROR" " - Git Repositorys unreachable: $GIT_BASE_URL" + log_message "ERROR" " - Git Repositorys artifacts unreachable: $GIT_RAW_URL" log_message "ERROR" " - Local images not found in $LOCAL_IMAGE_DIR/ or current directory" has_sufficient_resources=false @@ -723,7 +769,7 @@ main() { add_error "Insufficient resources: Need at least one source for Docker and Wallarm artifacts. Possible sources: -1. Git Repositorys (primary): Ensure network access to $GIT_BASE_URL +1. Git Repositorys (primary): Ensure network access to $GIT_RAW_URL 2. Local files: Place artifacts in: - Docker binary: $LOCAL_BINARY_DIR/docker-29.2.1.tgz or current directory - Wallarm image: $LOCAL_IMAGE_DIR/wallarm-node-6.11.0-rc1.tar.gz or current directory" @@ -731,7 +777,7 @@ Possible sources: fi log_message "SUCCESS" "Network testing completed:" - log_message "SUCCESS" " Git Repositorys Artifact Repository: $GIT_REACHABLE" + log_message "SUCCESS" " Git Repositorys Artifacts Reachable: $GIT_REACHABLE" log_message "SUCCESS" " US Cloud Reachable: $us_reachable" log_message "SUCCESS" " EU Cloud Reachable: $eu_reachable" log_message "SUCCESS" " Fallback Registry Reachable: $registry_reachable" @@ -741,7 +787,8 @@ Possible sources: log_message "INFO" "=== PHASE 3: WRITING RESULTS ===" write_env_file "$os_name" "$os_version" "$architecture" "$init_system" \ - "$us_reachable" "$eu_reachable" "$registry_reachable" "$download_reachable" + "$us_reachable" "$eu_reachable" "$registry_reachable" "$download_reachable" \ + "$GIT_REACHABLE" # Final summary if [ "$CHECK_RESULT" = "pass" ]; then diff --git a/wallarm-ct-deploy.sh b/wallarm-ct-deploy.sh index cd444f9..1893fff 100755 --- a/wallarm-ct-deploy.sh +++ b/wallarm-ct-deploy.sh @@ -91,6 +91,7 @@ US_CLOUD_REACHABLE="false" EU_CLOUD_REACHABLE="false" REGISTRY_REACHABLE="false" DOWNLOAD_REACHABLE="false" +GIT_REACHABLE="false" # ============================================================================== # LOGGING & ERROR HANDLING FUNCTIONS @@ -273,6 +274,7 @@ verify_preflight_check() { eu_cloud_reachable) EU_CLOUD_REACHABLE="$value" ;; registry_reachable) REGISTRY_REACHABLE="$value" ;; download_reachable) DOWNLOAD_REACHABLE="$value" ;; + git_reachable) GIT_REACHABLE="$value" ;; esac done < "$ENV_FILE" @@ -293,6 +295,7 @@ verify_preflight_check() { log_message "SUCCESS" " EU Cloud Reachable: $EU_CLOUD_REACHABLE" log_message "SUCCESS" " Registry Reachable: $REGISTRY_REACHABLE" log_message "SUCCESS" " Download Reachable: $DOWNLOAD_REACHABLE" + log_message "SUCCESS" " Git Repositorys Reachable: $GIT_REACHABLE" # Check for local artifact directories if [ -d "$LOCAL_BINARY_DIR" ]; then @@ -325,17 +328,20 @@ verify_preflight_check() { fi # Validate we have resources for Docker/Wallarm - if [ "$REGISTRY_REACHABLE" = "false" ] && [ "$DOWNLOAD_REACHABLE" = "false" ]; then - log_message "WARNING" "Neither registry nor download server reachable" - log_message "INFO" "Checking for local resources..." + # Primary source: Git Repositorys; fallback: local directories + if [ "$GIT_REACHABLE" = "false" ]; then + log_message "WARNING" "Git Repositorys not reachable, checking for local resources..." local has_local_resources=true - if [ -z "$(ls docker-*.tgz 2>/dev/null)" ]; then + + # Check local binaries directory first, then current directory as fallback + if [ ! -f "$LOCAL_BINARY_DIR/docker-29.2.1.tgz" ] && [ -z "$(ls docker-*.tgz 2>/dev/null)" ]; then log_message "ERROR" "No local Docker binary found" has_local_resources=false fi - if [ -z "$(ls wallarm-node-*.tar 2>/dev/null)" ]; then + # Check local images directory first, then current directory as fallback + if [ ! -f "$LOCAL_IMAGE_DIR/wallarm-node-6.11.0-rc1.tar.gz" ] && [ -z "$(ls wallarm-node-*.tar.gz wallarm-node-*.tar 2>/dev/null)" ]; then log_message "ERROR" "No local Wallarm image found" has_local_resources=false fi @@ -343,10 +349,16 @@ verify_preflight_check() { if [ "$has_local_resources" = "false" ]; then fail_with_remediation "Insufficient resources for deployment" \ "Please provide either: -1. Network access to $DOCKER_REGISTRY_HOST -2. Network access to $DOCKER_DOWNLOAD_HOST -3. Local files: docker-*.tgz and wallarm-node-*.tar in current directory" +1. Network access to Git Repositorys: $GIT_RAW_URL +2. Local files in binaries/ and images/ directories: + - $LOCAL_BINARY_DIR/docker-29.2.1.tgz + - $LOCAL_IMAGE_DIR/wallarm-node-6.11.0-rc1.tar.gz +3. Local files in current directory as fallback: + - docker-*.tgz + - wallarm-node-*.tar.gz or wallarm-node-*.tar" fi + else + log_message "SUCCESS" "Git Repositorys reachable - will download artifacts from $GIT_RAW_URL" fi } @@ -760,7 +772,7 @@ setup_docker_engine() { if [ -z "$binary_path" ]; then fail_with_remediation "No Docker binary available" \ "Please provide a Docker static binary using one of these methods: -1. Git Repositorys (primary): Ensure network access to $GIT_BASE_URL +1. Git Repositorys (primary): Ensure network access to $GIT_RAW_URL 2. Local binaries directory: Place docker-29.2.1.tgz and .sha256 in $LOCAL_BINARY_DIR/ 3. Current directory: Place any docker-*.tgz file in current directory @@ -1482,7 +1494,7 @@ deploy_wallarm_node() { if [ "$image_loaded" = "false" ]; then fail_with_remediation "No Wallarm image available" \ "Please provide a Wallarm Docker image using one of these methods: -1. Git Repositorys (primary): Ensure network access to $GIT_BASE_URL +1. Git Repositorys (primary): Ensure network access to $GIT_RAW_URL 2. Local images directory: Place wallarm-node-6.11.0-rc1.tar.gz and .sha256 in $LOCAL_IMAGE_DIR/ 3. Current directory: Place wallarm-node-*.tar.gz or wallarm-node-*.tar file in current directory