customer-engineering/wallarm
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

chore: auto-commit 2026-05-04 12:12

Browse source
This commit is contained in:
administrator 2026-05-04 12:12:38 +01:00
parent c07c7afd6d
commit 4881759fd6
3 changed files with 155 additions and 81 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
.env Normal file
View file

@ -0,0 +1,15 @@
# Wallarm Preflight Check Results
# Generated: 2026-04-21 15:47:43
# Script: ./wallarm-ct-check.sh
result=pass
os_name=darwin
os_version=25.3.0
architecture=x86_64
init_system=darwin
us_cloud_reachable=true
eu_cloud_reachable=true
registry_reachable=false
download_reachable=false
git_reachable=true

189
wallarm-ct-check.sh
View file

@ -115,6 +115,7 @@ write_env_file() {
local eu_cloud_reachable="$6" local eu_cloud_reachable="$6"
local registry_reachable="$7" local registry_reachable="$7"
local download_reachable="$8" local download_reachable="$8"
local git_reachable="${9:-false}"
# Create .env file # Create .env file
cat > "$ENV_FILE" << EOF cat > "$ENV_FILE" << EOF
@ -131,6 +132,7 @@ us_cloud_reachable=$us_cloud_reachable
eu_cloud_reachable=$eu_cloud_reachable eu_cloud_reachable=$eu_cloud_reachable
registry_reachable=$registry_reachable registry_reachable=$registry_reachable
download_reachable=$download_reachable download_reachable=$download_reachable
git_reachable=$git_reachable
EOF EOF
@ -152,12 +154,24 @@ EOF
validate_sudo_access() { validate_sudo_access() {
log_message "INFO" "Validating sudo access..." log_message "INFO" "Validating sudo access..."
# Detect OS
local os_name
os_name=$(uname -s | tr '[:upper:]' '[:lower:]')
# Check if user can run sudo # Check if user can run sudo
if ! command -v sudo >/dev/null 2>&1; then if ! command -v sudo >/dev/null 2>&1; then
add_error "sudo command not found" add_error "sudo command not found"
return 1 return 1
fi fi
# On macOS, we can't reliably test sudo authentication without prompting
# Skip the actual authentication test but warn
if [ "$os_name" = "darwin" ]; then
log_message "WARNING" "macOS detected: sudo authentication test skipped (may prompt during deployment)"
log_message "INFO" "Note: macOS is not a supported deployment target. This check is for Linux servers."
return 0
fi
# Test sudo with password prompt if needed # Test sudo with password prompt if needed
if ! sudo -v; then if ! sudo -v; then
add_error "sudo authentication failed" add_error "sudo authentication failed"
@ -173,6 +187,10 @@ validate_required_commands() {
local missing_commands=() local missing_commands=()
# Detect OS
local os_name
os_name=$(uname -s | tr '[:upper:]' '[:lower:]')
# Core commands required for both check and deployment scripts # Core commands required for both check and deployment scripts
local core_commands=( local core_commands=(
"tar" # Required for extracting Docker binaries in deployment "tar" # Required for extracting Docker binaries in deployment
@ -191,12 +209,18 @@ validate_required_commands() {
"tee" # Required for writing configuration files "tee" # Required for writing configuration files
"cp" # Required for copying Docker binaries "cp" # Required for copying Docker binaries
"rm" # Required for cleanup operations "rm" # Required for cleanup operations
"getent" # Required for checking group existence
"groupadd" # Required for creating docker group (sudo)
"usermod" # Required for adding user to docker group (sudo)
"iptables" # Required for Docker network bridge creation (Docker static binaries v1.4+)
) )
# Linux-specific commands (not available on macOS)
if [ "$os_name" != "darwin" ]; then
core_commands+=(
"getent" # Required for checking group existence
"groupadd" # Required for creating docker group (sudo)
"usermod" # Required for adding user to docker group (sudo)
"iptables" # Required for Docker network bridge creation (Docker static binaries v1.4+)
)
fi
# Helper function to check if a command exists (including system directories) # Helper function to check if a command exists (including system directories)
command_exists() { command_exists() {
local cmd="$1" local cmd="$1"
@ -222,39 +246,47 @@ validate_required_commands() {
done done
# Check for port checking utility (ss or netstat) # Check for port checking utility (ss or netstat)
if ! command_exists ss && ! command_exists netstat; then # On macOS, netstat is available, ss is not
missing_commands+=("ss or netstat") if [ "$os_name" != "darwin" ]; then
if ! command_exists ss && ! command_exists netstat; then
missing_commands+=("ss or netstat")
fi
fi fi
# Detect init system and validate its control command # Detect init system and validate its control command
local init_system # Skip on macOS as it's not a deployment target
init_system=$(detect_init_system) if [ "$os_name" != "darwin" ]; then
local init_system
case "$init_system" in init_system=$(detect_init_system)
"systemd")
if ! command_exists systemctl; then case "$init_system" in
missing_commands+=("systemctl") "systemd")
fi if ! command_exists systemctl; then
;; missing_commands+=("systemctl")
"openrc") fi
if ! command_exists rc-service; then ;;
missing_commands+=("rc-service") "openrc")
fi if ! command_exists rc-service; then
;; missing_commands+=("rc-service")
"sysvinit") fi
if ! command_exists service; then ;;
missing_commands+=("service") "sysvinit")
fi if ! command_exists service; then
;; missing_commands+=("service")
"upstart") fi
if ! command_exists initctl; then ;;
missing_commands+=("initctl") "upstart")
fi if ! command_exists initctl; then
;; missing_commands+=("initctl")
*) fi
log_message "WARNING" "Unknown init system '$init_system', cannot validate init command" ;;
;; *)
esac log_message "WARNING" "Unknown init system '$init_system', cannot validate init command"
;;
esac
else
log_message "INFO" "Skipping init system validation on macOS (not a deployment target)"
fi
# Report any missing commands # Report any missing commands
if [ ${#missing_commands[@]} -gt 0 ]; then if [ ${#missing_commands[@]} -gt 0 ]; then
@ -266,29 +298,34 @@ validate_required_commands() {
fi fi
# Special check: iptables version must be 1.4 or higher for Docker static binaries # Special check: iptables version must be 1.4 or higher for Docker static binaries
log_message "INFO" "Checking iptables version (requires 1.4+ for Docker)..." # Skip on macOS as it's not a deployment target
if command_exists iptables; then if [ "$os_name" != "darwin" ]; then
local iptables_version log_message "INFO" "Checking iptables version (requires 1.4+ for Docker)..."
iptables_version=$(iptables --version 2>/dev/null | head -1 | grep -o '[0-9]\+\.[0-9]\+' | head -1) if command_exists iptables; then
if [ -n "$iptables_version" ]; then local iptables_version
log_message "INFO" "Found iptables version $iptables_version" iptables_version=$(iptables --version 2>/dev/null | head -1 | grep -o '[0-9]\+\.[0-9]\+' | head -1)
# Compare version numbers (basic check for 1.4 or higher) if [ -n "$iptables_version" ]; then
local major_version minor_version log_message "INFO" "Found iptables version $iptables_version"
major_version=$(echo "$iptables_version" | cut -d. -f1) # Compare version numbers (basic check for 1.4 or higher)
minor_version=$(echo "$iptables_version" | cut -d. -f2) local major_version minor_version
major_version=$(echo "$iptables_version" | cut -d. -f1)
if [ "$major_version" -lt 1 ] || ([ "$major_version" -eq 1 ] && [ "$minor_version" -lt 4 ]); then minor_version=$(echo "$iptables_version" | cut -d. -f2)
add_error "iptables version $iptables_version is too old. Docker requires iptables 1.4 or higher."
log_message "ERROR" "Please upgrade iptables to version 1.4 or higher." if [ "$major_version" -lt 1 ] || ([ "$major_version" -eq 1 ] && [ "$minor_version" -lt 4 ]); then
return 1 add_error "iptables version $iptables_version is too old. Docker requires iptables 1.4 or higher."
log_message "ERROR" "Please upgrade iptables to version 1.4 or higher."
return 1
fi
else
log_message "WARNING" "Could not determine iptables version, continuing anyway"
fi fi
else else
log_message "WARNING" "Could not determine iptables version, continuing anyway" # Should not happen since iptables is in required commands, but just in case
add_error "iptables command not found (required for Docker network bridge)"
return 1
fi fi
else else
# Should not happen since iptables is in required commands, but just in case log_message "INFO" "Skipping iptables check on macOS (not a deployment target)"
add_error "iptables command not found (required for Docker network bridge)"
return 1
fi fi
log_message "SUCCESS" "All required system commands are available" log_message "SUCCESS" "All required system commands are available"
@ -372,7 +409,11 @@ detect_init_system() {
local init_system="unknown" local init_system="unknown"
if command -v systemctl >/dev/null 2>&1 && systemctl --version >/dev/null 2>&1; then # Detect macOS/Darwin first
if [ "$(uname -s)" = "Darwin" ]; then
init_system="darwin"
log_message "SUCCESS" "Init system: darwin (macOS)"
elif command -v systemctl >/dev/null 2>&1 && systemctl --version >/dev/null 2>&1; then
init_system="systemd" init_system="systemd"
log_message "SUCCESS" "Init system: systemd" log_message "SUCCESS" "Init system: systemd"
elif [ -d /etc/init.d ] && [ -x /sbin/initctl ] || [ -x /sbin/init ]; then elif [ -d /etc/init.d ] && [ -x /sbin/initctl ] || [ -x /sbin/init ]; then
@ -385,8 +426,8 @@ detect_init_system() {
init_system="upstart" init_system="upstart"
log_message "SUCCESS" "Init system: upstart" log_message "SUCCESS" "Init system: upstart"
else else
log_message "WARNING" "Could not determine init system (assuming systemd)" log_message "WARNING" "Could not determine init system"
init_system="systemd" # Default assumption init_system="unknown"
fi fi
echo "$init_system" echo "$init_system"
@ -450,7 +491,10 @@ test_connectivity() {
if [[ ! "$host" =~ ^https?:// ]]; then if [[ ! "$host" =~ ^https?:// ]]; then
url="https://$host" url="https://$host"
fi fi
if curl -sI $CURL_INSECURE_FLAG --connect-timeout "$timeout" "$url" >/dev/null 2>&1; then # Use -sL (GET + follow redirects) instead of -sI (HEAD only)
# HEAD requests may not work reliably on all Forgejo/Gitea raw endpoints.
# GET with -L follows redirects, and output goes to /dev/null.
if curl -sL $CURL_INSECURE_FLAG --connect-timeout "$timeout" "$url" >/dev/null 2>&1; then
log_message "SUCCESS" "$description is reachable" log_message "SUCCESS" "$description is reachable"
return 0 return 0
else else
@ -485,15 +529,7 @@ test_cloud_endpoints() {
perform_network_tests() { perform_network_tests() {
log_message "INFO" "=== NETWORK CONNECTIVITY TESTING ===" log_message "INFO" "=== NETWORK CONNECTIVITY TESTING ==="
# Test Git Repositorys connectivity (primary artifact source)
log_message "INFO" "Testing connectivity to Git Repositorys artifact repository..."
GIT_REACHABLE="false"
if test_connectivity "$GIT_BASE_URL" "Git Repositorys artifact repository"; then
GIT_REACHABLE="true"
log_message "SUCCESS" "Git Repositorys artifact repository is reachable (primary source)"
else
log_message "WARNING" "Git Repositorys artifact repository is not reachable - will use fallback sources"
fi
# Test US cloud endpoints # Test US cloud endpoints
local us_reachable local us_reachable
@ -658,6 +694,16 @@ main() {
# Phase 2: Network connectivity testing # Phase 2: Network connectivity testing
log_message "INFO" "=== PHASE 2: NETWORK CONNECTIVITY TESTING ===" log_message "INFO" "=== PHASE 2: NETWORK CONNECTIVITY TESTING ==="
# Test Git Repositorys connectivity (primary artifact source)
log_message "INFO" "Testing connectivity to Git Repositorys artifact repository..."
GIT_REACHABLE="false"
if test_connectivity "$GIT_DOCKER_BINARY_URL" "Git Repositorys Docker artifact"; then
GIT_REACHABLE="true"
log_message "SUCCESS" "Git Repositorys Docker artifact is reachable (primary source)"
else
log_message "WARNING" "Git Repositorys Docker artifact is not reachable - will use fallback sources"
fi
local network_results local network_results
network_results=$(perform_network_tests) network_results=$(perform_network_tests)
local us_reachable local us_reachable
@ -705,7 +751,7 @@ main() {
if [ "$has_local_docker" = "false" ]; then if [ "$has_local_docker" = "false" ]; then
log_message "ERROR" "No Docker binary source available" log_message "ERROR" "No Docker binary source available"
log_message "ERROR" " - Git Repositorys unreachable: $GIT_BASE_URL" log_message "ERROR" " - Git Repositorys artifacts unreachable: $GIT_RAW_URL"
log_message "ERROR" " - Local binaries not found in $LOCAL_BINARY_DIR/ or current directory" log_message "ERROR" " - Local binaries not found in $LOCAL_BINARY_DIR/ or current directory"
has_sufficient_resources=false has_sufficient_resources=false
@ -713,7 +759,7 @@ main() {
if [ "$has_local_wallarm" = "false" ]; then if [ "$has_local_wallarm" = "false" ]; then
log_message "ERROR" "No Wallarm image source available" log_message "ERROR" "No Wallarm image source available"
log_message "ERROR" " - Git Repositorys unreachable: $GIT_BASE_URL" log_message "ERROR" " - Git Repositorys artifacts unreachable: $GIT_RAW_URL"
log_message "ERROR" " - Local images not found in $LOCAL_IMAGE_DIR/ or current directory" log_message "ERROR" " - Local images not found in $LOCAL_IMAGE_DIR/ or current directory"
has_sufficient_resources=false has_sufficient_resources=false
@ -723,7 +769,7 @@ main() {
add_error "Insufficient resources: Need at least one source for Docker and Wallarm artifacts. add_error "Insufficient resources: Need at least one source for Docker and Wallarm artifacts.
Possible sources: Possible sources:
1. Git Repositorys (primary): Ensure network access to $GIT_BASE_URL 1. Git Repositorys (primary): Ensure network access to $GIT_RAW_URL
2. Local files: Place artifacts in: 2. Local files: Place artifacts in:
- Docker binary: $LOCAL_BINARY_DIR/docker-29.2.1.tgz or current directory - Docker binary: $LOCAL_BINARY_DIR/docker-29.2.1.tgz or current directory
- Wallarm image: $LOCAL_IMAGE_DIR/wallarm-node-6.11.0-rc1.tar.gz or current directory" - Wallarm image: $LOCAL_IMAGE_DIR/wallarm-node-6.11.0-rc1.tar.gz or current directory"
@ -731,7 +777,7 @@ Possible sources:
fi fi
log_message "SUCCESS" "Network testing completed:" log_message "SUCCESS" "Network testing completed:"
log_message "SUCCESS" " Git Repositorys Artifact Repository: $GIT_REACHABLE" log_message "SUCCESS" " Git Repositorys Artifacts Reachable: $GIT_REACHABLE"
log_message "SUCCESS" " US Cloud Reachable: $us_reachable" log_message "SUCCESS" " US Cloud Reachable: $us_reachable"
log_message "SUCCESS" " EU Cloud Reachable: $eu_reachable" log_message "SUCCESS" " EU Cloud Reachable: $eu_reachable"
log_message "SUCCESS" " Fallback Registry Reachable: $registry_reachable" log_message "SUCCESS" " Fallback Registry Reachable: $registry_reachable"
@ -741,7 +787,8 @@ Possible sources:
log_message "INFO" "=== PHASE 3: WRITING RESULTS ===" log_message "INFO" "=== PHASE 3: WRITING RESULTS ==="
write_env_file "$os_name" "$os_version" "$architecture" "$init_system" \ write_env_file "$os_name" "$os_version" "$architecture" "$init_system" \
"$us_reachable" "$eu_reachable" "$registry_reachable" "$download_reachable" "$us_reachable" "$eu_reachable" "$registry_reachable" "$download_reachable" \
"$GIT_REACHABLE"
# Final summary # Final summary
if [ "$CHECK_RESULT" = "pass" ]; then if [ "$CHECK_RESULT" = "pass" ]; then

32
wallarm-ct-deploy.sh
View file

@ -91,6 +91,7 @@ US_CLOUD_REACHABLE="false"
EU_CLOUD_REACHABLE="false" EU_CLOUD_REACHABLE="false"
REGISTRY_REACHABLE="false" REGISTRY_REACHABLE="false"
DOWNLOAD_REACHABLE="false" DOWNLOAD_REACHABLE="false"
GIT_REACHABLE="false"
# ============================================================================== # ==============================================================================
# LOGGING & ERROR HANDLING FUNCTIONS # LOGGING & ERROR HANDLING FUNCTIONS
@ -273,6 +274,7 @@ verify_preflight_check() {
eu_cloud_reachable) EU_CLOUD_REACHABLE="$value" ;; eu_cloud_reachable) EU_CLOUD_REACHABLE="$value" ;;
registry_reachable) REGISTRY_REACHABLE="$value" ;; registry_reachable) REGISTRY_REACHABLE="$value" ;;
download_reachable) DOWNLOAD_REACHABLE="$value" ;; download_reachable) DOWNLOAD_REACHABLE="$value" ;;
git_reachable) GIT_REACHABLE="$value" ;;
esac esac
done < "$ENV_FILE" done < "$ENV_FILE"
@ -293,6 +295,7 @@ verify_preflight_check() {
log_message "SUCCESS" " EU Cloud Reachable: $EU_CLOUD_REACHABLE" log_message "SUCCESS" " EU Cloud Reachable: $EU_CLOUD_REACHABLE"
log_message "SUCCESS" " Registry Reachable: $REGISTRY_REACHABLE" log_message "SUCCESS" " Registry Reachable: $REGISTRY_REACHABLE"
log_message "SUCCESS" " Download Reachable: $DOWNLOAD_REACHABLE" log_message "SUCCESS" " Download Reachable: $DOWNLOAD_REACHABLE"
log_message "SUCCESS" " Git Repositorys Reachable: $GIT_REACHABLE"
# Check for local artifact directories # Check for local artifact directories
if [ -d "$LOCAL_BINARY_DIR" ]; then if [ -d "$LOCAL_BINARY_DIR" ]; then
@ -325,17 +328,20 @@ verify_preflight_check() {
fi fi
# Validate we have resources for Docker/Wallarm # Validate we have resources for Docker/Wallarm
if [ "$REGISTRY_REACHABLE" = "false" ] && [ "$DOWNLOAD_REACHABLE" = "false" ]; then # Primary source: Git Repositorys; fallback: local directories
log_message "WARNING" "Neither registry nor download server reachable" if [ "$GIT_REACHABLE" = "false" ]; then
log_message "INFO" "Checking for local resources..." log_message "WARNING" "Git Repositorys not reachable, checking for local resources..."
local has_local_resources=true local has_local_resources=true
if [ -z "$(ls docker-*.tgz 2>/dev/null)" ]; then
# Check local binaries directory first, then current directory as fallback
if [ ! -f "$LOCAL_BINARY_DIR/docker-29.2.1.tgz" ] && [ -z "$(ls docker-*.tgz 2>/dev/null)" ]; then
log_message "ERROR" "No local Docker binary found" log_message "ERROR" "No local Docker binary found"
has_local_resources=false has_local_resources=false
fi fi
if [ -z "$(ls wallarm-node-*.tar 2>/dev/null)" ]; then # Check local images directory first, then current directory as fallback
if [ ! -f "$LOCAL_IMAGE_DIR/wallarm-node-6.11.0-rc1.tar.gz" ] && [ -z "$(ls wallarm-node-*.tar.gz wallarm-node-*.tar 2>/dev/null)" ]; then
log_message "ERROR" "No local Wallarm image found" log_message "ERROR" "No local Wallarm image found"
has_local_resources=false has_local_resources=false
fi fi
@ -343,10 +349,16 @@ verify_preflight_check() {
if [ "$has_local_resources" = "false" ]; then if [ "$has_local_resources" = "false" ]; then
fail_with_remediation "Insufficient resources for deployment" \ fail_with_remediation "Insufficient resources for deployment" \
"Please provide either: "Please provide either:
1. Network access to $DOCKER_REGISTRY_HOST 1. Network access to Git Repositorys: $GIT_RAW_URL
2. Network access to $DOCKER_DOWNLOAD_HOST 2. Local files in binaries/ and images/ directories:
3. Local files: docker-*.tgz and wallarm-node-*.tar in current directory" - $LOCAL_BINARY_DIR/docker-29.2.1.tgz
- $LOCAL_IMAGE_DIR/wallarm-node-6.11.0-rc1.tar.gz
3. Local files in current directory as fallback:
- docker-*.tgz
- wallarm-node-*.tar.gz or wallarm-node-*.tar"
fi fi
else
log_message "SUCCESS" "Git Repositorys reachable - will download artifacts from $GIT_RAW_URL"
fi fi
} }
@ -760,7 +772,7 @@ setup_docker_engine() {
if [ -z "$binary_path" ]; then if [ -z "$binary_path" ]; then
fail_with_remediation "No Docker binary available" \ fail_with_remediation "No Docker binary available" \
"Please provide a Docker static binary using one of these methods: "Please provide a Docker static binary using one of these methods:
1. Git Repositorys (primary): Ensure network access to $GIT_BASE_URL 1. Git Repositorys (primary): Ensure network access to $GIT_RAW_URL
2. Local binaries directory: Place docker-29.2.1.tgz and .sha256 in $LOCAL_BINARY_DIR/ 2. Local binaries directory: Place docker-29.2.1.tgz and .sha256 in $LOCAL_BINARY_DIR/
3. Current directory: Place any docker-*.tgz file in current directory 3. Current directory: Place any docker-*.tgz file in current directory
@ -1482,7 +1494,7 @@ deploy_wallarm_node() {
if [ "$image_loaded" = "false" ]; then if [ "$image_loaded" = "false" ]; then
fail_with_remediation "No Wallarm image available" \ fail_with_remediation "No Wallarm image available" \
"Please provide a Wallarm Docker image using one of these methods: "Please provide a Wallarm Docker image using one of these methods:
1. Git Repositorys (primary): Ensure network access to $GIT_BASE_URL 1. Git Repositorys (primary): Ensure network access to $GIT_RAW_URL
2. Local images directory: Place wallarm-node-6.11.0-rc1.tar.gz and .sha256 in $LOCAL_IMAGE_DIR/ 2. Local images directory: Place wallarm-node-6.11.0-rc1.tar.gz and .sha256 in $LOCAL_IMAGE_DIR/
3. Current directory: Place wallarm-node-*.tar.gz or wallarm-node-*.tar file in current directory 3. Current directory: Place wallarm-node-*.tar.gz or wallarm-node-*.tar file in current directory