chore: auto-commit 2026-03-18 13:06

wallarm-deploy-ct.sh

@@ -1,6 +1,6 @@
 #!/bin/bash
 # ==============================================================================
-# Wallarm Bulletproof Deployer - Banking Hardened Edition
+# Wallarm Bulletproof Deployer - Banking Hardened (Manual Binary Support)
 # ==============================================================================
 
 YELLOW='\033[1;33m'
@@ -17,11 +17,7 @@ check_connectivity() {
     read -p "Wallarm Cloud (US/EU) [US]: " CLOUD; CLOUD=${CLOUD^^}; CLOUD=${CLOUD:-US}
     API_HOST=$([[ "$CLOUD" == "EU" ]] && echo "api.wallarm.com" || echo "us1.api.wallarm.com")
     
-    # Test Wallarm API
+    # Test Docker Hub Reachability
-    curl -skI --connect-timeout 5 "https://$API_HOST" > /dev/null 2>&1 || \
-        { echo -e "${RED}[WARN]${NC} Wallarm Cloud unreachable. Ensure proxy is set."; }
-
-    # Test Docker Hub
     REGISTRY_REACHABLE=true
     curl -skI --connect-timeout 5 "https://registry-1.docker.io/v2/" > /dev/null 2>&1 || REGISTRY_REACHABLE=false
     
@@ -30,44 +26,54 @@ check_connectivity() {
         if ls *.tar >/dev/null 2>&1; then
             echo -e "${GREEN}[INFO]${NC} Local .tar found. Will attempt 'docker load'."
         else
-            echo -e "${RED}[ERROR]${NC} No internet and no local .tar image found. Cannot proceed."; exit 1
+            echo -e "${RED}[ERROR]${NC} No internet and no local .tar image found. Please upload the wallarm-node image."; exit 1
         fi
+    else
+        echo -e "${GREEN}[PASS]${NC} Docker Hub is reachable."
     fi
 }
 
-setup_service() {
+setup_engine() {
-    echo -e "\n${YELLOW}[2/5] Hardening Docker Service...${NC}"
+    echo -e "\n${YELLOW}[2/5] Hardening Container Engine...${NC}"
-    # Ensure the systemd unit exists for the manual binaries
+    
+    # Check if Docker or Podman is already running
+    if sudo docker info > /dev/null 2>&1; then
+        ENGINE="docker"
+        echo -e "${GREEN}[INFO]${NC} Existing Docker Engine detected."
+    elif sudo podman info > /dev/null 2>&1; then
+        ENGINE="podman"
+        echo -e "${GREEN}[INFO]${NC} Existing Podman Engine detected."
+    else
+        # No engine found, configure the manual Docker binaries
+        echo "No engine active. Setting up manual Docker Service..."
+        if [ ! -f "/usr/bin/dockerd" ]; then
+            echo -e "${RED}[FAIL]${NC} /usr/bin/dockerd not found. Ensure binaries were moved."; exit 1
+        fi
+
         sudo tee /etc/systemd/system/docker.service > /dev/null <<EOF
 [Unit]
-Description=Docker Application Container Engine
+Description=Docker Engine
 After=network-online.target
-Wants=network-online.target
-
 [Service]
 Type=notify
 ExecStart=/usr/bin/dockerd
-ExecReload=/bin/kill -s HUP \$MAINPID
-TimeoutStartSec=0
 Restart=on-failure
 StartLimitBurst=3
 StartLimitInterval=60s
 LimitNOFILE=infinity
-LimitNPROC=infinity
-
 [Install]
 WantedBy=multi-user.target
 EOF
-
         sudo systemctl daemon-reload
         sudo systemctl enable --now docker
-    sudo docker info > /dev/null 2>&1 || { echo -e "${RED}[FAIL]${NC} Docker Engine failed."; exit 1; }
+        ENGINE="docker"
+    fi
 }
 
 # --- 2. CONFIGURATION ---
 
 get_params() {
-    echo -e "\n${YELLOW}[3/5] Instance Setup...${NC}"
+    echo -e "\n${YELLOW}[3/5] Instance Configuration...${NC}"
     read -p "Wallarm Token: " TOKEN
     read -p "Instance ID [1]: " ID; ID=${ID:-1}
     read -p "App IP [127.0.0.1]: " APP_IP; APP_IP=${APP_IP:-127.0.0.1}
@@ -77,7 +83,7 @@ get_params() {
     sudo mkdir -p "$INSTANCE_DIR"
 }
 
-# --- 3. ARTIFACTS & REBOOT SURVIVAL ---
+# --- 3. PERSISTENCE ARTIFACTS ---
 
 generate_artifacts() {
     echo -e "\n${YELLOW}[4/5] Building Persistence Layers...${NC}"
@@ -91,20 +97,57 @@ server {
         proxy_pass http://$APP_IP:$APP_PORT;
         proxy_set_header Host \$host;
         proxy_set_header X-Real-IP \$remote_addr;
-        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
     }
 }
 server { listen 90; location /wallarm-status { wallarm_status on; } }
 EOF
 
-    # The "Always-Up" Start Script
+    # Shell Start Script (The Persistence Logic)
     sudo tee "$INSTANCE_DIR/start.sh" > /dev/null <<EOF
 #!/bin/bash
-# Force cleanup of zombie containers
+echo "Cleaning old containers..."
-sudo docker rm -f wallarm-node-$ID 2>/dev/null
+sudo $ENGINE rm -f wallarm-node-$ID 2>/dev/null
 
-# Start with 'always' restart policy for reboot survival
+echo "Launching Wallarm Node..."
-sudo docker run -d \\
+sudo $ENGINE run -d \\
   --name wallarm-node-$ID \\
   --restart always \\
-  -p 80:80 -p 90
+  -p 80:80 -p 90:90 \\
+  -e WALLARM_API_TOKEN=$TOKEN \\
+  -e WALLARM_API_HOST=$API_HOST \\
+  -v "$INSTANCE_DIR/nginx.conf:/etc/nginx/http.d/default.conf:ro" \\
+  wallarm/node:latest
+EOF
+    sudo chmod +x "$INSTANCE_DIR/start.sh"
+}
+
+# --- 4. EXECUTION ---
+
+run_poc() {
+    echo -e "\n${YELLOW}[5/5] Executing Deployment...${NC}"
+    
+    if [ "$REGISTRY_REACHABLE" = true ]; then
+        echo "Pulling latest image..."
+        sudo $ENGINE pull wallarm/node:latest
+    else
+        echo "Loading image from local storage..."
+        sudo $ENGINE load < *.tar
+    fi
+
+    sudo "$INSTANCE_DIR/start.sh"
+
+    sleep 15
+    echo -n "Verifying Node Status... "
+    if curl -s http://localhost:90/wallarm-status | grep -q "requests"; then
+        echo -e "${GREEN}✅ POC ACTIVE${NC}"
+    else
+        echo -e "${RED}❌ FAILED${NC}. Check logs: sudo $ENGINE logs wallarm-node-$ID"
+    fi
+}
+
+# --- RUN ---
+check_connectivity
+setup_engine
+get_params
+generate_artifacts
+run_poc