From 61b5694d06417cb4923b65cc42b8d63cf7a0472f Mon Sep 17 00:00:00 2001 From: cclohmar Date: Wed, 18 Mar 2026 12:31:26 +0000 Subject: [PATCH] chore: auto-commit 2026-03-18 12:31 --- wallarm-deploy-ct.sh | 152 +++++++++++++++---------------------------- 1 file changed, 51 insertions(+), 101 deletions(-) diff --git a/wallarm-deploy-ct.sh b/wallarm-deploy-ct.sh index c0008a5..011a16a 100644 --- a/wallarm-deploy-ct.sh +++ b/wallarm-deploy-ct.sh @@ -1,9 +1,8 @@ #!/bin/bash # ============================================================================== -# Sechpoint Wallarm Smart Deployer - Multi-Distro PoC Optimized +# Sechpoint Wallarm Smart Deployer - Banking POC Edition (Legacy Support) # ============================================================================== -# --- Styling --- YELLOW='\033[1;33m' GREEN='\033[0;32m' RED='\033[0;31m' @@ -13,7 +12,6 @@ LOG_FILE="/var/log/wallarm-deploy.log" EU_DATA_NODES=("api.wallarm.com" "node-data0.eu1.wallarm.com" "node-data1.eu1.wallarm.com") US_DATA_NODES=("us1.api.wallarm.com" "node-data0.us1.wallarm.com" "node-data1.us1.wallarm.com") -# --- Initialization --- sudo touch "$LOG_FILE" && sudo chmod 644 "$LOG_FILE" exec > >(tee -a "$LOG_FILE") 2>&1 @@ -22,183 +20,135 @@ echo -e "${YELLOW}====================================================${NC}" echo -e "${YELLOW} Wallarm Automated Container Deployer ${NC}" echo -e "${YELLOW}====================================================${NC}" -# --- 1. DETECTION & PRE-FLIGHT --- +# --- 1. DETECTION --- detect_environment() { echo -e "\n${YELLOW}[1/5] Detecting System Environment...${NC}" if command -v dnf &> /dev/null; then PKG_MANAGER="dnf" - ENGINE="podman" - echo -e "${GREEN}[PASS]${NC} Detected modern RHEL/CentOS (using dnf/podman)" elif command -v yum &> /dev/null; then PKG_MANAGER="yum" - ENGINE="podman" - echo -e "${GREEN}[PASS]${NC} Detected older RHEL/CentOS (using yum/podman)" elif command -v apt-get &> /dev/null; then PKG_MANAGER="apt" - ENGINE="docker" - echo -e "${GREEN}[PASS]${NC} Detected Debian/Ubuntu (using apt/docker)" else - echo -e "${RED}[FAIL]${NC} No supported package manager found (dnf/yum/apt)."; exit 1 + echo -e "${RED}[FAIL]${NC} No package manager found."; exit 1 fi + echo -e "${GREEN}[PASS]${NC} Using $PKG_MANAGER" } check_sudo() { - if sudo -v; then - echo -e "${GREEN}[PASS]${NC} Sudo access confirmed." - else - echo -e "${RED}[FAIL]${NC} Sudo access denied."; exit 1 - fi + sudo -v || { echo -e "${RED}[FAIL]${NC} Sudo denied."; exit 1; } } check_wallarm_cloud() { - echo -e "\n${YELLOW}[2/5] Testing Wallarm Cloud Connectivity (Port 443)...${NC}" + echo -e "\n${YELLOW}[2/5] Testing Wallarm Cloud (Port 443)...${NC}" read -p "Wallarm Cloud (US/EU) [US]: " CLOUD_SEL CLOUD_SEL=${CLOUD_SEL^^} CLOUD_SEL=${CLOUD_SEL:-US} local nodes_to_test=("${US_DATA_NODES[@]}") - if [[ "$CLOUD_SEL" == "EU" ]]; then - nodes_to_test=("${EU_DATA_NODES[@]}") - fi + [[ "$CLOUD_SEL" == "EU" ]] && nodes_to_test=("${EU_DATA_NODES[@]}") for node in "${nodes_to_test[@]}"; do - if ! curl -skI --connect-timeout 5 "https://$node" > /dev/null 2>&1; then - echo -e "${RED}[FAIL]${NC} Cannot reach $node" - return 1 - fi + curl -skI --connect-timeout 5 "https://$node" > /dev/null 2>&1 || { echo -e "${RED}[FAIL]${NC} $node unreachable"; exit 1; } echo -e "${GREEN}[PASS]${NC} Reached $node" done - API_HOST=$([[ "$CLOUD_SEL" == "EU" ]] && echo "api.wallarm.com" || echo "us1.api.wallarm.com") } -# --- 2. INPUT & CONFIGURATION --- +# --- 2. CONFIG --- get_user_input() { - echo -e "\n${YELLOW}[3/5] Configuration & Workspace Setup...${NC}" - - [ -d /opt/wallarm ] && ls -F /opt/wallarm/ | grep '/' | sed 's/\///' || echo "No existing instances." - - read -p "Enter Instance Number (e.g., 1, 2, 3): " INSTANCE_NUM - if ! [[ "$INSTANCE_NUM" =~ ^[0-9]+$ ]]; then echo -e "${RED}ERROR: Invalid number.${NC}"; exit 1; fi - + echo -e "\n${YELLOW}[3/5] Configuration...${NC}" + read -p "Enter Instance Number: " INSTANCE_NUM NODE_NAME="wallarm-node-$INSTANCE_NUM" INSTANCE_DIR="/opt/wallarm/$INSTANCE_NUM" TRAFFIC_PORT=$((8000 + INSTANCE_NUM)) MONITOR_PORT=$((9000 + INSTANCE_NUM)) - read -p "Enter Upstream IP (App Server) [127.0.0.1]: " UPSTREAM_IP + read -p "Enter Upstream IP [127.0.0.1]: " UPSTREAM_IP UPSTREAM_IP=${UPSTREAM_IP:-127.0.0.1} read -p "Enter Upstream Port [80]: " UPSTREAM_PORT UPSTREAM_PORT=${UPSTREAM_PORT:-80} read -p "Paste Wallarm Token: " TOKEN - - echo -n "Verifying App Server ($UPSTREAM_IP:$UPSTREAM_PORT)... " - if ! timeout 2 bash -c "cat < /dev/null > /dev/tcp/$UPSTREAM_IP/$UPSTREAM_PORT" 2>/dev/null; then - echo -e "${RED}FAILED${NC}"; exit 1 - fi - echo -e "${GREEN}OK${NC}" } -# --- 3. ENGINE SETUP --- +# --- 3. ENGINE SETUP (The Fix) --- setup_engine() { - echo -e "\n${YELLOW}[4/5] 🛠️ Ensuring Engine ($ENGINE) is ready...${NC}" - case "$PKG_MANAGER" in - dnf|yum) - sudo $PKG_MANAGER install -y epel-release wget curl &>/dev/null - sudo $PKG_MANAGER install -y podman podman-docker podman-compose &>/dev/null + echo -e "\n${YELLOW}[4/5] 🛠️ Setting up Container Engine...${NC}" + if [[ "$PKG_MANAGER" == "dnf" || "$PKG_MANAGER" == "yum" ]]; then + # Try Podman first, fallback to Docker if Podman isn't in repos + sudo $PKG_MANAGER install -y podman podman-compose &>/dev/null + if command -v podman &> /dev/null; then + ENGINE="podman" sudo systemctl enable --now podman.socket &>/dev/null - if systemctl is-active --quiet firewalld; then - sudo firewall-cmd --permanent --add-port=$TRAFFIC_PORT/tcp --add-port=$MONITOR_PORT/tcp &>/dev/null - sudo firewall-cmd --reload &>/dev/null - fi - ;; - apt) - sudo apt-get update &>/dev/null - sudo apt-get install -y docker.io docker-compose wget curl &>/dev/null + else + echo -e "${YELLOW}Podman not found. Trying Docker...${NC}" + sudo $PKG_MANAGER install -y docker docker-compose &>/dev/null + ENGINE="docker" sudo systemctl enable --now docker &>/dev/null - ;; - esac + fi + else + sudo apt-get update && sudo apt-get install -y docker.io docker-compose &>/dev/null + ENGINE="docker" + sudo systemctl enable --now docker &>/dev/null + fi + echo -e "${GREEN}[INFO]${NC} Using Engine: $ENGINE" } -# --- 4. DEPLOYMENT --- +# --- 4. DEPLOY --- execute_deployment() { - echo -e "\n${YELLOW}[5/5] 🚀 Preparing Workspace: $INSTANCE_DIR${NC}" - sudo mkdir -p "$INSTANCE_DIR" - cd "$INSTANCE_DIR" + echo -e "\n${YELLOW}[5/5] 🚀 Deploying...${NC}" + sudo mkdir -p "$INSTANCE_DIR" && cd "$INSTANCE_DIR" - IMAGE_NAME="docker.io/wallarm/node:latest" - - sudo tee "$INSTANCE_DIR/nginx.conf" > /dev/null < /dev/null < /dev/null < /dev/null </dev/null - sudo $ENGINE pull $IMAGE_NAME - - if command -v podman-compose &> /dev/null; then - sudo podman-compose up -d + + if command -v $ENGINE-compose &> /dev/null; then + sudo $ENGINE-compose up -d else - sudo docker-compose up -d + # Direct run fallback if compose is missing + sudo $ENGINE run -d --name "$NODE_NAME" -p "$TRAFFIC_PORT:80" -p "$MONITOR_PORT:90" \ + -e WALLARM_API_TOKEN="$TOKEN" -e WALLARM_API_HOST="$API_HOST" \ + -v "$INSTANCE_DIR/nginx.conf:/etc/nginx/http.d/default.conf:ro,Z" docker.io/wallarm/node:latest fi } -# --- 5. VERIFICATION --- - verify_health() { - echo -e "\n${YELLOW}⏳ Handshake...${NC}" - sleep 20 - echo -en "Checking Monitor Port $MONITOR_PORT... " - if curl -s "http://localhost:$MONITOR_PORT/wallarm-status" | grep -q "requests"; then - echo -e "${GREEN}SUCCESS${NC}" - echo -e "\n${GREEN}✅ DEPLOYMENT COMPLETE${NC}" - echo -e "Traffic: http://localhost:$TRAFFIC_PORT" - else - echo -e "${RED}WARNING: Status page not responding yet.${NC}" - fi + echo -e "\n${YELLOW}Checking status...${NC}" + sleep 15 + curl -s "http://localhost:$MONITOR_PORT/wallarm-status" | grep -q "requests" && echo -e "${GREEN}SUCCESS${NC}" || echo -e "${RED}FAILED${NC}" } -# --- EXECUTION --- detect_environment check_sudo -check_wallarm_cloud || exit 1 +check_wallarm_cloud get_user_input setup_engine execute_deployment