customer-engineering/wallarm
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

chore: auto-commit 2026-03-18 12:31

Browse source
This commit is contained in:
cclohmar 2026-03-18 12:31:26 +00:00
parent af9afe8273
commit 61b5694d06
1 changed files with 51 additions and 101 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

150
wallarm-deploy-ct.sh
View file

@ -1,9 +1,8 @@
#!/bin/bash #!/bin/bash
# ============================================================================== # ==============================================================================
# Sechpoint Wallarm Smart Deployer - Multi-Distro PoC Optimized # Sechpoint Wallarm Smart Deployer - Banking POC Edition (Legacy Support)
# ============================================================================== # ==============================================================================
# --- Styling ---
YELLOW='\033[1;33m' YELLOW='\033[1;33m'
GREEN='\033[0;32m' GREEN='\033[0;32m'
RED='\033[0;31m' RED='\033[0;31m'
@ -13,7 +12,6 @@ LOG_FILE="/var/log/wallarm-deploy.log"
EU_DATA_NODES=("api.wallarm.com" "node-data0.eu1.wallarm.com" "node-data1.eu1.wallarm.com") EU_DATA_NODES=("api.wallarm.com" "node-data0.eu1.wallarm.com" "node-data1.eu1.wallarm.com")
US_DATA_NODES=("us1.api.wallarm.com" "node-data0.us1.wallarm.com" "node-data1.us1.wallarm.com") US_DATA_NODES=("us1.api.wallarm.com" "node-data0.us1.wallarm.com" "node-data1.us1.wallarm.com")
# --- Initialization ---
sudo touch "$LOG_FILE" && sudo chmod 644 "$LOG_FILE" sudo touch "$LOG_FILE" && sudo chmod 644 "$LOG_FILE"
exec > >(tee -a "$LOG_FILE") 2>&1 exec > >(tee -a "$LOG_FILE") 2>&1
@ -22,183 +20,135 @@ echo -e "${YELLOW}====================================================${NC}"
echo -e "${YELLOW} Wallarm Automated Container Deployer ${NC}" echo -e "${YELLOW} Wallarm Automated Container Deployer ${NC}"
echo -e "${YELLOW}====================================================${NC}" echo -e "${YELLOW}====================================================${NC}"
# --- 1. DETECTION & PRE-FLIGHT --- # --- 1. DETECTION ---
detect_environment() { detect_environment() {
echo -e "\n${YELLOW}[1/5] Detecting System Environment...${NC}" echo -e "\n${YELLOW}[1/5] Detecting System Environment...${NC}"
if command -v dnf &> /dev/null; then if command -v dnf &> /dev/null; then
PKG_MANAGER="dnf" PKG_MANAGER="dnf"
ENGINE="podman"
echo -e "${GREEN}[PASS]${NC} Detected modern RHEL/CentOS (using dnf/podman)"
elif command -v yum &> /dev/null; then elif command -v yum &> /dev/null; then
PKG_MANAGER="yum" PKG_MANAGER="yum"
ENGINE="podman"
echo -e "${GREEN}[PASS]${NC} Detected older RHEL/CentOS (using yum/podman)"
elif command -v apt-get &> /dev/null; then elif command -v apt-get &> /dev/null; then
PKG_MANAGER="apt" PKG_MANAGER="apt"
ENGINE="docker"
echo -e "${GREEN}[PASS]${NC} Detected Debian/Ubuntu (using apt/docker)"
else else
echo -e "${RED}[FAIL]${NC} No supported package manager found (dnf/yum/apt)."; exit 1 echo -e "${RED}[FAIL]${NC} No package manager found."; exit 1
fi fi
echo -e "${GREEN}[PASS]${NC} Using $PKG_MANAGER"
} }
check_sudo() { check_sudo() {
if sudo -v; then sudo -v || { echo -e "${RED}[FAIL]${NC} Sudo denied."; exit 1; }
echo -e "${GREEN}[PASS]${NC} Sudo access confirmed."
else
echo -e "${RED}[FAIL]${NC} Sudo access denied."; exit 1
fi
} }
check_wallarm_cloud() { check_wallarm_cloud() {
echo -e "\n${YELLOW}[2/5] Testing Wallarm Cloud Connectivity (Port 443)...${NC}" echo -e "\n${YELLOW}[2/5] Testing Wallarm Cloud (Port 443)...${NC}"
read -p "Wallarm Cloud (US/EU) [US]: " CLOUD_SEL read -p "Wallarm Cloud (US/EU) [US]: " CLOUD_SEL
CLOUD_SEL=${CLOUD_SEL^^} CLOUD_SEL=${CLOUD_SEL^^}
CLOUD_SEL=${CLOUD_SEL:-US} CLOUD_SEL=${CLOUD_SEL:-US}
local nodes_to_test=("${US_DATA_NODES[@]}") local nodes_to_test=("${US_DATA_NODES[@]}")
if [[ "$CLOUD_SEL" == "EU" ]]; then [[ "$CLOUD_SEL" == "EU" ]] && nodes_to_test=("${EU_DATA_NODES[@]}")
nodes_to_test=("${EU_DATA_NODES[@]}")
fi
for node in "${nodes_to_test[@]}"; do for node in "${nodes_to_test[@]}"; do
if ! curl -skI --connect-timeout 5 "https://$node" > /dev/null 2>&1; then curl -skI --connect-timeout 5 "https://$node" > /dev/null 2>&1 || { echo -e "${RED}[FAIL]${NC} $node unreachable"; exit 1; }
echo -e "${RED}[FAIL]${NC} Cannot reach $node"
return 1
fi
echo -e "${GREEN}[PASS]${NC} Reached $node" echo -e "${GREEN}[PASS]${NC} Reached $node"
done done
API_HOST=$([[ "$CLOUD_SEL" == "EU" ]] && echo "api.wallarm.com" || echo "us1.api.wallarm.com") API_HOST=$([[ "$CLOUD_SEL" == "EU" ]] && echo "api.wallarm.com" || echo "us1.api.wallarm.com")
} }
# --- 2. INPUT & CONFIGURATION --- # --- 2. CONFIG ---
get_user_input() { get_user_input() {
echo -e "\n${YELLOW}[3/5] Configuration & Workspace Setup...${NC}" echo -e "\n${YELLOW}[3/5] Configuration...${NC}"
read -p "Enter Instance Number: " INSTANCE_NUM
[ -d /opt/wallarm ] && ls -F /opt/wallarm/ | grep '/' | sed 's/\///' || echo "No existing instances."
read -p "Enter Instance Number (e.g., 1, 2, 3): " INSTANCE_NUM
if ! [[ "$INSTANCE_NUM" =~ ^[0-9]+$ ]]; then echo -e "${RED}ERROR: Invalid number.${NC}"; exit 1; fi
NODE_NAME="wallarm-node-$INSTANCE_NUM" NODE_NAME="wallarm-node-$INSTANCE_NUM"
INSTANCE_DIR="/opt/wallarm/$INSTANCE_NUM" INSTANCE_DIR="/opt/wallarm/$INSTANCE_NUM"
TRAFFIC_PORT=$((8000 + INSTANCE_NUM)) TRAFFIC_PORT=$((8000 + INSTANCE_NUM))
MONITOR_PORT=$((9000 + INSTANCE_NUM)) MONITOR_PORT=$((9000 + INSTANCE_NUM))
read -p "Enter Upstream IP (App Server) [127.0.0.1]: " UPSTREAM_IP read -p "Enter Upstream IP [127.0.0.1]: " UPSTREAM_IP
UPSTREAM_IP=${UPSTREAM_IP:-127.0.0.1} UPSTREAM_IP=${UPSTREAM_IP:-127.0.0.1}
read -p "Enter Upstream Port [80]: " UPSTREAM_PORT read -p "Enter Upstream Port [80]: " UPSTREAM_PORT
UPSTREAM_PORT=${UPSTREAM_PORT:-80} UPSTREAM_PORT=${UPSTREAM_PORT:-80}
read -p "Paste Wallarm Token: " TOKEN read -p "Paste Wallarm Token: " TOKEN
echo -n "Verifying App Server ($UPSTREAM_IP:$UPSTREAM_PORT)... "
if ! timeout 2 bash -c "cat < /dev/null > /dev/tcp/$UPSTREAM_IP/$UPSTREAM_PORT" 2>/dev/null; then
echo -e "${RED}FAILED${NC}"; exit 1
fi
echo -e "${GREEN}OK${NC}"
} }
# --- 3. ENGINE SETUP --- # --- 3. ENGINE SETUP (The Fix) ---
setup_engine() { setup_engine() {
echo -e "\n${YELLOW}[4/5] 🛠️ Ensuring Engine ($ENGINE) is ready...${NC}" echo -e "\n${YELLOW}[4/5] 🛠️ Setting up Container Engine...${NC}"
case "$PKG_MANAGER" in if [[ "$PKG_MANAGER" == "dnf" || "$PKG_MANAGER" == "yum" ]]; then
dnf|yum) # Try Podman first, fallback to Docker if Podman isn't in repos
sudo $PKG_MANAGER install -y epel-release wget curl &>/dev/null sudo $PKG_MANAGER install -y podman podman-compose &>/dev/null
sudo $PKG_MANAGER install -y podman podman-docker podman-compose &>/dev/null if command -v podman &> /dev/null; then
ENGINE="podman"
sudo systemctl enable --now podman.socket &>/dev/null sudo systemctl enable --now podman.socket &>/dev/null
if systemctl is-active --quiet firewalld; then else
sudo firewall-cmd --permanent --add-port=$TRAFFIC_PORT/tcp --add-port=$MONITOR_PORT/tcp &>/dev/null echo -e "${YELLOW}Podman not found. Trying Docker...${NC}"
sudo firewall-cmd --reload &>/dev/null sudo $PKG_MANAGER install -y docker docker-compose &>/dev/null
fi ENGINE="docker"
;;
apt)
sudo apt-get update &>/dev/null
sudo apt-get install -y docker.io docker-compose wget curl &>/dev/null
sudo systemctl enable --now docker &>/dev/null sudo systemctl enable --now docker &>/dev/null
;; fi
esac else
sudo apt-get update && sudo apt-get install -y docker.io docker-compose &>/dev/null
ENGINE="docker"
sudo systemctl enable --now docker &>/dev/null
fi
echo -e "${GREEN}[INFO]${NC} Using Engine: $ENGINE"
} }
# --- 4. DEPLOYMENT --- # --- 4. DEPLOY ---
execute_deployment() { execute_deployment() {
echo -e "\n${YELLOW}[5/5] 🚀 Preparing Workspace: $INSTANCE_DIR${NC}" echo -e "\n${YELLOW}[5/5] 🚀 Deploying...${NC}"
sudo mkdir -p "$INSTANCE_DIR" sudo mkdir -p "$INSTANCE_DIR" && cd "$INSTANCE_DIR"
cd "$INSTANCE_DIR"
IMAGE_NAME="docker.io/wallarm/node:latest" sudo tee "nginx.conf" > /dev/null <<EOF
sudo tee "$INSTANCE_DIR/nginx.conf" > /dev/null <<EOF
server { server {
listen 80; listen 80;
wallarm_mode monitoring; wallarm_mode monitoring;
location / { location / {
proxy_pass http://$UPSTREAM_IP:$UPSTREAM_PORT; proxy_pass http://$UPSTREAM_IP:$UPSTREAM_PORT;
proxy_set_header Host \$host; proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
}
}
server {
listen 90;
location /wallarm-status {
wallarm_status on;
allow all;
} }
} }
server { listen 90; location /wallarm-status { wallarm_status on; } }
EOF EOF
sudo tee "$INSTANCE_DIR/compose.yml" > /dev/null <<EOF sudo tee "compose.yml" > /dev/null <<EOF
version: '3.8' version: '3'
services: services:
node: node:
image: $IMAGE_NAME image: docker.io/wallarm/node:latest
container_name: $NODE_NAME container_name: $NODE_NAME
restart: always ports: ["$TRAFFIC_PORT:80", "$MONITOR_PORT:90"]
ports:
- "$TRAFFIC_PORT:80"
- "$MONITOR_PORT:90"
environment: environment:
- WALLARM_API_TOKEN=$TOKEN - WALLARM_API_TOKEN=$TOKEN
- WALLARM_API_HOST=$API_HOST - WALLARM_API_HOST=$API_HOST
volumes: volumes: ["./nginx.conf:/etc/nginx/http.d/default.conf:ro,Z"]
- ./nginx.conf:/etc/nginx/http.d/default.conf:ro,Z
EOF EOF
echo "Launching Instance..."
sudo $ENGINE rm -f "$NODE_NAME" &>/dev/null sudo $ENGINE rm -f "$NODE_NAME" &>/dev/null
sudo $ENGINE pull $IMAGE_NAME
if command -v podman-compose &> /dev/null; then if command -v $ENGINE-compose &> /dev/null; then
sudo podman-compose up -d sudo $ENGINE-compose up -d
else else
sudo docker-compose up -d # Direct run fallback if compose is missing
sudo $ENGINE run -d --name "$NODE_NAME" -p "$TRAFFIC_PORT:80" -p "$MONITOR_PORT:90" \
-e WALLARM_API_TOKEN="$TOKEN" -e WALLARM_API_HOST="$API_HOST" \
-v "$INSTANCE_DIR/nginx.conf:/etc/nginx/http.d/default.conf:ro,Z" docker.io/wallarm/node:latest
fi fi
} }
# --- 5. VERIFICATION ---
verify_health() { verify_health() {
echo -e "\n${YELLOW}⏳ Handshake...${NC}" echo -e "\n${YELLOW}Checking status...${NC}"
sleep 20 sleep 15
echo -en "Checking Monitor Port $MONITOR_PORT... " curl -s "http://localhost:$MONITOR_PORT/wallarm-status" | grep -q "requests" && echo -e "${GREEN}SUCCESS${NC}" || echo -e "${RED}FAILED${NC}"
if curl -s "http://localhost:$MONITOR_PORT/wallarm-status" | grep -q "requests"; then
echo -e "${GREEN}SUCCESS${NC}"
echo -e "\n${GREEN}✅ DEPLOYMENT COMPLETE${NC}"
echo -e "Traffic: http://localhost:$TRAFFIC_PORT"
else
echo -e "${RED}WARNING: Status page not responding yet.${NC}"
fi
} }
# --- EXECUTION ---
detect_environment detect_environment
check_sudo check_sudo
check_wallarm_cloud || exit 1 check_wallarm_cloud
get_user_input get_user_input
setup_engine setup_engine
execute_deployment execute_deployment