#!/bin/bash # ============================================================================== # Wallarm PoC: Interactive "KISS" Deployer (Keystone Bank Edition) # ============================================================================== YELLOW='\033[1;33m' GREEN='\033[0;32m' RED='\033[0;31m' NC='\033[0m' clear echo -e "${YELLOW}====================================================${NC}" echo -e "${YELLOW} Wallarm Guided Instance Deployer (US Cloud) ${NC}" echo -e "${YELLOW}====================================================${NC}\n" # --- 1. THE ID (The "Magic Number") --- echo -e "Existing Instances in /opt/wallarm/:" ls /opt/wallarm/ 2>/dev/null || echo "None" echo "" read -p "Enter Instance ID number (e.g., 1, 2, 3): " INSTANCE_ID # Auto-generate naming and ports NODE_NAME=$(printf "wallarm-%02d" $INSTANCE_ID) TRAFFIC_PORT=$((8000 + INSTANCE_ID)) MONITOR_PORT=$((9000 + INSTANCE_ID)) # --- 2. CONFIGURATION --- read -p "Enter Upstream IP (App Server): " UPSTREAM_IP read -p "Enter Upstream Port [default 80]: " UPSTREAM_PORT UPSTREAM_PORT=${UPSTREAM_PORT:-80} # Hardcoded to US based on your tip REGION="US" API_HOST="us1.api.wallarm.com" read -p "Paste Wallarm Token (US Cloud): " TOKEN # --- 3. PRE-FLIGHT VALIDATION --- echo -e "\n${YELLOW}🔍 Starting Pre-Flight Connectivity Checks...${NC}" # A. Internal Check (Upstream) echo -n "Checking App Server ($UPSTREAM_IP:$UPSTREAM_PORT)... " if ! timeout 2 bash -c "cat < /dev/null > /dev/tcp/$UPSTREAM_IP/$UPSTREAM_PORT" 2>/dev/null; then echo -e "${RED}FAILED${NC}" echo -e "${RED}❌ ERROR: VM cannot reach internal app server.${NC}"; exit 1 else echo -e "${GREEN}OK${NC}" fi # B. External Check (Wallarm Cloud) echo -n "Checking Wallarm US Cloud ($API_HOST)... " if ! curl -s --connect-timeout 5 "https://$API_HOST" > /dev/null; then echo -e "${RED}FAILED${NC}" echo -e "${RED}❌ ERROR: VM cannot talk to Wallarm US Cloud.${NC}" echo -e "${YELLOW}Action: Check Bank Proxy or Firewall egress for port 443.${NC}"; exit 1 else echo -e "${GREEN}OK${NC}" fi # --- 4. ENGINE SETUP --- echo -e "\n${YELLOW}🛠️ Ensuring Engine (Podman/Docker) is ready...${NC}" if [ -f /etc/redhat-release ]; then ENGINE="podman" dnf install -y epel-release podman podman-docker podman-compose wget curl &>/dev/null systemctl enable --now podman.socket &>/dev/null firewall-cmd --permanent --add-port=$TRAFFIC_PORT/tcp --add-port=$MONITOR_PORT/tcp &>/dev/null firewall-cmd --reload &>/dev/null else ENGINE="docker" apt update && apt install -y docker.io docker-compose wget curl &>/dev/null systemctl enable --now docker &>/dev/null fi COMPOSE_CMD=$([[ "$ENGINE" == "podman" ]] && echo "podman-compose" || echo "docker-compose") # --- 5. WORKSPACE & CONFIG --- INSTANCE_DIR="/opt/wallarm/$NODE_NAME" mkdir -p "$INSTANCE_DIR" cat < "$INSTANCE_DIR/nginx.conf" server { listen 80; wallarm_mode monitoring; # Set to monitoring for PoC safety location / { proxy_pass http://$UPSTREAM_IP:$UPSTREAM_PORT; proxy_set_header Host \$host; proxy_set_header X-Real-IP \$remote_addr; proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; } } server { listen 90; location /wallarm-status { wallarm_status on; allow all; } } EOF cat < "$INSTANCE_DIR/conf.yml" version: '3.8' services: $NODE_NAME: image: docker.io/wallarm/node:4.10-latest container_name: $NODE_NAME restart: always ports: ["$TRAFFIC_PORT:80", "$MONITOR_PORT:90"] environment: - WALLARM_API_TOKEN=$TOKEN - WALLARM_API_HOST=$API_HOST volumes: ["./nginx.conf:/etc/nginx/http.d/default.conf:ro,Z"] EOF # --- 6. LAUNCH --- echo -e "${YELLOW}🚀 Launching $NODE_NAME...${NC}" cd "$INSTANCE_DIR" $COMPOSE_CMD -f conf.yml up -d # --- 7. POST-DEPLOY VERIFICATION --- echo -e "\n${YELLOW}⏳ Waiting 5s for handshake...${NC}" sleep 5 echo -en "Checking instance status page... " if curl -s "http://localhost:$MONITOR_PORT/wallarm-status" | grep -q "requests"; then echo -e "${GREEN}SUCCESS${NC}" else echo -e "${RED}WARNING: Status page not responding yet.${NC}" fi echo -e "\n${GREEN}✅ DEPLOYMENT FINISHED${NC}" echo -e "--------------------------------------------------" echo -e "Instance Name: $NODE_NAME" echo -e "Traffic Port: $TRAFFIC_PORT" echo -e "Monitor Port: $MONITOR_PORT" echo -e "Logs Command: $ENGINE logs -f $NODE_NAME" echo -e "--------------------------------------------------"