customer-engineering/wallarm
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
wallarm/wallarm-deploy-ct.sh
cclohmar 208d78d508 chore: auto-commit 2026-03-18 13:40
2026-03-18 13:40:08 +00:00

177 lines
No EOL
5.7 KiB
Bash
Raw Blame History

#!/bin/bash
# ==============================================================================
# SECHPOINT WALLARM SMART DEPLOYER - BULLETPROOF V3
# ==============================================================================
# Support: Manual Docker/Podman | Auto-Port Mapping | Persistence
# ==============================================================================
# --- UI COLORS ---
BLUE='\033[0;34m'
CYAN='\033[0;36m'
YELLOW='\033[1;33m'
GREEN='\033[0;32m'
RED='\033[0;31m'
NC='\033[0m' # No Color
BOLD='\033[1m'
clear
echo -e "${BLUE}${BOLD}==========================================================${NC}"
echo -e "${BLUE}${BOLD} WALLARM NODE - ENTERPRISE POC DEPLOYER ${NC}"
echo -e "${BLUE}${BOLD}==========================================================${NC}"
# --- 1. PRE-FLIGHT CHECKS ---
check_env() {
echo -e "\n${CYAN}[STEP 1/5] Checking Environment...${NC}"
# Engine Detection
if sudo docker info > /dev/null 2>&1; then
ENGINE="docker"; echo -e " ${GREEN}${NC} Docker Engine detected"
elif sudo podman info > /dev/null 2>&1; then
ENGINE="podman"; echo -e " ${GREEN}${NC} Podman Engine detected"
else
echo -e " ${YELLOW}!${NC} No engine active. Setting up manual Docker service..."
if [ ! -f "/usr/bin/dockerd" ]; then
echo -e " ${RED}✗ FATAL: /usr/bin/dockerd not found.${NC}"; exit 1
fi
sudo tee /etc/systemd/system/docker.service > /dev/null <<EOF
[Unit]
Description=Docker Engine
After=network-online.target
[Service]
Type=notify
ExecStart=/usr/bin/dockerd
Restart=on-failure
[Install]
WantedBy=multi-user.target
EOF
sudo systemctl daemon-reload && sudo systemctl enable --now docker
ENGINE="docker"
fi
# Registry Check
REGISTRY_REACHABLE=true
curl -skI --connect-timeout 3 "https://registry-1.docker.io/v2/" > /dev/null 2>&1 || REGISTRY_REACHABLE=false
if [ "$REGISTRY_REACHABLE" = true ]; then
echo -e " ${GREEN}${NC} Docker Hub is reachable"
else
echo -e " ${YELLOW}!${NC} Docker Hub offline. Looking for local image..."
if ! ls *.tar >/dev/null 2>&1; then
echo -e " ${RED}✗ FATAL: No internet and no .tar image found.${NC}"; exit 1
fi
fi
}
# --- 2. USER INPUT ---
get_config() {
echo -e "\n${CYAN}[STEP 2/5] Configuration Settings...${NC}"
read -p " Enter Wallarm Token: " TOKEN
read -p " Inbound Traffic Port [80]: " IN_PORT
IN_PORT=${IN_PORT:-80}
# Auto-calculate Monitoring Port
MON_PORT=$((IN_PORT + 10))
echo -e " ${YELLOW}i${NC} Monitoring port set to: ${BOLD}$MON_PORT${NC}"
read -p " App IP (Upstream) [127.0.0.1]: " APP_IP
APP_IP=${APP_IP:-127.0.0.1}
read -p " App Port (Upstream) [8080]: " APP_PORT
APP_PORT=${APP_PORT:-8080}
# Verify ports are free
for p in $IN_PORT $MON_PORT; do
if sudo netstat -tulpn | grep -q ":$p "; then
echo -e " ${RED}✗ FATAL: Port $p is already in use.${NC}"; exit 1
fi
done
}
# --- 3. ARTIFACT GENERATION ---
generate_files() {
echo -e "\n${CYAN}[STEP 3/5] Generating Persistence Layers...${NC}"
INSTANCE_DIR="/opt/wallarm/poc_$IN_PORT"
sudo mkdir -p "$INSTANCE_DIR"
# Nginx Conf
sudo tee "$INSTANCE_DIR/nginx.conf" > /dev/null <<EOF
server {
listen 80;
wallarm_mode monitoring;
location / {
proxy_pass http://$APP_IP:$APP_PORT;
proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr;
}
}
server {
listen 90;
location /wallarm-status {
wallarm_status on;
}
}
EOF
# Start Script
sudo tee "$INSTANCE_DIR/start.sh" > /dev/null <<EOF
#!/bin/bash
sudo $ENGINE rm -f wallarm-node-$IN_PORT 2>/dev/null
sudo $ENGINE run -d \\
--name wallarm-node-$IN_PORT \\
--restart always \\
-p $IN_PORT:80 -p $MON_PORT:90 \\
-e WALLARM_API_TOKEN=$TOKEN \\
-v "$INSTANCE_DIR/nginx.conf:/etc/nginx/http.d/default.conf:ro" \\
wallarm/node:latest
EOF
sudo chmod +x "$INSTANCE_DIR/start.sh"
echo -e " ${GREEN}${NC} Created artifacts in $INSTANCE_DIR"
}
# --- 4. DEPLOYMENT ---
deploy() {
echo -e "\n${CYAN}[STEP 4/5] Pulling and Launching...${NC}"
if [ "$REGISTRY_REACHABLE" = true ]; then
sudo $ENGINE pull wallarm/node:latest
else
sudo $ENGINE load < *.tar
fi
sudo "$INSTANCE_DIR/start.sh"
}
# --- 5. VERIFICATION ---
verify() {
echo -e "\n${CYAN}[STEP 5/5] Final Handshake...${NC}"
sleep 12
if curl -s "http://localhost:$MON_PORT/wallarm-status" | grep -q "requests"; then
echo -e "\n${GREEN}${BOLD}==========================================================${NC}"
echo -e "${GREEN}${BOLD} ✅ DEPLOYMENT SUCCESSFUL ${NC}"
echo -e "${GREEN}${BOLD}==========================================================${NC}"
echo -e " Traffic Entry: ${BOLD}http://<Server-IP>:$IN_PORT${NC}"
echo -e " Node Status: ${BOLD}http://localhost:$MON_PORT/wallarm-status${NC}"
echo -e " Config Dir: $INSTANCE_DIR"
echo -e "${GREEN}${BOLD}==========================================================${NC}\n"
else
echo -e "\n${RED}${BOLD}==========================================================${NC}"
echo -e "${RED}${BOLD} ❌ DEPLOYMENT FAILED ${NC}"
echo -e "${RED}${BOLD}==========================================================${NC}"
echo -e " The container started but is not responding."
echo -e " Check logs: ${BOLD}sudo $ENGINE logs wallarm-node-$IN_PORT${NC}"
echo -e "${RED}${BOLD}==========================================================${NC}\n"
fi
}
# --- RUN ---
check_env
get_config
generate_files
deploy
verify
Reference in a new issue View git blame Copy permalink