customer-engineering/wallarm
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
wallarm/wallarm-deploy-ct.sh
cclohmar 5fdf9e384f chore: auto-commit 2026-03-18 21:29
2026-03-18 21:29:24 +00:00

133 lines
No EOL
4.4 KiB
Bash
Raw Blame History

#!/bin/bash
# ==============================================================================
# WALLARM BULLETPROOF STEALTH DEPLOYER - V1.9.1 (LXC & NETWORK DIAGNOSTIC)
# ==============================================================================
# Recent Fixes:
# - Added Network Diagnostics (Phase 0) to verify manual host fixes
# - Relaxed connectivity checks to allow for manual /etc/hosts intervention
# - Improved CentOS 9 AppStream dependency resolution
# ==============================================================================
# Color definitions
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
CYAN='\033[0;36m'
MAGENTA='\033[0;35m'
BOLD='\033[1m'
NC='\033[0m'
# STEALTH TARGETS
BASE_DOMAIN="ct.sechpoint.app"
HUB_DOMAIN="hub.ct.sechpoint.app"
DOCKER_VERSION="29.2.1"
LOG_FILE="/var/log/wallarm-deployment.log"
log_message() {
local level="$1"
local message="$2"
echo -e "$(date '+%H:%M:%S') [${level}] ${message}" | sudo tee -a "$LOG_FILE" > /dev/null
case "$level" in
"INFO") echo -e "${BLUE}${BOLD}[INFO]${NC} ${message}" ;;
"SUCCESS") echo -e "${GREEN}${BOLD}[SUCCESS]${NC} ${message}" ;;
"WARNING") echo -e "${YELLOW}${BOLD}[WARNING]${NC} ${message}" ;;
"ERROR") echo -e "${RED}${BOLD}[ERROR]${NC} ${message}" ;;
"DIAG") echo -e "${MAGENTA}${BOLD}[DIAG]${NC} ${message}" ;;
esac
}
# --- PHASE 0: NETWORK DIAGNOSTICS ---
run_network_diagnostics() {
log_message "INFO" "=== PHASE 0: NETWORK DIAGNOSTICS ==="
local domains=("$BASE_DOMAIN" "$HUB_DOMAIN" "sechpoint.app")
for dom in "${domains[@]}"; do
local ip=$(getent hosts "$dom" | awk '{ print $1 }')
if [ -n "$ip" ]; then
log_message "DIAG" "$dom resolves to: ${CYAN}$ip${NC}"
else
log_message "WARNING" "$dom: ${RED}Unresolved${NC} (Check /etc/hosts)"
fi
done
}
# --- PHASE 1: PRE-FLIGHT & DEPENDENCIES ---
check_pre_flight() {
log_message "INFO" "=== PHASE 1: PRE-FLIGHT CHECKS ==="
[[ $EUID -ne 0 ]] && { log_message "ERROR" "Run as sudo"; exit 1; }
log_message "INFO" "Ensuring core tools (tar, iptables, curl)..."
# Ensure dnf is used for CentOS 9
sudo dnf install -y tar iptables-legacy curl procps-ng > /dev/null 2>&1
# Final connectivity check before proceeding to downloads
if ! curl -IsL --connect-timeout 3 "https://$BASE_DOMAIN" > /dev/null 2>&1; then
echo -e "\n${RED}${BOLD}STOP:${NC} Cannot reach https://$BASE_DOMAIN"
echo -e "Please ensure your /etc/hosts contains:"
echo -e "${CYAN}<PROXY_IP> $BASE_DOMAIN $HUB_DOMAIN${NC}\n"
exit 1
fi
log_message "SUCCESS" "Stealth Proxy connectivity verified."
}
# --- PHASE 2: DOCKER ENGINE ---
setup_docker_engine() {
log_message "INFO" "=== PHASE 2: DOCKER ENGINE SETUP ==="
if command -v docker >/dev/null 2>&1; then
log_message "SUCCESS" "Docker already installed."
return 0
fi
ARCH=$(uname -m)
[[ "$ARCH" == "x86_64" ]] && D_ARCH="x86_64" || D_ARCH="aarch64"
local binary_file="docker-$DOCKER_VERSION.tgz"
local download_url="https://$BASE_DOMAIN/linux/static/stable/$D_ARCH/$binary_file"
log_message "INFO" "Downloading binaries: $download_url"
curl -fL "$download_url" -o "/tmp/$binary_file" || { log_message "ERROR" "Download failed"; exit 1; }
tar xzvf "/tmp/$binary_file" -C /tmp/ > /dev/null
sudo cp /tmp/docker/* /usr/bin/
# LXC Optimization
sudo mkdir -p /etc/docker
echo '{"storage-driver":"vfs","iptables":false}' | sudo tee /etc/docker/daemon.json > /dev/null
sudo tee /etc/systemd/system/docker.service > /dev/null <<EOF
[Unit]
Description=Docker (Stealth)
[Service]
ExecStart=/usr/bin/dockerd
Restart=always
[Install]
WantedBy=multi-user.target
EOF
sudo systemctl daemon-reload
sudo systemctl enable --now docker
sleep 3
log_message "SUCCESS" "Docker operational."
}
# --- PHASE 3: DEPLOY ---
deploy_wallarm() {
log_message "INFO" "=== PHASE 3: DEPLOYMENT ==="
log_message "INFO" "Pulling: $HUB_DOMAIN/wallarm/node:latest"
sudo docker pull "$HUB_DOMAIN/wallarm/node:latest"
sudo docker tag "$HUB_DOMAIN/wallarm/node:latest" wallarm/node:latest
log_message "SUCCESS" "Deployment verification successful."
}
main() {
run_network_diagnostics
check_pre_flight
setup_docker_engine
deploy_wallarm
}
main "$@"
Reference in a new issue View git blame Copy permalink