155 lines
No EOL
5.2 KiB
Bash
155 lines
No EOL
5.2 KiB
Bash
#!/bin/bash
|
|
# ==============================================================================
|
|
# Sechpoint Wallarm Smart Deployer - Banking POC Edition (Legacy Support)
|
|
# ==============================================================================
|
|
|
|
YELLOW='\033[1;33m'
|
|
GREEN='\033[0;32m'
|
|
RED='\033[0;31m'
|
|
NC='\033[0m'
|
|
|
|
LOG_FILE="/var/log/wallarm-deploy.log"
|
|
EU_DATA_NODES=("api.wallarm.com" "node-data0.eu1.wallarm.com" "node-data1.eu1.wallarm.com")
|
|
US_DATA_NODES=("us1.api.wallarm.com" "node-data0.us1.wallarm.com" "node-data1.us1.wallarm.com")
|
|
|
|
sudo touch "$LOG_FILE" && sudo chmod 644 "$LOG_FILE"
|
|
exec > >(tee -a "$LOG_FILE") 2>&1
|
|
|
|
clear
|
|
echo -e "${YELLOW}====================================================${NC}"
|
|
echo -e "${YELLOW} Wallarm Automated Container Deployer ${NC}"
|
|
echo -e "${YELLOW}====================================================${NC}"
|
|
|
|
# --- 1. DETECTION ---
|
|
|
|
detect_environment() {
|
|
echo -e "\n${YELLOW}[1/5] Detecting System Environment...${NC}"
|
|
if command -v dnf &> /dev/null; then
|
|
PKG_MANAGER="dnf"
|
|
elif command -v yum &> /dev/null; then
|
|
PKG_MANAGER="yum"
|
|
elif command -v apt-get &> /dev/null; then
|
|
PKG_MANAGER="apt"
|
|
else
|
|
echo -e "${RED}[FAIL]${NC} No package manager found."; exit 1
|
|
fi
|
|
echo -e "${GREEN}[PASS]${NC} Using $PKG_MANAGER"
|
|
}
|
|
|
|
check_sudo() {
|
|
sudo -v || { echo -e "${RED}[FAIL]${NC} Sudo denied."; exit 1; }
|
|
}
|
|
|
|
check_wallarm_cloud() {
|
|
echo -e "\n${YELLOW}[2/5] Testing Wallarm Cloud (Port 443)...${NC}"
|
|
read -p "Wallarm Cloud (US/EU) [US]: " CLOUD_SEL
|
|
CLOUD_SEL=${CLOUD_SEL^^}
|
|
CLOUD_SEL=${CLOUD_SEL:-US}
|
|
|
|
local nodes_to_test=("${US_DATA_NODES[@]}")
|
|
[[ "$CLOUD_SEL" == "EU" ]] && nodes_to_test=("${EU_DATA_NODES[@]}")
|
|
|
|
for node in "${nodes_to_test[@]}"; do
|
|
curl -skI --connect-timeout 5 "https://$node" > /dev/null 2>&1 || { echo -e "${RED}[FAIL]${NC} $node unreachable"; exit 1; }
|
|
echo -e "${GREEN}[PASS]${NC} Reached $node"
|
|
done
|
|
API_HOST=$([[ "$CLOUD_SEL" == "EU" ]] && echo "api.wallarm.com" || echo "us1.api.wallarm.com")
|
|
}
|
|
|
|
# --- 2. CONFIG ---
|
|
|
|
get_user_input() {
|
|
echo -e "\n${YELLOW}[3/5] Configuration...${NC}"
|
|
read -p "Enter Instance Number: " INSTANCE_NUM
|
|
NODE_NAME="wallarm-node-$INSTANCE_NUM"
|
|
INSTANCE_DIR="/opt/wallarm/$INSTANCE_NUM"
|
|
TRAFFIC_PORT=$((8000 + INSTANCE_NUM))
|
|
MONITOR_PORT=$((9000 + INSTANCE_NUM))
|
|
|
|
read -p "Enter Upstream IP [127.0.0.1]: " UPSTREAM_IP
|
|
UPSTREAM_IP=${UPSTREAM_IP:-127.0.0.1}
|
|
read -p "Enter Upstream Port [80]: " UPSTREAM_PORT
|
|
UPSTREAM_PORT=${UPSTREAM_PORT:-80}
|
|
read -p "Paste Wallarm Token: " TOKEN
|
|
}
|
|
|
|
# --- 3. ENGINE SETUP (The Fix) ---
|
|
|
|
setup_engine() {
|
|
echo -e "\n${YELLOW}[4/5] 🛠️ Setting up Container Engine...${NC}"
|
|
if [[ "$PKG_MANAGER" == "dnf" || "$PKG_MANAGER" == "yum" ]]; then
|
|
# Try Podman first, fallback to Docker if Podman isn't in repos
|
|
sudo $PKG_MANAGER install -y podman podman-compose &>/dev/null
|
|
if command -v podman &> /dev/null; then
|
|
ENGINE="podman"
|
|
sudo systemctl enable --now podman.socket &>/dev/null
|
|
else
|
|
echo -e "${YELLOW}Podman not found. Trying Docker...${NC}"
|
|
sudo $PKG_MANAGER install -y docker docker-compose &>/dev/null
|
|
ENGINE="docker"
|
|
sudo systemctl enable --now docker &>/dev/null
|
|
fi
|
|
else
|
|
sudo apt-get update && sudo apt-get install -y docker.io docker-compose &>/dev/null
|
|
ENGINE="docker"
|
|
sudo systemctl enable --now docker &>/dev/null
|
|
fi
|
|
echo -e "${GREEN}[INFO]${NC} Using Engine: $ENGINE"
|
|
}
|
|
|
|
# --- 4. DEPLOY ---
|
|
|
|
execute_deployment() {
|
|
echo -e "\n${YELLOW}[5/5] 🚀 Deploying...${NC}"
|
|
sudo mkdir -p "$INSTANCE_DIR" && cd "$INSTANCE_DIR"
|
|
|
|
sudo tee "nginx.conf" > /dev/null <<EOF
|
|
server {
|
|
listen 80;
|
|
wallarm_mode monitoring;
|
|
location / {
|
|
proxy_pass http://$UPSTREAM_IP:$UPSTREAM_PORT;
|
|
proxy_set_header Host \$host;
|
|
}
|
|
}
|
|
server { listen 90; location /wallarm-status { wallarm_status on; } }
|
|
EOF
|
|
|
|
sudo tee "compose.yml" > /dev/null <<EOF
|
|
version: '3'
|
|
services:
|
|
node:
|
|
image: docker.io/wallarm/node:latest
|
|
container_name: $NODE_NAME
|
|
ports: ["$TRAFFIC_PORT:80", "$MONITOR_PORT:90"]
|
|
environment:
|
|
- WALLARM_API_TOKEN=$TOKEN
|
|
- WALLARM_API_HOST=$API_HOST
|
|
volumes: ["./nginx.conf:/etc/nginx/http.d/default.conf:ro,Z"]
|
|
EOF
|
|
|
|
sudo $ENGINE rm -f "$NODE_NAME" &>/dev/null
|
|
|
|
if command -v $ENGINE-compose &> /dev/null; then
|
|
sudo $ENGINE-compose up -d
|
|
else
|
|
# Direct run fallback if compose is missing
|
|
sudo $ENGINE run -d --name "$NODE_NAME" -p "$TRAFFIC_PORT:80" -p "$MONITOR_PORT:90" \
|
|
-e WALLARM_API_TOKEN="$TOKEN" -e WALLARM_API_HOST="$API_HOST" \
|
|
-v "$INSTANCE_DIR/nginx.conf:/etc/nginx/http.d/default.conf:ro,Z" docker.io/wallarm/node:latest
|
|
fi
|
|
}
|
|
|
|
verify_health() {
|
|
echo -e "\n${YELLOW}Checking status...${NC}"
|
|
sleep 15
|
|
curl -s "http://localhost:$MONITOR_PORT/wallarm-status" | grep -q "requests" && echo -e "${GREEN}SUCCESS${NC}" || echo -e "${RED}FAILED${NC}"
|
|
}
|
|
|
|
detect_environment
|
|
check_sudo
|
|
check_wallarm_cloud
|
|
get_user_input
|
|
setup_engine
|
|
execute_deployment
|
|
verify_health |