customer-engineering/wallarm
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
wallarm/container-deployment/install_app1.sh
SechPoint 14dadd0735 Initial commit of Wallarm deployment toolkit
2026-03-11 12:03:08 +00:00

129 lines
No EOL
4.3 KiB
Bash
Raw Blame History

#!/bin/bash
# ==============================================================================
# Wallarm PoC: Interactive "KISS" Deployer (Keystone Bank Edition)
# ==============================================================================
YELLOW='\033[1;33m'
GREEN='\033[0;32m'
RED='\033[0;31m'
NC='\033[0m'
clear
echo -e "${YELLOW}====================================================${NC}"
echo -e "${YELLOW} Wallarm Guided Instance Deployer (US Cloud) ${NC}"
echo -e "${YELLOW}====================================================${NC}\n"
# --- 1. THE ID ---
echo -e "Existing Instances in /opt/wallarm/:"
ls /opt/wallarm/ 2>/dev/null || echo "None"
echo ""
read -p "Enter Instance ID number (e.g., 1, 2, 3): " INSTANCE_ID
NODE_NAME=$(printf "wallarm-%02d" $INSTANCE_ID)
TRAFFIC_PORT=$((8000 + INSTANCE_ID))
MONITOR_PORT=$((9000 + INSTANCE_ID))
# --- 2. CONFIGURATION ---
read -p "Enter Upstream IP (App Server): " UPSTREAM_IP
read -p "Enter Upstream Port [default 80]: " UPSTREAM_PORT
UPSTREAM_PORT=${UPSTREAM_PORT:-80}
# Hardcoded US Endpoints
API_HOST="us1.api.wallarm.com"
DATA_NODE="node-data0.us1.wallarm.com"
read -p "Paste Wallarm Token (US Cloud): " TOKEN
# --- 3. PRE-FLIGHT VALIDATION ---
echo -e "\n${YELLOW}🔍 Starting Pre-Flight Connectivity Checks...${NC}"
# A. Internal Check
echo -n "Checking App Server ($UPSTREAM_IP:$UPSTREAM_PORT)... "
if ! timeout 2 bash -c "cat < /dev/null > /dev/tcp/$UPSTREAM_IP/$UPSTREAM_PORT" 2>/dev/null; then
echo -e "${RED}FAILED${NC}"; exit 1
else
echo -e "${GREEN}OK${NC}"
fi
# B. Wallarm API Check
echo -n "Checking Wallarm API ($API_HOST)... "
if ! curl -s --connect-timeout 5 "https://$API_HOST" > /dev/null; then
echo -e "${RED}FAILED${NC}"; exit 1
else
echo -e "${GREEN}OK${NC}"
fi
# C. Wallarm Data Node Check (Critical for events)
echo -n "Checking Wallarm Data Node ($DATA_NODE)... "
if ! timeout 3 bash -c "cat < /dev/null > /dev/tcp/$DATA_NODE/443" 2>/dev/null; then
echo -e "${RED}FAILED${NC}"
echo -e "${RED}❌ ERROR: Data transmission to Wallarm is blocked.${NC}"
echo -e "${YELLOW}Action: Whitelist IPs 34.96.64.17 and 34.110.183.149 on Port 443.${NC}"; exit 1
else
echo -e "${GREEN}OK${NC}"
fi
# --- 4. ENGINE SETUP ---
if [ -f /etc/redhat-release ]; then
ENGINE="podman"
dnf install -y epel-release podman podman-docker podman-compose wget curl &>/dev/null
systemctl enable --now podman.socket &>/dev/null
firewall-cmd --permanent --add-port=$TRAFFIC_PORT/tcp --add-port=$MONITOR_PORT/tcp &>/dev/null
firewall-cmd --reload &>/dev/null
else
ENGINE="docker"
apt update && apt install -y docker.io docker-compose wget curl &>/dev/null
systemctl enable --now docker &>/dev/null
fi
COMPOSE_CMD=$([[ "$ENGINE" == "podman" ]] && echo "podman-compose" || echo "docker-compose")
# --- 5. WORKSPACE & CONFIG ---
INSTANCE_DIR="/opt/wallarm/$NODE_NAME"
mkdir -p "$INSTANCE_DIR"
cat <<EOF > "$INSTANCE_DIR/nginx.conf"
server {
listen 80;
wallarm_mode monitoring;
location / {
proxy_pass http://$UPSTREAM_IP:$UPSTREAM_PORT;
proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
}
}
server { listen 90; location /wallarm-status { wallarm_status on; allow all; } }
EOF
cat <<EOF > "$INSTANCE_DIR/conf.yml"
version: '3.8'
services:
$NODE_NAME:
image: docker.io/wallarm/node:4.10-latest
container_name: $NODE_NAME
restart: always
ports: ["$TRAFFIC_PORT:80", "$MONITOR_PORT:90"]
environment:
- WALLARM_API_TOKEN=$TOKEN
- WALLARM_API_HOST=$API_HOST
volumes: ["./nginx.conf:/etc/nginx/http.d/default.conf:ro,Z"]
EOF
# --- 6. LAUNCH ---
echo -e "${YELLOW}🚀 Launching $NODE_NAME...${NC}"
cd "$INSTANCE_DIR"
$COMPOSE_CMD -f conf.yml up -d
# --- 7. VERIFICATION ---
echo -e "\n${YELLOW}⏳ Waiting for handshake...${NC}"
sleep 5
if curl -s "http://localhost:$MONITOR_PORT/wallarm-status" | grep -q "requests"; then
echo -e "${GREEN}✅ SUCCESS: $NODE_NAME IS LIVE AND INSPECTING TRAFFIC${NC}"
else
echo -e "${RED}⚠️ WARNING: Handshake slow. Check: $ENGINE logs $NODE_NAME${NC}"
fi
echo -e "--------------------------------------------------"
echo -e "Traffic URL: http://<VM_IP>:$TRAFFIC_PORT"
echo -e "--------------------------------------------------"
Reference in a new issue View git blame Copy permalink