Upgrading Wallarm node with All-in-One Installer¶

These instructions describe the steps to upgrade the Wallarm node 4.x installed using all-in-one installer to version 4.10.

Requirements¶

Access to the account with the Administrator role in Wallarm Console for the US Cloud or EU Cloud.
Access to https://meganode.wallarm.com to download all-in-one Wallarm installer. Ensure the access is not blocked by a firewall.
Access to https://us1.api.wallarm.com for working with US Wallarm Cloud or to https://api.wallarm.com for working with EU Wallarm Cloud. If access can be configured only via the proxy server, then use the instructions.
Executing all commands as a superuser (e.g. root).
Access to the IP addresses below for downloading updates to attack detection rules and API specifications, as well as retrieving precise IPs for your allowlisted, denylisted, or graylisted countries, regions, or data centers.
US CloudEU Cloud
34.96.64.17 34.110.183.149 35.235.66.155 34.102.90.100 34.94.156.115 35.235.115.105
34.160.38.183 34.144.227.90 34.90.110.226

Upgrade procedure¶

The upgrade procedure differs depending on how filtering node and postanalytics modules are installed:

On the same server: modules are upgraded altogether
On different servers: first upgrade the postanalytics module and then the filtering module

Filtering node and postanalytics on the same server¶

Use the procedure below to upgrade altogether the filtering node and postanalytics modules installed using all-in-one installer on the same server.

Step 1: Prepare Wallarm token¶

To upgrade node, you will need a Wallarm token of one of the types. To prepare a token:

API tokenNode token

Open Wallarm Console → Settings → API tokens in the US Cloud or EU Cloud.
Find or create API token with the Node deployment/Deployment usage type.
Copy this token.

For upgrade, use the same node token that was used for installation:

Open Wallarm Console → Nodes in the US Cloud or EU Cloud.
In your existing node group, copy token using node's menu → Copy token.

Step 2: Download newest version of all-in-one Wallarm installer¶

Wallarm suggests all-in-one installations for the following processors:

x86_64
ARM64 (beta)

To download all-in-one Wallarm installation script, execute the command:

x86_64 versionARM64 version (beta)

curl -O https://meganode.wallarm.com/4.10/wallarm-4.10.13.x86_64-glibc.sh

curl -O https://meganode.wallarm.com/4.10/wallarm-4.10.13.aarch64-glibc.sh

Step 3: Run all-in-one Wallarm installer¶

Run the downloaded script:

API tokenNode token

# If using the x86_64 version:
sudo env WALLARM_LABELS='group=<GROUP>' sh wallarm-4.10.13.x86_64-glibc.sh -- --batch -t <TOKEN> -c <CLOUD> -f

# If using the ARM64 version:
sudo env WALLARM_LABELS='group=<GROUP>' sh wallarm-4.10.13.aarch64-glibc.sh -- --batch -t <TOKEN> -c <CLOUD> -f

# If using the x86_64 version:
sudo sh wallarm-4.10.13.x86_64-glibc.sh -- --batch -t <TOKEN> -c <CLOUD> -f

# If using the ARM64 version:
sudo sh wallarm-4.10.13.aarch64-glibc.sh -- --batch -t <TOKEN> -c <CLOUD> -f

<GROUP> sets a group name into which the node will be added (used for logical grouping of nodes in the Wallarm Console UI). Only applied if using an API token.
<TOKEN> is the copied token value.
<CLOUD> is the Wallarm Cloud to register the new node in. Can be either US or EU.

Step 4: Restart NGINX¶

Restart NGINX using the following command:

sudo systemctl restart nginx

Step 5: Test Wallarm node operation¶

To test the new node operation:

Send the request with test Path Traversal attack to a protected resource address:
```
curl http://localhost/etc/passwd
```
Open the Wallarm Console → Attacks section in the US Cloud or EU Cloud and ensure attacks are displayed in the list.
As soon as your Cloud stored data (rules, IP lists) is synchronized to the new node, perform some test attacks to make sure your rules work as expected.

Filtering node and postanalytics on different servers¶

Sequence of steps to upgrade the filtering node and postanalytics modules

If the filtering node and postanalytics modules are installed on different servers, then it is required to upgrade the postanalytics packages before updating the filtering node packages.

Step 1: Prepare Wallarm token¶

To upgrade node, you will need a Wallarm token of one of the types. To prepare a token:

API tokenNode token

Open Wallarm Console → Settings → API tokens in the US Cloud or EU Cloud.
Find or create API token with the Node deployment/Deployment usage type.
Copy this token.

For upgrade, use the same node token that was used for installation:

Open Wallarm Console → Nodes in the US Cloud or EU Cloud.
In your existing node group, copy token using node's menu → Copy token.

Step 2: Download newest version of all-in-one Wallarm installer to postanalytics machine¶

This step is performed on the postanalytics machine.

Wallarm suggests all-in-one installations for the following processors:

x86_64
ARM64 (beta)

To download all-in-one Wallarm installation script, execute the command:

x86_64 versionARM64 version (beta)

curl -O https://meganode.wallarm.com/4.10/wallarm-4.10.13.x86_64-glibc.sh

curl -O https://meganode.wallarm.com/4.10/wallarm-4.10.13.aarch64-glibc.sh

Step 3: Run all-in-one Wallarm installer to upgrade postanalytics¶

This step is performed on the postanalytics machine.

API tokenNode token

# If using the x86_64 version:
sudo env WALLARM_LABELS='group=<GROUP>' sh wallarm-4.10.13.x86_64-glibc.sh -- --batch -t <TOKEN> -c <CLOUD> -f postanalytics

# If using the ARM64 version:
sudo env WALLARM_LABELS='group=<GROUP>' sh wallarm-4.10.13.aarch64-glibc.sh -- --batch -t <TOKEN> -c <CLOUD> -f postanalytics

# If using the x86_64 version:
sudo sh wallarm-4.10.13.x86_64-glibc.sh -- --batch -t <TOKEN> -c <CLOUD> -f postanalytics

# If using the ARM64 version:
sudo sh wallarm-4.10.13.aarch64-glibc.sh -- --batch -t <TOKEN> -c <CLOUD> -f postanalytics

<GROUP> sets a group name into which the node will be added (used for logical grouping of nodes in the Wallarm Console UI). Only applied if using an API token.
<TOKEN> is the copied token value.
<CLOUD> is the Wallarm Cloud to register the new node in. Can be either US or EU.

Step 4: Download newest version of all-in-one Wallarm installer to filtering node machine¶

This step is performed on the filtering node machine.

Wallarm suggests all-in-one installations for the following processors:

x86_64
ARM64 (beta)

To download all-in-one Wallarm installation script, execute the command:

x86_64 versionARM64 version (beta)

curl -O https://meganode.wallarm.com/4.10/wallarm-4.10.13.x86_64-glibc.sh

curl -O https://meganode.wallarm.com/4.10/wallarm-4.10.13.aarch64-glibc.sh

Step 5: Run all-in-one Wallarm installer to upgrade filtering node¶

This step is performed on the filtering node machine.

API tokenNode token

# If using the x86_64 version:
sudo env WALLARM_LABELS='group=<GROUP>' sh wallarm-4.10.13.x86_64-glibc.sh -- --batch -t <TOKEN> -c <CLOUD> -f filtering

# If using the ARM64 version:
sudo env WALLARM_LABELS='group=<GROUP>' sh wallarm-4.10.13.aarch64-glibc.sh -- --batch -t <TOKEN> -c <CLOUD> -f filtering

# If using the x86_64 version:
sudo sh wallarm-4.10.13.x86_64-glibc.sh -- --batch -t <TOKEN> -c <CLOUD> -f filtering

# If using the ARM64 version:
sudo sh wallarm-4.10.13.aarch64-glibc.sh -- --batch -t <TOKEN> -c <CLOUD> -f filtering

<GROUP> sets a group name into which the node will be added (used for logical grouping of nodes in the Wallarm Console UI). Only applied if using an API token.
<TOKEN> is the copied token value.
<CLOUD> is the Wallarm Cloud to register the new node in. Can be either US or EU.

Step 6: Check the filtering node and separate postanalytics modules interaction¶

To check the NGINX‑Wallarm and separate postanalytics modules interaction, you can send the request with test attack to the address of the protected application:

curl http://localhost/etc/passwd

If the NGINX‑Wallarm and separate postanalytics modules are configured properly, the attack will be uploaded to the Wallarm Cloud and displayed in the Attacks section of Wallarm Console:

If the attack was not uploaded to the Cloud, please check that there are no errors in the services operation:

Analyze the postanalytics module logs
```
sudo cat /opt/wallarm/var/log/wallarm/tarantool-out.log
```
If there is the record like SystemError binary: failed to bind: Cannot assign requested address, make sure that the server accepts connection on specified address and port.
On the server with the NGINX‑Wallarm module, analyze the NGINX logs:
```
sudo cat /var/log/nginx/error.log
```
If there is the record like [error] wallarm: <address> connect() failed, make sure that the address of separate postanalytics module is specified correctly in the NGINX‑Wallarm module configuration files and separate postanalytics server accepts connection on specified address and port.
On the server with the NGINX‑Wallarm module, get the statistics on processed requests using the command below and make sure that the value of tnt_errors is 0
```
curl http://127.0.0.8/wallarm-status
```
Description of all parameters returned by the statistics service →