Upgrading Wallarm node with All-in-One Installer¶

These instructions describe the steps to upgrade the Wallarm node 4.6.x installed using all-in-one installer to version 4.6.x+.

Requirements¶

Access to the account with the Administrator role in Wallarm Console for the US Cloud or EU Cloud.
Access to https://meganode.wallarm.com to download all-in-one Wallarm installer. Ensure the access is not blocked by a firewall.
Access to https://us1.api.wallarm.com for working with US Wallarm Cloud or to https://api.wallarm.com for working with EU Wallarm Cloud. If access can be configured only via the proxy server, then use the instructions.
Executing all commands as a superuser (e.g. root).

Upgrade procedure¶

The upgrade procedure differs depending on how filtering node and postanalytics modules are installed:

On the same server: modules are upgraded altogether
On different servers: first upgrade the postanalytics module and then the filtering module

Filtering node and postanalytics on the same server¶

Use the procedure below to upgrade altogether the filtering node and postanalytics modules installed using all-in-one installer on the same server.

Step 1: Prepare Wallarm token¶

To upgrade node, you will need a Wallarm token of one of the types. To prepare a token:

API tokenNode token

Open Wallarm Console → Settings → API tokens in the US Cloud or EU Cloud.
Find or create API token with the Deploy source role.
Copy this token.

For upgrade, use the same node token that was used for installation:

Open Wallarm Console → Nodes in the US Cloud or EU Cloud.
In your existing node group, copy token using node's menu → Copy token.

Step 2: Download newest version of all-in-one Wallarm installer¶

Wallarm suggests all-in-one installations for the following processors:

x86_64
ARM64 (beta)

To download all-in-one Wallarm installation script, execute the command:

x86_64 versionARM64 version (beta)

curl -O https://meganode.wallarm.com/4.6/wallarm-4.6.12.x86_64-glibc.sh

curl -O https://meganode.wallarm.com/4.6/wallarm-4.6.12.aarch64-glibc.sh

Step 3: Run all-in-one Wallarm installer¶

Run downloaded script:

API tokenNode token

# If using the x86_64 version:
sudo env WALLARM_LABELS='group=<GROUP>' sh wallarm-4.6.12.x86_64-glibc.sh

# If using the ARM64 version:
sudo env WALLARM_LABELS='group=<GROUP>' sh wallarm-4.6.12.aarch64-glibc.sh

The WALLARM_LABELS variable sets group into which the node will be added (used for logical grouping of nodes in the Wallarm Console UI).

# If using the x86_64 version:
sudo sh wallarm-4.6.12.x86_64-glibc.sh

# If using the ARM64 version:
sudo sh wallarm-4.6.12.aarch64-glibc.sh

Select US Cloud or EU Cloud.
Enter Wallarm token.

Step 4: Restart NGINX¶

Restart NGINX using the following command:

sudo systemctl restart nginx

Step 5: Test Wallarm node operation¶

To test the new node operation:

Send the request with test SQLI and XSS attacks to the protected resource address:
```
curl http://localhost/?id='or+1=1--a-<script>prompt(1)</script>'
```
Open the Wallarm Console → Events section in the US Cloud or EU Cloud and ensure attacks are displayed in the list.
As soon as your Cloud stored data (rules, IP lists) is synchronized to the new node, perform some test attacks to make sure your rules work as expected.

Filtering node and postanalytics on different servers¶

Sequence of steps to upgrade the filtering node and postanalytics modules

If the filtering node and postanalytics modules are installed on different servers, then it is required to upgrade the postanalytics packages before updating the filtering node packages.

Step 1: Prepare Wallarm token¶

To upgrade node, you will need a Wallarm token of one of the types. To prepare a token:

API tokenNode token

Open Wallarm Console → Settings → API tokens in the US Cloud or EU Cloud.
Find or create API token with the Deploy source role.
Copy this token.

For upgrade, use the same node token that was used for installation:

Open Wallarm Console → Nodes in the US Cloud or EU Cloud.
In your existing node group, copy token using node's menu → Copy token.

Step 2: Download newest version of all-in-one Wallarm installer to postanalytics machine¶

This step is performed on the postanalytics machine.

Wallarm suggests all-in-one installations for the following processors:

x86_64
ARM64 (beta)

To download all-in-one Wallarm installation script, execute the command:

x86_64 versionARM64 version (beta)

curl -O https://meganode.wallarm.com/4.6/wallarm-4.6.12.x86_64-glibc.sh

curl -O https://meganode.wallarm.com/4.6/wallarm-4.6.12.aarch64-glibc.sh

Step 3: Run all-in-one Wallarm installer to upgrade postanalytics¶

This step is performed on the postanalytics machine.

To install postanalytics separately with all-in-one installer, use:

API tokenNode token

# If using the x86_64 version:
sudo env WALLARM_LABELS='group=<GROUP>' sh wallarm-4.6.12.x86_64-glibc.sh postanalytics

# If using the ARM64 version:
sudo env WALLARM_LABELS='group=<GROUP>' sh wallarm-4.6.12.aarch64-glibc.sh postanalytics

The WALLARM_LABELS variable sets group into which the node will be added (used for logical grouping of nodes in the Wallarm Console UI).

# If using the x86_64 version:
sudo sh wallarm-4.6.12.x86_64-glibc.sh postanalytics

# If using the ARM64 version:
sudo sh wallarm-4.6.12.aarch64-glibc.sh postanalytics

Step 4: Download newest version of all-in-one Wallarm installer to filtering node machine¶

This step is performed on the filtering node machine.

Wallarm suggests all-in-one installations for the following processors:

x86_64
ARM64 (beta)

To download all-in-one Wallarm installation script, execute the command:

x86_64 versionARM64 version (beta)

curl -O https://meganode.wallarm.com/4.6/wallarm-4.6.12.x86_64-glibc.sh

curl -O https://meganode.wallarm.com/4.6/wallarm-4.6.12.aarch64-glibc.sh

Step 5: Run all-in-one Wallarm installer to upgrade filtering node¶

This step is performed on the filtering node machine.

To upgrade filtering node separately with all-in-one installer, use:

API tokenNode token

# If using the x86_64 version:
sudo env WALLARM_LABELS='group=<GROUP>' sh wallarm-4.6.12.x86_64-glibc.sh filtering

# If using the ARM64 version:
sudo env WALLARM_LABELS='group=<GROUP>' sh wallarm-4.6.12.aarch64-glibc.sh filtering

The WALLARM_LABELS variable sets group into which the node will be added (used for logical grouping of nodes in the Wallarm Console UI).

# If using the x86_64 version:
sudo sh wallarm-4.6.12.x86_64-glibc.sh filtering

# If using the ARM64 version:
sudo sh wallarm-4.6.12.aarch64-glibc.sh filtering

Step 6: Check the filtering node and separate postanalytics modules interaction¶

To check the NGINX‑Wallarm and separate postanalytics modules interaction, you can send the request with test attack to the address of the protected application:

curl http://localhost/etc/passwd

If the NGINX‑Wallarm and separate postanalytics modules are configured properly, the attack will be uploaded to the Wallarm Cloud and displayed in the Events section of Wallarm Console:

If the attack was not uploaded to the Cloud, please check that there are no errors in the services operation:

Make sure that the postanalytics service wallarm-tarantool is in the status active
```
sudo systemctl status wallarm-tarantool
```
Analyze the postanalytics module logs
```
sudo cat /var/log/wallarm/tarantool.log
```
If there is the record like SystemError binary: failed to bind: Cannot assign requested address, make sure that the server accepts connection on specified address and port.
On the server with the NGINX‑Wallarm module, analyze the NGINX logs:
```
sudo cat /var/log/nginx/error.log
```
If there is the record like [error] wallarm: <address> connect() failed, make sure that the address of separate postanalytics module is specified correctly in the NGINX‑Wallarm module configuration files and separate postanalytics server accepts connection on specified address and port.
On the server with the NGINX‑Wallarm module, get the statistics on processed requests using the command below and make sure that the value of tnt_errors is 0
```
curl http://127.0.0.8/wallarm-status
```
Description of all parameters returned by the statistics service →