Upgrading Wallarm node with All-in-One Installer¶
These instructions describe the steps to upgrade the Wallarm node 4.6.x installed using all-in-one installer to version 4.6.x+.
Requirements¶
-
Access to the account with the Administrator role in Wallarm Console for the US Cloud or EU Cloud.
-
Access to
https://meganode.wallarm.com
to download all-in-one Wallarm installer. Ensure the access is not blocked by a firewall. -
Access to
https://us1.api.wallarm.com
for working with US Wallarm Cloud or tohttps://api.wallarm.com
for working with EU Wallarm Cloud. If access can be configured only via the proxy server, then use the instructions. -
Executing all commands as a superuser (e.g.
root
).
Upgrade procedure¶
The upgrade procedure differs depending on how filtering node and postanalytics modules are installed:
-
On the same server: modules are upgraded altogether
-
On different servers: first upgrade the postanalytics module and then the filtering module
Filtering node and postanalytics on the same server¶
Use the procedure below to upgrade altogether the filtering node and postanalytics modules installed using all-in-one installer on the same server.
Step 1: Prepare Wallarm token¶
To upgrade node, you will need a Wallarm token of one of the types. To prepare a token:
Step 2: Download newest version of all-in-one Wallarm installer¶
Wallarm suggests all-in-one installations for the following processors:
-
x86_64
-
ARM64 (beta)
To download all-in-one Wallarm installation script, execute the command:
curl -O https://meganode.wallarm.com/4.6/wallarm-4.6.12.x86_64-glibc.sh
curl -O https://meganode.wallarm.com/4.6/wallarm-4.6.12.aarch64-glibc.sh
Step 3: Run all-in-one Wallarm installer¶
-
Run downloaded script:
# If using the x86_64 version: sudo env WALLARM_LABELS='group=<GROUP>' sh wallarm-4.6.12.x86_64-glibc.sh # If using the ARM64 version: sudo env WALLARM_LABELS='group=<GROUP>' sh wallarm-4.6.12.aarch64-glibc.sh
The
WALLARM_LABELS
variable sets group into which the node will be added (used for logical grouping of nodes in the Wallarm Console UI).# If using the x86_64 version: sudo sh wallarm-4.6.12.x86_64-glibc.sh # If using the ARM64 version: sudo sh wallarm-4.6.12.aarch64-glibc.sh
-
Enter Wallarm token.
Step 4: Restart NGINX¶
Restart NGINX using the following command:
sudo systemctl restart nginx
Step 5: Test Wallarm node operation¶
To test the new node operation:
-
Send the request with test SQLI and XSS attacks to the protected resource address:
curl http://localhost/?id='or+1=1--a-<script>prompt(1)</script>'
-
Open the Wallarm Console → Events section in the US Cloud or EU Cloud and ensure attacks are displayed in the list.
-
As soon as your Cloud stored data (rules, IP lists) is synchronized to the new node, perform some test attacks to make sure your rules work as expected.
Filtering node and postanalytics on different servers¶
Sequence of steps to upgrade the filtering node and postanalytics modules
If the filtering node and postanalytics modules are installed on different servers, then it is required to upgrade the postanalytics packages before updating the filtering node packages.
Step 1: Prepare Wallarm token¶
To upgrade node, you will need a Wallarm token of one of the types. To prepare a token:
Step 2: Download newest version of all-in-one Wallarm installer to postanalytics machine¶
This step is performed on the postanalytics machine.
Wallarm suggests all-in-one installations for the following processors:
-
x86_64
-
ARM64 (beta)
To download all-in-one Wallarm installation script, execute the command:
curl -O https://meganode.wallarm.com/4.6/wallarm-4.6.12.x86_64-glibc.sh
curl -O https://meganode.wallarm.com/4.6/wallarm-4.6.12.aarch64-glibc.sh
Step 3: Run all-in-one Wallarm installer to upgrade postanalytics¶
This step is performed on the postanalytics machine.
To install postanalytics separately with all-in-one installer, use:
# If using the x86_64 version:
sudo env WALLARM_LABELS='group=<GROUP>' sh wallarm-4.6.12.x86_64-glibc.sh postanalytics
# If using the ARM64 version:
sudo env WALLARM_LABELS='group=<GROUP>' sh wallarm-4.6.12.aarch64-glibc.sh postanalytics
The WALLARM_LABELS
variable sets group into which the node will be added (used for logical grouping of nodes in the Wallarm Console UI).
# If using the x86_64 version:
sudo sh wallarm-4.6.12.x86_64-glibc.sh postanalytics
# If using the ARM64 version:
sudo sh wallarm-4.6.12.aarch64-glibc.sh postanalytics
Step 4: Download newest version of all-in-one Wallarm installer to filtering node machine¶
This step is performed on the filtering node machine.
Wallarm suggests all-in-one installations for the following processors:
-
x86_64
-
ARM64 (beta)
To download all-in-one Wallarm installation script, execute the command:
curl -O https://meganode.wallarm.com/4.6/wallarm-4.6.12.x86_64-glibc.sh
curl -O https://meganode.wallarm.com/4.6/wallarm-4.6.12.aarch64-glibc.sh
Step 5: Run all-in-one Wallarm installer to upgrade filtering node¶
This step is performed on the filtering node machine.
To upgrade filtering node separately with all-in-one installer, use:
# If using the x86_64 version:
sudo env WALLARM_LABELS='group=<GROUP>' sh wallarm-4.6.12.x86_64-glibc.sh filtering
# If using the ARM64 version:
sudo env WALLARM_LABELS='group=<GROUP>' sh wallarm-4.6.12.aarch64-glibc.sh filtering
The WALLARM_LABELS
variable sets group into which the node will be added (used for logical grouping of nodes in the Wallarm Console UI).
# If using the x86_64 version:
sudo sh wallarm-4.6.12.x86_64-glibc.sh filtering
# If using the ARM64 version:
sudo sh wallarm-4.6.12.aarch64-glibc.sh filtering
Step 6: Check the filtering node and separate postanalytics modules interaction¶
To check the NGINX‑Wallarm and separate postanalytics modules interaction, you can send the request with test attack to the address of the protected application:
curl http://localhost/etc/passwd
If the NGINX‑Wallarm and separate postanalytics modules are configured properly, the attack will be uploaded to the Wallarm Cloud and displayed in the Events section of Wallarm Console:
If the attack was not uploaded to the Cloud, please check that there are no errors in the services operation:
-
Make sure that the postanalytics service
wallarm-tarantool
is in the statusactive
sudo systemctl status wallarm-tarantool
-
Analyze the postanalytics module logs
sudo cat /var/log/wallarm/tarantool.log
If there is the record like
SystemError binary: failed to bind: Cannot assign requested address
, make sure that the server accepts connection on specified address and port. -
On the server with the NGINX‑Wallarm module, analyze the NGINX logs:
sudo cat /var/log/nginx/error.log
If there is the record like
[error] wallarm: <address> connect() failed
, make sure that the address of separate postanalytics module is specified correctly in the NGINX‑Wallarm module configuration files and separate postanalytics server accepts connection on specified address and port. -
On the server with the NGINX‑Wallarm module, get the statistics on processed requests using the command below and make sure that the value of
tnt_errors
is 0curl http://127.0.0.8/wallarm-status
Description of all parameters returned by the statistics service →