This topic provides guidance on installing Package Security Manager and verifying your installation.
These instructions assume that you have completed environment preparation.

Installing Package Security Manager

  1. Download your installer by running the following command: 
    # Replace <INSTALLER_LOCATION> with the provided installer URL
curl -O <INSTALLER_LOCATION>
    If you do not have root access, you must add yourself to the docker group by running the following command before you install:
    # Replace <USERNAME> with your Anaconda username
usermod -a -G docker <USERNAME>
  2. Run one of the following installation commands. Choose the command that corresponds with your setup. 
    # Replace <INSTALLER> with the installer you just downloaded
# Replace <FQDN> with the fully qualified domain name of your Package Security Manager instance
sudo bash <INSTALLER> --keep -- --domain <FQDN> --default-user anaconda 2>&1 | tee as.install.output
    To include Grafana monitoring dashboards in your installation of Package Security Manager, add the following argument to your installation command:
    --grafana-monitor-stack
    The installation process creates three distinct user profiles: one for administrating Package Security Manager, one for administrating Keycloak, and one for accessing Prometheus. Login credentials for these profiles are shown during the installer output. Use these credentials for your initial logins, and update them as soon as possible.
The installer directory contains both the installation script (install.sh) and the docker-compose.yml file, which defines how Package Security Manager services are run.
By default, /opt/anaconda/repo is the file path for the installation folder. You can either create the folder manually by assigning write access to the current user, or use the -b (--base-install-dir) parameter to specify the folder for your installation.
Never delete the directory containing the docker-compose.yml and .env files.

Verifying your installation

Services are one-to-one to containers. Therefore, verifying that all major containers are up and not restarting or failing is a good first step.
  1. Return to your terminal and run the following command: 
    docker ps
    You should see output similar to the following:
  2. Verify that the following containers appear with a STATUS of Up (not stuck in a restart loop) in the output: 
    repo_api
repo_worker
repo_dispatcher
proxy
nginx_proxy
keycloak
redis
postgres
    These containers should always be running. However, you might see additional containers, depending on the phase of installation or your initial configuration choices:
  3. Open a browser and navigate to the domain that you supplied when executing the installer. If you are able to successfully authenticate and are asked for a license, Package Security Manager has installed successfully.

Advanced options

Further installation options can be seen by running the following command: 
# Replace <INSTALLER> with your installer file
./<INSTALLER>/install.sh --help
This will present you with the following list of possible arguments:
Arguments (shorthand)Arguments (longhand)Description
-r--registryDocker registry, url:port (default uses the system Docker daemon)
-h--pg-hostPostgresql host (default is on internal Postgres instance)
-p--pg-portPostgresql port number
-u--pg-userPostgresql username
-pw--pg-passwordPostgresql password (will set the internal Postgres instance password)
-e--redisRedis URL (default is an internal Redis instance)
-d--domainExternal domain (or IP address) of host system
-c--tls-certPath to TLS certification file for optionally configuring HTTPS (includes the host certificate and all intermediate certificates, but not the Root CA)
-k--tls-keyPath to TLS key file for optionally configuring HTTPS
--default-userDefault user name
--custom-ca-certPath to custom CA certification, which should be respected
--custom-cve-sourceFor air-gapped environments provide a custom source for CVE data
--upgrade-fromPrevious install folder
-l--no-image-loadDon’t load Docker images
-y--no-promptAnswer yes to all prompts
-- helpPrint help text