Standard installation

This topic provides guidance on installing Package Security Manager and verifying your installation.

​

Installing Package Security Manager

1. Download your installer by running the following command:

   Copy

   Ask AI

   # Replace <INSTALLER_LOCATION> with the provided installer URL
   curl -O <INSTALLER_LOCATION>
   

   If you do not have root access, you must add yourself to the docker group by running the following command before you install:

   Copy

   Ask AI

   # Replace <USERNAME> with your Anaconda username
   usermod -a -G docker <USERNAME>
   

2. Run one of the following installation commands. Choose the command that corresponds with your setup.

   • HTTP
   • HTTPS
   • External Postgres
   • External Postgres and Redis

   Copy

   Ask AI

   # Replace <INSTALLER> with the installer you just downloaded
   # Replace <FQDN> with the fully qualified domain name of your Package Security Manager instance
   sudo bash <INSTALLER> --keep -- --domain <FQDN> --default-user anaconda 2>&1 | tee as.install.output
   

   To include Grafana monitoring dashboards in your installation of Package Security Manager, add the following argument to your installation command:

   Copy

   Ask AI

   --grafana-monitor-stack
   

   Copy

   Ask AI

   # Replace <INSTALLER> with the installer you just downloaded
   # Replace <FQDN> with the fully qualified domain name of your Package Security Manager instance
   sudo bash <INSTALLER> --keep -- --domain <FQDN> --default-user anaconda 2>&1 | tee as.install.output
   

   To include Grafana monitoring dashboards in your installation of Package Security Manager, add the following argument to your installation command:

   Copy

   Ask AI

   --grafana-monitor-stack
   

   If you are using TLS/SSL certificates, run this command to install Package Security Manager:

   Copy

   Ask AI

   # Replace <INSTALLER> with the installer you just downloaded
   # Replace <FQDN> with the fully qualified domain name of your Package Security Manager instance
   # Replace <PATH_TO_CERT> with the path to your TLS/SSL cert
   # Replace <PATH_TO_KEY> with the path to your TLS/SSL key
   sudo bash <INSTALLER> --keep -- --domain <FQDN> --tls-cert <PATH_TO_CERT> --tls-key <PATH_TO_KEY> --default-user anaconda 2>&1 | tee as.install.output
   

   To include Grafana monitoring dashboards in your installation of Package Security Manager, add the following argument to your installation command:

   Copy

   Ask AI

   --grafana-monitor-stack
   

   Copy

   Ask AI

   # Replace <INSTALLER> with the installer file you just downloaded
   # Replace <FQDN> with the fully qualified domain name of your Package Security Manager instance
   # Replace <PATH_TO_CERT> with the path to your TLS/SSL cert
   # Replace <PATH_TO_KEY> with the path to your TLS/SSL key
   # Replace <EXTERNAL_PG> with your external Postgres host IP4 address
   # Replace <ASSIGNED_PORT> with the port assigned to Postgres (default is 5432)
   # Replace <PSM_PASSWORD> with the password you established during setup
   bash <INSTALLER> --keep -- --domain <FQDN> --tls-cert <PATH_TO_CERT> --tls-key <PATH_TO_KEY> --default-user anaconda --pg-host <EXTERNAL_PG> --pg-port <ASSIGNED_PORT> --pg-user anaconda --pg-password <PSM_PASSWORD> 2>&1 | tee as.install.output
   

   To include Grafana monitoring dashboards in your installation of Package Security Manager, add the following argument to your installation command:

   Copy

   Ask AI

   --grafana-monitor-stack
   

   1. Allow the installation to fail, then clean itself up.

   2. Enter the ate-installer-* directory that was created from the installation process.

   3. Using your preferred file editor, open the .env file and update the POSTGRES_URI variable to point to the database created during setup.

      For example, your current connection string might look something like this:

      Copy

      Ask AI

      POSTGRES_URI=postgresql://anaconda:<PSM_PASSWORD>@<EXTERNAL_PG>:5432/postgres
      

      Update the connection string to use the database for the user you created and are using for installation as shown:

      Copy

      Ask AI

      POSTGRES_URI=postgresql://anaconda:<PSM_PASSWORD>@<EXTERNAL_PG>:5432/anaconda
      

   4. Save your work and close the file.

   5. Using your preferred file editor, open the docker-compose.yml file, and find the keycloak: section.

   6. Update the KC_DB_PASSWORD environment variable to the password you established for the keycloak user during environment prep.

      The correct formatting is shown below:

      Copy

      Ask AI

      # Replace <KEYCLOAK_PASSWORD> with the password you established during setup
      - KC_DB_PASSWORD=<KEYCLOAK_PASSWORD>
      

   7. Save your work and close the file.

   8. Restart your containers by running the following command:

      Copy

      Ask AI

      docker composer up -d
      

   Copy

   Ask AI

   # Replace <INSTALLER> with the installer file you just downloaded
   # Replace <FQDN> with the fully qualified domain name of your Package Security Manager instance
   # Replace <PATH_TO_CERT> with the path to your TLS/SSL cert
   # Replace <PATH_TO_KEY> with the path to your TLS/SSL key
   # Replace <EXTERNAL_PG/RD_INSTANCE_IP4> with your external instance IP4 address (in both locations)
   # Replace <ASSIGNED_PORT> with the port used for communication
   # Replace <POSTGRES_USERID> with your postgres user ID
   # Replace <POSTGRES_PASSWORD> with your postgres password
   chmod +x <INSTALLER>
   bash <INSTALLER> --keep -- --domain <FQDN> --tls-cert <PATH_TO_CERT> --tls-key <PATH_TO_KEY> -e redis://<EXTERNAL_PG/RD_INSTANCE_IP4> -h <EXTERNAL_PG/RD_INSTANCE_IP4> -p <ASSIGNED_PORT> -u <POSTGRES_USERID> -pw <POSTGRES_PASSWORD> --default-user anaconda -y 2>&1 | tee as.install.output
   

   To include Grafana monitoring dashboards in your installation of Package Security Manager, add the following argument to your installation command:

   Copy

   Ask AI

   --grafana-monitor-stack
   

   The installation process creates three distinct user profiles: one for administrating Package Security Manager, one for administrating Keycloak, and one for accessing Prometheus. Login credentials for these profiles are shown during the installer output. Use these credentials for your initial logins, and update them as soon as possible.

   Example output

​

Verifying your installation

Services are one-to-one to containers. Therefore, verifying that all major containers are up and not restarting or failing is a good first step.

1. Return to your terminal and run the following command:

   Copy

   Ask AI

   docker ps
   

   You should see output similar to the following:

2. Verify that the following containers appear with a STATUS of Up (not stuck in a restart loop) in the output:

   Copy

   Ask AI

   repo_api
   repo_worker
   repo_dispatcher
   proxy
   nginx_proxy
   keycloak
   redis
   postgres
   

   These containers should always be running. However, you might see additional containers, depending on the phase of installation or your initial configuration choices:

   Additional containers

3. Open a browser and navigate to the domain that you supplied when executing the installer. If you are able to successfully authenticate and are asked for a license, Package Security Manager has installed successfully.

​

Advanced options

Further installation options can be seen by running the following command:

# Replace <INSTALLER> with your installer file
./<INSTALLER>/install.sh --help

This will present you with the following list of possible arguments: