Upgrading Package Security Manager#
Caution
Before you upgrade, create backups of the docker-compose.yml
and .env
files. These files contain your server’s custom configurations and are overwritten during the upgrade.
Service account roles#
If you are currently using Package Security Manager 6.1.6 or later, you may skip these steps and start upgrading.
Before you upgrade, you must verify that the correct permissions are set for the service account. If you do not, the Keycloak API will not be able to query user roles and users will lose all their assigned permissions.
Open a browser and log in to your Keycloak admin panel using your existing Keycloak credentials. Your Keycloak admin panel can be found at
https://<YOUR_DOMAIN>/auth/admin
.Navigate to the Clients page from the left-hand navigation menu, then select repo-account-sync from the list.
Select the Service Account Roles tab at the top of the page, then open the Client Roles dropdown menu and select realm-management.
Add
manage-users
andmanage-realm
to the Assigned Roles.
Upgrading to a newer version#
Package Security Manager supports upgrading from your current version without halting the program.
Caution
Before you upgrade, ensure the environment meets the new version’s installation requirements. This might involve updating your versions of docker and docker-compose. For more information, see Software requirements and Additional recommendations.
Upgrade steps#
Download your installer by running the command:
# Replace <INSTALLER_LOCATION> with the provided installer URL curl -O <INSTALLER_LOCATION>
Run one of the following upgrade commands. Choose the command that corresponds with your setup.
# Replace <INSTALLER> with the installer you just downloaded # Replace <PATH_TO_REPO_FOLDER> with the path to your repository - the default path is /opt/anaconda/repo # Replace <FQDN> with your fully qualified domain name # Replace <PREVIOUS_INSTALLER> with the location of the previous installer file (where the docker-compose.yml is located) bash <INSTALLER> -- -b <PATH_TO_REPO_FOLDER> -d <FQDN> --upgrade-from ../<PREVIOUS_INSTALLER>
Caution
If your current version of Package Security Manager is utilizing Grafana, you must include the following argument in your upgrade. If you do not, you will lose access to your Grafana dashboards. Upgrading removes your previous version of Grafana.
--grafana-monitor-stack
Don’t forget to log in and update your password for your Grafana monitoring dashboards!
Once the upgrade is complete, run the following command to instruct Keycloak to allow HTTP traffic:
# Replace <ADMIN_PASSWORD> with the password used to log in to Keycloak as user "admin" docker compose exec -T keycloak ./bin/kcadm.sh update realms/master -s sslRequired=NONE --server http://localhost:8080/auth --realm master --user admin --password <ADMIN_PASSWORD>
If your setup uses HTTPS protocol, you’ll need to provide the TLS certificate and key in your installation command:
# Replace <INSTALLER> with the installer you just downloaded # Replace <PATH_TO_REPO_FOLDER> with the path to your repository - the default path is /opt/anaconda/repo # Replace <FQDN> with your fully qualified domain name # Replace <PATH_TO_CERT> and <PATH_TO_KEY> with your TLS certificate and key paths # Replace <PREVIOUS_DIR> with the location of the previous installation (where the docker-compose.yml is located) bash <INSTALLER> -- -b <PATH_TO_REPO_FOLDER> --domain <FQDN> --tls-cert <PATH_TO_CERT> --tls-key <PATH_TO_KEY> --upgrade-from ../<PREVIOUS_INSTALLER>
Caution
If your current version of Package Security Manager is utilizing Grafana, you must include the following argument in your upgrade. If you do not, you will lose access to your Grafana dashboards. Upgrading removes your previous version of Grafana.
--grafana-monitor-stack
Don’t forget to log in and update your password for your Grafana monitoring dashboards!
If necessary, restore your Package Security Manager’s custom configurations saved in the
docker-compose.yml
and.env
backup files you created before you began upgrading.
Note
If you are upgrading to Package Security Manager
6.6.2
or later, please see Upgrading Postgres.If you need to support artifact types in excess of 3GB in size, please see Increasing artifact upload size limit.
Custom implementation considerations#
If you’re using a custom implementation, verify that your docker-compose.yml
and/or repo.conf
(nginx configuration) files reflect the upgraded changes.