Keeper Connection Manager

Pre-Release Testing

Instructions for performing pre-release testing on Keeper Connection Manager containers

Overview

Customers who are provided with early access to KCM containers can follow the below process:

Please ensure that any pre-release testing is performed in a non-production environment

(1) Request Access

Contact the Keeper team to request access, and provide your Docker Hub username. We will add you to the Beta Testers team which has read-only access to our pre-release containers. We will also provide you privately with the latest kcm-setup.run file which loads the necessary configuration.

(2) Login to DockerHub

After accepting the invitation to Join Keeper's pre-release repositories, visit https://hub.docker.com and go to Settings > Security and click on New Access Token and create a personal access token for the machine.

Using the generated token, login to Docker from your machine:

docker login --username YOUR_USERNAME

When prompted for a password, enter the personal access token instead of a password.

(3) Get the latest kcm-setup.run

Keeper will provide you with the latest kcm-setup.run file. Copy this file to your server and update the executable status.

chmod +x kcm-setup.run

(4) Install the Containers

Follow the sections below depending on whether this is an existing or new installation.

Installation - New Machine

New Machine Setup

Type the following:

export KCM_SETUP_IMAGE_PATTERN="keepersecurityinc/%s-dev"
sudo -E ./kcm-setup.run

When prompted for a license key, provide the key from the Keeper support team.

Installation - Existing Machine

Please perform a backup of your docker-compose.yml file, snapshot the machine and back up databases before making any of these changes.

Update the docker-compose.yml file (usually located in /etc/kcm-setup/docker-compose.yml) and replace the images as noted below:

  • Add shm_size and security_opt section as seen below in the guacd images

  • Replace guacd image with keepersecurityinc/guacd-dev

  • For MySQL, replace the db image with keepersecurityinc/guacamole-db-mysql-dev

  • For PostreSQL, replace the db image with keepersecurityinc/guacamole-db-postgres-dev

  • Replace guacamole image with keepersecurityinc/guacamole-dev

  • Replace ssl image with keepersecurityinc/guacamole-ssl-nginx-dev

  • Make sure KCM_LICENSE is populated with your Keeper Connection Manager license key

Example image replacements seen below:

version: "3"
services:

    guacd:
        image: keepersecurityinc/guacd-dev
        restart: unless-stopped
        shm_size: 2007372k
        security_opt:
            - "seccomp:/etc/kcm-setup/guacd-docker-seccomp.json"

...
 
     db:
        image: keepersecurityinc/guacamole-db-mysql-dev
...

     guacamole:
        image: keepersecurityinc/guacamole-dev
        restart: unless-stopped
        ...
        environment:
            KCM_LICENSE: "XXXXXXXXXXXXXX"

...
    ssl:
        image: keepersecurityinc/guacamole-ssl-nginx-dev

After updating the docker-compose.yml file per above, update the containers using the below commands.

export KCM_SETUP_IMAGE_PATTERN="keepersecurityinc/%s-dev"

sudo docker exec kcm-guacd-1 cat /opt/keeper/share/guacd/docker-seccomp.json > guacd-docker-seccomp.json
sudo mv guacd-docker-seccomp.json /etc/kcm-setup/

sudo -E ./kcm-setup.run stop
sudo -E ./kcm-setup.run upgrade

This will pull down the preview builds and restart the service.

Subsequent Updates

As new builds are published, make sure to update using these specific commands (the -E is important because it tells the script to load the correct containers):

export KCM_SETUP_IMAGE_PATTERN="keepersecurityinc/%s-dev"
sudo -E ./kcm-setup.run stop
sudo -E ./kcm-setup.run upgrade
PreviousExporting ConnectionsNextChangelog

Last updated