Automated Linux Docker installer for users without Docker experience
Auto Docker Install is Keeper's recommended installation method.
Make sure to read the Preparing for Installation section first.
The Auto Docker Install method creates a standard Keeper Connection Manager environment using a script that is easy to run. This method does not restrict any features and you can still utilize this installation with advanced control at a later time.
If you are already familiar with Docker, you may choose to use the Docker Compose Install method.
Before installing KCM 2.19 or later versions, please ensure you have a valid license key. Without a valid license key, users and administrators will be unable to use KCM after the update is applied
For more info, visit this page.
(1) Download the Installer
From the linux command line, download the installer script using the curl command.
(2) Add the execute permission to the Installer
(3) Run the Installer as root
The next question asks if you already have SSL termination available. If unsure, select N for no.
At the next prompt, enter your FQDN, even if it is internal. This is where users will access KCM in their browser.
Then, choose an option for SSL. A self-signed certificate (option 3) is okay for testing. After testing is complete, make sure to put a proper SSL certificate in place.
If you want to use Let's Encrypt (option 1) to quickly and easily generate and install an SSL certificate, you must have public DNS in place pointing to your static public IP. Also, Let's Encrypt requires HTTP port 80 and HTTPS port 443 to be open during the install process.
The next prompt will be to choose your database, and then it will prompt for "Your one-time access token or base64 configuration". This value is generated from Keeper Secrets Manager (a tab in your vault). If this doesn't apply to you, just press enter. You can always add it later, too.
Next up is SAML. You can choose "no" to skip it (you can come back and set it up later), or you can choose "yes" to set up SSO now. Follow the SSO setup steps here.
After installation is completed, an admin login and password is created for you. Make sure to store this in your Keeper vault, as it's not provided again later.
Store the provided username, password, and URL in your Keeper Vault
Now that the installation is complete, simply go to the URL/hostname that you designated. You'll be able to login as the guacadmin default user with the credentials provided at the completion of the installation.
Now that your Keeper Connection Manager instance is running, you can login as guacadmin and start setting up some connections. Need to import connections in bulk? Follow the steps here.
The next section of this documentation reviews the process of managing, upgrading and adding packages to the Docker Compose environment.
Auto Docker Install service management
The Auto Docker Method installs Docker and 4 containers (if you selected all options) which start up automatically after the installer completes:
Database (MySQL or PostgreSQL depending on selection)
Guacamole (Tomcat)
Guacd
SSL (NGINX)
The installer also creates a docker-compose.yml file that can be found in the filesystem:
/etc/kcm-setup/docker-compose.yml
This Docker Compose file is the configuration file which manages the multi-docker container system. If you need to make further changes to the environment, you can modify this file and restart the docker services using the kcm-setup.run script or by directly using Docker functionality.
When using the Docker Simple Install method, the kcm-setup.run script can be used to manage the entire service and the underlying docker containers. The purpose of this script is to make management of the Keeper Connection Manager platform very simple.
Usage:
sudo ./kcm-setup.run [OPTIONS] [COMMAND] [ARG...]
Install, maintain, or uninstall Keeper Connection Manager automatically.
backup
Backup all database data to a file.
check
Perform an automated self-check of all services.
install
Install Keeper Connection Manager (DEFAULT).
logs
Display the log files from all installed services.
reconfigure
Modify the configuration of an existing KCM installation.
restart
Restart all installed services, starting any that are stopped.
restore
Restore database data from a prior backup.
start
Start all installed services that are not started.
status
Display the status of installed services.
stop
Stop all installed services that are not stopped.
uninstall
Completely remove the existing installation. This will delete all stored data in the database.
upgrade
Upgrade the existing installation by pulling the latest docker images. Your data stored in the service is retained.
apply
Strictly apply changes made externally to docker-compose.yml and do not pull new images.
When using the Auto Docker Install method, a shared volume is automatically added to store file transfers and session recordings. The created volumes are located at /var/lib/guacamole/ which contains the drives and recordings.
Activating additional packages on the Auto Docker Install method
When using the Auto Docker Install method, packages can be added by directly modifying the generated Docker Compose file. For example, adding SSO or LDAP support.
To modify your Keeper Connection Manager environment, you'll need to edit the docker-compose.yml file located here:
/etc/kcm-setup/docker-compose.yml
Applying Configuration Changes
The kcm-setup.run script has an apply feature which allows you to apply configuration changes without updating the containers. From the Linux command line, update to the latest installer script using the curl command.
Apply the changes
Update and Restart the Containers
To update the environment, use the kcm-setup.run upgrade command to update the containers and start with the latest configuration:
or.....
Upgrading Keeper Connection Manager with the Docker Automated Install method
Before making any changes to your environment, we recommend backing up in accordance with the instructions on the Backup and Recovery page.
From the Linux command line, update to the latest installer script using the curl command.
To update all of the underlying software and Docker containers when using the Docker Automated Install method, run the below commands:
Select "Y" when prompted.
Once the upgrade is complete, the service is started again automatically after a minute.
If you run into any issues during the upgrade, see Troubleshooting
