1 of 4

Auto Docker Install

Automated Linux Docker installer for users without Docker experience

Overview

Auto Docker Install is Keeper's recommended installation method.

Make sure to read the section first.

The Auto Docker Install method creates a standard Keeper Connection Manager environment using a script that is easy to run. This method does not restrict any features and you can still utilize this installation with advanced control at a later time.

If you are already familiar with Docker, you may choose to use the method.

Licensing

Before installing KCM, please ensure you have a valid license key. Without a valid license key, users and administrators will be unable to use KCM after the update is applied

For more info, visit this .

Installation

(1) Download the Installer

From the linux command line, download the installer script using the curl command.

(2) Add the execute permission to the Installer

(3) Run the Installer as root

The next question asks if you already have SSL termination available. If unsure, select N for no.

At the next prompt, enter your FQDN, even if it is internal. This is where users will access KCM in their browser.

Then, choose an option for SSL. A self-signed certificate (option 3) is okay for testing. After testing is complete, make sure to put a proper SSL certificate in place.

If you want to use Let's Encrypt (option 1) to quickly and easily generate and install an SSL certificate, you must have public DNS in place pointing to your static public IP. Also, Let's Encrypt requires HTTP port 80 and HTTPS port 443 to be open during the install process.

Secrets Manager Integration (optional)

The next prompt will be to choose your database, and then it will prompt for "Your one-time access token or base64 configuration". This value is (a tab in your vault). If this doesn't apply to you, just press enter. You can always add it later, too.

Next up is SAML. You can choose "no" to skip it (you can come back and set it up later), or you can choose "yes" to set up SSO now.

Save the credentials and URL in your Vault

After installation is completed, an admin login and password is created for you. Make sure to store this in your Keeper vault, as it's not provided again later.

Store the provided username, password, and URL in your Keeper Vault

Navigate to the URL in your Browser

Now that the installation is complete, simply go to the URL/hostname that you designated. You'll be able to login as the guacadmin default user with the credentials provided at the completion of the installation.

🎉 Installation Complete!

Now that your Keeper Connection Manager instance is running, you can login as guacadmin and start setting up some connections. Need to import connections in bulk?

The next section of this documentation reviews the process of managing, upgrading and adding packages to the Docker Compose environment.

Service Management

Auto Docker Install service management

Overview

The Auto Docker Method installs Docker and 4 containers (if you selected all options) which start up automatically after the installer completes:

Database (MySQL or PostgreSQL depending on selection)
Guacamole (Tomcat)
Guacd
SSL (NGINX)

The installer also creates a docker-compose.yml file that can be found in the filesystem:

/etc/kcm-setup/docker-compose.yml

This Docker Compose file is the configuration file which manages the multi-docker container system. If you need to make further changes to the environment, you can modify this file and restart the docker services using the kcm-setup.run script or by directly using Docker functionality.

Managing the Service

When using the Docker Simple Install method, the kcm-setup.run script can be used to manage the entire service and the underlying docker containers. The purpose of this script is to make management of the Keeper Connection Manager platform very simple.

Usage:

sudo ./kcm-setup.run [OPTIONS] [COMMAND] [ARG...]

Install, maintain, or uninstall Keeper Connection Manager automatically.

Command

Description

backup

Backup all database data to a file.

check

Perform an automated self-check of all services.

install

Install Keeper Connection Manager (DEFAULT).

logs

Display the log files from all installed services.

reconfigure

Modify the configuration of an existing KCM installation.

restart

Restart all installed services, starting any that are stopped.

restore

Restore database data from a prior backup.

start

Start all installed services that are not started.

status

Display the status of installed services.

stop

Stop all installed services that are not stopped.

uninstall

Completely remove the existing installation. This will delete all stored data in the database.

upgrade

Upgrade the existing installation by pulling the latest docker images. Your data stored in the service is retained.

apply

Strictly apply changes made externally to docker-compose.yml and do not pull new images.

version

Print out the version of each component of your KCM instance (db, guacamole, guacd, ssl)

Shared Volume

When using the Auto Docker Install method, a shared volume is automatically added to store file transfers and session recordings. The created volumes are located at /var/lib/guacamole/ which contains the drives and recordings.

Upgrading

Upgrading Keeper Connection Manager with the Docker Automated Install method

Before making any changes to your environment, we recommend backing up in accordance with the instructions on the Backup and Recovery page.

Update Instructions

From the Linux command line, update to the latest installer script using the curl command.

curl -O https://keepersecurity.com/kcm/kcm-setup.run

To update all of the underlying software and Docker containers when using the Docker Automated Install method, run the below commands:

sudo ./kcm-setup.run stop
sudo ./kcm-setup.run upgrade

Select "Y" when prompted.

Once the upgrade is complete, the service is started again automatically after a minute.

If you run into any issues with the upgrade, see our troubleshooting page.

Adding Packages

Activating additional packages on the Auto Docker Install method

When using the Auto Docker Install method, packages can be added by directly modifying the generated Docker Compose file. For example, adding SSO or LDAP support.

To modify your Keeper Connection Manager environment, you'll need to edit the docker-compose.yml file located here:

/etc/kcm-setup/docker-compose.yml

Applying Configuration Changes

The kcm-setup.run script has an apply feature which allows you to apply configuration changes without updating the containers. From the Linux command line, update to the latest installer script using the curl command.

curl -O https://keepersecurity.com/kcm/kcm-setup.run

Apply the changes

sudo ./kcm-setup.run apply

Update and Restart the Containers

To update the environment, use the kcm-setup.run upgrade command to update the containers and start with the latest configuration:

sudo ./kcm-setup.run stop
sudo ./kcm-setup.run upgrade

or.....

sudo su
cd /etc/kcm-setup/
docker-compose -p kcm up -d

Service Management

Auto Docker Install service management

Overview

The Auto Docker Method installs Docker and 4 containers (if you selected all options) which start up automatically after the installer completes:

Database (MySQL or PostgreSQL depending on selection)
Guacamole (Tomcat)
Guacd
SSL (NGINX)

The installer also creates a docker-compose.yml file that can be found in the filesystem:

/etc/kcm-setup/docker-compose.yml

Managing the Service

Usage:

sudo ./kcm-setup.run [OPTIONS] [COMMAND] [ARG...]

Install, maintain, or uninstall Keeper Connection Manager automatically.

Command

Description

backup

Backup all database data to a file.

check

Perform an automated self-check of all services.

install

Install Keeper Connection Manager (DEFAULT).

logs

Display the log files from all installed services.

reconfigure

Modify the configuration of an existing KCM installation.

restart

Restart all installed services, starting any that are stopped.

restore

Restore database data from a prior backup.

start

Start all installed services that are not started.

status

Display the status of installed services.

stop

Stop all installed services that are not stopped.

uninstall

Completely remove the existing installation. This will delete all stored data in the database.

upgrade

Upgrade the existing installation by pulling the latest docker images. Your data stored in the service is retained.

apply

Strictly apply changes made externally to docker-compose.yml and do not pull new images.

version

Print out the version of each component of your KCM instance (db, guacamole, guacd, ssl)

Shared Volume

Auto Docker Install

Automated Linux Docker installer for users without Docker experience

Overview

Auto Docker Install is Keeper's recommended installation method.

Make sure to read the section first.

If you are already familiar with Docker, you may choose to use the method.

Licensing

Before installing KCM, please ensure you have a valid license key. Without a valid license key, users and administrators will be unable to use KCM after the update is applied

For more info, visit this .

Installation

(1) Download the Installer

From the linux command line, download the installer script using the curl command.

(2) Add the execute permission to the Installer

(3) Run the Installer as root

The next question asks if you already have SSL termination available. If unsure, select N for no.

At the next prompt, enter your FQDN, even if it is internal. This is where users will access KCM in their browser.

Then, choose an option for SSL. A self-signed certificate (option 3) is okay for testing. After testing is complete, make sure to put a proper SSL certificate in place.

Secrets Manager Integration (optional)

Next up is SAML. You can choose "no" to skip it (you can come back and set it up later), or you can choose "yes" to set up SSO now.

Save the credentials and URL in your Vault

After installation is completed, an admin login and password is created for you. Make sure to store this in your Keeper vault, as it's not provided again later.

Store the provided username, password, and URL in your Keeper Vault

Navigate to the URL in your Browser

🎉 Installation Complete!

Now that your Keeper Connection Manager instance is running, you can login as guacadmin and start setting up some connections. Need to import connections in bulk?

The next section of this documentation reviews the process of managing, upgrading and adding packages to the Docker Compose environment.