Minimum system resources: 4 GB of RAM and 2 CPU cores.
Free disk space for installation and data storage of the Auditor.
Network access to and from the portal and to the location of your asset (the location of the product to be scanned).
Prerequisites
Before installing the Auditor, make sure you have the following software installed on your machine:
Type of installation using containers:
Installation in Kubernetes environment:
Helm configured with Kubernetes cluster
SSH keys generation
To securely connect to the Linux server, you will need to set up SSH keys.
If you don't have SSH keys already, you can generate them using the following command in your server terminal:
ssh-keygen
Set SSH key to your Server
After generating the SSH keys, you need to copy the public SSH key to the Linux server. Use this command to copy the public key:
ssh-copy-id <username>@<server-ip-address>
Replace <username> with your Linux server account username, and <server-ip-address> with the IP address of the Linux server. You will be prompted to enter your password for authentication.
Open the file on your local machine where the private SSH key is stored. The private key is typically saved with a .pem or .ssh file extension.
Select and copy the contents of the private key file. Ensure you copy the key with the correct permissions and line breaks intact.
Installation
GitLab CI installation (Ansible playbook)
Step 1. Fork the Auditor Repository
Fork the Auditor repository on GitLab. This creates a copy of the repository under your GitLab account.
Step 2. Set the public SSH key on the host
Establish a secure connection between the host and the repository by setting the public SSH key.
In GitLab, go to "Settings" > "CI / CD" > "Variables" and configure the following environment variables:
SSH_KEY_PRIVATE: Set the private SSH key within the forked repository for authentication.
ACCESS_TOKEN: set the Access Token value that you will receive after the first run of CI Pipeline (step 9)
Optional environment variables:
IMAGE_VERSION: The script will autonomously determine the most recent version.
DB_NAME, DB_USER, DB_PASS, DB_HOST, DB_PORT: Required for database configuration.
ansible_user: Specify the user Ansible should use when connecting to the server
ansible_ssh_private_key: Specify the path to the private SSH key for authentication
work_dir: The working directory on the target server where the application will be installed
Step 6. Commit Changes
After updating the hosts file and group_vars/prod_portal.yml, commit the changes to your GitLab repository
Step 7. Run GitLab CI Pipeline
In the GitLab CI/CD > Pipelines section, you should see the pipeline running the deploy job.
Step 8. Monitor the Installation
Once the pipeline is running, click on the deploy job to view the logs.
The Ansible playbook will be executed, deploying Auditor on the specified host.
Step 9. Adding an Access Token
Now your application should be accessible on the port specified in the configuration.
After the first run, you will receive an Access Token.
Copy the value of the access token and add it in the CI/CD variables on GitLab
ACCESS_TOKEN: your value
After adding the variable, must to restart the service from the command line using the command:
docker-compose down
docker-compose up -d
Install using Helm
Before using Helm, make sure that Helm is installed on your computer and that your Kubernetes cluster is configured to work with Helm
DB_NAME, DB_USER, DB_PASS, DB_HOST, DB_PORT variables are required for database configuration.
If the message broker is hosted on a third-party server, only the AMQP_HOST_STRING must be specified. However, if the container is raised locally, all three variables, including RABBITMQ_DEFAULT_USER and RABBITMQ_DEFAULT_PASS need to be specified.
The username and password in the RABBITMQ_DEFAULT_PASS and RABBITMQ_DEFAULT_USER variables must be the same as in AMQP_HOST_STRING.
DOCKER_ENCRYPTION_TOKEN this variable is essential when accessing images from a private registry. If your registry requires authentication, provide the appropriate encryption token here.
ACCESS_TOKEN: After the first run of the Auditor (step 4) you will get the value of the access token. You must to copy it and put this variable and its value in the .env file.
Step 4. Start the Auditor
From the terminal command line, navigate to the directory where the docker-compose.yml file is located.
Run the application by executing the following command:
docker compose up -d
This will start all the services described in the docker-compose.yml file in the background.
After successfully running the docker-compose up -d command, your application should be accessible on the port specified in the configuration.
You will receive an Access Token the first time you start.
Copy it and set it in the .env file as the value of the variable ACCESS_TOKEN (step 3)
After adding the variable, must to restart the service from the command line using the command:
docker compose down
docker compose up -d
(version 19.03 or higher)
(version 1.26 or higher)
(for GitLab CI installation option)
When copying keys, make sure you copy without spaces.