Installation using Docker
Install and run Axiomatics Services Manager (ASM) using a Docker container package.
The instructions below refer to a fresh installation of ASM. In case you already have ASM installed in your system, read how to upgrade.
Requirements
The following third-party software must be installed before installing ASM.
Docker Desktop
- Docker Engine
- Docker Compose
ASM 7.3 has been tested with Docker Engine 20.10.17 and Docker Compose 2.10.2.
Preparation
AWS CLI
Axiomatics Services Manager is downloaded via AWS CLI. If you have not already done so, install AWS CLI following the instructions in AWS documentationOpens in a new tab.
Download the file
The ASM distribution is downloaded as a ZIP file, containing a pre-configured Docker-based installation.
To have the appropriate access to Axiomatics' downloads, you need to configure the AWS CLI account with the
aws configure
command, as explained AWS documentationOpens in a new tab. This step requires an Access key ID and a Secret access key, which will have been provided to you by Axiomatics.After configuring the AWS CLI account, run the following command in the terminal:
aws s3api get-object --bucket axiomatics-customer-artifacts --key releases/com/axiomatics/axiomatics-services-manager/axiomatics-services-manager/7.4.1-0/axiomatics-services-manager-7.4.1-0.zip axiomatics-services-manager-7.4.1-0.zip
This downloads the ASM distribution ZIP file to your computer.
Installation procedure
Install the application
Extract the ASM distribution ZIP file to the folder from where you want to run ASM.
Navigate to the
docker
folder of the extracted distribution.Edit the
credentials.txt
file by updating the placeholder values for Access key ID and Secret access key with the values provided by Axiomatics.noteThese are the same values that were used in setting up AWS CLI.
Optionally, you can run ASM on a machine with a hostname other than the default as follows:
Change the default hostname
- Navigate to the
docker
folder of the extracted distribution. - Update the
HOST
variable in the.env
file. The default value islocalhost
. - Save the file and exit.
- Navigate to the
Copy a valid ASM license file to the
docker
folder.noteThis file is provided separately by Axiomatics.
Enable the BuildKit feature of Docker:
- Linux/macOS
- Windows
export DOCKER_BUILDKIT=1
Run the following command using PowerShell:
$Env:DOCKER_BUILDKIT=1
Configure the SSL Certificate common name.
In production environments, you should import trusted certificates only, while in dev and test environments you have the ability to create a self-signed certificate.
- Import
- Create
ASM requires a
PKCS#12
(Public Key Cryptography Standard #12) certificate. In case you already have a certificate with different format such as.pem
, you should convert it toPKCS#12
. The certificate file must be namedcert.keystore.p12
. During the creation of the certificate, the name (or alias) must be set toserver
.- Navigate to the
docker/api.gateway/certs/
folder of the extracted distribution. - Copy your certificate to this folder.
Generate a self-signed certificate as follows:
Navigate to the
docker
folder of the extracted distribution.Open the
.env
file and update the following entries:CERTIFICATE_CN
with your common nameCERTIFICATE_KEY_STORE_PASSWORD
with your password
Generate the certificate:
- Linux/macOS
- Windows
From the
docker/api.gateway/certs/
folder, run the following command.sh generate_self_signed_certificate.sh
Make sure that the following files were created:
cert.keystore.p12
server.crt
From the
docker\api.gateway\certs
folder, run the following commands using PowerShell.ImportantIn the first command, replace
<your_cert_key_store_pw>
and<your_cert_cn>
with the same values that were previously used in the.env
file.docker build -t certificate -f ./Dockerfile.cert . --build-arg CERTIFICATE_KEY_STORE_PASSWORD=<your_cert_key_store_pw> --build-arg CERTIFICATE_CN=<your_cert_cn>
docker create --name cert certificate; docker cp cert:/cert.keystore.p12 ./cert.keystore.p12; docker cp cert:/server.crt ./server.crt; docker rm -f cert; docker image rm certificate
Make sure that the following files were created:
cert.keystore.p12
server.crt
Start the installation process.
- With Dashboard
- Without Dashboard
From the
docker
directory, start up your application.docker-compose -f docker-compose.yml -f docker-compose.dashboard.yml up --build
ImportantThe docker-compose installation process uses the overriding functionality of Docker Compose for multiple compose files. The Compose files arguments order should be kept as is in the installation command.
From the
docker
directory, start up your application.docker-compose up --build
This starts ASM without InfluxDB and with the Dashboard functionality disabled.
Log in to ASM
After the installation has finished, open a web browser window and go to:
- Default hostname
- Custom hostname
https://localhost/asm
if you are using the default hostname.Append
/asm
to the hostname you are using. For example,https://example.com/asm
.The login page for ASM displays. Use the default credentials:
- Username:
asm-admin
- Password:
password
You will immediately be prompted to change the password. After doing so, you are logged in to ASM for the first time.
- Username:
Useful information and commands
Stop ASM
- With Dashboard
- Without Dashboard
From the docker
directory, stop your application.
docker-compose -f docker-compose.yml -f docker-compose.dashboard.yml stop
From the docker
directory, stop your application.
docker-compose stop
Restart ASM
- With Dashboard
- Without Dashboard
From the docker
directory, restart your application.
docker-compose -f docker-compose.yml -f docker-compose.dashboard.yml up
From the docker
directory, restart your application.
docker-compose up
Data persistence using volumes
ASM implements volumes for externalizing the data state, that is, ensuring the persistence of data generated by and used by Docker containers.
No further configuration is necessary. If more information is required, read the Use volumesOpens in a new tab topic of the Docker documentation.
Volumes do not create a folder on the host machine, but are managed by Docker commands. See the Backup, restore, or migrate data volumesOpens in a new tab topic of the Docker documentation for more information about all the possible user actions like deletion, backups, restore, migration, etc.
What's next?
Add users
During the deployment, a Keycloak service was also installed, to serve as an authentication module for the users of ASM. Only a default administrative user is created automatically at this time. All other users must be created and assigned a role in Keycloak, before they can log in to ASM.
To add more users and map them to roles you must use Keycloak as described in Manage users in Keycloak. Then, you can assign them to projects following the instructions in the Users and projects topic.
For deployments with Policy Designer, you should also configure Keycloak accordingly.
Additional configuration
Once the installation of ASM has been verified as successful, there are additional configurations you may want to consider.