diff --git a/README.md b/README.md index be0b193..b5b0de8 100644 --- a/README.md +++ b/README.md @@ -4,18 +4,11 @@ Production installer for the Triton Manage Server. Container-based (Docker or Po ## Install -Your vendor provides a licence bundle — a single file: - -``` -license.lic # signed offline licence token -``` - -The vendor's public key is baked into the image at build time — nothing else to configure. - -Point the installer at the bundle: +One line, no licence needed at install time — you upload the `.lic` file in the setup +wizard after the server starts. ```bash -curl -fsSL https://forgejo.primatekun.tech/primatekuntech/triton-install/raw/branch/main/get.sh | sudo bash -s -- --license-file /path/to/triton-bundle/license.lic +curl -fsSL https://forgejo.primatekun.tech/primatekuntech/triton-install/raw/branch/main/get.sh | sudo bash ``` ## Setup wizard @@ -24,22 +17,25 @@ After install, open `http://localhost:8082` and complete the wizard: 1. Set your manage server name 2. Create the admin account +3. Upload your licence (`.lic` file from your vendor bundle) + +The vendor's public key is baked into the image at build time, so the `.lic` file is the +only artefact you need from your vendor. ## Optional flags Pass flags after `--`: ```bash -curl -fsSL https://forgejo.primatekun.tech/primatekuntech/triton-install/raw/branch/main/get.sh | sudo bash -s -- --license-file /path/to/license.lic [flags] +curl -fsSL https://forgejo.primatekun.tech/primatekuntech/triton-install/raw/branch/main/get.sh | sudo bash -s -- [flags] ``` | Flag | Description | |------|-------------| -| `--license-file PATH` | Path to `license.lic` from your vendor bundle. **Required.** | | `--gateway-hostname HOST` | Agent mTLS hostname (defaults to current FQDN). | | `--manage-host-ip IP` | Host LAN IP for "+ This machine" auto-registration. | -| `--port PORT` | Host port for the web UI (default: `8082`). | | `--image TAG` | Pin a specific image tag (e.g. `1.0.0-rc.2`). | +| `--license-pubkey HEX` | Hex-encoded Ed25519 verifier key. Only needed when not baked into the image at build time. | | `--no-tls` | Skip TLS sanity check (dev only). | ## Upgrade @@ -84,18 +80,21 @@ so it cannot be used on any other machine. [manage-server] Machine ID (SHA-3-256): <64-hex-chars> [manage-server] ──────────────────────────────────────────────────────────────────────── ``` + The same value is also shown in the setup wizard's licence-upload step. 2. Share the 64-character hex value with your vendor. 3. The vendor enters it in the License Portal when generating the offline `.lic` token. -4. Re-run the installer with the new `.lic` file — the Manage Server verifies the binding at every startup. +4. Upload the new `.lic` file via the setup wizard (or, if already past wizard, in + the admin UI under *Settings → Licence*). The Manage Server verifies the binding at + every startup. **The Machine ID is stable.** It is a SHA-3-256 hash of `/etc/machine-id`, which is written once at OS installation and never changes. Container restarts, image upgrades, and re-running the installer will always produce the same value. -To retrieve the Machine ID at any time without re-installing, simply re-run the install command: +To retrieve the Machine ID at any time without re-installing, re-run the install command: ```bash -curl -fsSL https://forgejo.primatekun.tech/primatekuntech/triton-install/raw/branch/main/get.sh | sudo bash -s -- --license-file /path/to/license.lic +curl -fsSL https://forgejo.primatekun.tech/primatekuntech/triton-install/raw/branch/main/get.sh | sudo bash ``` For air-gapped deployments without host binding the `.lic` file is portable, but anyone who