primatekuntech/triton-install
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
triton-install/README.md
amir-climy f869e9c308 feat(security): add host-bound licence support (/etc/machine-id binding) 
- compose.yaml: mount /etc/machine-id read-only into the manage-server container
- install.sh: print SHA-3-256 of /etc/machine-id after install so customers
  can share it with their vendor when requesting a host-bound .lic file
- README.md: document "Host-bound licences" flow

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-20 10:19:44 +08:00

96 lines
3.2 KiB
Markdown
Raw Blame History

# Triton Manage Server Installer
Production installer for the Triton Manage Server. Container-based (Docker or Podman), idempotent — safe to re-run.
## Install
Your vendor provides a licence bundle — a single file:
```
license.lic # signed offline licence token
```
The vendor's public key is baked into the image at build time — nothing else to configure.
Point the installer at the bundle:
```bash
curl -fsSL https://raw.githubusercontent.com/primatekuntech/triton-install/main/get.sh | sudo bash -s -- --license-file /path/to/triton-bundle/license.lic
```
## Setup wizard
After install, open `http://localhost:8082` and complete the wizard:
1. Set your manage server name
2. Create the admin account
## Optional flags
Pass flags after `--`:
```bash
curl -fsSL https://raw.githubusercontent.com/primatekuntech/triton-install/main/get.sh | sudo bash -s -- --license-file /path/to/license.lic [flags]
```
| Flag | Description |
|------|-------------|
| `--license-file PATH` | Path to `license.lic` from your vendor bundle. **Required.** |
| `--license-server-url URL` | License Server URL for ongoing heartbeats (optional, omit for air-gap). |
| `--gateway-hostname HOST` | Agent mTLS hostname (defaults to current FQDN). |
| `--manage-host-ip IP` | Host LAN IP for "+ This machine" auto-registration. |
| `--port PORT` | Host port for the web UI (default: `8082`). |
| `--image TAG` | Pin a specific image tag (e.g. `1.0.0-rc.2`). |
| `--no-tls` | Skip TLS sanity check (dev only). |
## Upgrade
Pull the latest image and restart (keeps all data, runs DB migrations automatically):
```bash
curl -fsSL https://raw.githubusercontent.com/primatekuntech/triton-install/main/get.sh | sudo bash -s -- --upgrade
```
Pin a specific version:
```bash
curl -fsSL https://raw.githubusercontent.com/primatekuntech/triton-install/main/get.sh | sudo bash -s -- --upgrade --image ghcr.io/primatekuntech/triton-manage-server:1.2.0
```
## Uninstall
Stop containers and remove them, but keep all data (PostgreSQL volume, credentials vault):
```bash
curl -fsSL https://raw.githubusercontent.com/primatekuntech/triton-install/main/get.sh | sudo bash -s -- --uninstall
```
Also delete all data (irreversible):
```bash
curl -fsSL https://raw.githubusercontent.com/primatekuntech/triton-install/main/get.sh | sudo bash -s -- --uninstall --purge-data
```
## Host-bound licences (optional)
Your vendor can issue an offline `.lic` file that is cryptographically bound to a specific host
so it cannot be installed on any other machine.
**To get a host-bound licence:**
1. Run `install.sh` on the target server — the output prints a **Machine ID** line:
```
[manage-server] Machine ID (SHA-3-256): <64-hex-chars>
```
2. Share that value with your vendor when requesting the `.lic` file.
3. The vendor enters it in the License Portal when generating the offline token.
4. Install as usual — the Manage Server verifies the binding at every startup.
For air-gapped deployments without host binding the `.lic` file is portable but anyone who
obtains the file can run a second instance. Host binding removes that risk.
## Requirements
- Linux (amd64 or arm64) or macOS
- Docker or Podman with Compose (auto-installed if missing)
- Port 443 open (HTTPS)
Reference in a new issue View git blame Copy permalink