Implementation Steps
This document will guide you through the installation steps for installing the CSE service on one host using Podman as an alternative to Docker.
Installation steps on CSE server
This is the installation of the CSE podman container and can be done with guidance from Virtru on a call.
Podman
CSE is distributed as a podman
image via Virtru's Google Artifact Registry.
- Quick Install
#Podman
yum install podman
Create alias to align Docker and Podman commands
Follow the steps below to add an alias and reload your .bashrc
file.
- Run the following command to add the alias to your
.bashrc
file:printf "\nalias docker=podman\n" >> ~/.bashrc
- Reload your bash config:
source ~/.bashrc
-
Create a working directory for cse and cd into that directory
mkdir /var/virtru/scripts
cd /var/virtru/scripts
-
Download the CSE setup script
curl -s https://api.github.com/repos/virtru/cse-install-script/releases/latest \
| grep "browser_download_url.*sh" \
| cut -d : -f 2,3 \
| tr -d \" \
| wget -qi - - Follow steps in the script to input the following information
- CSE Version (hit enter for latest version)
- CSE Domain (FQDN of your CSE server)
- CSE HMAC ID (Provided by Virtru)
- CSE HMAC Secret (Provided by Virtru)
- CKS option (yes if you are using a Virtru CKS)
- CKS Domain (FQDN of your Virtru CKS server)
- CKS HMAC ID (From your Virtru CKS server)
- CKS HMAC Secret (From your Virtru CKS server)
- IDP Provider (Google or Other)
- If "google" you will need to provide your Google OAuth Client ID string on the next step
- If "other" you will need to get the Authentication issuer ids (from the authentication JWT) to the URL where the issuer publishes its JSON Web Keyset from your IDP.
- Auth N Key (Map of accepted Authentication issuer ids)
- Auth N Value (URL where the issuer publishes its JSON Web keyset)
- JWT Auth N Value (OAuth Client ID String)
- Add your CA certs to the "/var/virtru/cse" directory
cat [path-to-certificate] [path-to-intermediate-cert-1] ... [path-to-root-cert] > server.cert
cat [path-to-private-key] > server.key
Modify Scripts
- Navigate to the scripts folder, open the setup script in Vim, nano or any editor of your choice, and replace 'docker' commands with 'podman';
cd /var/virtru/scripts
vim run.sh
- Add the bolded text(s) to your existing
run.sh
file. This is the file path to the container log. (CSE Latest Version) - Use the following 'podman run' command to deploy a CSE container:
podman run --detach\
--env-file ./cse.env\
-p 443:9000 \
-v /var/virtru/cse/server.cert:/run/secrets/server.cert \
-v /var/virtru/cse/server.key:/run/secrets/server.key \
--restart unless-stopped \
--name cse-v<Latest Tagged Version> \ --log-opt path=/var/log/cse-v<Latest Tagged Version>.log \
containers.virtru.com/cse:v<Latest Tagged Version> - Run the setup script to create the container:
cd /var/virtru/scripts
sh run.sh
Managing Your Podman Container
Here are commands to help you view, manage logs, stop, start, and remove your Podman container:
- To list all running containers:
podman ps
- To list all containers (including stopped ones):
podman ps -a
- To view and follow logs for a specific container:
podman logs -f <container-name>
- If you set up a log file, use:
tail -f /var/log/podman-<container-name>.log
- To stop a running container:
podman stop <container-name>
- To start a stopped container:
podman start <container-name>
- Remove a stopped container:
podman rm <container-name>
- To forcefully remove a container (running or stopped):
podman rm -f <container-name>
Additional Tips
- Check Container Logs from Start: View all logs from the beginning by omitting the '-f' flag:
podman logs <container-name>
- Check Resource Usage: Monitor container stats with:
podman stats <container-name>
This setup will guide you through managing your Virtru CSE container on a Podman-hosted Linux server effectively.
Google Workspace Configuration
Follow the steps from Google for connecting your CSE server to your Google Workspace tenant
https://support.google.com/a/answer/10742487?hl=en&ref_topic=10742486