Upgrading Package Security Manager
This guide walks you through the process of upgrading your Package Security Manager installation to a newer version. Package Security Manager supports in-place upgrades, meaning you can upgrade while the software is running.
Verify system requirements
Ensure your environment meets the new version’s system requirements.
If upgrading your OS to RHEL 9, you must first switch from Docker to Podman.
Create backups
Create backups of the following files:
docker-compose.yml
.env
These contain your custom configurations and will be overwritten during the upgrade!
-
Open a terminal.
-
Log in to your Package Security Manager server.
-
Navigate to your Anaconda installer directory (
ate-installer-*
) by running the following command:Start typing
ate-installer-
in your terminal, then press Tab to autocomplete the directory name. -
Create a backup of the
docker-compose.yml
file by running the following command:
Verify service account permissions
If you are using Package Security Manager 6.1.6 or later, you can skip this step.
You must verify the correct permissions are set for the service account to prevent users from losing their assigned permissions:
- Log in to your Keycloak admin panel at
https://<YOUR_DOMAIN>/auth/admin
. - Navigate to Clients and select repo-account-sync.
- Select the Service Account Roles tab.
- Open the Client Roles dropdown and select realm-management.
- Add
manage-users
andmanage-realm
to the Assigned Roles.
Download the installer
Download the installer using the URL provided by Anaconda:
Run the upgrade
Choose the appropriate command based on your setup:
If your current version of Package Security Manager is utilizing Grafana, you must include the following argument in your upgrade. If you do not, you will lose access to your Grafana dashboards. Upgrading removes your previous version of Grafana.
Don’t forget to log in and update your password for your Grafana monitoring dashboards!
Once the upgrade is complete, run the following command to instruct Keycloak to allow HTTP traffic:
If your current version of Package Security Manager is utilizing Grafana, you must include the following argument in your upgrade. If you do not, you will lose access to your Grafana dashboards. Upgrading removes your previous version of Grafana.
Don’t forget to log in and update your password for your Grafana monitoring dashboards!
Once the upgrade is complete, run the following command to instruct Keycloak to allow HTTP traffic:
If your setup uses HTTPS protocol, you’ll need to provide the TLS certificate and key in your installation command:
If your current version of Package Security Manager is utilizing Grafana, you must include the following argument in your upgrade. If you do not, you will lose access to your Grafana dashboards. Upgrading removes your previous version of Grafana.
Don’t forget to log in and update your password for your Grafana monitoring dashboards!
If your upgrade fails at this point, it is likely due to a permissions issue with your Redis cache. To complete the upgrade, reset permissions for your Redis cache and restart your containers by running the following commands:
Restore configurations
If necessary, restore your custom configurations from the backup files you created when you began the upgrade process.
Additional considerations:
- For upgrades to Package Security Manager
6.6.2
or later, see Upgrading Postgres. - To support artifacts larger than 3GB, see Increasing artifact upload size limit.
- If using a custom implementation, verify that your
docker-compose.yml
andrepo.conf
(nginx configuration) files reflect the upgraded changes.
Was this page helpful?