# Installation Guide

## GLOSI Setup

## Introduction <a href="#glosisetup-introduction" id="glosisetup-introduction"></a>

This document provides a comprehensive guide to deploying and operating **GLOSI** (Global Software Inventory), a containerized solution developed by **Lineaje** for analyzing software packages and vulnerabilities.

Published weekly as a pre-built Docker image to Lineaje's Elastic Container Registry (ECR), GLOSI comes bundled with all required services and data, enabling users to spin up a fully functional environment with minimal setup. The system integrates a robust search backend powered by **Elasticsearch**, a FastAPI-driven data service, an orchestration layer for business logic, and a modern UI for user interaction.

This guide walks through how to access the image, deploy the services using Docker Compose, understand the architecture, and manage or troubleshoot the system. Whether you're running it on a single virtual machine or distributing services across multiple nodes, this document covers the configuration, health checks, networking, and recommended hardware requirements.

## GLOSI Docker Image <a href="#glosisetup-glosidockerimage" id="glosisetup-glosidockerimage"></a>

The image is published to Lineaje Elastic Container Registry every week, which contains the full data within it including packages and vulnerability in compressed format along with required code dependencies to access and synchronise the data automatically. The image also contains a public elastic server image which can be used to power rest of the services.

## Deployment Steps <a href="#glosisetup-deploymentsteps" id="glosisetup-deploymentsteps"></a>

### **Pre-requisite** <a href="#glosisetup-pre-requisite" id="glosisetup-pre-requisite"></a>

1\.     You should have the tarball containing the installation guide, API documentation along with Resource folder containing the docker-compose.yaml file which contains GLOSI image hosted within Lineaje ECR. The tarball can also be found here.

2\.     You should have access to Lineaje ECR hosting the GLOSI docker image, in case you don’t have access, then please reach out to Lineaje Support on <support_glosi@lineaje.com> for requesting ECR access along with your AWS Account Id. Once ECR access is granted on your AWS Account, you are good to move forward with next steps.

3\.     Docker installed on the host vm

4\.     Install AWS CLI on vm

5\.     For automated installation, services being installed using the GLOSI vm should have access to [gold.lineaje.com](http://gold.lineaje.com) domain. Whitelisting

### **Deployment** <a href="#glosisetup-deployment" id="glosisetup-deployment"></a>

1\.     Add a config in \~/.aws/config with below info

```
[profile LineajeGlosiRole]
```

```
role_arn = arn:aws:iam::739923383310:role/lineajeGlosiPullRole
```

```
credential_source = Ec2InstanceMetadata
```

2\.     Login to aws ecr using below command. glosi repository id can be found in docker-compose.yaml file present under Resource folder of tarball.

```
aws ecr get-login-password --region us-east-1 --profile LineajeGlosiRole | sudo docker login --username AWS --password-stdin 739923383310.dkr.ecr.us-east-1.amazonaws.com
```

2\.     Pull the image in your host vm using below command

```
docker pull 739923383310.dkr.ecr.us-east-1.amazonaws.com/glosi:latest
```

3\.     Use below command to deploy all services with docker-compose.yaml and image pulled in previous step. This will deploy all services in one single vm.

```
sudo docker compsoe -f <docker-compose.yaml> up -d
```

### Optional: **Custom Deployment** <a href="#glosisetup-optional-customdeployment" id="glosisetup-optional-customdeployment"></a>

### **ElasticSearch** <a href="#glosisetup-elasticsearch" id="glosisetup-elasticsearch"></a>

#### Description <a href="#glosisetup-description" id="glosisetup-description"></a>

To start elastic search separately elasticsearch container can be spawned in separate vm and a port needs to be exposed to make it accessible through data service. With below configuration the container runs at recommended **9200** port, which can be changed as per requirement.

#### Configuration <a href="#glosisetup-configuration" id="glosisetup-configuration"></a>

```
elasticsearch:
```

```
    image: 216394054222.dkr.ecr.us-east-1.amazonaws.com/glosi:latest
```

```
    container_name: elasticsearch
```

```
    command: ["/bin/sh", "-c", "/usr/share/elasticsearch/bin/elasticsearch"]
```

```
    user: "1001:1001"  # Run as UID/GID defined in Dockerfile
```

```
    environment:      
```

```
      - discovery.type=single-node
```

```
      - ES_JAVA_OPTS=-Xms512m -Xmx512m
```

```
    volumes:
```

```
      - ./elasticsearch/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml
```

```
      - elasticsearch_data:/usr/share/elasticsearch/data
```

```
    ports:
```

```
      - "9200:9200"
```

```
    restart: no
```

```
    healthcheck:
```

```
      test: ["CMD-SHELL", "curl --silent --fail http://elasticsearch:9200/_cluster/health || exit 1"]
```

```
      interval: 5s
```

```
      retries: 10
```

```
      timeout: 3s
```

### **Data Service** <a href="#glosisetup-dataservice" id="glosisetup-dataservice"></a>

#### Description <a href="#glosisetup-description.1" id="glosisetup-description.1"></a>

Acts as a data access API using FastAPI and connects to Elasticsearch. Converts client requests into Elasticsearch queries. This container runs on recommended port `8000` which can be customised with below configuration. This service also exposed a swagger docs endpoint at url: **http\://\<data-service:VM\_IP>:\<port:8000>/docs**

#### Configuration <a href="#glosisetup-configuration.1" id="glosisetup-configuration.1"></a>

```
data-service:
```

```
    image: 216394054222.dkr.ecr.us-east-1.amazonaws.com/glosi:latest
```

```
    container_name: data-service
```

```
    working_dir: /app/data-service
```

```
    command: ["gunicorn", "main:app", "-w", "4", "-k", "uvicorn.workers.UvicornWorker", "-b", "0.0.0.0:8000", "--timeout", "2", "--graceful-timeout", "15", "--keep-alive", "10"]    
```

```
    environment:
```

```
      - PATH=/app/data-service/venv/bin:$PATH
```

```
      - ELASTIC_AUTH_METHOD=NO_AUTH
```

```
      - OPENSEARCH_HOST=elasticsearch   
```

```
      - OPENSEARCH_PORT=9200
```

```
      - USER_SSL=False
```

```
      - VERIFY_CERT=False
```

```
    depends_on:
```

```
      elasticsearch:
```

```
        condition: service_healthy
```

```
    ports:
```

```
      - "8000:8000"
```

```
    restart: always
```

### **GLOSI UI** <a href="#glosisetup-risklensui" id="glosisetup-risklensui"></a>

#### Description <a href="#glosisetup-description.2" id="glosisetup-description.2"></a>

The frontend using which user interact with this service through their browsers. It calls backend APIs and displays data visually. It runs on recommended 3000 ports which can be customised with below container definition.

```
glosiui:
```

```
    image: 216394054222.dkr.ecr.us-east-1.amazonaws.com/glosi:latest
```

```
    container_name: risklensui
```

```
    working_dir: /app/risklensui
```

```
    command: ["npm", "run", "start"]    
```

```
    ports:
```

```
      - "3000:3000"
```

```
    restart: always
```

#### **Glosi Orchestration Service** <a href="#glosisetup-glosiorchestrationservice" id="glosisetup-glosiorchestrationservice"></a>

Orchestration service handles workflows and connects UI actions with the data-service. Adds logic, routing, and validation. It runs on recommended 8500 port which can be customised with below container definition. Here link to elastic search needs to be provided along with port as this service interacts with elastic search directly with data synchronisation.

```
orchestration-service:
```

```
    image: 216394054222.dkr.ecr.us-east-1.amazonaws.com/glosi:latest
```

```
    container_name: orchestration-service
```

```
    working_dir: /app/glosi-orchestration-service
```

```
    command: ["gunicorn", "main:app", "-w", "4", "-k", "uvicorn.workers.UvicornWorker", "-b", "0.0.0.0:8500", "--timeout", "2", "--graceful-timeout", "15", "--keep-alive", "10"]    
```

```
    environment:
```

```
      - PATH=/app/glosi-orchestration-service/venv/bin:$PATH
```

```
      - DATA_SERVICE_HOST=data-service
```

```
      - DATA_SERVICE_PORT=8000
```

```
      - ELASTIC_AUTH_METHOD=NO_AUTH
```

```
      - OPENSEARCH_HOST=elasticsearch   
```

```
      - OPENSEARCH_PORT=9200
```

```
      - USER_SSL=False
```

```
      - VERIFY_CERT=False
```

```
      - OSS_TENANT_ID=vdna_994mgmr65tculnfy
```

```
    depends_on:
```

```
      - data-service
```

```
    ports:
```

```
      - "8500:8500"
```

```
    restart: always
```

### **Machine Configuration** <a href="#glosisetup-machineconfiguration" id="glosisetup-machineconfiguration"></a>

All containers can be setup in one single vm or in distributed fashion. If all applications are being setup in one single vm below configuration is recommended.

| **Deployment Type** | **services** | **Ram** | **vCPU** | **DiskSize** |
| ------------------- | ------------ | ------- | -------- | ------------ |
| SingleNode          | data-service | 32GB    | 8        | 300GB        |

### **Data Persistence, Networking, and Volumes :**  <a href="#glosisetup-datapersistence-networking-andvolumes" id="glosisetup-datapersistence-networking-andvolumes"></a>

**Volumes** ensure data inside containers isn’t lost when containers restart or rebuild. For instance, the `elasticsearch_data` volume stores all search and analytics data.&#x20;

Volumes used:&#x20;

·       `elasticsearch_data`: Stores data generated by Elasticsearch post package and vulnerability index data synchronisation

**Networking**&#x20;

Docker Compose automatically creates an internal bridge network. Containers communicate using service names. This abstraction avoids hardcoding IPs and simplifies scaling or relocating services.&#x20;

**Healthchecks** ensure each service is only marked healthy once it responds to a specific URL or command, improving reliability.&#x20;

### **Interactions Between Services** : <a href="#glosisetup-interactionsbetweenservices" id="glosisetup-interactionsbetweenservices"></a>

Here’s how the services communicate:&#x20;

1\.     **Frontend Interaction**&#x20;

The user opens the UI at `http://localhost:3000`. This sends API requests (like search queries) to the orchestration-service at `http://localhost:8500`.&#x20;

2\.     **Orchestration-Service**&#x20;

Validates the request and forwards it to the appropriate backend (usually the data-service).&#x20;

3\.     **Data-Service**&#x20;

Receives requests from orchestration-service. Transforms them into Elasticsearch-compatible queries and sends them to Elasticsearch.&#x20;

4\.     **Elasticsearch**&#x20;

Performs search/indexing operations and returns results to the data-service.&#x20;

5\.     **Response Propagation**&#x20;

The data-service formats Elasticsearch results and returns them to orchestration-service, which may further process or log it.&#x20;

6\.     **Frontend Rendering**&#x20;

The risklensui receives the final result and displays it to the user.&#x20;

The architecture follows this loop:

**UI ➝ Orchestration ➝ Data-service ➝ Elasticsearch ➝ Data-service ➝ Orchestration ➝ UI**&#x20;

Compose ensures services are started in this dependency chain, meaning each service waits for its required backend to be healthy before starting.&#x20;

### **Access URLs**  <a href="#glosisetup-accessurls" id="glosisetup-accessurls"></a>

·       Frontend: [http://](http://localhost:3000/)\<risklens-ui:localhost>:\<risklens-port:3000>  i.e. <http://localhost:3000>

·       Data-Service Swagger Docs: [http://\<data-service:localhost>:\<data-service-port:8000>/docs](http://localhost:8000/docs)  i.e. [http://localhost:](http://localhost:3000)8000/docs

·       Glosi Orchestration Service Swagger Docs: [http://\<glosi-orchestration-service:localhost>:\<glosi-orchestration-service-port:8500>/docs](http://localhost:8000/docs)  i.e. [http://localhost:](http://localhost:3000)8500/docs

### **Maintenance and Troubleshooting** <a href="#glosisetup-maintenanceandtroubleshooting" id="glosisetup-maintenanceandtroubleshooting"></a>

An admin panel is provided to check the status of data index status.

**Maintenance Tips**&#x20;

·       Clean up unused resources:

`docker system prune -a`&#x20;

·       Restart specific service:

`docker-compose restart data-service`

**Troubleshooting**&#x20;

·       Check container status: `docker ps`&#x20;

·       Access container shell: `docker exec -it <container-name> /bin/sh`&#x20;

·       Watch logs for errors.&#x20;


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.veedna.com/gold-open-source-gos/gold-catalog/container-images/glosi-global-lineaje-open-source-intelligence/installation-guide.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.