Release bundle
The signed archive from the Download page, for example tessallite-community-X.Y.Z.tar.gz.
Community Edition install
Community Edition is distributed as a pre-built, signed, run-ready bundle. You download it, verify it, place your signed licence file, run one installer command, and open Tessallite in the browser. A GitHub checkout is for source review and development, not the normal install path.
Before you begin
The installer is designed to be re-runnable. If a preflight check fails, fix the reported issue and run the same command again.
The signed archive from the Download page, for example tessallite-community-X.Y.Z.tar.gz.
Your signed Community licence JSON from the registration flow. It will be copied to license.json.
Docker and Docker Compose v2 installed, with at least 8 GB RAM recommended for a smooth evaluation.
Ports 3000, 8001, 8080, and 5433 must be free on the host.
Copy the downloaded archive to the machine that will run Tessallite. Work in a directory owned by the installing user, not in a shared downloads folder.
mkdir -p ~/tessallite-community
mv ~/Downloads/tessallite-community-X.Y.Z.tar.gz ~/tessallite-community/
cd ~/tessallite-community
The release download provides SHA256SUMS and SHA256SUMS.sig, either beside the archive or inside the unpacked release directory. Verify checksums and the Ed25519 signature before running the installer.
# From the directory that contains SHA256SUMS and SHA256SUMS.sig:
sha256sum -c SHA256SUMS
# Signature verification. The public key is also shown on the Download page.
python3 - <<'PY'
import base64
from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PublicKey
PUB = "/by3PGaeLD425bBkMrAbD2NeHROHyjLHVA37pS5w3+0="
sig = base64.b64decode(open("SHA256SUMS.sig").read().splitlines()[1])
Ed25519PublicKey.from_public_bytes(base64.b64decode(PUB)).verify(
sig,
open("SHA256SUMS", "rb").read(),
)
print("signature OK")
PY
If either check fails, stop. Do not run the installer from that bundle.
Unpack the archive and enter the release directory. The directory should contain install.sh, docker-compose.yml, .env.example, release evidence, and possibly an images/ folder for offline installs.
tar -xzf tessallite-community-X.Y.Z.tar.gz
cd tessallite-community-X.Y.Z
ls
Copy the signed licence JSON into the release directory as license.json. Keep this file private.
cp /path/to/your-tessallite-community-license.json ./license.json
chmod 600 ./license.json
The default .env.example expects LICENSE_FILE_HOST=./license.json and includes the public verification key. If Tessallite issued a different key, use the one included with your licence email.
You normally do not need to hand-create secrets. If .env does not exist, the installer copies .env.example and generates strong values for the required secrets.
SYSTEM_ADMIN_EMAIL | Default admin email printed by the installer. Change before first run if needed. |
|---|---|
SYSTEM_ADMIN_PASSWORD | Generated by install.sh when empty. Read it from .env after install. |
LICENSE_FILE_HOST | Defaults to ./license.json. |
LICENSE_PUBLIC_KEYS | Public key used for local licence verification. This is public, not a secret. |
LLM_API_KEY | Optional. Add your provider key later if you want to use the conversational agent. |
LLM_ALLOW_SERVICE_ACCOUNT_AUTH | Cost safety — leave false (default). While false, the agent may authenticate only with a bring-your-own API key, so usage is billed to the key's owner. true also allows cloud service-account billing (e.g. Google Vertex AI), which charges the host's own cloud project. Only enable if you intend to pay LLM cost from this host. |
The installer checks Docker, checks required ports, creates .env if needed, generates secrets, validates the licence file, loads bundled images when present, starts containers, and waits for health.
chmod +x ./install.sh
./install.sh
If the release includes images/*.tar, the installer loads those images locally with docker load. That is the air-gapped path. If no image tarballs are present, Docker Compose pulls the pinned release images.
When the installer reports success, open the UI and sign in as the system admin.
http://localhost:3000
The installer prints the admin email. The generated password is stored in .env as SYSTEM_ADMIN_PASSWORD.
grep '^SYSTEM_ADMIN_EMAIL=' .env
grep '^SYSTEM_ADMIN_PASSWORD=' .env
Use the bundled health check after install and after any restart or upgrade.
./healthcheck.sh
docker compose --env-file .env ps
Expected result: the UI, model service, query router, optimizer, scheduler, gateway, and metadata database are running. The gateway exposes JDBC on 5433 and XMLA/HTTP on 8080.
What runs locally
The Community bundle is not just a UI demo. It starts the services needed to model data, serve BI tools, run routed queries, maintain acceleration artifacts, and manage the platform locally.
| Frontend | Web application at http://localhost:3000. |
|---|---|
| Model service | Projects, models, definitions, users, access control, and licence-aware control-plane operations. |
| Query router | Semantic binding, policy checks, aggregate and pocket routing, and source execution. |
| Optimizer | Miss analysis, aggregate recommendations, and acceleration planning. |
| Scheduler | Refresh schedules, drift checks, and lifecycle jobs. |
| Gateway | JDBC on localhost:5433 and XMLA/HTTP on http://localhost:8080. |
| PostgreSQL | Metadata and managed target schemas for the local evaluation stack. |
Operating basics
docker compose --env-file .env down
docker compose --env-file .env up -d
docker compose --env-file .env logs -f
docker compose --env-file .env logs -f model-service
./healthcheck.sh
docker compose --env-file .env ps
Download the new signed bundle, verify it, stop the old stack, copy forward .env and license.json, then run the new install.sh.
Keep a secure copy of .env, license.json, and the PostgreSQL volume or database dump. Without .env, generated secrets and the admin password are lost.
The conversational agent is bring-your-own-key. Add LLM_API_KEY in .env when you are ready to test agent workflows.
Air-gapped installs
If the release includes an images/ directory with OCI tarballs, install.sh loads the images locally and skips pulling from a registry. Licence verification is local and offline. Keep the evidence pack with the installation record so reviewers can inspect checksums, signatures, SBOMs, and the offline statement.
Troubleshooting
docker compose version works.3000, 8001, 8080, or 5433, then rerun ./install.sh.license.json and LICENSE_PUBLIC_KEYS matches the key issued with it.docker compose --env-file .env ps, then check logs for the unhealthy service.Get the licence, download the signed bundle, verify it, and run the installer on your Docker host.