Preparing for installation

Note

This topic is applicable only for a TrueSight Automation Console (on-premises) deployment.

BMC Helix Automation Console (SaaS) is not available for on-premises installation. For details about subscribing to this service, see BMC Helix subscriber information.

Installation of TrueSight Automation Console requires you to complete these preinstallation tasks. You can download the installation files from the BMC Electronic Product Distribution (EPD) site. 

  • Downloading the installation files
  • Setting up your installation environment

Setting up your installation environment

Complete the following tasks to set up your environment:

  • Ensure that the target computer meets the system requirements.
  • Ensure that the servers on which you want to install the application and database are in the same time zone.
  • Install a compatible TrueSight Server Automation version.
    See  Installing TrueSight Server Automation

    Note

    BMC recommends that you install the Automation Console and TrueSight Server Automation on different hosts.

  • Set up Docker in an internet-enabled environment.
    OR
  • Set up Docker in an air-gapped environment.

    Note:

    To avoid docker network conflicts, do not install TrueSight Automation Console and TrueSight Vulnerability Management on the same docker host.

  • If you want to install using a non-root user, ensure that the user has read and write permissions to the installation directory.
    This user must also be a part of the docker user group on the host.
  • If using an external PostgreSQL database, ensure that it is installed and running in your environment. 

Setting up Docker in an internet-enabled environment

This section provides sample procedures for installing the Docker Community Edition (CE) on CentOS and the Docker Enterprise Edition (EE) on Red Hat Linux Enterprise (RHEL). Commands might vary for other operating system and Docker edition combinations.

Note

While setting up Docker in an internet-enabled or an air-gapped environment, the location where Docker is to be installed must have at least 50 GB storage space.

To set up Docker CE on a CentOS computer

  1. Add a Docker repository to your system required to install Docker: 

    sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
  2. Install Docker Community Edition:

    sudo yum -y install docker-ce device-mapper-libs device-mapper-event-libs
  3. Start the Docker daemon:

    systemctl start docker
  4. Enable the Docker services:

    systemctl enable docker.service
  5. Download Docker compose:

    sudo curl -L https://github.com/docker/compose/releases/download/1.19.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose

    Important

    After you download Docker compose, ensure that /usr/local/bin/ is added to the PATH variable.

  6. Grant the required permissions to Docker compose:

    sudo chmod +x /usr/local/bin/docker-compose
  7. To create a local Docker registry to manage Docker images, do the following:

    1. Download the TSAC<versionNo>-IMAGES-LIN64.zip file from the BMC Electronic Products Distribution (EPD).

    2. Create a directory on the Docker host (for example, /opt/tsac/dockerrepo) and extract the TSAC<versionNo>-IMAGES-LIN64.zip into the directory.
      Ensure that the file system size of this directory is at least 10 GB.

    3. Run the following command to create the local Docker registry. In the following command, replace <Directory> with the directory with its complete path that you created in step b. If there are multiple hosts, repeat this step on all the Docker hosts.

      docker run -d \ 
        -p 5000:5000 \ 
        --restart=always \ 
        --name registry \ 
        -v <Directory>:/var/lib/registry \ 
        registry:2 

      For example,

      docker run -d \
        -p 5000:5000 \
        --restart=always \
        --name registry \
        -v /opt/tsac/dockerrepo:/var/lib/registry \
        registry:2

      This command creates a local Docker registry on port 5000.

  8. Verify that Docker images have been pulled successfully by running the following command:

    curl http://localhost:5000/v2/_catalog

    Alternatively, you can verify by using the http://localhost:5000/v2/_catalog URL in a browser. 

    If successful, the command returns the following output:

    {"repositories":["bmcsoftware/truesight-app-vulnerability-management-drm","bmcsoftware/truesight-app-vulnerability-management-drw","bmcsoftware/truesight-app-vulnerability-management-portal","bmcsoftware/truesight-common-discovery-connector","bmcsoftware/truesight-common-exception-management","bmcsoftware/truesight-common-orchestration-connector","bmcsoftware/truesight-common-tagging","bmcsoftware/truesight-common-tsna-connector","bmcsoftware/truesight-common-tssa-connector","bmcsoftware/truesight-common-workmanager","bmcsoftware/truesight-config-configurator","bmcsoftware/truesight-infra-ext-consul","bmcsoftware/truesight-infra-ext-redis"]}

To set up Docker EE on an RHEL computer

  1. To install Docker EE, you need the URL of the Docker EE repository associated with your trial or subscription, as follows:

    1. Go to https://store.docker.com/my-content. All of your subscriptions and trials are listed.

    2. Click the Setup button for Docker Enterprise Edition for Red Hat Enterprise Linux

    3. Copy the URL from Copy and paste this URL to download your Edition and save it for later use.
  2. Export the Docker URL:

    sudo export DOCKERURL="<DOCKER-EE-URL>"

    DOCKER-EE-URL is the URL that you have obtained in step 1.

  3. Store the value of the variable, DOCKERURL (from the previous step), in a yum variable in /etc/yum/vars/:

    sudo -E sh -c 'echo "$DOCKERURL/rhel" > /etc/yum/vars/dockerurl'
  4. Store your OS version string in /etc/yum/vars/dockerosversion. If you are using version 7.2, type the exact version.

    sudo sh -c 'echo "7" > /etc/yum/vars/dockerosversion'
  5. Install the required packages. The yum-utils package provides the yum-config-manager utility. The device-mapper-persistent-data and lvm2 packages are required by the devicemapper storage driver:

    sudo yum install -y yum-utils device-mapper-persistent-data lvm2
  6. Enable the extras RHEL repository. This ensures access to the container-selinux package required by docker-ee.

    sudo yum-config-manager --enable rhel-7-server-extras-rpms
  7. Add the Docker repository to your system required to install Docker EE: 

    sudo yum-config-manager --add-repo "$DOCKERURL/rhel/docker-ee.repo"
  8. Install the Docker EE:

    sudo yum -y install docker-ee device-mapper-libs device-mapper-event-libs
  9. Start the Docker daemon:

    systemctl start docker
  10. Enable the Docker services:

    systemctl enable docker.service
  11. Download and install docker compose:

    sudo curl -L https://github.com/docker/compose/releases/download/1.19.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
  12. After you download docker compose, add /usr/local/bin/ to the PATH variable.

  13. Grant the required permissions to docker compose:

    sudo chmod +x /usr/local/bin/docker-compose
  14. Create a local Docker registry to manage Docker images, as follows:

    1. Download the TSAC<versionNo>-IMAGES-LIN64.zip file from the BMC Electronic Products Distribution (EPD).

    2. Create a directory on the Docker host (for example, /opt/tsac/dockerrepo) and extract the TSAC<versionNo>-IMAGES-LIN64.zip into the directory.
      Ensure that the file system size of this directory is at least 10 GB.

    3. Run the following command to create the local Docker registry. Replace <Directory> with the complete path of the directory that you created in step b. If there are multiple Docker hosts, repeat this step on all hosts.

      docker run -d \
        -p 5000:5000 \
        --restart=always \
        --name registry \
        -v <Directory>:/var/lib/registry \
        registry:2

      For example,

      docker run -d \
        -p 5000:5000 \
        --restart=always \
        --name registry \
        -v /opt/tsac/dockerrepo:/var/lib/registry \
        registry:2

      This command creates a local Docker registry on port 5000.

  15. Verify that Docker images have been pulled successfully by running the following command:

    curl http://localhost:5000/v2/_catalog

    If successful, the command returns the following output:

    {"repositories":["bmcsoftware/truesight-app-vulnerability-management-drm","bmcsoftware/truesight-app-vulnerability-management-drw","bmcsoftware/truesight-app-vulnerability-management-portal","bmcsoftware/truesight-common-discovery-connector","bmcsoftware/truesight-common-exception-management","bmcsoftware/truesight-common-orchestration-connector","bmcsoftware/truesight-common-tagging","bmcsoftware/truesight-common-tsna-connector","bmcsoftware/truesight-common-tssa-connector","bmcsoftware/truesight-common-workmanager","bmcsoftware/truesight-config-configurator","bmcsoftware/truesight-infra-ext-consul","bmcsoftware/truesight-infra-ext-redis"]}

Setting up Docker in an air-gapped environment

This section provides sample procedures for installing the Docker Community Edition (CE) on CentOS and the Docker Enterprise Edition (EE) on Red Hat Linux Enterprise (RHEL). Commands might vary for other operating system and Docker edition combinations.

To set up Docker CE on a CentOS computer in an air-gapped environment

 Click here to expand...
  1. Ensure that Docker CE is installed on the computer where you want to install the application.

  2. Start the Docker daemon:

    systemctl start docker
  3. Enable the Docker services:

    systemctl enable docker.service
  4. Switch to the computer that has internet access and download docker compose using the following command:

    sudo curl -L https://github.com/docker/compose/releases/download/1.19.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
  5. Copy the downloaded file to the /usr/local/bin directory on the computer where you want to install the application:

    Important

    After you download docker compose, ensure that /usr/local/bin/ is added to the PATH variable.



  6. Grant the required permissions to docker compose:

    sudo chmod +x /usr/local/bin/docker-compose
  7. Create a local Docker registry to manage Docker images, as follows:

    1. Download the TSAC<versionNo>-IMAGES-LIN64.zip file from the BMC Electronic Products Distribution (EPD) on the computer where you have internet access.

    2. Run the following command to download the files required to create the Docker registry:

      docker pull registry \
         && docker save docker.io/registry:2 -o docker-io.registry.tar
    3. Copy the downloaded file (docker-io.registry.tar) to the computer on which you want to install the application (Docker host).
    4. On the Docker host, run the following command to load the registry image:

      docker load -i docker-io.registry.tar
    5. Copy the TSAC<versionNo>-IMAGES-LIN64.zip to the computer on the Docker host.
    6. Create a directory on the Docker host (for example, /opt/tsac/dockerrepo) and extract the TSAC<versionNo>-IMAGES-LIN64.zip into the directory.
      Example:

      mkdir -p /opt/tsac/dockerrepo
      unzip TSAC-<version>-IMAGES-LIN64.zip -d /opt/tsac/dockerrepo
    7. Run the following command to create the local Docker registry. In the following command, replace <Directory> with the directory with its complete path that you created in step f. If there are multiple hosts, repeat this step on all the Docker hosts.

      docker run -d \
        -p 5000:5000 \
        --restart=always \
        --name registry \
        -v <Directory>:/var/lib/registry \
        registry:2

      Example:

      docker run -d \
        -p 5000:5000 \
        --restart=always \
        --name registry \
        -v /opt/tsac/dockerrepo:/var/lib/registry \
        registry:2

      This command creates a local Docker registry on port 5000.

  8. Verify that Docker images have been pulled successfully by running the following command:

    curl http://localhost:5000/v2/_catalog

    If successful, the command returns the following output:

    {"repositories":["bmcsoftware/truesight-app-utilities","bmcsoftware/truesight-app-vulnerability-management-drm","bmcsoftware/truesight-app-vulnerability-management-drw","bmcsoftware/truesight-app-vulnerability-management-portal","bmcsoftware/truesight-common-discovery-connector","bmcsoftware/truesight-common-exception-management","bmcsoftware/truesight-common-itil","bmcsoftware/truesight-common-orchestration-connector","bmcsoftware/truesight-common-tagging","bmcsoftware/truesight-common-tsna-connector","bmcsoftware/truesight-common-tssa-connector","bmcsoftware/truesight-common-workmanager","bmcsoftware/truesight-config-configurator","bmcsoftware/truesight-infra-ext-consul","bmcsoftware/truesight-infra-ext-redis"]}

To set up Docker EE on an RHEL computer in an air-gapped environment

 Click here to expand...
  1. Ensure that Docker EE is installed on the computer where you want to install the application.

  2. Run the following command to start the Docker daemon:

    systemctl start docker
  3. Enable the Docker services:

    systemctl enable docker.service
  4. Connect to the computer that has internet access and download docker compose using this command:

    sudo curl -L https://github.com/docker/compose/releases/download/1.19.0/docker-compose-
    `uname -s`-`uname -m` -o /usr/local/bin/docker-compose
  5. Copy the downloaded file to the /usr/local/bin directory on the computer where you want to install the application:

    Important

    After you download docker compose, ensure that /usr/local/bin/ is added to the PATH variable.

  6. Grant the required permissions to docker compose:

    sudo chmod +x /usr/local/bin/docker-compose
  7. Create a local Docker registry to manage Docker images, as follows:

    1. Download the TSAC<versionNo>-IMAGES-LIN64.zip file from the BMC Electronic Products Distribution (EPD) on the computer where you have internet access.

    2. Run the following command to download the files required to create the Docker registry:

      docker pull registry \
         && docker save docker.io/registry:2 -o docker-io.registry.tar
    3. Copy the downloaded file (docker-io.registry.tar) to the computer on which you want to install the application (Docker host).
    4. On the Docker host, run the following command to load the registry image:

      docker load -i docker-io.registry.tar
    5. Copy the TSAC<versionNo>-IMAGES-LIN64.zip to the computer on the Docker host.
    6. Create a directory on the Docker host (for example, /opt/tsac/dockerrepo) and extract the TSAC<versionNo>-IMAGES-LIN64.zip into the directory.
      Example

      mkdir -p /opt/tsac/dockerrepo
      unzip TSAC-<version>-IMAGES-LIN64.zip -d /opt/tsac/dockerrep
    7. Create the local Docker registry. Replace <Directory> with the complete path of the directory that you created in step f. If there are multiple Docker hosts, repeat this step on all hosts.

      docker run -d \
        -p 5000:5000 \
        --restart=always \
        --name registry \
        -v <Directory>:/var/lib/registry \
        registry:2


      Example:

      docker run -d \
        -p 5000:5000 \
        --restart=always \
        --name registry \
        -v /opt/tsac/dockerrepo:/var/lib/registry \
        registry:2

      This command creates a local Docker registry on port 5000.

  8. Verify that Docker images have been pulled successfully by running the following command:

    curl http://localhost:5000/v2/_catalog

    If successful, the command returns the following output:

    {"repositories":["bmcsoftware/truesight-app-utilities","bmcsoftware/truesight-app-vulnerability-management-drm","bmcsoftware/truesight-app-vulnerability-management-drw","bmcsoftware/truesight-app-vulnerability-management-portal","bmcsoftware/truesight-common-discovery-connector","bmcsoftware/truesight-common-exception-management","bmcsoftware/truesight-common-itil","bmcsoftware/truesight-common-orchestration-connector","bmcsoftware/truesight-common-tagging","bmcsoftware/truesight-common-tsna-connector","bmcsoftware/truesight-common-tssa-connector","bmcsoftware/truesight-common-workmanager","bmcsoftware/truesight-config-configurator","bmcsoftware/truesight-infra-ext-consul","bmcsoftware/truesight-infra-ext-redis"]}

Configuring the product for firewall and Security-Enhanced Linux

If firewall is running and SELinux is enabled, follow these instructions to open the ports:

  1. Open these ports on the firewall using the following command for each of the ports:

    firewall-cmd --permanent --add-port portNumber/tcp

    Port

    Protocol

    Configured on

    User can change the port number?

    Firewall exception needed?

    Description

    10443TCPHost containing the Automation Console application installationYesYesSecure port used to access the Automation Console application.
    5000TCP

    Host containing the Automation Console application installation

    Yes (at the time of installation)YesPort used for communication with the Docker repository

    9443


    TCP

    Host containing the Automation Console application installation

    YesYesPort used for the WorkManager communication
    5432TCPHost containing the database installationNoYesPort used by the database (PostgreSQL) for communication

  2. Restart the firewall by running the following command: 

    systemctl restart firewalld
  3. Stop the Docker service by running the following command: 

    systemctl stop docker
  4. Reset the Docker network adapter by running the following commands: 

    iptables -t nat -F
    ifconfig docker0 down
    brctl delbr docker0
  5. Start the Docker service by running the following command:

    systemctl start docker

Where to go from here?

After completing the preinstallation tasks, you can begin installing in the interactive mode

Was this page helpful? Yes No Submitting... Thank you

Comments