Documentation update

   

To provide a better user experience, we have now created a separate documentation space for BMC Helix Automation Console (previously called BMC Helix Vulnerability Management).
Users of BMC Helix Automation Console can find the latest documentation at BMC Helix Automation Console. .

Preparing for installation

Installation of TrueSight Automation Console requires you to complete these preinstallation tasks. You can download the installation files from the BMC Electronic Product Distribution (EPD) site. 

  • Downloading the installation files
  • Setting up your installation environment

Setting up your installation environment

Complete the following tasks to set up your environment:

  • Ensure that the target computer meets the system requirements.
  • Ensure that the servers on which you want to install the application and database are in the same time zone.
  • Install a compatible TrueSight Server Automation version.
    For details, see System requirements

    Note

    BMC recommends that you install the Automation Console and TrueSight Server Automation on different hosts.

  • Set up Docker in an internet-enabled environment.
    OR
  • Set up Docker in an air-gapped environment.

    Note:

    To avoid docker network conflicts, do not install TrueSight Automation Console and TrueSight Vulnerability Management on the same docker host.

  • If you want to install using a non-root user, ensure that the user has read and write permissions to the installation directory.
    This user must also be a part of the docker user group on the host.
  • If using an external PostgreSQL database, ensure that it is installed (along with the PostgresSQL contrib modules) and is running. 

     To verify whether the contrib modules are installed, run the following commands based on your version:
    For PostgreSQL 12
    yum list installed | grep postgresql12-contrib
    For PostgreSQL 11.2
    yum list installed | grep postgresql11-contrib

Setting up Docker in an internet-enabled environment

This section provides sample procedures for installing the Docker Community Edition (CE) on CentOS and the Docker Enterprise Edition (EE) on Red Hat Linux Enterprise (RHEL). Commands might vary for other operating system and Docker edition combinations.

Note

While setting up Docker in an internet-enabled or an air-gapped environment, the location where Docker is to be installed must have at least 50 GB storage space.

To set up Docker CE on a CentOS computer

  1. Add a Docker repository to your system required to install Docker: 

    sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
  2. Install Docker Community Edition:

    sudo yum -y install docker-ce device-mapper-libs device-mapper-event-libs
  3. Start the Docker daemon:

    systemctl start docker
  4. Enable the Docker services:

    systemctl enable docker.service
  5. Download Docker compose:

    sudo curl -L https://github.com/docker/compose/releases/download/1.19.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose

    Important

    After you download Docker compose, ensure that /usr/local/bin/ is added to the PATH variable.

  6. Grant the required permissions to Docker compose:

    sudo chmod +x /usr/local/bin/docker-compose
  7. To create a local Docker registry to manage Docker images, do the following:

    1. Download the TSAC<versionNo>-IMAGES-LIN64.zip file from the BMC Electronic Products Distribution (EPD).

    2. Create a directory on the Docker host (for example, /opt/tsac_<version>/dockerrepo) and extract the TSAC<versionNo>-IMAGES-LIN64.zip into the directory.
      Ensure that the file system size of this directory is at least 10 GB.

    3. Run the following command to create the local Docker registry. In the following command, replace <Directory> with the directory with its complete path that you created in step b. If there are multiple hosts, repeat this step on all the Docker hosts.

      docker run -d \ 
        -p 5000:5000 \ 
        --restart=always \ 
        --name registry \ 
        -v <Directory>:/var/lib/registry \ 
        registry:2 

      For example,

      docker run -d \
        -p 5000:5000 \
        --restart=always \
        --name registry \
        -v /opt/tsac_<version>/dockerrepo:/var/lib/registry \
        registry:2

      This command creates a local Docker registry on port 5000.

  8. Verify that Docker images have been pulled successfully by running the following command:

    curl http://localhost:5000/v2/_catalog

    Alternatively, you can verify by using the http://localhost:5000/v2/_catalog URL in a browser. 

    If successful, the command returns the following output:

    {"repositories":["bmcsoftware/truesight-app-vulnerability-management-drm","bmcsoftware/truesight-app-vulnerability-management-drw","bmcsoftware/truesight-app-vulnerability-management-portal","bmcsoftware/truesight-common-discovery-connector","bmcsoftware/truesight-common-exception-management","bmcsoftware/truesight-common-orchestration-connector","bmcsoftware/truesight-common-tagging","bmcsoftware/truesight-common-tsna-connector","bmcsoftware/truesight-common-tssa-connector","bmcsoftware/truesight-common-workmanager","bmcsoftware/truesight-config-configurator","bmcsoftware/truesight-infra-ext-consul","bmcsoftware/truesight-infra-ext-redis"]}

To set up Docker EE on an RHEL computer

  1. To install Docker EE, you need the URL of the Docker EE repository associated with your trial or subscription, as follows:

    1. Go to https://store.docker.com/my-content. All of your subscriptions and trials are listed.

    2. Click the Setup button for Docker Enterprise Edition for Red Hat Enterprise Linux

    3. Copy the URL from Copy and paste this URL to download your Edition and save it for later use.
  2. Export the Docker URL:

    sudo export DOCKERURL="<DOCKER-EE-URL>"

    DOCKER-EE-URL is the URL that you have obtained in step 1.

  3. Store the value of the variable, DOCKERURL (from the previous step), in a yum variable in /etc/yum/vars/:

    sudo -E sh -c 'echo "$DOCKERURL/rhel" > /etc/yum/vars/dockerurl'
  4. Store your OS version string in /etc/yum/vars/dockerosversion. If you are using version 7.2, type the exact version.

    sudo sh -c 'echo "7" > /etc/yum/vars/dockerosversion'
  5. Install the required packages. The yum-utils package provides the yum-config-manager utility. The device-mapper-persistent-data and lvm2 packages are required by the devicemapper storage driver:

    sudo yum install -y yum-utils device-mapper-persistent-data lvm2
  6. Enable the extras RHEL repository. This ensures access to the container-selinux package required by docker-ee.

    sudo yum-config-manager --enable rhel-7-server-extras-rpms
  7. Add the Docker repository to your system required to install Docker EE: 

    sudo yum-config-manager --add-repo "$DOCKERURL/rhel/docker-ee.repo"
  8. Install the Docker EE:

    sudo yum -y install docker-ee device-mapper-libs device-mapper-event-libs
  9. Start the Docker daemon:

    systemctl start docker
  10. Enable the Docker services:

    systemctl enable docker.service
  11. Download and install docker compose:

    sudo curl -L https://github.com/docker/compose/releases/download/1.19.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
  12. After you download docker compose, add /usr/local/bin/ to the PATH variable.

  13. Grant the required permissions to docker compose:

    sudo chmod +x /usr/local/bin/docker-compose
  14. Create a local Docker registry to manage Docker images, as follows:

    1. Download the TSAC<versionNo>-IMAGES-LIN64.zip file from the BMC Electronic Products Distribution (EPD).

    2. Create a directory on the Docker host (for example, /opt/tsac_<version>/dockerrepo) and extract the TSAC<versionNo>-IMAGES-LIN64.zip into the directory.
      Ensure that the file system size of this directory is at least 10 GB.

    3. Run the following command to create the local Docker registry. Replace <Directory> with the complete path of the directory that you created in step b. If there are multiple Docker hosts, repeat this step on all hosts.

      docker run -d \
        -p 5000:5000 \
        --restart=always \
        --name registry \
        -v <Directory>:/var/lib/registry \
        registry:2

      For example,

      docker run -d \
        -p 5000:5000 \
        --restart=always \
        --name registry \
        -v /opt/tsac_<version>/dockerrepo:/var/lib/registry \
        registry:2

      This command creates a local Docker registry on port 5000.

  15. Verify that Docker images have been pulled successfully by running the following command:

    curl http://localhost:5000/v2/_catalog

    If successful, the command returns the following output:

    {"repositories":["bmcsoftware/truesight-app-vulnerability-management-drm","bmcsoftware/truesight-app-vulnerability-management-drw","bmcsoftware/truesight-app-vulnerability-management-portal","bmcsoftware/truesight-common-discovery-connector","bmcsoftware/truesight-common-exception-management","bmcsoftware/truesight-common-orchestration-connector","bmcsoftware/truesight-common-tagging","bmcsoftware/truesight-common-tsna-connector","bmcsoftware/truesight-common-tssa-connector","bmcsoftware/truesight-common-workmanager","bmcsoftware/truesight-config-configurator","bmcsoftware/truesight-infra-ext-consul","bmcsoftware/truesight-infra-ext-redis"]}

Setting up Docker in an air-gapped environment

This section provides sample procedures for installing the Docker Community Edition (CE) on CentOS and the Docker Enterprise Edition (EE) on Red Hat Linux Enterprise (RHEL). Commands might vary for other operating system and Docker edition combinations.

To set up Docker CE on a CentOS computer in an air-gapped environment

 Click here to expand...
  1. Ensure that Docker CE is installed on the computer where you want to install the application.

  2. Start the Docker daemon:

    systemctl start docker
  3. Enable the Docker services:

    systemctl enable docker.service
  4. Switch to the computer that has internet access and download docker compose using the following command:

    sudo curl -L https://github.com/docker/compose/releases/download/1.19.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
  5. Copy the downloaded file to the /usr/local/bin directory on the computer where you want to install the application:

    Important

    After you download docker compose, ensure that /usr/local/bin/ is added to the PATH variable.



  6. Grant the required permissions to docker compose:

    sudo chmod +x /usr/local/bin/docker-compose
  7. Create a local Docker registry to manage Docker images, as follows:

    1. Download the TSAC<versionNo>-IMAGES-LIN64.zip file from the BMC Electronic Products Distribution (EPD) on the computer where you have internet access.
      The zip file also contains the registryv2.tar file inside the /registry location, which is used to load the registry image on a Docker host.

    2. On the Docker host, run the following command to load the registry image:

      docker load -i <installer unzip location>/registry/registryv2.tar
    3. Copy the TSAC<versionNo>-IMAGES-LIN64.zip to the computer on the Docker host.
    4. Create a directory on the Docker host (for example, /opt/tsac_<version>/dockerrepo) and extract the TSAC<versionNo>-IMAGES-LIN64.zip into the directory.
      Example:

      mkdir -p //opt/tsac_<version>/dockerrepo
      unzip TSAC-<version>-IMAGES-LIN64.zip -d /opt/tsac_<version>/dockerrepo
    5. Run the following command to create the local Docker registry. In the following command, replace <Directory> with the directory with its complete path that you created in step f. If there are multiple hosts, repeat this step on all the Docker hosts.

      docker run -d \
        -p 5000:5000 \
        --restart=always \
        --name registry \
        -v <Directory>:/var/lib/registry \
        registry:2

      Example:

      docker run -d \
        -p 5000:5000 \
        --restart=always \
        --name registry \
        -v /opt/tsac_<version>/dockerrepo:/var/lib/registry \
        registry:2

      This command creates a local Docker registry on port 5000.

  8. Verify that Docker images have been pulled successfully by running the following command:

    curl http://localhost:5000/v2/_catalog

    If successful, the command returns the following output:

    {"repositories":["bmcsoftware/truesight-app-utilities","bmcsoftware/truesight-app-vulnerability-management-drm","bmcsoftware/truesight-app-vulnerability-management-drw","bmcsoftware/truesight-app-vulnerability-management-portal","bmcsoftware/truesight-common-discovery-connector","bmcsoftware/truesight-common-exception-management","bmcsoftware/truesight-common-itil","bmcsoftware/truesight-common-orchestration-connector","bmcsoftware/truesight-common-tagging","bmcsoftware/truesight-common-tsna-connector","bmcsoftware/truesight-common-tssa-connector","bmcsoftware/truesight-common-workmanager","bmcsoftware/truesight-config-configurator","bmcsoftware/truesight-infra-ext-consul","bmcsoftware/truesight-infra-ext-redis"]}

To set up Docker EE on an RHEL computer in an air-gapped environment

 Click here to expand...
  1. Ensure that Docker EE is installed on the computer where you want to install the application.

  2. Run the following command to start the Docker daemon:

    systemctl start docker
  3. Enable the Docker services:

    systemctl enable docker.service
  4. Connect to the computer that has internet access and download docker compose using this command:

    sudo curl -L https://github.com/docker/compose/releases/download/1.19.0/docker-compose-
    `uname -s`-`uname -m` -o /usr/local/bin/docker-compose
  5. Copy the downloaded file to the /usr/local/bin directory on the computer where you want to install the application:

    Important

    After you download docker compose, ensure that /usr/local/bin/ is added to the PATH variable.

  6. Grant the required permissions to docker compose:

    sudo chmod +x /usr/local/bin/docker-compose
  7. Create a local Docker registry to manage Docker images, as follows:

    1. Download the TSAC<versionNo>-IMAGES-LIN64.zip file from the BMC Electronic Products Distribution (EPD) on the computer where you have internet access.

      The zip file also contains the registryv2.tar file inside the /registry location, which is used to load the registry image on a Docker host.

    2. On the Docker host, run the following command to load the registry image:

      docker load -i <installer unzip location>/registry/registryv2.tar
    3. Copy the TSAC<versionNo>-IMAGES-LIN64.zip to the computer on the Docker host.
    4. Create a directory on the Docker host (for example, /opt/tsac_<version>/dockerrepo) and extract the TSAC<versionNo>-IMAGES-LIN64.zip into the directory.
      Example

      mkdir -p /opt/tsac_<version>/dockerrepo
      unzip TSAC-<version>-IMAGES-LIN64.zip -d /opt/tsac/dockerrep
    5. Create the local Docker registry. Replace <Directory> with the complete path of the directory that you created in step f. If there are multiple Docker hosts, repeat this step on all hosts.

      docker run -d \
        -p 5000:5000 \
        --restart=always \
        --name registry \
        -v <Directory>:/var/lib/registry \
        registry:2


      Example:

      docker run -d \
        -p 5000:5000 \
        --restart=always \
        --name registry \
        -v /opt/tsac_<version>/dockerrepo:/var/lib/registry \
        registry:2

      This command creates a local Docker registry on port 5000.

  8. Verify that Docker images have been pulled successfully by running the following command:

    curl http://localhost:5000/v2/_catalog

    If successful, the command returns the following output:

    {"repositories":["bmcsoftware/truesight-app-utilities","bmcsoftware/truesight-app-vulnerability-management-drm","bmcsoftware/truesight-app-vulnerability-management-drw","bmcsoftware/truesight-app-vulnerability-management-portal","bmcsoftware/truesight-common-discovery-connector","bmcsoftware/truesight-common-exception-management","bmcsoftware/truesight-common-itil","bmcsoftware/truesight-common-orchestration-connector","bmcsoftware/truesight-common-tagging","bmcsoftware/truesight-common-tsna-connector","bmcsoftware/truesight-common-tssa-connector","bmcsoftware/truesight-common-workmanager","bmcsoftware/truesight-config-configurator","bmcsoftware/truesight-infra-ext-consul","bmcsoftware/truesight-infra-ext-redis"]}

Configuring the product for firewall and Security-Enhanced Linux

If firewall is running and SELinux is enabled, follow these instructions to open the ports:

  1. Open these ports on the firewall using the following command for each of the ports:

    firewall-cmd --permanent --add-port portNumber/tcp

    Important

    You cannot change the port numbers after the installation or upgrade. You can use port numbers of your choice only during installation.

    Port

    Protocol

    Configured on

    User can change the port number?

    Firewall exception needed?

    Description

    10443TCPHost containing the Automation Console application installationYesYesSecure port used to access the Automation Console application.
    5000TCP

    Host containing the Automation Console application installation

    Yes (at the time of installation)YesPort used for communication with the Docker repository
    5432TCPHost containing the database installationNoYesPort used by the database (PostgreSQL) for communication
    9843TCPHost containing the Automation Console applicationNoYes

    Port used by the application to communicate with Server Automation

  2. Restart the firewall by running the following command: 

    systemctl restart firewalld
  3. Stop the Docker service by running the following command: 

    systemctl stop docker
  4. Reset the Docker network adapter by running the following commands: 

    iptables -t nat -F
    ifconfig docker0 down
  5. Start the Docker service by running the following command:

    systemctl start docker

Where to go from here?

After completing the pre-installation tasks, you can begin installing in the interactive mode

Was this page helpful? Yes No Submitting... Thank you

Comments

  1. Gerardo Bartoccini

    Hi, I can see some "Page not found" errors above:


      Page not found for multiexcerpt macro.

    The page: .System requirements v20.08 was not found.

    Mar 23, 2021 07:56
    1. Shweta Hardikar

      Hi, 

      I fixed the link. Thanks for bringing it to our notice. 

      Mar 30, 2021 12:17
  2. John O'toole

    Looks like an issue on this page. Step 1 of "Configuring the product for firewall and Security-Enhanced Linux":


      Page not found for multiexcerpt macro.

    The page: .System requirements v20.08 was not found. Please check/update the page name used in the 'multiexcerpt-include' macro.

    Mar 26, 2021 02:34
    1. Shweta Hardikar

      Hi, 

      I fixed the link. Thanks for bringing it to our notice. 

      Mar 30, 2021 12:17