Installing in the interactive mode

Use these instructions to install the database, Elasticsearch, and the TrueSight Vulnerability Management application in the interactive mode. You can install all of these by using a single script that is bundled in the installables.

Warning

TrueSight Vulnerability Management  is delivered to customers bundled as a set of Docker Containers. The Docker Containers and the software installed on them should not be taken out of TrueSight Vulnerability Management or used separately from TrueSight Vulnerability Management. Installing additional third-party software or updating existing software packages in the Docker Containers is not permitted, unless explicitly authorized by BMC Software.

This topic includes the following sections:

Before you begin

  • Ensure that one of the following endpoints managers must be installed and running which you want to access while running the TrueSight Vulnerability Management application.
    • TrueSight Server Automation

    • TrueSight Network Automation
    • Microsoft System Center Configuration Manager (SCCM) 
  • Ensure that you log on as a root user to the computers on which you want to install the database, Elasticsearch, or application. Installation with a non-root user is not supported.

  • To avoid potential permission-related issues in accessing the files that are needed to start or stop services on Linux systems, ensure that the user file creation mask (also called umask) for a Linux user is set to 022.

To install database, Elasticsearch, or application

  1. Log on to a computer that has Python installed and on which you want to install either database, Elasticsearch, or application.

  2. Create a temporary directory, for example, /opt/tsvmDownload.

  3. Copy the following downloaded files to the /opt/tsvmDownload directory.

    • TSVM<versionNo>-SM-LIN64.zip
    • TSVM<versionNo>-APP-LIN64.zip
    • TSVM<versionNo>-DB-LIN64.zip
    • TSVM<versionNo>-ES-LIN64.zip
  4. Extract the TSVM<versionNo>-SM-LIN64.zip file to the /opt/tsvmDownload directory.

  5. From the /opt/tsvmDownload/truesight-sm directory, run the following command:

    python install.py

    You are prompted for the installation mode:

    • 1. Create an input file for the Deployment type to be installed: Allows you to create the input file that you can use in the installation process.
    • 2. Install Deployment type: Allows you to use an existing input file for the installation process or provide inputs while installing.
  6. Select the installation mode and press Enter.

To create the input files

Note

This procedure assumes that you want to create individual input files for database, Elasticsearch, and application on a single computer.

Attached are sample input files for the database, Elasticsearch, and application. These sample files are only for reference purpose. For installation in your environment, create separate input files, as described in the procedure that follows.

  1. In step 6, when you type 1 as the installation mode, you are prompted for the deployment type. You can choose options 1, 2, and 3 (one at a time) if you want to create separate input files for the application, database, and Elasticsearch. You can use option 4 if you want to create only one input file for all deployment types and then use that file to install the application, database, and Elasticsearch on separate computers.

    • 1. Application: Allows you to create the input file for installing the application.
    • 2. Database: Allows you to create the input file for installing the database.
    • 3. Elasticsearch: Allows you to create the input file for installing Elasticsearch.
    • 4. All: Allows you to create a single input file for installing the application, database, and Elasticsearch.

      Recommentation

      BMC recommends that you create input files in the following sequence: Database, Elasticsearch, Application.

  2. (This step is not required if you have an existing instance of PostgreSQL database installed in your environment. Provide database details of the existing instance while creating the input file for the application, and after installing the application, configure the database server so that the application can access the database.) 
    Create input file for the database:
    1. Type 2 to indicate that you want to generate the input file for the database.
    2. Enter the directory in which you want to generate the input file. Default is /opt/bmc/truesight.
    3. Enter the following inputs and press Enter.

      EntryDescriptionDefault
      Port numberPort number for the database server5432
      Database Admin user nameAdministrative user name for the databasepostgres
      PasswordPassword for the Administrative user
      Note: Password cannot contain any special character, such as question mark (?).

      Tablespace directory

      Directory on the PostgreSQL server in which you want to create the system tablespace

      This directory is created if it does not exist.

      The data directory/ filesystem that needs to host the tablespaces must have at least 50 GB of storage space.

      /opt/bmc/truesight/tsvm_tablespace
      The inputs_file.yml file is generated in the specified directory.

  3. Create input file for Elasticsearch:
    1. Navigate to the /opt/tsvmDownload /truesight-sm directory and run the following command:

      python install.py

      You are prompted for the installation mode.

    2. Type 1 as the installation mode and press Enter.
      You are prompted for the deployment type.

    3. Type 3 to indicate that you want to generate the input file for Elasticsearch.
    4. Enter the directory in which you want to generate the input file. Default is /opt/bmc/truesight.
      If you accept the default path, the inputs required for Elasticsearch are merged to the existing file.
    5. Enter the following inputs and press Enter.

      EntryDescriptionDefault
      HTTP port numberHTTP port number for the Elasticsearch server9200
      TCP port numberTCP port number for the Elasticsearch server9300
      Heap size (in MB)Heap size (in MB) for the Elasticsearch installation  8192
      The inputs_file.yml file is generated in the specified directory.

  4. Create input file for the application:
    1. Navigate to the /opt/tsvmDownload /truesight-sm directory and run the following command:

       python install.py

      You are prompted for the installation mode.

    2. Type 1 as the installation mode and press Enter.
      You are prompted for the deployment type.
    3. Type 1 to indicate that you want to create the input file for the application.
    4. Enter the directory in which you want to generate the input file. Default is /opt/bmc/truesight.
      If you accept the default path, the inputs required for the application are merged to the existing file.
    5. Enter the following inputs and press Enter.

      Important

      If you have an existing instance of PostgreSQL database installed (supported only on Linux) in your environment, enter the details for the same while creating the input file for the application.

      EntryDescriptionDefault
      Host name and port number for the Docker registryHost name and port number for the docker registry in the following format: hostname:portNumber127.0.0.1:5000
      Docker network subnet prefix

      Subnet prefix for the application containers' network in one of the following formats:

      • x
      • x.x

      where x represents an octet. For example, 138 or 138.10.

      When you install the application, networks for various containers are created with a netmask 24. IP addresses for these networks are derived from the subnet prefix you provide here. 

      Caution : Ensure that the subnet prefix you provide does not conflict with your datacenter's subnet CIDR or the IP address (172.xx.0.0/16) for the docker0 (docker network adapter/ bridge). In case it does, see Troubleshooting installation issues to resolve the issue.

      You can check the contents of the daemon.json file to view the current docker network setting if it exists:
      cat /etc/docker/daemon.json
      For example, the file shows the current setting as { "bip": "172.17.0.1/16" }.

      The deamon.json file is created when Docker is installed and its services are running.


      Vulnerability Management database nameName for the Vulnerability Management database that you want to createtsvm_database
      PostgreSQL server host name

      Fully qualified domain name (FQDN) or IP address of the PostgreSQL server

      Important

      When using an FQDN for the host, FQDN should be resolvable by the DNS server.


      PostgreSQL server port numberPort number of the PostgreSQL server5432
      PostgreSQL Admin user nameAdministrative user name for the PostgreSQL databasepostgres
      PasswordPassword for the Administrative database user Note: Password cannot contain any special character, such as question mark (?).
      User nameA new user name for the Vulnerability Management databasetsvm_database_user
      PasswordPassword for the Vulnerability Management database user
      Path for the application tablespaces

      Path for the existing application tablespaces on the PostgreSQL server

      /opt/bmc/truesight/tsvm_tablespace
      Write

      Privileges

      Write privileges required on the /opt/bmc/truesight/tsvm_tablespace directory
      Elasticsearch host name and port number

      (Version 3.0.01 and later) FQDN or IP address and HTTP port number of the host where Elasticsearch is installed in the following format: hostName:portNumber

      (Version 3.0) FQDN or IP address and TCP port number of the host where Elasticsearch is installed in the following format: hostName:portNumber

      If you have installed Elasticsearch on multiple servers to configure a cluster, enter a comma-separated list of hostName:portNumber.

      Important

      When using an FQDN for the host, FQDN should be resolvable by the DNS server.

      Tip: You can look for TCP and HTTP port numbers in the <ES_INSTALL_DIR>/elasticsearch/infra-ext/es/DCAIndexService/config/elasticsearch.yml file on the Elasticsearch host.

      HTTP Port number: 9200
      TCP Port number: 9300

      Site Type

      One of the following site types:

      • 1: Server Automation
      • 2: Network Automation
      • 3: Microsoft SCCM

      You need to enter details for at least one site type while installing the application. You can also enter details for other site types here or after the installation from the Administration page. You can log on to the TrueSight Vulnerability Management UI with the users of the site types that you enter details for here.

      Note: If you are choosing the Microsoft SCCM option here, ensure that you have installed and configured the SCCM connector.

      Server Automation
      Host name

      FQDN or IP address of the host for the site

      Important

      When using an FQDN for the host, FQDN should be resolvable by the DNS server.


      Port numberPort number for the site type

      Server Automation: 9843

      Network Automation: 443

      ProtocolProtocol for the site type: http, httpshttps
      Admin role nameRole name for the site which has the Administrator rights

      Server Automation: BLAdmins

      Network Automation: sysadmin

      SCCM: Administrator

      The inputs_file.yml file is generated in the specified directory.

After generating the input file, start installing the database, Elasticsearch, and application, as described in Running the installation process with an input file

Running the installation process with an input file

First create the input files for the database, Elasticsearch, and, application and then install them using the input files, as described in the following sections:

  1. Install the database with an input file
  2. Install Elasticsearch with an input file
  3. Install the application with an input file

To install the database with an existing input file

Note

You don't need to perform this procedure if you have an existing instance of PostgreSQL database (supported only on Linux) installed in your environment. Provide database details of the existing instance while installing the application and then configure the database server so that the application can access the database.

  1. Log on to the computer where you want to install the database.
  2. Obtain the input file that you have already created (either a cumulative input file or the individual file for the database).
  3. Create a temporary directory, for example, /opt/tsvmInstall.
  4. Copy the TSVM<versionNo>-SM-LIN64.zip and TSVM<versionNo>-DB-LIN64.zip files, which you have downloaded from EPD, to the /opt/tsvmInstall directory.
  5. Extract the TSVM<versionNo>-SM-LIN64.zip to the /opt/tsvmInstall directory.

  6. Navigate to the /opt/tsvmInstall/truesight-sm directory and run the following command:

    python install.py

    You are prompted for the installation mode:

    • 1. Create an input file for the Deployment type to be installed: Allows you to create the input file that you can use as input to the installation process.
    • 2. Install Deployment type: Allows you to use an existing input file for the installation process or provide inputs during installation.
  7. Type 2 to indicate that you want to start with the installation process.
    You are prompted for the deployment type. 
    • 1. Application: Allows you to install the application.
    • 2. Database: Allows you to install the database.
    • 3. Elasticsearch: Allows you to install Elasticsearch.
  8. Type 2 to indicate that you want to install the database.
  9. Read the license agreement, and enter y to proceed.
  10. Enter the directory in which you want to install the database. Default is /opt/bmc/truesight.
  11. Enter the path with the input file name in which you have stored the file, and press Enter. For example, /opt/bmc/truesight/inputs_file.yml.
    The installation process starts.
  12. Once the installation process is complete, verify that the database services are running by using the following command:

    python truesight-sm.py status --deployment database

To install Elasticsearch with the existing input file

  1. Log on to the computer where you want to install Elasticsearch.
  2. Obtain the input file that you have already created (either a cumulative input file or the individual file for Elasticsearch).
  3. Create a temporary directory, for example, /opt/tsvmInstall.
  4. Copy the TSVM<versionNo>-SM-LIN64.zip and TSVM<versionNo>-ES-LIN64.zip files, which you have downloaded from EPD, to the /opt/tsvmInstall directory.
  5. Extract the TSVM<versionNo>-SM-LIN64.zip to the /opt/tsvmInstall directory.

  6. Navigate to the /opt/tsvmInstall/truesight-sm directory and run the following command:

    python install.py

    You are prompted for the installation mode:

    • 1. Create an input file for the Deployment type to be installed: Allows you to create the input file that you can use in the installation process.
    • 2. Install Deployment type: Allows you to use an existing input file for the installation process or provide inputs during installation.
  7. Type 2 to indicate that you want to start with the installation process.
    You are prompted for the deployment type. 
    • 1. Application: Allows you to install the application.
    • 2. Database: Allows you to install the database.
    • 3. Elasticsearch: Allows you to install Elasticsearch.
  8. Type 3 to indicate that you want to install Elasticsearch.
  9. Read the license agreement, and enter y to proceed.
  10. Enter the directory in which you want to install Elasticsearch. Default is /opt/bmc/truesight.
  11. Enter the path with the input file name in which you have stored the file and press Enter. For example, /opt/bmc/truesight/inputs_file.yml.
    The installation process starts.
  12. Once the installation process is complete, verify that the Elasticsearch (DCA Index) services are running using the following command:

    python truesight-sm.py status --deployment elasticsearch
  13. (Optional) If you want to configure cluster of Elasticsearch servers before installing the application, create the input file for each instance and then install Elasticsearch on multiple servers. You can configure the Elasticsearch cluster after installing the application as well.

To install the application with the existing input file

  1. Log on to the computer where you want to install the application.
  2. Obtain the input file that you have already created (either a cumulative input file or the individual file for the application).
  3. Create a temporary directory (for example, /opt/tsvmInstall).
  4. Copy the TSVM<versionNo>-SM-LIN64.zip and TSVM<versionNo>-APP-LIN64.zip files, which you have downloaded from EPD, to the /opt/tsvmInstall directory.
  5. Extract the TSVM<versionNo>-SM-LIN64.zip to the /opt/tsvmInstall directory.

  6. Navigate to the /opt/tsvmInstall/truesight-sm directory and run the following command:

    python install.py

    You are prompted for the installation mode:

    • 1. Create an input file for the Deployment type to be installed: Allows you to create the input file that you can use in the installation process.
    • 2. Install Deployment type: Allows you to use an existing input file for the installation process or provide inputs during installation.
  7. Type 2 to indicate that you want to start with the installation process.
    You are prompted for the deployment type. 
    • 1. Application: Allows you to install the application.
    • 2. Database: Allows you to install the database.
    • 3. Elasticsearch: Allows you to install Elasticsearch.
  8. Type 1 to indicate that you want to install the application.
  9. Read the license agreement, and enter y to proceed.
  10. Enter the directory in which you want to install the application. Default is /opt/bmc/truesight.
  11. Enter the path with the input file name in which you stored the file and press Enter. For example, /opt/bmc/truesight/inputs_file.yml.
    The installation process starts.
  12. Once the installation process is complete, verify that the application services are running using the following command:

    python truesight-sm.py status --deployment application
  13. (optional) If you want to create application clusters, repeat steps 1 to 12 to install the application on multiple computers. After you install the application on multiple computers, configure the cluster.

Running the installation process without an input file

If you have not created input file, you can directly provide the inputs during installation as described in the following sections.

  1. Install the database without an existing input file
  2. Install Elasticsearch without an existing input file
  3. Install the application without an existing input file

Installing the database without an existing input file

Note

You don't need to perform this procedure if you have an existing instance of PostgreSQL database installed (supported only on Linux) in your environment. Provide database details of the existing instance while installing the application and then configure the database server so that application can access the database.

  1. Log on to the computer where you want to install the database.
  2. Create a temporary directory (for example, /opt/tsvmInstall).
  3. Copy the TSVM<versionNo>-SM-LIN64.zip and TSVM<versionNo>-DB-LIN64.zip files, which you have downloaded from EPD, to the /opt/tsvmInstall directory.
  4. Extract the TSVM<versionNo>-SM-LIN64.zip to the /opt/tsvmInstall directory.
  5. Navigate to the /opt/tsvmInstall /truesight-sm directory and run the following command:

    python install.py

    You are prompted for the installation mode:

    • 1. Create an input file for the Deployment type to be installed: Allows you to create the input file that you can use in the installation process.
    • 2. Install Deployment type: Allows you to use an existing input file for the installation process or provide inputs during installation.
  6. Type 2 to indicate that you want to start with the installation process.
    You are prompted for the deployment type. 
    • 1. Application: Allows you to install the application.
    • 2. Database: Allows you to install the database.
    • 3. Elasticsearch: Allows you to install Elasticsearch.
  7. Type 2 to indicate that you want to install the database.
  8. Read the license agreement, and enter y to proceed.
  9. Enter the directory in which you want to install the database. By default, it is installed in the /opt/bmc/truesight directory.
  10. Press Enter to indicate that you want to provide the inputs while installing the database.
  11. Enter the following inputs:
    EntryDescriptionDefault
    Port numberPort number for the database server5432
    Database Admin user nameAdministrative user name for the databasepostgres
    PasswordPassword for the Administrative user
    Note: Password cannot contain any special character, such as question mark (?).

    Tablespace directory

    Directory on the PostgreSQL server in which you want to create the system tablespace

    This directory is created if it does not exist.

    The data directory/ filesystem that needs to host the tablespaces must have at least 50 GB of storage space.

    /opt/bmc/truesight/tsvm_tablespace
     
    The installation process starts.
  12. Once the installation process is complete, verify that the database services are running using the following command:

    python truesight-sm.py status --deployment database

Installing Elasticsearch without an existing input file

  1. Log on to the computer where you want to install Elasticsearch.
  2. Create a temporary directory (for example, /opt/tsvmInstall).
  3. Copy the TSVM<versionNo>-SM-LIN64.zip and TSVM<versionNo>-ES-LIN64.zip files, which you have downloaded from EPD, to the /opt/tsvmInstall directory.
  4. Extract the TSVM<versionNo>-SM-LIN64.zip to the /opt/tsvmInstall directory.

  5. Navigate to the /opt/tsvmInstall /truesight-sm directory and run the following command:

    python install.py

    You are prompted for the installation mode:

    • 1. Create an input file for the Deployment type to be installed: Allows you to create the input file that you can use in the installation process.
    • 2. Install Deployment type: Allows you to use an existing input file for the installation process or provide inputs during installation.
  6. Type 2 to indicate that you want to start with the installation process.
    You are prompted for the deployment type. 
    • 1. Application: Allows you to install the application.
    • 2. Database: Allows you to install the database.
    • 3. Elasticsearch: Allows you to install Elasticsearch.
  7. Type 3 to indicate that you want to install Elasticsearch.
  8. Read the license agreement, and enter y to proceed.
  9. Enter the directory in which you want to install Elasticsearch. By default, it is installed in the /opt/bmc/truesight directory.
  10. Press Enter to indicate that you want to provide the inputs while installing Elasticsearch.
  11. Enter the following inputs:
    EntryDescriptionDefault
    HTTP port numberHTTP port number for the Elasticsearch server9200
    TCP port numberTCP port number for the Elasticsearch server9300
    Heap size (in MB)Heap size (in MB) for the Elasticsearch installation  8192

    The installation process starts.
  12. Once the installation process is complete, verify that the Elasticsearch (DCA Index) services are running using the following command:

    python truesight-sm.py status --deployment elasticsearch
  13. (optional) If you want to configure cluster of Elasticsearch servers, install Elasticsearch on multiple servers. You can configure the Elasticsearch cluster after installing the application as well.

Installing the application without an existing input file

  1. Log on to the computer where you want to install the application.
  2. Create a temporary directory (for example, /opt/tsvmInstall).
  3. Copy the TSVM<versionNo>-SM-LIN64.zip and TSVM<versionNo>-APP-LIN64.zip files, which you have downloaded from EPD, to the /opt/tsvmInstall directory.
  4. Extract the TSVM<versionNo>-SM-LIN64.zip to the /opt/tsvmInstall directory.

  5. Navigate to the /opt/tsvmInstall/truesight-sm directory and run the following command:

    python install.py

    You are prompted for the installation mode:

    • 1. Create an input file for the Deployment type to be installed: Allows you to create the input file that you can use put to the installation process.
    • 2. Install Deployment type: Allows you to use an existing input file for the installation process or provide inputs during installation.
  6. Type 2 to indicate that you want to start with the installation process.
    You are prompted for the deployment type. 
    • 1. Application: Allows you to install the application.
    • 2. Database: Allows you to install the database.
    • 3. Elasticsearch: Allows you to install Elasticsearch.
  7. Type 1 to indicate that you want to install the application.
  8. Read the license agreement, and enter y to proceed.
  9. Enter the directory in which you want to install the application. By default, it is installed in the /opt/bmc/truesight directory.
  10. Press Enter to indicate that you want to provide the inputs while installing the application.
  11. Enter the following inputs:
    EntryDescriptionDefault
    Host name and port number for the Docker registryHost name and port number for the docker registry in the following format: hostname:portNumber127.0.0.1:5000
    Docker network subnet prefix

    Subnet prefix for the application containers' network in one of the following formats:

    • x
    • x.x

    where x represents an octet. For example, 138 or 138.10.

    When you install the application, networks for various containers are created with a netmask 24. IP addresses for these networks are derived from the subnet prefix you provide here. 

    Caution : Ensure that the subnet prefix you provide does not conflict with your datacenter's subnet CIDR or the IP address (172.xx.0.0/16) for the docker0 (docker network adapter/ bridge). In case it does, see Troubleshooting installation issues to resolve the issue.

    You can check the contents of the daemon.json file to view the current docker network setting if it exists:
    cat /etc/docker/daemon.json
    For example, the file shows the current setting as { "bip": "172.17.0.1/16" }.

    The deamon.json file is created when Docker is installed and its services are running.


    Vulnerability Management database nameName for the Vulnerability Management database that you want to createtsvm_database
    PostgreSQL server host name

    Fully qualified domain name (FQDN) or IP address of the PostgreSQL server

    Important

    When using an FQDN for the host, FQDN should be resolvable by the DNS server.


    PostgreSQL server port numberPort number of the PostgreSQL server5432
    PostgreSQL Admin user nameAdministrative user name for the PostgreSQL databasepostgres
    PasswordPassword for the Administrative database user Note: Password cannot contain any special character, such as question mark (?).
    User nameA new user name for the Vulnerability Management databasetsvm_database_user
    PasswordPassword for the Vulnerability Management database user
    Path for the application tablespaces

    Path for the existing application tablespaces on the PostgreSQL server

    /opt/bmc/truesight/tsvm_tablespace
    Write

    Privileges

    Write privileges required on the /opt/bmc/truesight/tsvm_tablespace directory
    Elasticsearch host name and port number

    (Version 3.0.01 and later) FQDN or IP address and HTTP port number of the host where Elasticsearch is installed in the following format: hostName:portNumber

    (Version 3.0) FQDN or IP address and TCP port number of the host where Elasticsearch is installed in the following format: hostName:portNumber

    If you have installed Elasticsearch on multiple servers to configure a cluster, enter a comma-separated list of hostName:portNumber.

    Important

    When using an FQDN for the host, FQDN should be resolvable by the DNS server.

    Tip: You can look for TCP and HTTP port numbers in the <ES_INSTALL_DIR>/elasticsearch/infra-ext/es/DCAIndexService/config/elasticsearch.yml file on the Elasticsearch host.

    HTTP Port number: 9200
    TCP Port number: 9300

    Site Type

    One of the following site types:

    • 1: Server Automation
    • 2: Network Automation
    • 3: Microsoft SCCM

    You need to enter details for at least one site type while installing the application. You can also enter details for other site types here or after the installation from the Administration page. You can log on to the TrueSight Vulnerability Management UI with the users of the site types that you enter details for here.

    Note: If you are choosing the Microsoft SCCM option here, ensure that you have installed and configured the SCCM connector.

    Server Automation
    Host name

    FQDN or IP address of the host for the site

    Important

    When using an FQDN for the host, FQDN should be resolvable by the DNS server.


    Port numberPort number for the site type

    Server Automation: 9843

    Network Automation: 443

    ProtocolProtocol for the site type: http, httpshttps
    Admin role nameRole name for the site which has the Administrator rights

    Server Automation: BLAdmins

    Network Automation: sysadmin

    SCCM: Administrator


    The installation process starts.
  12. Once the installation process is complete, verify that the application services are running using the following command:

    python truesight-sm.py status --deployment application
  13. (optional) If you want to create application clusters, repeat steps 1 to 12 to install the application on multiple computers. After you install the application on multiple computers, configure the cluster.


Configuring the existing database instance

If you have an existing instance of PostgreSQL database installed in your environment, you need to modify the pg_hba.conf file so that the application computer can access the database server.

To modify the pg_hba.conf file

  1. On the database server, open the pg_hba.conf file with a text editor.
  2. Look for the entries similar to the following:
    host    all             all              0.0.0.0/0              auth-method
    host    all             all              ::/0                       auth-method
  3. In the 4th column, replace 0.0.0.0/0 with your Docker network/mask.
  4. Replace the existing auth-method with md5.
  5. Save the pg_hba.conf file.
  6. Restart the database server.

Troubleshooting installation issues

If you face any issue during installation, see Troubleshooting installation issues .

Where to go from here

Depending on your requirements, set up additional connectors or start using the product.

Was this page helpful? Yes No Submitting... Thank you

Comments