Setting up the installation environment


This topic describes how to set up the installation environment. It includes the following sections:

Before you begin

  • Review the system requirements.
  • Ensure that the computers on which you want to install the application, database, and Elasticsearch are in the same timezone.
  • Ensure that you log on as a root user to the computer on which you want to install the application.

  • To avoid potential permission-related issues in accessing the files that are needed to start or stop services on Linux systems, ensure that the user file creation mask (also called umask) for a UNIX user is set to 0022.

Setting up the environment for installing the application in an internet-enabled environment

You need to install various Python modules and Docker on the computer on which you want to install the application in the following sequence:

These steps are explained in the following sections:

  1. Set up Python and Python modules
  2. Set up Docker

Setting up Python and Python modules in an internet-enabled environment

Important

  • To install or upgrade Python or Python setup tools package on a Red Hat Enterprise Linux computer, yum must be configured to access a valid repository. You can do this either by subscribing your computer to the Red Hat network or configure yum to access a repository on your local network.
  • If any of these software are installed on your computer and the version does not match the required version, uninstall the software, clean the computer, and then install the required version.
  1. Log on to the computer on which you want to install the application.

  2. Install the following software in the mentioned order:

    StepSoftwareRequired versionCommand to installCommand to check the existing version
    1Python2.7.x

    sudo yum -y install python

    python --version
    2Python setup tools package0.9.8sudo yum -y install python-setuptoolsrpm -qa | grep python-setuptools
    3pip9.0.1 or latereasy_install pippip --version
  3. Install the Python modules using the following command:

    pip install PyYAML==3.12 docker==2.7.0 docker-pycreds==0.2.2 docker-compose==1.19.0 dockerpty==0.4.1 netaddr==0.7.19 netifaces==0.10.7
    ModuleRequired versionCommand to check the existing version
    PyYAML3.12pip freeze | grep PyYAML
    netaddr0.7.19pip freeze | grep netaddr
    netifaces 0.10.7pip freeze | grep netifaces 
    docker2.7.0pip freeze | grep docker
    docker-pycreds0.2.2pip freeze | grep docker
    docker-compose1.19.0pip freeze | grep docker
    dockerpty0.4.1pip freeze | grep docker

Setting up Docker in an internet-enabled environment

Note

  • For the supported version numbers of the Docker edition and operating system combinations, see System requirements.
  • The following sample procedures include steps for the installing the Docker Community Edition (CE) on CentOS and the Docker Enterprise Edition (EE) on Red Hat Linux Enterprise (RHEL). Commands might vary for other operating system and Docker edition combinations.

Depending on the operating system you are using, follow one of the procedures:

To set up Docker CE on a CentOS computer in an internet-enabled environment

  1. Add a Docker repository to your system required to install Docker:

    sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
  2. Install Docker CE:

    sudo yum -y install docker-ce device-mapper-libs device-mapper-event-libs
  3. Start the Docker daemon:

    systemctl start docker
  4. Enable the Docker services:

    systemctl enable docker.service
  5. Download docker compose:

    sudo curl -L https://github.com/docker/compose/releases/download/1.19.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose

    Important

    After you download docker compose, ensure that /usr/local/bin/ is added to the PATH variable.

  6. Grant the required permissions to docker compose:

    sudo chmod +x /usr/local/bin/docker-compose
  7. Create a local Docker registry to manage Docker images, as follows:

    1. Download the TSVM<versionNo>-IMAGES-LIN64.zip file from the BMC Electronic Products Distribution (EPD).

    2. Create a temporary directory on the Docker host (for example, /opt/tsvm/dockerrepo) and extract the TSVM<versionNo>-IMAGES-LIN64.zip into the temporary directory.

      mkdir -p /opt/tsvm/dockerrepo 
      unzip TSVM31-IMAGES-LIN64.zip -d /opt/tsvm/dockerrepo
    3. Run the following command to create the local Docker registry. In the following command, replace <tempDirectory> with the temporary directory with its complete path that you created in step b. If there are multiple hosts, repeat this step on all the Docker hosts.

      docker run -d \
        -p 5000:5000 \
        --restart=always \
        --name registry \
        -v <tempDirectory>:/var/lib/registry \
        registry:2

      For example,

      docker run -d \
        -p 5000:5000 \
        --restart=always \
        --name registry \
        -v /opt/tsvm/dockerrepo:/var/lib/registry \
        registry:2

      This command creates a local Docker registry on port 5000.

  8. Verify that Docker images have been pulled successfully by running the following command:

    curl http://localhost:5000/v2/_catalog

    If successful, the command returns the following output:

    {"repositories":["bmcsoftware/truesight-app-vulnerability-management-drm","bmcsoftware/truesight-app-vulnerability-management-drw","bmcsoftware/truesight-app-vulnerability-management-portal","bmcsoftware/truesight-common-discovery-connector","bmcsoftware/truesight-common-exception-management","bmcsoftware/truesight-common-orchestration-connector","bmcsoftware/truesight-common-tagging","bmcsoftware/truesight-common-tsna-connector","bmcsoftware/truesight-common-tssa-connector","bmcsoftware/truesight-common-workmanager","bmcsoftware/truesight-config-configurator","bmcsoftware/truesight-infra-ext-consul","bmcsoftware/truesight-infra-ext-redis"]}

To set up Docker EE on an RHEL computer in an internet-enabled environment

  1. To install Docker EE, you need the URL of the Docker EE repository associated with your trial or subscription, as follows:

    1. Go to https://store.docker.com/my-content. All of your subscriptions and trials are listed.

    2. Click the Setup button for Docker Enterprise Edition for Red Hat Enterprise Linux

    3. Copy the URL from Copy and paste this URL to download your Edition and save it for later use.
  2. Export the Docker URL:

    sudo export DOCKERURL="<DOCKER-EE-URL>"

    DOCKER-EE-URL is the URL that you have obtained in step 1.

  3. Store the value of the variable, DOCKERURL (from the previous step), in a yum variable in /etc/yum/vars/:

    sudo -E sh -c 'echo "$DOCKERURL/rhel" > /etc/yum/vars/dockerurl'
  4. Store your OS version string in /etc/yum/vars/dockerosversion. Most users should use 7, but you can also use the more specific minor version, starting from 7.2.

    sudo sh -c 'echo "7" > /etc/yum/vars/dockerosversion'
  5. Install the required packages. yum-utils provides the yum-config-manager utility, and device-mapper-persistent-data and lvm2 are required by the devicemapper storage driver:

    sudo yum install -y yum-utils device-mapper-persistent-data lvm2
  6. Enable the extras RHEL repository. This ensures access to the container-selinux package required by docker-ee.

    sudo yum-config-manager --enable rhel-7-server-extras-rpms
  7. Add the Docker repository to your system required to install Docker EE:

    sudo yum-config-manager --add-repo "$DOCKERURL/rhel/docker-ee.repo"
  8. Install the Docker EE:

    sudo yum -y install docker-ee device-mapper-libs device-mapper-event-libs
  9. Start the Docker daemon:

    systemctl start docker
  10. Enable the Docker services:

    systemctl enable docker.service
  11. Download and install docker compose:

    sudo curl -L https://github.com/docker/compose/releases/download/1.19.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose

    Important

    After you download docker compose, ensure that /usr/local/bin/ is added to the PATH variable.

  12. Grant the required permissions to docker compose:

    sudo chmod +x /usr/local/bin/docker-compose
  13. Create a local Docker registry to manage Docker images, as follows:

    1. Download the TSVM<versionNo>-IMAGES-LIN64.zip file from the BMC Electronic Products Distribution (EPD).

    2. Create a temporary directory on the Docker host (for example, /opt/tsvm/dockerrepo) and extract the TSVM<versionNo>-IMAGES-LIN64.zip into the temporary directory.

      mkdir -p /opt/tsvm/dockerrepo 
      unzip TSVM31-IMAGES-LIN64.zip -d /opt/tsvm/dockerrepo
    3. Run the following command to create the local Docker registry. Replace <tempDirectory> with the complete path of the temporary directory that you created in step b. If there are multiple Docker hosts, repeat this step on all hosts.

      docker run -d \
        -p 5000:5000 \
        --restart=always \
        --name registry \
        -v <tempDirectory>:/var/lib/registry \
        registry:2

      For example,

      docker run -d \
        -p 5000:5000 \
        --restart=always \
        --name registry \
        -v /opt/tsvm/dockerrepo:/var/lib/registry \
        registry:2

      This command creates a local Docker registry on port 5000.

  14. Verify that Docker images have been pulled successfully by running the following command:

    curl http://localhost:5000/v2/_catalog

    If successful, the command returns the following output:

    {"repositories":["bmcsoftware/truesight-app-vulnerability-management-drm","bmcsoftware/truesight-app-vulnerability-management-drw","bmcsoftware/truesight-app-vulnerability-management-portal","bmcsoftware/truesight-common-discovery-connector","bmcsoftware/truesight-common-exception-management","bmcsoftware/truesight-common-orchestration-connector","bmcsoftware/truesight-common-tagging","bmcsoftware/truesight-common-tsna-connector","bmcsoftware/truesight-common-tssa-connector","bmcsoftware/truesight-common-workmanager","bmcsoftware/truesight-config-configurator","bmcsoftware/truesight-infra-ext-consul","bmcsoftware/truesight-infra-ext-redis"]}

Setting up the environment for installing the application in an air-gapped environment

You need to install various Python modules and Docker on the computer on which you want to install the application in the following sequence:

These steps are explained in the following sections:

  1. Setting up Python and Python modules
  2. Set up Docker

Setting up Python and Python modules in an air-gapped environment

Important

If any of these software are installed on your computer and the version does not match the required version, uninstall the software, clean the computer, and then install the required version.

  1. Log on to the computer on which you want to install the application.

  2. Ensure that the following software are installed:

    SoftwareRequired versionCommand to check the existing version
    Python2.7.xpython --version
    Python setup tools package0.9.8rpm -qa | grep python-setuptools
  3. To install PIP:

    1. Connect to the computer that has Internet access and download get-pip.py using the following command: wget https://bootstrap.pypa.io/get-pip.py
    2. Download the wheel-0.32.3-py2.py3-none-any.whl and pip-18.1-py2.py3-none-any.whl files from the following links:
      1. https://files.pythonhosted.org/packages/ff/47/1dfa4795e24fd6f93d5d58602dd716c3f101cfd5a77cd9acbe519b44a0a9/wheel-0.32.3-py2.py3-none-any.whl

      2. https://files.pythonhosted.org/packages/c2/d7/90f34cb0d83a6c5631cf71dfe64cc1054598c843a92b400e55675cc2ac37/pip-18.1-py2.py3-none-any.whl

    3. Copy the get-pip.pywheel-0.32.3-py2.py3-none-any.whl and pip-18.1-py2.py3-none-any.whl files to a temporary directory, prereq-tsvm on the computer where you want to install the application.

    4. Navigate to the prereq-tsvm directory and use the following command to install PIP: python get-pip.py --no-index --find-links=.
      If installed successfully, the output of the command looks like the following:

      Looking in links: .
      Collecting pip
      Collecting wheel
      Installing collected packages: pip, wheel
      Successfully installed pip-18.1 wheel-0.32.3

    5. Check the PIP version using the following command: pip --version
      Output of the command looks like the following:
      pip 18.1 from /usr/lib/python2.7/site-packages/pip (python 2.7)

  4. Log on to computer that has Internet access and download the Python modules using the following command:

    pip download PyYAML==3.12 docker==2.7.0 docker-pycreds==0.2.2 docker-compose==1.19.0 dockerpty==0.4.1 netaddr==0.7.19 netifaces==0.10.7 requests==2.18.4

    After the download is complete, the package folder looks like the following:

    -rw-r--r-- 1 root root 5605 Dec 10 09:48 backports.ssl_match_hostname-3.5.0.1.tar.gz
    -rw-r--r-- 1 root root 5968 Dec 10 09:48 cached_property-1.5.1-py2.py3-none-any.whl
    -rw-r--r-- 1 root root 154154 Dec 10 09:48 certifi-2018.11.29-py2.py3-none-any.whl
    -rw-r--r-- 1 root root 133356 Dec 10 09:48 chardet-3.0.4-py2.py3-none-any.whl
    -rw-r--r-- 1 root root 119480 Dec 10 09:48 docker-2.7.0-py2.py3-none-any.whl
    -rw-r--r-- 1 root root 115701 Dec 10 09:48 docker_compose-1.19.0-py2.py3-none-any.whl
    -rw-r--r-- 1 root root 13924 Dec 10 09:48 dockerpty-0.4.1.tar.gz
    -rw-r--r-- 1 root root 4673 Dec 10 09:48 docker_pycreds-0.2.2-py2.py3-none-any.whl
    -rw-r--r-- 1 root root 25901 Dec 10 09:48 docopt-0.6.2.tar.gz
    -rw-r--r-- 1 root root 12427 Dec 10 09:48 enum34-1.1.6-py2-none-any.whl
    -rw-r--r-- 1 root root 31171 Dec 10 09:48 functools32-3.2.3-2.tar.gz
    -rw-r--r-- 1 root root 1661676 Dec 10 09:42 get-pip.py
    -rw-r--r-- 1 root root 58213 Dec 10 09:48 idna-2.7-py2.py3-none-any.whl
    -rw-r--r-- 1 root root 18155 Dec 10 09:48 ipaddress-1.0.22-py2.py3-none-any.whl
    -rw-r--r-- 1 root root 39524 Dec 10 09:48 jsonschema-2.6.0-py2.py3-none-any.whl
    -rw-r--r-- 1 root root 1628451 Dec 10 09:48 netaddr-0.7.19-py2.py3-none-any.whl
    -rw-r--r-- 1 root root 30988 Dec 10 09:48 netifaces-0.10.7-cp27-cp27mu-manylinux1_x86_64.whl
    -rw-r--r-- 1 root root 1323545 Dec 10 09:42 pip-18.1-py2.py3-none-any.whl
    -rw-r--r-- 1 root root 253011 Dec 10 09:48 PyYAML-3.12.tar.gz
    -rw-r--r-- 1 root root 57987 Dec 10 09:48 requests-2.18.4-py2.py3-none-any.whl
    -rw-r--r-- 1 root root 10586 Dec 10 09:48 six-1.12.0-py2.py3-none-any.whl
    -rw-r--r-- 1 root root 11074 Dec 10 09:48 texttable-0.9.1.tar.gz
    -rw-r--r-- 1 root root 118086 Dec 10 09:48 urllib3-1.24.1-py2.py3-none-any.whl
    -rw-r--r-- 1 root root 200115 Dec 10 09:48 websocket_client-0.54.0-py2.py3-none-any.whl
    -rw-r--r-- 1 root root 21454 Dec 10 09:42 wheel-0.32.3-py2.py3-none-any.whl

  5. Zip the package folder and copy it to the prereq-tsvm directory on the computer where you want to install the application.

  6. Navigate to the prereq-tsvm directory and install Python modules using the following commands:

    pip install netaddr-0.7.19-py2.py3-none-any.whl -f ./ --no-index
    pip install netifaces-0.10.7-cp27-cp27mu-manylinux1_x86_64.whl -f ./ --no-index
    pip install docker_compose-1.19.0-py2.py3-none-any.whl -f ./ --no-index
  7. Validate the module versions using the following command: pip freeze | grep docker 
    Output of the command looks like the following:

    docker==2.7.0
    docker-compose==1.19.0
    docker-pycreds==0.4.0
    dockerpty==0.4.1

Setting up Docker in an air-gapped environment

Note

  • For the supported version numbers of the Docker edition and operating system combinations, see System requirements.
  • The following sample procedures include steps for the installing the Docker Community Edition (CE) on CentOS and the Docker Enterprise Edition (EE) on Red Hat Linux Enterprise (RHEL). Commands might vary for other operating system and Docker edition combinations.

Depending on the operating system you are using, follow one of the procedures:

To set up Docker CE on a CentOS computer in an air-gapped environment

  1. Ensure that Docker CE is installed on the computer where you want to install the application.

  2. Start the Docker daemon:

    systemctl start docker
  3. Enable the Docker services:

    systemctl enable docker.service
  4. Switch to the computer that has internet access and download docker compose using the following command:

    sudo curl -L https://github.com/docker/compose/releases/download/1.19.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
  5. Copy the downloaded file to the /usr/local/bin directory on the computer where you want to install the application:

    Important

    After you download docker compose, ensure that /usr/local/bin/ is added to the PATH variable.

  6. Grant the required permissions to docker compose:

    sudo chmod +x /usr/local/bin/docker-compose
  7. Create a local Docker registry to manage Docker images, as follows:

    1. Download the TSVM<versionNo>-IMAGES-LIN64.zip file from the BMC Electronic Products Distribution (EPD) on the computer where you have internet access.

    2. Run the following command to download the files required to create the Docker registry:

      docker pull registry:2 \
         && docker save docker.io/registry:2 -o docker-io.registry.tar
    3. Copy the downloaded file (docker-io.registry.tar) to the computer on which you want to install the application (Docker host).
    4. On the Docker host, run the following command to load the registry image:

      docker load -i docker-io.registry.tar
    5. Copy the TSVM<versionNo>-IMAGES-LIN64.zip to the computer on the Docker host.
    6. Create a temporary directory on the Docker host (for example, /opt/tsvm/dockerrepo) and extract the TSVM<versionNo>-IMAGES-LIN64.zip into the temporary directory.

      mkdir -p /opt/tsvm/dockerrepo 
      unzip TSVM31-IMAGES-LIN64.zip -d /opt/tsvm/dockerrepo
    7. Run the following command to create the local Docker registry. In the following command, replace <tempDirectory> with the temporary directory with its complete path that you created in step f. If there are multiple hosts, repeat this step on all the Docker hosts.

      docker run -d \
        -p 5000:5000 \
        --restart=always \
        --name registry \
        -v <tempDirectory>:/var/lib/registry \
        registry:2

      For example,

      docker run -d \
        -p 5000:5000 \
        --restart=always \
        --name registry \
        -v /opt/tsvm/dockerrepo:/var/lib/registry \
        registry:2

      This command creates a local Docker registry on port 5000.

  8. Verify that Docker images have been pulled successfully by running the following command:

    curl http://localhost:5000/v2/_catalog

    If successful, the command returns the following output:

    {"repositories":["bmcsoftware/truesight-app-vulnerability-management-drm","bmcsoftware/truesight-app-vulnerability-management-drw","bmcsoftware/truesight-app-vulnerability-management-portal","bmcsoftware/truesight-common-discovery-connector","bmcsoftware/truesight-common-exception-management","bmcsoftware/truesight-common-orchestration-connector","bmcsoftware/truesight-common-tagging","bmcsoftware/truesight-common-tsna-connector","bmcsoftware/truesight-common-tssa-connector","bmcsoftware/truesight-common-workmanager","bmcsoftware/truesight-config-configurator","bmcsoftware/truesight-infra-ext-consul","bmcsoftware/truesight-infra-ext-redis"]}

To set up Docker EE on an RHEL computer in an air-gapped environment

  1. Ensure that Docker EE is installed on the computer where you want to install the application.

  2. Start the Docker daemon:

    systemctl start docker
  3. Enable the Docker services:

    systemctl enable docker.service
  4. Connect to the computer that has internet access and download docker compose using the following command:

    sudo curl -L https://github.com/docker/compose/releases/download/1.19.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
  5. Copy the downloaded file to the /usr/local/bin directory on the computer where you want to install the application:

    Important

    After you download docker compose, ensure that /usr/local/bin/ is added to the PATH variable.

  6. Grant the required permissions to docker compose:

    sudo chmod +x /usr/local/bin/docker-compose
  7. Create a local Docker registry to manage Docker images, as follows:

    1. Download the TSVM<versionNo>-IMAGES-LIN64.zip file from the BMC Electronic Products Distribution (EPD) on the computer where you have internet access.

    2. Run the following command to download the files required to create the Docker registry:

      docker pull registry:2 \
         && docker save docker.io/registry:2 -o docker-io.registry.tar
    3. Copy the downloaded file (docker-io.registry.tar) to the computer on which you want to install the application (Docker host).
    4. On the Docker host, run the following command to load the registry image:

      docker load -i docker-io.registry.tar
    5. Copy the TSVM<versionNo>-IMAGES-LIN64.zip to the computer on the Docker host.
    6. Create a temporary directory on the Docker host (for example, /opt/tsvm/dockerrepo) and extract the TSVM<versionNo>-IMAGES-LIN64.zip into the temporary directory.

      mkdir -p /opt/tsvm/dockerrepo 
      unzip TSVM31-IMAGES-LIN64.zip -d /opt/tsvm/dockerrepo
    7. Run the following command to create the local Docker registry. Replace <tempDirectory> with the complete path of the temporary directory that you created in step f. If there are multiple Docker hosts, repeat this step on all hosts.

      docker run -d \
        -p 5000:5000 \
        --restart=always \
        --name registry \
        -v <tempDirectory>:/var/lib/registry \
        registry:2

      For example,

      docker run -d \
        -p 5000:5000 \
        --restart=always \
        --name registry \
        -v /opt/tsvm/dockerrepo:/var/lib/registry \
        registry:2

      This command creates a local Docker registry on port 5000.

  8. Verify that Docker images have been pulled successfully by running the following command:

    curl http://localhost:5000/v2/_catalog

    If successful, the command returns the following output:

    {"repositories":["bmcsoftware/truesight-app-vulnerability-management-drm","bmcsoftware/truesight-app-vulnerability-management-drw","bmcsoftware/truesight-app-vulnerability-management-portal","bmcsoftware/truesight-common-discovery-connector","bmcsoftware/truesight-common-exception-management","bmcsoftware/truesight-common-orchestration-connector","bmcsoftware/truesight-common-tagging","bmcsoftware/truesight-common-tsna-connector","bmcsoftware/truesight-common-tssa-connector","bmcsoftware/truesight-common-workmanager","bmcsoftware/truesight-config-configurator","bmcsoftware/truesight-infra-ext-consul","bmcsoftware/truesight-infra-ext-redis"]}

Setting up the environment for installing the database and Elasticsearch

Set up Python on the computers on which you want to install the database and Elasticsearch in the following sequence:

These steps are explained in the following sections:

Setting up Python in an internet-enabled environment

Important

  • To install or upgrade Python or Python setup tools package on a Red Hat Enterprise Linux computer, yum must be configured to access a valid repository. You can do this either by subscribing your computer to the Red Hat network or configure yum to access a repository on your local network.
  • If any of these software are installed on your computer and the version does not match the required version, uninstall the software, clean the computer, and then install the required version.
  1. Log on to the computer on which you want to install the database or Elasticsearch.

  2. Install the following software in the mentioned order:

    StepSoftwareRequired versionCommand to installCommand to check the existing version
    1Python2.7.x

    sudo yum -y install python

    python --version
    2Python setup tools package0.9.8sudo yum -y install python-setuptoolsrpm -qa | grep python-setuptools
    3pip9.0.1 or latereasy_install pippip --version

Setting up Python in an air-gapped environment

Important

If any of these software are installed on your computer and the version does not match the required version, uninstall the software, clean the computer, and then install the required version.

  1. Log on to the computer on which you want to install the database or Elasticsearch.

  2. Ensure that the following software are installed:

    SoftwareRequired versionCommand to check the existing version
    Python2.7.xpython --version
    Python setup tools package0.9.8rpm -qa | grep python-setuptools
  3. To install PIP:

    1. Connect to the computer that has Internet access and download get-pip.py using the following command: wget https://bootstrap.pypa.io/get-pip.py
    2. Download the wheel-0.32.3-py2.py3-none-any.whl and pip-18.1-py2.py3-none-any.whl files from the following links:
      1. https://files.pythonhosted.org/packages/ff/47/1dfa4795e24fd6f93d5d58602dd716c3f101cfd5a77cd9acbe519b44a0a9/wheel-0.32.3-py2.py3-none-any.whl

      2. https://files.pythonhosted.org/packages/c2/d7/90f34cb0d83a6c5631cf71dfe64cc1054598c843a92b400e55675cc2ac37/pip-18.1-py2.py3-none-any.whl

    3. Copy the get-pip.pywheel-0.32.3-py2.py3-none-any.whl and pip-18.1-py2.py3-none-any.whl files to a temporary directory, prereq-tsvm on the computer where you want to install the application.

    4. Navigate to the prereq-tsvm directory and use the following command to install PIP: python get-pip.py --no-index --find-links=.
      If installed successfully, the output of the command looks like the following:

      Looking in links: .
      Collecting pip
      Collecting wheel
      Installing collected packages: pip, wheel
      Successfully installed pip-18.1 wheel-0.32.3

    5. Check the PIP version using the following command: pip --version
      Output of the command looks like the following:
      pip 18.1 from /usr/lib/python2.7/site-packages/pip (python 2.7)

Configuring the product for firewall and Security-Enhanced Linux

Ensure that firewall is not running or won't start automatically, and Security-Enhanced Linux (SELinux) is disabled on the computers where you want to install the database, Elasticsearch, or application. By default, firewall is running and SELinux is enabled on Linux computers.

Alternatively, if the firewall is running and SELinux is enabled, follow these instructions for opening the ports:

  1. Open these ports on the firewall using the following command for each of the ports:
    firewall-cmd --permanent --add-port portNumber/tcp

    Important

    The port on which the TrueSight Vulnerability Management application wants to communicate with an endpoint manager must be open, and the application and the endpoint manager must be able to communicate with each other.


    PortProtocolConfigured onUser can choose port number?Firewall exception needed?Description

    443 (product version 3.0)
    8443 (product version 3.0.01)


    TCP

    Host containing the TrueSight Vulnerability Management application installation

    No (product version 3.0)

    Yes (product version 3.0.01, at the time of installation)

    Yes

    Secure port used to access the TrueSight Vulnerability Management application using HTTPS

    Note (Applicable only for version 3.0): By default, the application is accessible on port 443. During the installation process, you cannot change the port. However, you can change it after the installation. For more information, see Accessing the interface using a custom port.

    5000TCP

    Host containing the TrueSight Vulnerability Management application installation

    Yes (at the time of installation)YesPort used for communication with the Docker repository

    8443 (product version 3.0)
    9443 (product version 3.0.01)


    TCP

    Host containing the TrueSight Vulnerability Management application installation

    No (product version 3.0)
    Yes (product version 3.0.01, at the time of installation)
    YesPort used for the WorkManager communication
    5432
    Host containing the database installationYes (at the time of installation)YesPort used by the database (PostgreSQL) for communication
    9200HTTPHost containing the Elasticsearch installationYes (at the time of installation)YesPort used for monitoring the Elasticsearch server. After installation, you can disable HTTP traffic with the Elasticsearch server if an open HTTP port is a security concern.
    9300TCP

    Host containing the Elasticsearch installation

    Yes (at the time of installation)Yes

    Port used for required transport layer traffic with the Elasticsearch server.

  2. Restart the firewall by running the following command:
    systemctl restart firewalld
  3. Stop the docker service by running the following command:
    systemctl stop docker
  4. Reset the docker network adapter by running the following commands:
    iptables -t nat -F
    ifconfig docker0 down
    brctl delbr docker0
  5. Start the docker service by running the following command:
    systemctl start docker
Was this page helpful? Yes No Submitting... Thank you

Comments

  1. Deepak Rajput

    Hi,

    Can you please recheck what version pip we need if try "easy_install pip", then by default pip 18 or 19 is installed but version 9.01 is mention required version and also in air gaped the file download is 18.0

    Jun 06, 2019 03:22
    1. Sulekha Gulati

      Sure, Deepak. Thanks for bringing this out. I have updated the required version to "9.0.1 or later", so later versions will also work. Please let me know if you have any other concerns.

      Jun 06, 2019 03:34