Installing in the interactive mode

Use these instructions to install the database, Elasticsearch, and the TrueSight Vulnerability Management application in the interactive mode. You can install all of these by using a single script that is bundled in the installables.

Before you begin

• Ensure that one of the following endpoints managers must be installed and running which you want to access while running the TrueSight Vulnerability Management application.
  • TrueSight Server Automation
  • TrueSight Network Automation
  • Microsoft System Center Configuration Manager (SCCM) 
• Ensure that you log on as a root user to the computers on which you want to install the database, Elasticsearch, or application. Installation with a non-root user is not supported.
• To avoid potential permission-related issues in accessing the files that are needed to start or stop services on Linux systems, ensure that the user file creation mask (also called umask) for a Linux user is set to 022.

To install database, Elasticsearch, or application

1. Log on to a computer that has Python installed and on which you want to install either database, Elasticsearch, or application.
2. Create a temporary directory, for example, /opt/tsvmDownload.
3. Copy the following downloaded files to the /opt/tsvmDownload directory.
   • TSVM<versionNo>-SM-LIN64.zip
   • TSVM<versionNo>-APP-LIN64.zip
   • TSVM<versionNo>-DB-LIN64.zip
   • TSVM<versionNo>-ES-LIN64.zip
4. Extract the TSVM<versionNo>-SM-LIN64.zip file to the /opt/tsvmDownload directory.

5. From the /opt/tsvmDownload/truesight-sm directory, run the following command:

   python install.py

   You are prompted for the installation mode:

   • 1. Create an input file for the Deployment type to be installed: Allows you to create the input file that you can use in the installation process.
   • 2. Install Deployment type: Allows you to use an existing input file for the installation process or provide inputs while installing.
6. Select the installation mode and press Enter.
   • Type 1 to start creating the input files.
   • Type 2 to directly start with the installation process. See Running the installation process without an input file.

To create the input files

1. In step 6, when you type 1 as the installation mode, you are prompted for the deployment type. You can choose options 1, 2, and 3 (one at a time) if you want to create separate input files for the application, database, and Elasticsearch. You can use option 4 if you want to create only one input file for all deployment types and then use that file to install the application, database, and Elasticsearch on separate computers.
   • 1. Application: Allows you to create the input file for installing the application.
   • 2. Database: Allows you to create the input file for installing the database.
   • 3. Elasticsearch: Allows you to create the input file for installing Elasticsearch.

   • 4. All: Allows you to create a single input file for installing the application, database, and Elasticsearch.

     Recommentation

     BMC recommends that you create input files in the following sequence: Database, Elasticsearch, Application.

2. (This step is not required if you have an existing instance of PostgreSQL database installed in your environment. Provide database details of the existing instance while creating the input file for the application, and after installing the application, configure the database server so that the application can access the database.) 
   Create input file for the database:

   1. Type 2 to indicate that you want to generate the input file for the database.
   2. Enter the directory in which you want to generate the input file. Default is /opt/bmc/truesight.

   3. Enter the following inputs and press Enter.

      Entry	Description	Default
      Port number	Port number for the database server	5432
      Database Admin user name	Administrative user name for the database	postgres
      Password	Password for the Administrative user Note: Password cannot contain any special character, such as question mark (?).
      Tablespace directory	Directory on the PostgreSQL server in which you want to create the system tablespace This directory is created if it does not exist. Note: The data directory/ filesystem that needs to host the tablespaces must have at least 50 GB of storage space.	/opt/bmc/truesight/tsvm_tablespace

      The inputs_file.yml file is generated in the specified directory.

3. Create input file for Elasticsearch:

   1. Navigate to the /opt/tsvmDownload /truesight-sm directory and run the following command:

      python install.py

      You are prompted for the installation mode.

   2. Type 1 as the installation mode and press Enter.
      You are prompted for the deployment type.
   3. Type 3 to indicate that you want to generate the input file for Elasticsearch.
   4. Enter the directory in which you want to generate the input file. Default is /opt/bmc/truesight.
      If you accept the default path, the inputs required for Elasticsearch are merged to the existing file.

   5. Enter the following inputs and press Enter.

      Entry	Description	Default
      HTTP port number	HTTP port number for the Elasticsearch server	9200
      TCP port number	TCP port number for the Elasticsearch server	9300
      Heap size (in MB)	Heap size (in MB) for the Elasticsearch installation	8192

      The inputs_file.yml file is generated in the specified directory.

4. Create input file for the application:

   1. Navigate to the /opt/tsvmDownload /truesight-sm directory and run the following command:

       python install.py

      You are prompted for the installation mode.

   2. Type 1 as the installation mode and press Enter.
      You are prompted for the deployment type.
   3. Type 1 to indicate that you want to create the input file for the application.
   4. Enter the directory in which you want to generate the input file. Default is /opt/bmc/truesight.
      If you accept the default path, the inputs required for the application are merged to the existing file.

   5. Enter the following inputs and press Enter.

      Important

      If you have an existing instance of PostgreSQL database installed (supported only on Linux) in your environment, enter the details for the same while creating the input file for the application.

      Entry	Description	Default
      Host name and port number for the Docker registry	Host name and port number for the docker registry in the following format: hostname:portNo	127.0.0.1:5000
      Docker network subnet prefix	Subnet prefix for the application containers' network in one of the following formats: x x.x where x represents an octet. For example, 138 or 138.10. When you install the application, networks for various containers are created with a netmask 24. IP addresses for these networks are derived from the subnet prefix you provide here.  Caution : Ensure that the subnet prefix you provide does not conflict with your datacenter's subnet CIDR or the IP address (172.xx.0.0/16) for the docker0 (docker network adapter/ bridge). In case it does, see Troubleshooting-installation-issues to resolve the issue. You can check the contents of the daemon.json file to view the current docker network setting if it exists: cat /etc/docker/daemon.json For example, the file shows the current setting as { "bip": "172.17.0.1/16" }. The deamon.json file is created when Docker is installed and its services are running.
      Vulnerability Management database name	Name for the Vulnerability Management database that you want to create	tsvm_database
      PostgreSQL server host name	Fully qualified domain name (FQDN) or IP address of the PostgreSQL server Note When using an FQDN for the host, FQDN should be resolvable by the DNS server.
      PostgreSQL server port number	Port number of the PostgreSQL server	5432
      PostgreSQL Admin user name	Administrative user name for the PostgreSQL database	postgres
      Password	Password for the Administrative database user Note: Password cannot contain any special character, such as question mark (?).
      User name	A new user name for the Vulnerability Management database	tsvm_database_user
      Password	Password for the Vulnerability Management database user
      Path for the application tablespaces	Path for the existing application tablespaces on the PostgreSQL server	/opt/bmc/truesight/tsvm_tablespace
      WritePrivileges	Write privileges required on the /opt/bmc/truesight/tsvm_tablespace directory
      Elasticsearch host name and port number	FQDN or IP address and HTTP port number of the host where Elasticsearch is installed in the following format: hostName:portNumber If you have installed Elasticsearch on multiple servers to configure a cluster, enter a comma-separated list of hostName:portNumber. Important Important: When using an FQDN for the host, FQDN should be resolvable by the DNS server. Tip: You can look for TCP and HTTP port numbers in the <ES_INSTALL_DIR>/elasticsearch/infra-ext/es/DCAIndexService/config/elasticsearch.yml file on the Elasticsearch host.	9200
      Site Type	One of the following site types: 1: Server Automation 2: Network Automation 3: Microsoft SCCM You need to enter details for at least one site type while installing the application. You can also enter details for other site types here or after the installation from the Administration page. You can log on to the TrueSight Vulnerability Management UI with the users of the site types that you enter details for here. Note: If you are choosing the Microsoft SCCM option here, ensure that you have installed and configured the SCCM connector.	Server Automation
      Host name	FQDN or IP address of the host for the site Important Important: When using an FQDN for the host, FQDN should be resolvable by the DNS server.
      Port number	Port number for the site type	Server Automation: 9843 Network Automation: 443
      Protocol	Protocol for the site type: http, https	https
      Admin role name	Role name for the site which has the Administrator rights	Server Automation: BLAdmins Network Automation: sysadmin SCCM: Administrator

      The inputs_file.yml file is generated in the specified directory.

After generating the input file, start installing the database, Elasticsearch, and application, as described in Running the installation process with an input file.

Running the installation process with an input file

First create the input files for the database, Elasticsearch, and, application and then install them using the input files, as described in the following sections:

1. Install the database with an input file
2. Install Elasticsearch with an input file
3. Install the application with an input file

To install the database with an existing input file

1. Log on to the computer where you want to install the database.
2. Obtain the input file that you have already created (either a cumulative input file or the individual file for the database)
3. Create a temporary directory, for example, /opt/tsvmInstall.
4. Copy the TSVM<versionNo>-SM-LIN64.zip and TSVM<versionNo>-DB-LIN64.zip files, which you have downloaded from EPD, to the /opt/tsvmInstall directory.
5. Extract the TSVM<versionNo>-SM-LIN64.zip to the /opt/tsvmInstall directory.

6. Navigate to the /opt/tsvmInstall/truesight-sm directory and run the following command:

   python install.py

   You are prompted for the installation mode:

   • 1. Create an input file for the Deployment type to be installed: Allows you to create the input file that you can use as input to the installation process.
   • 2. Install Deployment type: Allows you to use an existing input file for the installation process or provide inputs during installation.
7. Type 2 to indicate that you want to start with the installation process.
   You are prompted for the deployment type. 
   
   • 1. Application: Allows you to install the application.
   • 2. Database: Allows you to install the database.
   • 3. Elasticsearch: Allows you to install Elasticsearch.
8. Type 2 to indicate that you want to install the database.
9. Read the license agreement, and enter y to proceed.
10. Enter the directory in which you want to install the database. Default is /opt/bmc/truesight.
11. Enter the path with the input file name in which you have stored the file, and press Enter. For example, /opt/bmc/truesight/inputs_file.yml.
    The installation process starts.

12. Once the installation process is complete, verify that the database services are running by using the following command:

    python truesight-sm.py status --deployment database

To install Elasticsearch with the existing input file

1. Log on to the computer where you want to install Elasticsearch.
2. Obtain the input file that you have already created (either a cumulative input file or the individual file for Elasticsearch).
3. Create a temporary directory, for example, /opt/tsvmInstall.
4. Copy the TSVM<versionNo>-SM-LIN64.zip and TSVM<versionNo>-ES-LIN64.zip files, which you have downloaded from EPD, to the /opt/tsvmInstall directory.
5. Extract the TSVM<versionNo>-SM-LIN64.zip to the /opt/tsvmInstall directory.

6. Navigate to the /opt/tsvmInstall/truesight-sm directory and run the following command:

   python install.py

   You are prompted for the installation mode:

   • 1. Create an input file for the Deployment type to be installed: Allows you to create the input file that you can use in the installation process.
   • 2. Install Deployment type: Allows you to use an existing input file for the installation process or provide inputs during installation.
7. Type 2 to indicate that you want to start with the installation process.
   You are prompted for the deployment type. 
   
   • 1. Application: Allows you to install the application.
   • 2. Database: Allows you to install the database.
   • 3. Elasticsearch: Allows you to install Elasticsearch.
8. Type 3 to indicate that you want to install Elasticsearch.
9. Read the license agreement, and enter y to proceed.
10. Enter the directory in which you want to install Elasticsearch. Default is /opt/bmc/truesight.
11. Enter the path with the input file name in which you have stored the file and press Enter. For example, /opt/bmc/truesight/inputs_file.yml.
    The installation process starts.

12. Once the installation process is complete, verify that the Elasticsearch (DCA Index) services are running using the following command:

    python truesight-sm.py status --deployment elasticsearch
13. (Optional) If you want to configure cluster of Elasticsearch servers before installing the application, create the input file for each instance and then install Elasticsearch on multiple servers. You can configure the Elasticsearch cluster after installing the application as well.

To install the application with the existing input file

1. Log on to the computer where you want to install the application.
2. Obtain the input file that you have already created (either a cumulative input file or the individual file for the application).
3. Create a temporary directory (for example, /opt/tsvmInstall).
4. Copy the TSVM<versionNo>-SM-LIN64.zip and TSVM<versionNo>-APP-LIN64.zip files, which you have downloaded from EPD, to the /opt/tsvmInstall directory.
5. Extract the TSVM<versionNo>-SM-LIN64.zip to the /opt/tsvmInstall directory.

6. Navigate to the /opt/tsvmInstall/truesight-sm directory and run the following command:

   python install.py

   You are prompted for the installation mode:

   • 1. Create an input file for the Deployment type to be installed: Allows you to create the input file that you can use in the installation process.
   • 2. Install Deployment type: Allows you to use an existing input file for the installation process or provide inputs during installation.
7. Type 2 to indicate that you want to start with the installation process.
   You are prompted for the deployment type. 
   
   • 1. Application: Allows you to install the application.
   • 2. Database: Allows you to install the database.
   • 3. Elasticsearch: Allows you to install Elasticsearch.
8. Type 1 to indicate that you want to install the application.
9. Read the license agreement, and enter y to proceed.
10. Enter the directory in which you want to install the application. Default is /opt/bmc/truesight.
11. Enter the path with the input file name in which you stored the file and press Enter. For example, /opt/bmc/truesight/inputs_file.yml.
    The installation process starts.

12. Once the installation process is complete, verify that the application services are running using the following command:

    python truesight-sm.py status --deployment application
13. (optional) If you want to create application clusters, repeat steps 1 to 12 to install the application on multiple computers. After you install the application on multiple computers, configure the cluster.

Running the installation process without an input file

If you have not created input file, you can directly provide the inputs during installation as described in the following sections.

1. Install the database without an existing input file
2. Install Elasticsearch without an existing input file
3. Install the application without an existing input file

Installing the database without an existing input file

1. Log on to the computer where you want to install the database.
2. Create a temporary directory (for example, /opt/tsvmInstall).
3. Copy the TSVM<versionNo>-SM-LIN64.zip and TSVM<versionNo>-DB-LIN64.zip files, which you have downloaded from EPD, to the /opt/tsvmInstall directory.
4. Extract the TSVM<versionNo>-SM-LIN64.zip to the /opt/tsvmInstall directory.

5. Navigate to the /opt/tsvmInstall /truesight-sm directory and run the following command:

   python install.py

   You are prompted for the installation mode:

   • 1. Create an input file for the Deployment type to be installed: Allows you to create the input file that you can use in the installation process.
   • 2. Install Deployment type: Allows you to use an existing input file for the installation process or provide inputs during installation.
6. Type 2 to indicate that you want to start with the installation process.
   You are prompted for the deployment type. 
   
   • 1. Application: Allows you to install the application.
   • 2. Database: Allows you to install the database.
   • 3. Elasticsearch: Allows you to install Elasticsearch.
7. Type 2 to indicate that you want to install the database.
8. Read the license agreement, and enter y to proceed.
9. Enter the directory in which you want to install the database. By default, it is installed in the /opt/bmc/truesight directory.
10. Press Enter to indicate that you want to provide the inputs while installing the database.
11. Enter the following inputs:
    

    Entry	Description	Default
    Port number	Port number for the database server	5432
    Database Admin user name	Administrative user name for the database	postgres
    Password	Password for the Administrative user Note: Password cannot contain any special character, such as question mark (?).
    Tablespace directory	Directory on the PostgreSQL server in which you want to create the system tablespaceThis directory is created if it does not exist.Note: The data directory/ filesystem that needs to host the tablespaces must have at least 50 GB of storage space.	/opt/bmc/truesight/tsvm_tablespace

    
    The installation process starts.

12. Once the installation process is complete, verify that the database services are running using the following command:

    python truesight-sm.py status --deployment database

Installing Elasticsearch without an existing input file

1. Log on to the computer where you want to install Elasticsearch.
2. Create a temporary directory (for example, /opt/tsvmInstall).
3. Copy the TSVM<versionNo>-SM-LIN64.zip and TSVM<versionNo>-ES-LIN64.zip files, which you have downloaded from EPD, to the /opt/tsvmInstall directory.
4. Extract the TSVM<versionNo>-SM-LIN64.zip to the /opt/tsvmInstall directory.

5. Navigate to the /opt/tsvmInstall /truesight-sm directory and run the following command:

   python install.py

   You are prompted for the installation mode:

   • 1. Create an input file for the Deployment type to be installed: Allows you to create the input file that you can use in the installation process.
   • 2. Install Deployment type: Allows you to use an existing input file for the installation process or provide inputs during installation.
6. Type 2 to indicate that you want to start with the installation process.
   You are prompted for the deployment type. 
   
   • 1. Application: Allows you to install the application.
   • 2. Database: Allows you to install the database.
   • 3. Elasticsearch: Allows you to install Elasticsearch.
7. Type 3 to indicate that you want to install Elasticsearch.
8. Read the license agreement, and enter y to proceed.
9. Enter the directory in which you want to install Elasticsearch. By default, it is installed in the /opt/bmc/truesight directory.
10. Press Enter to indicate that you want to provide the inputs while installing Elasticsearch.
11. Enter the following inputs:
    

    Entry	Description	Default
    HTTP port number	HTTP port number for the Elasticsearch server	9200
    TCP port number	TCP port number for the Elasticsearch server	9300
    Heap size (in MB)	Heap size (in MB) for the Elasticsearch installation	8192

    
    The installation process starts.

12. Once the installation process is complete, verify that the Elasticsearch (DCA Index) services are running using the following command:

    python truesight-sm.py status --deployment elasticsearch
13. (optional) If you want to configure cluster of Elasticsearch servers, install Elasticsearch on multiple servers. You can configure the Elasticsearch cluster after installing the application as well.

Installing the application without an existing input file

1. Log on to the computer where you want to install the application.
2. Create a temporary directory (for example, /opt/tsvmInstall).
3. Copy the TSVM<versionNo>-SM-LIN64.zip and TSVM<versionNo>-APP-LIN64.zip files, which you have downloaded from EPD, to the /opt/tsvmInstall directory.
4. Extract the TSVM<versionNo>-SM-LIN64.zip to the /opt/tsvmInstall directory.

5. Navigate to the /opt/tsvmInstall /truesight-sm directory and run the following command:

   python install.py

   You are prompted for the installation mode:

   • 1. Create an input file for the Deployment type to be installed: Allows you to create the input file that you can use put to the installation process.
   • 2. Install Deployment type: Allows you to use an existing input file for the installation process or provide inputs during installation.
6. Type 2 to indicate that you want to start with the installation process.
   You are prompted for the deployment type. 
   
   • 1. Application: Allows you to install the application.
   • 2. Database: Allows you to install the database.
   • 3. Elasticsearch: Allows you to install Elasticsearch.
7. Type 1 to indicate that you want to install the application.
8. Read the license agreement, and enter y to proceed.
9. Enter the directory in which you want to install the application. By default, it is installed in the /opt/bmc/truesight directory.
10. Press Enter to indicate that you want to provide the inputs while installing the application.
11. Enter the following inputs:
    

    Entry	Description	Default
    Host name and port number for the Docker registry	Host name and port number for the docker registry in the following format: hostname:portNo	127.0.0.1:5000
    Docker network subnet prefix	Subnet prefix for the application containers' network in one of the following formats: x x.x where x represents an octet. For example, 138 or 138.10.When you install the application, networks for various containers are created with a netmask 24. IP addresses for these networks are derived from the subnet prefix you provide here. Caution : Ensure that the subnet prefix you provide does not conflict with your datacenter's subnet CIDR or the IP address (172.xx.0.0/16) for the docker0 (docker network adapter/ bridge). In case it does, see Troubleshooting-installation-issues to resolve the issue.You can check the contents of the daemon.json file to view the current docker network setting if it exists: cat /etc/docker/daemon.json For example, the file shows the current setting as { "bip": "172.17.0.1/16" }.The deamon.json file is created when Docker is installed and its services are running.
    Vulnerability Management database name	Name for the Vulnerability Management database that you want to create	tsvm_database
    PostgreSQL server host name	Fully qualified domain name (FQDN) or IP address of the PostgreSQL server NoteWhen using an FQDN for the host, FQDN should be resolvable by the DNS server.
    PostgreSQL server port number	Port number of the PostgreSQL server	5432
    PostgreSQL Admin user name	Administrative user name for the PostgreSQL database	postgres
    Password	Password for the Administrative database user Note: Password cannot contain any special character, such as question mark (?).
    User name	A new user name for the Vulnerability Management database	tsvm_database_user
    Password	Password for the Vulnerability Management database user
    Path for the application tablespaces	Path for the existing application tablespaces on the PostgreSQL server	/opt/bmc/truesight/tsvm_tablespace
    WritePrivileges	Write privileges required on the /opt/bmc/truesight/tsvm_tablespace directory
    Elasticsearch host name and port number	FQDN or IP address and HTTP port number of the host where Elasticsearch is installed in the following format: hostName:portNumber If you have installed Elasticsearch on multiple servers to configure a cluster, enter a comma-separated list of hostName:portNumber. ImportantImportant: When using an FQDN for the host, FQDN should be resolvable by the DNS server. Tip: You can look for TCP and HTTP port numbers in the <ES_INSTALL_DIR>/elasticsearch/infra-ext/es/DCAIndexService/config/elasticsearch.yml file on the Elasticsearch host.	9200
    Site Type	One of the following site types: 1: Server Automation 2: Network Automation 3: Microsoft SCCM You need to enter details for at least one site type while installing the application. You can also enter details for other site types here or after the installation from the Administration page. You can log on to the TrueSight Vulnerability Management UI with the users of the site types that you enter details for here.Note: If you are choosing the Microsoft SCCM option here, ensure that you have installed and configured the SCCM connector.	Server Automation
    Host name	FQDN or IP address of the host for the site ImportantImportant: When using an FQDN for the host, FQDN should be resolvable by the DNS server.
    Port number	Port number for the site type	Server Automation: 9843Network Automation: 443
    Protocol	Protocol for the site type: http, https	https
    Admin role name	Role name for the site which has the Administrator rights	Server Automation: BLAdminsNetwork Automation: sysadminSCCM: Administrator

    
    The installation process starts.

12. Once the installation process is complete, verify that the application services are running using the following command:

    python truesight-sm.py status --deployment application
13. (optional) If you want to create application clusters, repeat steps 1 to 12 to install the application on multiple computers. After you install the application on multiple computers, configure the cluster.

Configuring the existing database instance

If you have an existing instance of PostgreSQL database installed in your environment, you need to modify the pg_hba.conf file so that the application computer can access the database server.

To modify the pg_hba.conf file

1. On the database server, open the pg_hba.conf file with a text editor.
2. Look for the entries similar to the following:
   host    all             all              0.0.0.0/0              auth-method
   host    all             all              ::/0                       auth-method
3. In the 4^th column, replace 0.0.0.0/0 with your Docker network/mask.
4. Replace the existing auth-method with md5.
5. Save the pg_hba.conf file.
6. Restart the database server.

Troubleshooting installation issues

If you face any issue during installation, see Troubleshooting installation issues.

Where to go from here

Depending on your requirements, set up additional connectors or start using the product.