Unsupported content This version of the product has reached end of support. The documentation is available for your convenience. However, you must be logged in to access it. You will not be able to leave comments.

Installing in the interactive mode


Use these instructions to install the database, Elasticsearch, and the TrueSight Vulnerability Management application in the interactive mode. You can install all of these by using a single script that is bundled in the installables.

Warning

TrueSight Vulnerability Management  is delivered to customers bundled as a set of Docker Containers. The Docker Containers and the software installed on them should not be taken out of TrueSight Vulnerability Management or used separately from TrueSight Vulnerability Management. Installing additional third-party software or updating existing software packages in the Docker Containers is not permitted, unless explicitly authorized by BMC Software.



Before you begin

  • Ensure that one of the following endpoints managers must be installed and running which you want to access while running the TrueSight Vulnerability Management application.
    • TrueSight Server Automation
    • TrueSight Network Automation
    • Microsoft System Center Configuration Manager (SCCM) 
  • Ensure that you log on as a root user to the computers on which you want to install the database, Elasticsearch, or application. Installation with a non-root user is not supported.
  • To avoid potential permission-related issues in accessing the files that are needed to start or stop services on Linux systems, ensure that the user file creation mask (also called umask) for a Linux user is set to 022.

To install database, Elasticsearch, or application

  1. Log on to a computer that has Python installed and on which you want to install either database, Elasticsearch, or application.
  2. Create a temporary directory, for example, /opt/tsvmDownload.
  3. Copy the following downloaded files to the /opt/tsvmDownload directory.
    • TSVM<versionNo>-SM-LIN64.zip
    • TSVM<versionNo>-APP-LIN64.zip
    • TSVM<versionNo>-DB-LIN64.zip
    • TSVM<versionNo>-ES-LIN64.zip
  4. Extract the TSVM<versionNo>-SM-LIN64.zip file to the /opt/tsvmDownload directory.
  5. From the /opt/tsvmDownload/truesight-sm directory, run the following command:

    python install.py

    You are prompted for the installation mode:

    • 1. Create an input file for the Deployment type to be installed: Allows you to create the input file that you can use in the installation process.
    • 2. Install Deployment type: Allows you to use an existing input file for the installation process or provide inputs while installing.
  6. Select the installation mode and press Enter.

To create the input files

Note

This procedure assumes that you want to create individual input files for database, Elasticsearch, and application on a single computer.

Attached are sample input files for the database, Elasticsearch, and application. These sample files are only for reference purpose. For installation in your environment, create separate input files, as described in the procedure that follows.

  1. In step 6, when you type 1 as the installation mode, you are prompted for the deployment type. You can choose options 1, 2, and 3 (one at a time) if you want to create separate input files for the application, database, and Elasticsearch. You can use option 4 if you want to create only one input file for all deployment types and then use that file to install the application, database, and Elasticsearch on separate computers.
    • 1. Application: Allows you to create the input file for installing the application.
    • 2. Database: Allows you to create the input file for installing the database.
    • 3. Elasticsearch: Allows you to create the input file for installing Elasticsearch.
    • 4. All: Allows you to create a single input file for installing the application, database, and Elasticsearch.

      Recommentation

      BMC recommends that you create input files in the following sequence: Database, Elasticsearch, Application.

  2. (This step is not required if you have an existing instance of PostgreSQL database installed in your environment. Provide database details of the existing instance while creating the input file for the application, and after installing the application, configure the database server so that the application can access the database.) 
    Create input file for the database:

    1. Type 2 to indicate that you want to generate the input file for the database.
    2. Enter the directory in which you want to generate the input file. Default is /opt/bmc/truesight.
    3. Enter the following inputs and press Enter.

      Entry

      Description

      Default

      Port number

      Port number for the database server

      5432

      Database Admin user name

      Administrative user name for the database

      postgres

      Password

      Password for the Administrative user Note: Password cannot contain any special character, such as question mark (?).


      Tablespace directory

      Directory on the PostgreSQL server in which you want to create the system tablespace

      This directory is created if it does not exist.

      Note: The data directory/ filesystem that needs to host the tablespaces must have at least 50 GB of storage space.

      /opt/bmc/truesight/tsvm_tablespace

      The inputs_file.yml file is generated in the specified directory.

  3. Create input file for Elasticsearch:
    1. Navigate to the /opt/tsvmDownload /truesight-sm directory and run the following command:

      python install.py

      You are prompted for the installation mode.

    2. Type 1 as the installation mode and press Enter.
      You are prompted for the deployment type.
    3. Type 3 to indicate that you want to generate the input file for Elasticsearch.
    4. Enter the directory in which you want to generate the input file. Default is /opt/bmc/truesight.
      If you accept the default path, the inputs required for Elasticsearch are merged to the existing file.
    5. Enter the following inputs and press Enter.

      Entry

      Description

      Default

      HTTP port number

      HTTP port number for the Elasticsearch server

      9200

      TCP port number

      TCP port number for the Elasticsearch server

      9300

      Heap size (in MB)

      Heap size (in MB) for the Elasticsearch installation  

      8192

      The inputs_file.yml file is generated in the specified directory.

  4. Create input file for the application:
    1. Navigate to the /opt/tsvmDownload /truesight-sm directory and run the following command:

       python install.py

      You are prompted for the installation mode.

    2. Type 1 as the installation mode and press Enter.
      You are prompted for the deployment type.
    3. Type 1 to indicate that you want to create the input file for the application.
    4. Enter the directory in which you want to generate the input file. Default is /opt/bmc/truesight.
      If you accept the default path, the inputs required for the application are merged to the existing file.
    5. Enter the following inputs and press Enter.

      Important

      If you have an existing instance of PostgreSQL database installed (supported only on Linux) in your environment, enter the details for the same while creating the input file for the application.

      Entry

      Description

      Default

      Host name and port number for the Docker registry

      Host name and port number for the docker registry in the following format: hostname:portNo

      127.0.0.1:5000

      Docker network subnet prefix

      Subnet prefix for the application containers' network in one of the following formats:

      • x
      • x.x

      where x represents an octet. For example, 138 or 138.10.

      When you install the application, networks for various containers are created with a netmask 24. IP addresses for these networks are derived from the subnet prefix you provide here. 

      Caution : Ensure that the subnet prefix you provide does not conflict with your datacenter's subnet CIDR or the IP address (172.xx.0.0/16) for the docker0 (docker network adapter/ bridge). In case it does, see Troubleshooting-installation-issues to resolve the issue.

      You can check the contents of the daemon.json file to view the current docker network setting if it exists:
      cat /etc/docker/daemon.json
      For example, the file shows the current setting as { "bip": "172.17.0.1/16" }.

      The deamon.json file is created when Docker is installed and its services are running.


      Vulnerability Management database name

      Name for the Vulnerability Management database that you want to create

      tsvm_database

      PostgreSQL server host name

      Fully qualified domain name (FQDN) or IP address of the PostgreSQL server

      Note

      When using an FQDN for the host, FQDN should be resolvable by the DNS server.


      PostgreSQL server port number

      Port number of the PostgreSQL server

      5432

      PostgreSQL Admin user name

      Administrative user name for the PostgreSQL database

      postgres

      Password

      Password for the Administrative database user Note: Password cannot contain any special character, such as question mark (?).


      User name

      A new user name for the Vulnerability Management database

      tsvm_database_user

      Password

      Password for the Vulnerability Management database user


      Path for the application tablespaces

      Path for the existing application tablespaces on the PostgreSQL server

      /opt/bmc/truesight/tsvm_tablespace

      WritePrivileges

      Write privileges required on the /opt/bmc/truesight/tsvm_tablespace directory


      Elasticsearch host name and port number

      FQDN or IP address and HTTP port number of the host where Elasticsearch is installed in the following format: hostName:portNumber

      If you have installed Elasticsearch on multiple servers to configure a cluster, enter a comma-separated list of hostName:portNumber.

      Important

      Important: When using an FQDN for the host, FQDN should be resolvable by the DNS server.

      Tip: You can look for TCP and HTTP port numbers in the <ES_INSTALL_DIR>/elasticsearch/infra-ext/es/DCAIndexService/config/elasticsearch.yml file on the Elasticsearch host.

      9200

      Site Type

      One of the following site types:

      • 1: Server Automation
      • 2: Network Automation
      • 3: Microsoft SCCM

      You need to enter details for at least one site type while installing the application. You can also enter details for other site types here or after the installation from the Administration page. You can log on to the TrueSight Vulnerability Management UI with the users of the site types that you enter details for here.

      Note: If you are choosing the Microsoft SCCM option here, ensure that you have installed and configured the SCCM connector.

      Server Automation

      Host name

      FQDN or IP address of the host for the site

      Important

      Important: When using an FQDN for the host, FQDN should be resolvable by the DNS server.


      Port number

      Port number for the site type

      Server Automation: 9843

      Network Automation: 443

      Protocol

      Protocol for the site type: http, https

      https

      Admin role name

      Role name for the site which has the Administrator rights

      Server Automation: BLAdmins

      Network Automation: sysadmin

      SCCM: Administrator

      The inputs_file.yml file is generated in the specified directory.

After generating the input file, start installing the database, Elasticsearch, and application, as described in Running the installation process with an input file.

Running the installation process with an input file

First create the input files for the database, Elasticsearch, and, application and then install them using the input files, as described in the following sections:

  1. Install the database with an input file
  2. Install Elasticsearch with an input file
  3. Install the application with an input file

To install the database with an existing input file

Note

You don't need to perform this procedure if you have an existing instance of PostgreSQL database (supported only on Linux) installed in your environment. Provide database details of the existing instance while installing the application and then configure the database server so that the application can access the database. 

  1. Log on to the computer where you want to install the database.
  2. Obtain the input file that you have already created (either a cumulative input file or the individual file for the database)
  3. Create a temporary directory, for example, /opt/tsvmInstall.
  4. Copy the TSVM<versionNo>-SM-LIN64.zip and TSVM<versionNo>-DB-LIN64.zip files, which you have downloaded from EPD, to the /opt/tsvmInstall directory.
  5. Extract the TSVM<versionNo>-SM-LIN64.zip to the /opt/tsvmInstall directory.
  6. Navigate to the /opt/tsvmInstall/truesight-sm directory and run the following command:

    python install.py

    You are prompted for the installation mode:

    • 1. Create an input file for the Deployment type to be installed: Allows you to create the input file that you can use as input to the installation process.
    • 2. Install Deployment type: Allows you to use an existing input file for the installation process or provide inputs during installation.
  7. Type 2 to indicate that you want to start with the installation process.
    You are prompted for the deployment type. 
    • 1. Application: Allows you to install the application.
    • 2. Database: Allows you to install the database.
    • 3. Elasticsearch: Allows you to install Elasticsearch.
  8. Type 2 to indicate that you want to install the database.
  9. Read the license agreement, and enter y to proceed.
  10. Enter the directory in which you want to install the database. Default is /opt/bmc/truesight.
  11. Enter the path with the input file name in which you have stored the file, and press Enter. For example, /opt/bmc/truesight/inputs_file.yml.
    The installation process starts.
  12. Once the installation process is complete, verify that the database services are running by using the following command:

    python truesight-sm.py status --deployment database

To install Elasticsearch with the existing input file

  1. Log on to the computer where you want to install Elasticsearch.
  2. Obtain the input file that you have already created (either a cumulative input file or the individual file for Elasticsearch).
  3. Create a temporary directory, for example, /opt/tsvmInstall.
  4. Copy the TSVM<versionNo>-SM-LIN64.zip and TSVM<versionNo>-ES-LIN64.zip files, which you have downloaded from EPD, to the /opt/tsvmInstall directory.
  5. Extract the TSVM<versionNo>-SM-LIN64.zip to the /opt/tsvmInstall directory.
  6. Navigate to the /opt/tsvmInstall/truesight-sm directory and run the following command:

    python install.py

    You are prompted for the installation mode:

    • 1. Create an input file for the Deployment type to be installed: Allows you to create the input file that you can use in the installation process.
    • 2. Install Deployment type: Allows you to use an existing input file for the installation process or provide inputs during installation.
  7. Type 2 to indicate that you want to start with the installation process.
    You are prompted for the deployment type. 
    • 1. Application: Allows you to install the application.
    • 2. Database: Allows you to install the database.
    • 3. Elasticsearch: Allows you to install Elasticsearch.
  8. Type 3 to indicate that you want to install Elasticsearch.
  9. Read the license agreement, and enter y to proceed.
  10. Enter the directory in which you want to install Elasticsearch. Default is /opt/bmc/truesight.
  11. Enter the path with the input file name in which you have stored the file and press Enter. For example, /opt/bmc/truesight/inputs_file.yml.
    The installation process starts.
  12. Once the installation process is complete, verify that the Elasticsearch (DCA Index) services are running using the following command:

    python truesight-sm.py status --deployment elasticsearch
  13. (Optional) If you want to configure cluster of Elasticsearch servers before installing the application, create the input file for each instance and then install Elasticsearch on multiple servers. You can configure the Elasticsearch cluster after installing the application as well.

To install the application with the existing input file

  1. Log on to the computer where you want to install the application.
  2. Obtain the input file that you have already created (either a cumulative input file or the individual file for the application).
  3. Create a temporary directory (for example, /opt/tsvmInstall).
  4. Copy the TSVM<versionNo>-SM-LIN64.zip and TSVM<versionNo>-APP-LIN64.zip files, which you have downloaded from EPD, to the /opt/tsvmInstall directory.
  5. Extract the TSVM<versionNo>-SM-LIN64.zip to the /opt/tsvmInstall directory.
  6. Navigate to the /opt/tsvmInstall/truesight-sm directory and run the following command:

    python install.py

    You are prompted for the installation mode:

    • 1. Create an input file for the Deployment type to be installed: Allows you to create the input file that you can use in the installation process.
    • 2. Install Deployment type: Allows you to use an existing input file for the installation process or provide inputs during installation.
  7. Type 2 to indicate that you want to start with the installation process.
    You are prompted for the deployment type. 
    • 1. Application: Allows you to install the application.
    • 2. Database: Allows you to install the database.
    • 3. Elasticsearch: Allows you to install Elasticsearch.
  8. Type 1 to indicate that you want to install the application.
  9. Read the license agreement, and enter y to proceed.
  10. Enter the directory in which you want to install the application. Default is /opt/bmc/truesight.
  11. Enter the path with the input file name in which you stored the file and press Enter. For example, /opt/bmc/truesight/inputs_file.yml.
    The installation process starts.
  12. Once the installation process is complete, verify that the application services are running using the following command:

    python truesight-sm.py status --deployment application
  13. (optional) If you want to create application clusters, repeat steps 1 to 12 to install the application on multiple computers. After you install the application on multiple computers, configure the cluster.

Running the installation process without an input file

If you have not created input file, you can directly provide the inputs during installation as described in the following sections.

  1. Install the database without an existing input file
  2. Install Elasticsearch without an existing input file
  3. Install the application without an existing input file

Installing the database without an existing input file

Note

You don't need to perform this procedure if you have an existing instance of PostgreSQL database installed (supported only on Linux) in your environment. Provide database details of the existing instance while installing the application and then configure the database server so that application can access the database.

  1. Log on to the computer where you want to install the database.
  2. Create a temporary directory (for example, /opt/tsvmInstall).
  3. Copy the TSVM<versionNo>-SM-LIN64.zip and TSVM<versionNo>-DB-LIN64.zip files, which you have downloaded from EPD, to the /opt/tsvmInstall directory.
  4. Extract the TSVM<versionNo>-SM-LIN64.zip to the /opt/tsvmInstall directory.
  5. Navigate to the /opt/tsvmInstall /truesight-sm directory and run the following command:

    python install.py

    You are prompted for the installation mode:

    • 1. Create an input file for the Deployment type to be installed: Allows you to create the input file that you can use in the installation process.
    • 2. Install Deployment type: Allows you to use an existing input file for the installation process or provide inputs during installation.
  6. Type 2 to indicate that you want to start with the installation process.
    You are prompted for the deployment type. 
    • 1. Application: Allows you to install the application.
    • 2. Database: Allows you to install the database.
    • 3. Elasticsearch: Allows you to install Elasticsearch.
  7. Type 2 to indicate that you want to install the database.
  8. Read the license agreement, and enter y to proceed.
  9. Enter the directory in which you want to install the database. By default, it is installed in the /opt/bmc/truesight directory.
  10. Press Enter to indicate that you want to provide the inputs while installing the database.
  11. Enter the following inputs:
    Entry
    Description
    Default
    Port number
    Port number for the database server
    5432
    Database Admin user name
    Administrative user name for the database
    postgres
    Password
    Password for the Administrative user Note: Password cannot contain any special character, such as question mark (?).

    Tablespace directory
    Directory on the PostgreSQL server in which you want to create the system tablespaceThis directory is created if it does not exist.Note: The data directory/ filesystem that needs to host the tablespaces must have at least 50 GB of storage space.
    /opt/bmc/truesight/tsvm_tablespace

    The installation process starts.
  12. Once the installation process is complete, verify that the database services are running using the following command:

    python truesight-sm.py status --deployment database

Installing Elasticsearch without an existing input file

  1. Log on to the computer where you want to install Elasticsearch.
  2. Create a temporary directory (for example, /opt/tsvmInstall).
  3. Copy the TSVM<versionNo>-SM-LIN64.zip and TSVM<versionNo>-ES-LIN64.zip files, which you have downloaded from EPD, to the /opt/tsvmInstall directory.
  4. Extract the TSVM<versionNo>-SM-LIN64.zip to the /opt/tsvmInstall directory.
  5. Navigate to the /opt/tsvmInstall /truesight-sm directory and run the following command:

    python install.py

    You are prompted for the installation mode:

    • 1. Create an input file for the Deployment type to be installed: Allows you to create the input file that you can use in the installation process.
    • 2. Install Deployment type: Allows you to use an existing input file for the installation process or provide inputs during installation.
  6. Type 2 to indicate that you want to start with the installation process.
    You are prompted for the deployment type. 
    • 1. Application: Allows you to install the application.
    • 2. Database: Allows you to install the database.
    • 3. Elasticsearch: Allows you to install Elasticsearch.
  7. Type 3 to indicate that you want to install Elasticsearch.
  8. Read the license agreement, and enter y to proceed.
  9. Enter the directory in which you want to install Elasticsearch. By default, it is installed in the /opt/bmc/truesight directory.
  10. Press Enter to indicate that you want to provide the inputs while installing Elasticsearch.
  11. Enter the following inputs:
    Entry
    Description
    Default
    HTTP port number
    HTTP port number for the Elasticsearch server
    9200
    TCP port number
    TCP port number for the Elasticsearch server
    9300
    Heap size (in MB)
    Heap size (in MB) for the Elasticsearch installation  
    8192

    The installation process starts.
  12. Once the installation process is complete, verify that the Elasticsearch (DCA Index) services are running using the following command:

    python truesight-sm.py status --deployment elasticsearch
  13. (optional) If you want to configure cluster of Elasticsearch servers, install Elasticsearch on multiple servers. You can configure the Elasticsearch cluster after installing the application as well.

Installing the application without an existing input file

  1. Log on to the computer where you want to install the application.
  2. Create a temporary directory (for example, /opt/tsvmInstall).
  3. Copy the TSVM<versionNo>-SM-LIN64.zip and TSVM<versionNo>-APP-LIN64.zip files, which you have downloaded from EPD, to the /opt/tsvmInstall directory.
  4. Extract the TSVM<versionNo>-SM-LIN64.zip to the /opt/tsvmInstall directory.
  5. Navigate to the /opt/tsvmInstall /truesight-sm directory and run the following command:

    python install.py

    You are prompted for the installation mode:

    • 1. Create an input file for the Deployment type to be installed: Allows you to create the input file that you can use put to the installation process.
    • 2. Install Deployment type: Allows you to use an existing input file for the installation process or provide inputs during installation.
  6. Type 2 to indicate that you want to start with the installation process.
    You are prompted for the deployment type. 
    • 1. Application: Allows you to install the application.
    • 2. Database: Allows you to install the database.
    • 3. Elasticsearch: Allows you to install Elasticsearch.
  7. Type 1 to indicate that you want to install the application.
  8. Read the license agreement, and enter y to proceed.
  9. Enter the directory in which you want to install the application. By default, it is installed in the /opt/bmc/truesight directory.
  10. Press Enter to indicate that you want to provide the inputs while installing the application.
  11. Enter the following inputs:
    Entry
    Description
    Default
    Host name and port number for the Docker registry
    Host name and port number for the docker registry in the following format: hostname:portNo
    127.0.0.1:5000
    Docker network subnet prefix
    Subnet prefix for the application containers' network in one of the following formats:
    • x
    • x.x
    where x represents an octet. For example, 138 or 138.10.When you install the application, networks for various containers are created with a netmask 24. IP addresses for these networks are derived from the subnet prefix you provide here. Caution : Ensure that the subnet prefix you provide does not conflict with your datacenter's subnet CIDR or the IP address (172.xx.0.0/16) for the docker0 (docker network adapter/ bridge). In case it does, see Troubleshooting-installation-issues to resolve the issue.You can check the contents of the daemon.json file to view the current docker network setting if it exists:
    cat /etc/docker/daemon.json
    For example, the file shows the current setting as { "bip": "172.17.0.1/16" }.The deamon.json file is created when Docker is installed and its services are running.

    Vulnerability Management database name
    Name for the Vulnerability Management database that you want to create
    tsvm_database
    PostgreSQL server host name
    Fully qualified domain name (FQDN) or IP address of the PostgreSQL server
    NoteWhen using an FQDN for the host, FQDN should be resolvable by the DNS server.

    PostgreSQL server port number
    Port number of the PostgreSQL server
    5432
    PostgreSQL Admin user name
    Administrative user name for the PostgreSQL database
    postgres
    Password
    Password for the Administrative database user Note: Password cannot contain any special character, such as question mark (?).

    User name
    A new user name for the Vulnerability Management database
    tsvm_database_user
    Password
    Password for the Vulnerability Management database user

    Path for the application tablespaces
    Path for the existing application tablespaces on the PostgreSQL server
    /opt/bmc/truesight/tsvm_tablespace
    WritePrivileges
    Write privileges required on the /opt/bmc/truesight/tsvm_tablespace directory

    Elasticsearch host name and port number
    FQDN or IP address and HTTP port number of the host where Elasticsearch is installed in the following format: hostName:portNumber
    If you have installed Elasticsearch on multiple servers to configure a cluster, enter a comma-separated list of hostName:portNumber.
    ImportantImportant: When using an FQDN for the host, FQDN should be resolvable by the DNS server.
    Tip: You can look for TCP and HTTP port numbers in the <ES_INSTALL_DIR>/elasticsearch/infra-ext/es/DCAIndexService/config/elasticsearch.yml file on the Elasticsearch host.
    9200
    Site Type
    One of the following site types:
    • 1: Server Automation
    • 2: Network Automation
    • 3: Microsoft SCCM
    You need to enter details for at least one site type while installing the application. You can also enter details for other site types here or after the installation from the Administration page. You can log on to the TrueSight Vulnerability Management UI with the users of the site types that you enter details for here.Note: If you are choosing the Microsoft SCCM option here, ensure that you have installed and configured the SCCM connector.
    Server Automation
    Host name
    FQDN or IP address of the host for the site
    ImportantImportant: When using an FQDN for the host, FQDN should be resolvable by the DNS server.

    Port number
    Port number for the site type
    Server Automation: 9843Network Automation: 443
    Protocol
    Protocol for the site type: http, https
    https
    Admin role name
    Role name for the site which has the Administrator rights
    Server Automation: BLAdminsNetwork Automation: sysadminSCCM: Administrator

    The installation process starts.
  12. Once the installation process is complete, verify that the application services are running using the following command:

    python truesight-sm.py status --deployment application
  13. (optional) If you want to create application clusters, repeat steps 1 to 12 to install the application on multiple computers. After you install the application on multiple computers, configure the cluster.

Configuring the existing database instance

If you have an existing instance of PostgreSQL database installed in your environment, you need to modify the pg_hba.conf file so that the application computer can access the database server.

To modify the pg_hba.conf file

  1. On the database server, open the pg_hba.conf file with a text editor.
  2. Look for the entries similar to the following:
    host    all             all              0.0.0.0/0              auth-method
    host    all             all              ::/0                       auth-method
  3. In the 4th column, replace 0.0.0.0/0 with your Docker network/mask.
  4. Replace the existing auth-method with md5.
  5. Save the pg_hba.conf file.
  6. Restart the database server.

Troubleshooting installation issues

If you face any issue during installation, see Troubleshooting installation issues.

Where to go from here

Depending on your requirements, set up additional connectors or start using the product.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*