Installing in the interactive mode
Use these instructions to install the database, Elasticsearch, and the TrueSight Vulnerability Management application in the interactive mode. You can install all of these by using a single script that is bundled in the installables.
This topic includes the following sections:
Before you begin
- Ensure that one of the following endpoints managers must be installed and running which you want to access while running the TrueSight Vulnerability Management application.
- TrueSight Server Automation
- TrueSight Network Automation
- Microsoft System Center Configuration Manager (SCCM)
- Ensure that you log on as a root user to the computers on which you want to install the database, Elasticsearch, or application. Installation with a non-root user is not supported.
- To avoid potential permission-related issues in accessing the files that are needed to start or stop services on Linux systems, ensure that the user file creation mask (also called umask) for a Linux user is set to 022.
To install database, Elasticsearch, or application
- Log on to a computer that has Python installed and on which you want to install either database, Elasticsearch, or application.
- Create a temporary directory, for example, /opt/tsvmDownload.
- Copy the following downloaded files to the /opt/tsvmDownload directory.
- TSVM<versionNo>-SM-LIN64.zip
- TSVM<versionNo>-APP-LIN64.zip
- TSVM<versionNo>-DB-LIN64.zip
- TSVM<versionNo>-ES-LIN64.zip
- Extract the TSVM<versionNo>-SM-LIN64.zip file to the /opt/tsvmDownload directory.
From the /opt/tsvmDownload/truesight-sm directory, run the following command:
python install.pyYou are prompted for the installation mode:
- 1. Create an input file for the Deployment type to be installed: Allows you to create the input file that you can use in the installation process.
- 2. Install Deployment type: Allows you to use an existing input file for the installation process or provide inputs while installing.
- Select the installation mode and press Enter.
- Type 1 to start creating the input files.
- Type 2 to directly start with the installation process. See Running the installation process without an input file.
To create the input files
- In step 6, when you type 1 as the installation mode, you are prompted for the deployment type. You can choose options 1, 2, and 3 (one at a time) if you want to create separate input files for the application, database, and Elasticsearch. You can use option 4 if you want to create only one input file for all deployment types and then use that file to install the application, database, and Elasticsearch on separate computers.
- 1. Application: Allows you to create the input file for installing the application.
- 2. Database: Allows you to create the input file for installing the database.
- 3. Elasticsearch: Allows you to create the input file for installing Elasticsearch.
4. All: Allows you to create a single input file for installing the application, database, and Elasticsearch.
(This step is not required if you have an existing instance of PostgreSQL database installed in your environment. Provide database details of the existing instance while creating the input file for the application, and after installing the application, configure the database server so that the application can access the database.)
Create input file for the database:- Type 2 to indicate that you want to generate the input file for the database.
- Enter the directory in which you want to generate the input file. Default is /opt/bmc/truesight.
Enter the following inputs and press Enter.
The inputs_file.yml file is generated in the specified directory.Entry
Description
Default
Port number
Port number for the database server
5432
Database Admin user name
Administrative user name for the database
postgres
Password
Password for the Administrative user Note: Password cannot contain any special character, such as question mark (?).
Tablespace directory
Directory on the PostgreSQL server in which you want to create the system tablespace
This directory is created if it does not exist.
Note: The data directory/ filesystem that needs to host the tablespaces must have at least 50 GB of storage space.
/opt/bmc/truesight/tsvm_tablespace
- Create input file for Elasticsearch:
Navigate to the /opt/tsvmDownload /truesight-sm directory and run the following command:
python install.pyYou are prompted for the installation mode.
- Type 1 as the installation mode and press Enter.
You are prompted for the deployment type. - Type 3 to indicate that you want to generate the input file for Elasticsearch.
- Enter the directory in which you want to generate the input file. Default is /opt/bmc/truesight.
If you accept the default path, the inputs required for Elasticsearch are merged to the existing file. Enter the following inputs and press Enter.
The inputs_file.yml file is generated in the specified directory.Entry
Description
Default
HTTP port number
HTTP port number for the Elasticsearch server
9200
TCP port number
TCP port number for the Elasticsearch server
9300
Heap size (in MB)
Heap size (in MB) for the Elasticsearch installation
8192
- Create input file for the application:
Navigate to the /opt/tsvmDownload /truesight-sm directory and run the following command:
python install.pyYou are prompted for the installation mode.
- Type 1 as the installation mode and press Enter.
You are prompted for the deployment type. - Type 1 to indicate that you want to create the input file for the application.
- Enter the directory in which you want to generate the input file. Default is /opt/bmc/truesight.
If you accept the default path, the inputs required for the application are merged to the existing file. Enter the following inputs and press Enter.
The inputs_file.yml file is generated in the specified directory.Entry
Description
Default
Host name and port number for the Docker registry
Host name and port number for the docker registry in the following format: hostname:portNo
127.0.0.1:5000
Docker network subnet prefix
Subnet prefix for the application containers' network in one of the following formats:
- x
- x.x
where x represents an octet. For example, 138 or 138.10.
When you install the application, networks for various containers are created with a netmask 24. IP addresses for these networks are derived from the subnet prefix you provide here.
Caution : Ensure that the subnet prefix you provide does not conflict with your datacenter's subnet CIDR or the IP address (172.xx.0.0/16) for the docker0 (docker network adapter/ bridge). In case it does, see Troubleshooting-installation-issues to resolve the issue.
You can check the contents of the daemon.json file to view the current docker network setting if it exists:
cat /etc/docker/daemon.json
For example, the file shows the current setting as { "bip": "172.17.0.1/16" }.The deamon.json file is created when Docker is installed and its services are running.
Vulnerability Management database name
Name for the Vulnerability Management database that you want to create
tsvm_database
PostgreSQL server host name
Fully qualified domain name (FQDN) or IP address of the PostgreSQL server
PostgreSQL server port number
Port number of the PostgreSQL server
5432
PostgreSQL Admin user name
Administrative user name for the PostgreSQL database
postgres
Password
Password for the Administrative database user Note: Password cannot contain any special character, such as question mark (?).
User name
A new user name for the Vulnerability Management database
tsvm_database_user
Password
Password for the Vulnerability Management database user
Path for the application tablespaces
Path for the existing application tablespaces on the PostgreSQL server
/opt/bmc/truesight/tsvm_tablespace
WritePrivileges
Write privileges required on the /opt/bmc/truesight/tsvm_tablespace directory
Elasticsearch host name and port number
FQDN or IP address and HTTP port number of the host where Elasticsearch is installed in the following format: hostName:portNumber
If you have installed Elasticsearch on multiple servers to configure a cluster, enter a comma-separated list of hostName:portNumber.
Tip: You can look for TCP and HTTP port numbers in the <ES_INSTALL_DIR>/elasticsearch/infra-ext/es/DCAIndexService/config/elasticsearch.yml file on the Elasticsearch host.
9200
Site Type
One of the following site types:
- 1: Server Automation
- 2: Network Automation
- 3: Microsoft SCCM
You need to enter details for at least one site type while installing the application. You can also enter details for other site types here or after the installation from the Administration page. You can log on to the TrueSight Vulnerability Management UI with the users of the site types that you enter details for here.
Note: If you are choosing the Microsoft SCCM option here, ensure that you have installed and configured the SCCM connector.
Server Automation
Host name
FQDN or IP address of the host for the site
Port number
Port number for the site type
Server Automation: 9843
Network Automation: 443
Protocol
Protocol for the site type: http, https
https
Admin role name
Role name for the site which has the Administrator rights
Server Automation: BLAdmins
Network Automation: sysadmin
SCCM: Administrator
After generating the input file, start installing the database, Elasticsearch, and application, as described in Running the installation process with an input file.
Running the installation process with an input file
First create the input files for the database, Elasticsearch, and, application and then install them using the input files, as described in the following sections:
- Install the database with an input file
- Install Elasticsearch with an input file
- Install the application with an input file
To install the database with an existing input file
- Log on to the computer where you want to install the database.
- Obtain the input file that you have already created (either a cumulative input file or the individual file for the database)
- Create a temporary directory, for example, /opt/tsvmInstall.
- Copy the TSVM<versionNo>-SM-LIN64.zip and TSVM<versionNo>-DB-LIN64.zip files, which you have downloaded from EPD, to the /opt/tsvmInstall directory.
- Extract the TSVM<versionNo>-SM-LIN64.zip to the /opt/tsvmInstall directory.
Navigate to the /opt/tsvmInstall/truesight-sm directory and run the following command:
python install.pyYou are prompted for the installation mode:
- 1. Create an input file for the Deployment type to be installed: Allows you to create the input file that you can use as input to the installation process.
- 2. Install Deployment type: Allows you to use an existing input file for the installation process or provide inputs during installation.
- Type 2 to indicate that you want to start with the installation process.
You are prompted for the deployment type.- 1. Application: Allows you to install the application.
- 2. Database: Allows you to install the database.
- 3. Elasticsearch: Allows you to install Elasticsearch.
- Type 2 to indicate that you want to install the database.
- Read the license agreement, and enter y to proceed.
- Enter the directory in which you want to install the database. Default is /opt/bmc/truesight.
- Enter the path with the input file name in which you have stored the file, and press Enter. For example, /opt/bmc/truesight/inputs_file.yml.
The installation process starts. Once the installation process is complete, verify that the database services are running by using the following command:
python truesight-sm.py status --deployment database
To install Elasticsearch with the existing input file
- Log on to the computer where you want to install Elasticsearch.
- Obtain the input file that you have already created (either a cumulative input file or the individual file for Elasticsearch).
- Create a temporary directory, for example, /opt/tsvmInstall.
- Copy the TSVM<versionNo>-SM-LIN64.zip and TSVM<versionNo>-ES-LIN64.zip files, which you have downloaded from EPD, to the /opt/tsvmInstall directory.
- Extract the TSVM<versionNo>-SM-LIN64.zip to the /opt/tsvmInstall directory.
Navigate to the /opt/tsvmInstall/truesight-sm directory and run the following command:
python install.pyYou are prompted for the installation mode:
- 1. Create an input file for the Deployment type to be installed: Allows you to create the input file that you can use in the installation process.
- 2. Install Deployment type: Allows you to use an existing input file for the installation process or provide inputs during installation.
- Type 2 to indicate that you want to start with the installation process.
You are prompted for the deployment type.- 1. Application: Allows you to install the application.
- 2. Database: Allows you to install the database.
- 3. Elasticsearch: Allows you to install Elasticsearch.
- Type 3 to indicate that you want to install Elasticsearch.
- Read the license agreement, and enter y to proceed.
- Enter the directory in which you want to install Elasticsearch. Default is /opt/bmc/truesight.
- Enter the path with the input file name in which you have stored the file and press Enter. For example, /opt/bmc/truesight/inputs_file.yml.
The installation process starts. Once the installation process is complete, verify that the Elasticsearch (DCA Index) services are running using the following command:
python truesight-sm.py status --deployment elasticsearch- (Optional) If you want to configure cluster of Elasticsearch servers before installing the application, create the input file for each instance and then install Elasticsearch on multiple servers. You can configure the Elasticsearch cluster after installing the application as well.
To install the application with the existing input file
- Log on to the computer where you want to install the application.
- Obtain the input file that you have already created (either a cumulative input file or the individual file for the application).
- Create a temporary directory (for example, /opt/tsvmInstall).
- Copy the TSVM<versionNo>-SM-LIN64.zip and TSVM<versionNo>-APP-LIN64.zip files, which you have downloaded from EPD, to the /opt/tsvmInstall directory.
- Extract the TSVM<versionNo>-SM-LIN64.zip to the /opt/tsvmInstall directory.
Navigate to the /opt/tsvmInstall/truesight-sm directory and run the following command:
python install.pyYou are prompted for the installation mode:
- 1. Create an input file for the Deployment type to be installed: Allows you to create the input file that you can use in the installation process.
- 2. Install Deployment type: Allows you to use an existing input file for the installation process or provide inputs during installation.
- Type 2 to indicate that you want to start with the installation process.
You are prompted for the deployment type.- 1. Application: Allows you to install the application.
- 2. Database: Allows you to install the database.
- 3. Elasticsearch: Allows you to install Elasticsearch.
- Type 1 to indicate that you want to install the application.
- Read the license agreement, and enter y to proceed.
- Enter the directory in which you want to install the application. Default is /opt/bmc/truesight.
- Enter the path with the input file name in which you stored the file and press Enter. For example, /opt/bmc/truesight/inputs_file.yml.
The installation process starts. Once the installation process is complete, verify that the application services are running using the following command:
python truesight-sm.py status --deployment application- (optional) If you want to create application clusters, repeat steps 1 to 12 to install the application on multiple computers. After you install the application on multiple computers, configure the cluster.
Running the installation process without an input file
If you have not created input file, you can directly provide the inputs during installation as described in the following sections.
- Install the database without an existing input file
- Install Elasticsearch without an existing input file
- Install the application without an existing input file
Installing the database without an existing input file
- Log on to the computer where you want to install the database.
- Create a temporary directory (for example, /opt/tsvmInstall).
- Copy the TSVM<versionNo>-SM-LIN64.zip and TSVM<versionNo>-DB-LIN64.zip files, which you have downloaded from EPD, to the /opt/tsvmInstall directory.
- Extract the TSVM<versionNo>-SM-LIN64.zip to the /opt/tsvmInstall directory.
Navigate to the /opt/tsvmInstall /truesight-sm directory and run the following command:
python install.pyYou are prompted for the installation mode:
- 1. Create an input file for the Deployment type to be installed: Allows you to create the input file that you can use in the installation process.
- 2. Install Deployment type: Allows you to use an existing input file for the installation process or provide inputs during installation.
- Type 2 to indicate that you want to start with the installation process.
You are prompted for the deployment type.- 1. Application: Allows you to install the application.
- 2. Database: Allows you to install the database.
- 3. Elasticsearch: Allows you to install Elasticsearch.
- Type 2 to indicate that you want to install the database.
- Read the license agreement, and enter y to proceed.
- Enter the directory in which you want to install the database. By default, it is installed in the /opt/bmc/truesight directory.
- Press Enter to indicate that you want to provide the inputs while installing the database.
- Enter the following inputs:
EntryDescriptionDefaultPort numberPort number for the database server5432Database Admin user nameAdministrative user name for the databasepostgresPasswordPassword for the Administrative user Note: Password cannot contain any special character, such as question mark (?).Tablespace directoryDirectory on the PostgreSQL server in which you want to create the system tablespaceThis directory is created if it does not exist.Note: The data directory/ filesystem that needs to host the tablespaces must have at least 50 GB of storage space./opt/bmc/truesight/tsvm_tablespace
The installation process starts. Once the installation process is complete, verify that the database services are running using the following command:
python truesight-sm.py status --deployment database
Installing Elasticsearch without an existing input file
- Log on to the computer where you want to install Elasticsearch.
- Create a temporary directory (for example, /opt/tsvmInstall).
- Copy the TSVM<versionNo>-SM-LIN64.zip and TSVM<versionNo>-ES-LIN64.zip files, which you have downloaded from EPD, to the /opt/tsvmInstall directory.
- Extract the TSVM<versionNo>-SM-LIN64.zip to the /opt/tsvmInstall directory.
Navigate to the /opt/tsvmInstall /truesight-sm directory and run the following command:
python install.pyYou are prompted for the installation mode:
- 1. Create an input file for the Deployment type to be installed: Allows you to create the input file that you can use in the installation process.
- 2. Install Deployment type: Allows you to use an existing input file for the installation process or provide inputs during installation.
- Type 2 to indicate that you want to start with the installation process.
You are prompted for the deployment type.- 1. Application: Allows you to install the application.
- 2. Database: Allows you to install the database.
- 3. Elasticsearch: Allows you to install Elasticsearch.
- Type 3 to indicate that you want to install Elasticsearch.
- Read the license agreement, and enter y to proceed.
- Enter the directory in which you want to install Elasticsearch. By default, it is installed in the /opt/bmc/truesight directory.
- Press Enter to indicate that you want to provide the inputs while installing Elasticsearch.
- Enter the following inputs:
EntryDescriptionDefaultHTTP port numberHTTP port number for the Elasticsearch server9200TCP port numberTCP port number for the Elasticsearch server9300Heap size (in MB)Heap size (in MB) for the Elasticsearch installation8192
The installation process starts. Once the installation process is complete, verify that the Elasticsearch (DCA Index) services are running using the following command:
python truesight-sm.py status --deployment elasticsearch- (optional) If you want to configure cluster of Elasticsearch servers, install Elasticsearch on multiple servers. You can configure the Elasticsearch cluster after installing the application as well.
Installing the application without an existing input file
- Log on to the computer where you want to install the application.
- Create a temporary directory (for example, /opt/tsvmInstall).
- Copy the TSVM<versionNo>-SM-LIN64.zip and TSVM<versionNo>-APP-LIN64.zip files, which you have downloaded from EPD, to the /opt/tsvmInstall directory.
- Extract the TSVM<versionNo>-SM-LIN64.zip to the /opt/tsvmInstall directory.
Navigate to the /opt/tsvmInstall /truesight-sm directory and run the following command:
python install.pyYou are prompted for the installation mode:
- 1. Create an input file for the Deployment type to be installed: Allows you to create the input file that you can use put to the installation process.
- 2. Install Deployment type: Allows you to use an existing input file for the installation process or provide inputs during installation.
- Type 2 to indicate that you want to start with the installation process.
You are prompted for the deployment type.- 1. Application: Allows you to install the application.
- 2. Database: Allows you to install the database.
- 3. Elasticsearch: Allows you to install Elasticsearch.
- Type 1 to indicate that you want to install the application.
- Read the license agreement, and enter y to proceed.
- Enter the directory in which you want to install the application. By default, it is installed in the /opt/bmc/truesight directory.
- Press Enter to indicate that you want to provide the inputs while installing the application.
- Enter the following inputs:
EntryDescriptionDefaultHost name and port number for the Docker registryHost name and port number for the docker registry in the following format: hostname:portNo127.0.0.1:5000Docker network subnet prefixSubnet prefix for the application containers' network in one of the following formats:- x
- x.x
cat /etc/docker/daemon.json
For example, the file shows the current setting as { "bip": "172.17.0.1/16" }.The deamon.json file is created when Docker is installed and its services are running.Vulnerability Management database nameName for the Vulnerability Management database that you want to createtsvm_databasePostgreSQL server host nameFully qualified domain name (FQDN) or IP address of the PostgreSQL serverPostgreSQL server port numberPort number of the PostgreSQL server5432PostgreSQL Admin user nameAdministrative user name for the PostgreSQL databasepostgresPasswordPassword for the Administrative database user Note: Password cannot contain any special character, such as question mark (?).User nameA new user name for the Vulnerability Management databasetsvm_database_userPasswordPassword for the Vulnerability Management database userPath for the application tablespacesPath for the existing application tablespaces on the PostgreSQL server/opt/bmc/truesight/tsvm_tablespaceWritePrivilegesWrite privileges required on the /opt/bmc/truesight/tsvm_tablespace directoryElasticsearch host name and port numberFQDN or IP address and HTTP port number of the host where Elasticsearch is installed in the following format: hostName:portNumber
If you have installed Elasticsearch on multiple servers to configure a cluster, enter a comma-separated list of hostName:portNumber. Tip: You can look for TCP and HTTP port numbers in the <ES_INSTALL_DIR>/elasticsearch/infra-ext/es/DCAIndexService/config/elasticsearch.yml file on the Elasticsearch host.9200Site TypeOne of the following site types:- 1: Server Automation
- 2: Network Automation
- 3: Microsoft SCCM
Server AutomationHost nameFQDN or IP address of the host for the sitePort numberPort number for the site typeServer Automation: 9843Network Automation: 443ProtocolProtocol for the site type: http, httpshttpsAdmin role nameRole name for the site which has the Administrator rightsServer Automation: BLAdminsNetwork Automation: sysadminSCCM: Administrator
The installation process starts. Once the installation process is complete, verify that the application services are running using the following command:
python truesight-sm.py status --deployment application- (optional) If you want to create application clusters, repeat steps 1 to 12 to install the application on multiple computers. After you install the application on multiple computers, configure the cluster.
Configuring the existing database instance
If you have an existing instance of PostgreSQL database installed in your environment, you need to modify the pg_hba.conf file so that the application computer can access the database server.
To modify the pg_hba.conf file
- On the database server, open the pg_hba.conf file with a text editor.
- Look for the entries similar to the following:
host all all 0.0.0.0/0 auth-method
host all all ::/0 auth-method - In the 4th column, replace 0.0.0.0/0 with your Docker network/mask.
- Replace the existing auth-method with md5.
- Save the pg_hba.conf file.
- Restart the database server.
Troubleshooting installation issues
If you face any issue during installation, see Troubleshooting installation issues.
Where to go from here
Depending on your requirements, set up additional connectors or start using the product.