Setting up the installation environment
This topic describes how to set up the installation environment. It includes the following sections:
- Before you begin
- Setting up the environment for installing the application in an internet-enabled environment
- Setting up the environment for installing the application in an air-gapped environment
- Setting up the environment for installing the database and Elasticsearch
- Configuring the product for firewall and Security-Enhanced Linux
Related topics
Before you begin
- Review the system requirements.
- Ensure that the computers on which you want to install the application, database, and Elasticsearch are in the same timezone.
- Ensure that you log on as a root user to the computer on which you want to install the application.
- To avoid potential permission-related issues in accessing the files that are needed to start or stop services on Linux systems, ensure that the user file creation mask (also called umask) for a Linux user is set to 0022.
Setting up the environment for installing the application in an internet-enabled environment
You need to install various Python modules and Docker on the computer on which you want to install the application in the following sequence:
These steps are explained in the following sections:
Setting up Python and Python modules in an internet-enabled environment
- Log on to the computer on which you want to install the application.
Install the following software in the mentioned order:
Step
Software
Required version
Command to install
Command to check the existing version
1
Python
2.7.x
sudo yum -y install pythonpython --version2
Python setup tools package
0.9.8
sudo yum -y install python-setuptoolsrpm -qa | grep python-setuptools3
pip
9.0.1 or later
easy_install pippip --versionInstall the Python modules using the following command:
pip install PyYAML==3.12 docker==2.7.0 docker-pycreds==0.2.2 docker-compose==1.19.0 dockerpty==0.4.1 netaddr==0.7.19 netifaces==0.10.7Module
Required version
Command to check the existing version
PyYAML
3.12
pip freeze | grep PyYAMLnetaddr
0.7.19
pip freeze | grep netaddrnetifaces
0.10.7
pip freeze | grep netifacesdocker
2.7.0
pip freeze | grep dockerdocker-pycreds
0.2.2
pip freeze | grep dockerdocker-compose
1.19.0
pip freeze | grep dockerdockerpty
0.4.1
pip freeze | grep docker
Setting up Docker in an internet-enabled environment
Depending on the operating system you are using, follow one of the procedures:
- To set up Docker CE on a CentOS computer in an internet-enabled environment
- To set up Docker EE on an RHEL computer in an internet-enabled environment
To set up Docker CE on a CentOS computer in an internet-enabled environment
Add a Docker repository to your system required to install Docker:
sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repoInstall Docker CE:
sudo yum -y install docker-ce device-mapper-libs device-mapper-event-libsStart the Docker daemon:
systemctl start dockerEnable the Docker services:
systemctl enable docker.serviceDownload docker compose:
sudo curl -L https://github.com/docker/compose/releases/download/1.19.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-composeGrant the required permissions to docker compose:
sudo chmod +x /usr/local/bin/docker-compose- Create a local Docker registry to manage Docker images, as follows:
- Download the TSVM<versionNo>-IMAGES-LIN64.zip file from the BMC Electronic Products Distribution (EPD).
Create a temporary directory on the Docker host (for example, /opt/tsvm/dockerrepo) and extract the TSVM<versionNo>-IMAGES-LIN64.zip into the temporary directory.
Examplemkdir -p /opt/tsvm/dockerrepo
unzip TSVM31-IMAGES-LIN64.zip -d /opt/tsvm/dockerrepoRun the following command to create the local Docker registry. In the following command, replace <tempDirectory> with the temporary directory with its complete path that you created in step b. If there are multiple hosts, repeat this step on all the Docker hosts.
docker run -d \
-p 5000:5000 \
--restart=always \
--name registry \
-v <tempDirectory>:/var/lib/registry \
registry:2Exampledocker run -d \
-p 5000:5000 \
--restart=always \
--name registry \
-v /opt/tsvm/dockerrepo:/var/lib/registry \
registry:2This command creates a local Docker registry on port 5000.
Verify that Docker images have been pulled successfully by running the following command:
curl http://localhost:5000/v2/_catalogOr, use the following command for verification:
http://<dockerHostName>:5000/v2/_catalogIf successful, these commands return the following output:
{"repositories":["bmcsoftware/truesight-app-utilities","bmcsoftware/truesight-app-vulnerability-management-drm","bmcsoftware/truesight-app-vulnerability-management-drw","bmcsoftware/truesight-app-vulnerability-management-portal","bmcsoftware/truesight-common-discovery-connector","bmcsoftware/truesight-common-exception-management","bmcsoftware/truesight-common-itil","bmcsoftware/truesight-common-orchestration-connector","bmcsoftware/truesight-common-tagging","bmcsoftware/truesight-common-tsna-connector","bmcsoftware/truesight-common-tssa-connector","bmcsoftware/truesight-common-workmanager","bmcsoftware/truesight-config-configurator","bmcsoftware/truesight-infra-ext-consul","bmcsoftware/truesight-infra-ext-redis"]}
To set up Docker EE on an RHEL computer in an internet-enabled environment
- To install Docker EE, you need the URL of the Docker EE repository associated with your trial or subscription, as follows:
- Go to https://store.docker.com/my-content. All of your subscriptions and trials are listed.
- Click the Setup button for Docker Enterprise Edition for Red Hat Enterprise Linux.
- Copy the URL from Copy and paste this URL to download your Edition and save it for later use.
Export the Docker URL:
sudo export DOCKERURL="<DOCKER-EE-URL>"DOCKER-EE-URL is the URL that you have obtained in step 1.
Store the value of the variable, DOCKERURL (from the previous step), in a yum variable in /etc/yum/vars/:
sudo -E sh -c 'echo "$DOCKERURL/rhel" > /etc/yum/vars/dockerurl'Store your OS version string in /etc/yum/vars/dockerosversion. Most users should use 7, but you can also use the more specific minor version, starting from 7.2.
sudo sh -c 'echo "7" > /etc/yum/vars/dockerosversion'Install the required packages. yum-utils provides the yum-config-manager utility, and device-mapper-persistent-data and lvm2 are required by the devicemapper storage driver:
sudo yum install -y yum-utils device-mapper-persistent-data lvm2Enable the extras RHEL repository. This ensures access to the container-selinux package required by docker-ee.
sudo yum-config-manager --enable rhel-7-server-extras-rpmsAdd the Docker repository to your system required to install Docker EE:
sudo yum-config-manager --add-repo "$DOCKERURL/rhel/docker-ee.repo"Install the Docker EE:
sudo yum -y install docker-ee device-mapper-libs device-mapper-event-libsStart the Docker daemon:
systemctl start dockerEnable the Docker services:
systemctl enable docker.serviceDownload and install docker compose:
sudo curl -L https://github.com/docker/compose/releases/download/1.19.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-composeGrant the required permissions to docker compose:
sudo chmod +x /usr/local/bin/docker-composeCreate a local Docker registry to manage Docker images, as follows:
- Download the TSVM<versionNo>-IMAGES-LIN64.zip file from the BMC Electronic Products Distribution (EPD).
Create a temporary directory on the Docker host (for example, /opt/tsvm/dockerrepo) and extract the TSVM<versionNo>-IMAGES-LIN64.zip into the temporary directory.
Examplemkdir -p /opt/tsvm/dockerrepo
unzip TSVM31-IMAGES-LIN64.zip -d /opt/tsvm/dockerrepoRun the following command to create the local Docker registry. Replace <tempDirectory> with the complete path of the temporary directory that you created in step b. If there are multiple Docker hosts, repeat this step on all hosts.
docker run -d \
-p 5000:5000 \
--restart=always \
--name registry \
-v <tempDirectory>:/var/lib/registry \
registry:2Exampledocker run -d \
-p 5000:5000 \
--restart=always \
--name registry \
-v /opt/tsvm/dockerrepo:/var/lib/registry \
registry:2This command creates a local Docker registry on port 5000.
Verify that Docker images have been pulled successfully by running the following command:
curl http://localhost:5000/v2/_catalogOr, use the following command for verification:
http://<dockerHostName>:5000/v2/_catalogIf successful, these commands return the following output:
{"repositories":["bmcsoftware/truesight-app-utilities","bmcsoftware/truesight-app-vulnerability-management-drm","bmcsoftware/truesight-app-vulnerability-management-drw","bmcsoftware/truesight-app-vulnerability-management-portal","bmcsoftware/truesight-common-discovery-connector","bmcsoftware/truesight-common-exception-management","bmcsoftware/truesight-common-itil","bmcsoftware/truesight-common-orchestration-connector","bmcsoftware/truesight-common-tagging","bmcsoftware/truesight-common-tsna-connector","bmcsoftware/truesight-common-tssa-connector","bmcsoftware/truesight-common-workmanager","bmcsoftware/truesight-config-configurator","bmcsoftware/truesight-infra-ext-consul","bmcsoftware/truesight-infra-ext-redis"]}
Setting up the environment for installing the application in an air-gapped environment
You need to install various Python modules and Docker on the computer on which you want to install the application in the following sequence:
These steps are explained in the following sections:
Setting up Python and Python modules in an air-gapped environment
- Log on to the computer on which you want to install the application.
Ensure that the following software are installed:
Software
Required version
Command to check the existing version
Python
2.7.x
python --versionPython setup tools package
0.9.8
rpm -qa | grep python-setuptools- To install PIP:
Connect to the computer that has Internet access and download get-pip.py using the following command:
wget https://bootstrap.pypa.io/get-pip.py- Download the wheel-0.32.3-py2.py3-none-any.whl and pip-18.1-py2.py3-none-any.whl files from the following links:
- Copy the get-pip.py, wheel-0.32.3-py2.py3-none-any.whl and pip-18.1-py2.py3-none-any.whl files to a temporary directory, prereq-tsvm on the computer where you want to install the application.
Navigate to the prereq-tsvm directory and use the following command to install PIP:
python get-pip.py --no-index --find-links=.If installed successfully, the output of the command looks like the following:
Looking in links: .
Collecting pip
Collecting wheel
Installing collected packages: pip, wheel
Successfully installed pip-18.1 wheel-0.32.3- Check the PIP version using the following command: pip --version
Output of the command looks like the following:
pip 18.1 from /usr/lib/python2.7/site-packages/pip (python 2.7)
Log on to computer that has Internet access and download the Python modules using the following command:
pip download PyYAML==3.12 docker==2.7.0 docker-pycreds==0.2.2 docker-compose==1.19.0 dockerpty==0.4.1 netaddr==0.7.19 netifaces==0.10.7 requests==2.18.4After the download is complete, the package folder looks like the following:
-rw-r--r-- 1 root root 5605 Dec 10 09:48 backports.ssl_match_hostname-3.5.0.1.tar.gz
-rw-r--r-- 1 root root 5968 Dec 10 09:48 cached_property-1.5.1-py2.py3-none-any.whl
-rw-r--r-- 1 root root 154154 Dec 10 09:48 certifi-2018.11.29-py2.py3-none-any.whl
-rw-r--r-- 1 root root 133356 Dec 10 09:48 chardet-3.0.4-py2.py3-none-any.whl
-rw-r--r-- 1 root root 119480 Dec 10 09:48 docker-2.7.0-py2.py3-none-any.whl
-rw-r--r-- 1 root root 115701 Dec 10 09:48 docker_compose-1.19.0-py2.py3-none-any.whl
-rw-r--r-- 1 root root 13924 Dec 10 09:48 dockerpty-0.4.1.tar.gz
-rw-r--r-- 1 root root 4673 Dec 10 09:48 docker_pycreds-0.2.2-py2.py3-none-any.whl
-rw-r--r-- 1 root root 25901 Dec 10 09:48 docopt-0.6.2.tar.gz
-rw-r--r-- 1 root root 12427 Dec 10 09:48 enum34-1.1.6-py2-none-any.whl
-rw-r--r-- 1 root root 31171 Dec 10 09:48 functools32-3.2.3-2.tar.gz
-rw-r--r-- 1 root root 1661676 Dec 10 09:42 get-pip.py
-rw-r--r-- 1 root root 58213 Dec 10 09:48 idna-2.7-py2.py3-none-any.whl
-rw-r--r-- 1 root root 18155 Dec 10 09:48 ipaddress-1.0.22-py2.py3-none-any.whl
-rw-r--r-- 1 root root 39524 Dec 10 09:48 jsonschema-2.6.0-py2.py3-none-any.whl
-rw-r--r-- 1 root root 1628451 Dec 10 09:48 netaddr-0.7.19-py2.py3-none-any.whl
-rw-r--r-- 1 root root 30988 Dec 10 09:48 netifaces-0.10.7-cp27-cp27mu-manylinux1_x86_64.whl
-rw-r--r-- 1 root root 1323545 Dec 10 09:42 pip-18.1-py2.py3-none-any.whl
-rw-r--r-- 1 root root 253011 Dec 10 09:48 PyYAML-3.12.tar.gz
-rw-r--r-- 1 root root 57987 Dec 10 09:48 requests-2.18.4-py2.py3-none-any.whl
-rw-r--r-- 1 root root 10586 Dec 10 09:48 six-1.12.0-py2.py3-none-any.whl
-rw-r--r-- 1 root root 11074 Dec 10 09:48 texttable-0.9.1.tar.gz
-rw-r--r-- 1 root root 118086 Dec 10 09:48 urllib3-1.24.1-py2.py3-none-any.whl
-rw-r--r-- 1 root root 200115 Dec 10 09:48 websocket_client-0.54.0-py2.py3-none-any.whl
-rw-r--r-- 1 root root 21454 Dec 10 09:42 wheel-0.32.3-py2.py3-none-any.whl- Zip the package folder and copy it to the prereq-tsvm directory on the computer where you want to install the application.
Navigate to the prereq-tsvm directory and install Python modules using the following commands:
pip install netaddr-0.7.19-py2.py3-none-any.whl -f ./ --no-indexpip install netifaces-0.10.7-cp27-cp27mu-manylinux1_x86_64.whl -f ./ --no-indexpip install docker_compose-1.19.0-py2.py3-none-any.whl -f ./ --no-index- Validate the module versions using the following command: pip freeze | grep docker
Output of the command looks like the following:
docker==2.7.0
docker-compose==1.19.0
docker-pycreds==0.4.0
dockerpty==0.4.1
Setting up Docker in an air-gapped environment
Depending on the operating system you are using, follow one of the procedures:
- To set up Docker CE on a CentOS computer in an air-gapped environment
- To set up Docker EE on an RHEL computer in an air-gapped environment
To set up Docker CE on a CentOS computer in an air-gapped environment
- Ensure that Docker CE is installed on the computer where you want to install the application.
Start the Docker daemon:
systemctl start dockerEnable the Docker services:
systemctl enable docker.serviceSwitch to the computer that has internet access and download docker compose using the following command:
sudo curl -L https://github.com/docker/compose/releases/download/1.19.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-composeCopy the downloaded file to the /usr/local/bin directory on the computer where you want to install the application:
Grant the required permissions to docker compose:
sudo chmod +x /usr/local/bin/docker-compose- Create a local Docker registry to manage Docker images, as follows:
- Download the TSVM<versionNo>-IMAGES-LIN64.zip file from the BMC Electronic Products Distribution (EPD) on the computer where you have internet access.
Run the following command to download the files required to create the Docker registry:
docker pull registry:2 \
&& docker save docker.io/registry:2 -o docker-io.registry.tar- Copy the downloaded file (docker-io.registry.tar) to the computer on which you want to install the application (Docker host).
On the Docker host, run the following command to load the registry image:
docker load -i docker-io.registry.tar- Copy the TSVM<versionNo>-IMAGES-LIN64.zip to the computer on the Docker host.
Create a temporary directory on the Docker host (for example, /opt/tsvm/dockerrepo) and extract the TSVM<versionNo>-IMAGES-LIN64.zip into the temporary directory.
Examplemkdir -p /opt/tsvm/dockerrepo
unzip TSVM31-IMAGES-LIN64.zip -d /opt/tsvm/dockerrepoRun the following command to create the local Docker registry. In the following command, replace <tempDirectory> with the temporary directory with its complete path that you created in step f. If there are multiple hosts, repeat this step on all the Docker hosts.
docker run -d \
-p 5000:5000 \
--restart=always \
--name registry \
-v <tempDirectory>:/var/lib/registry \
registry:2Exampledocker run -d \
-p 5000:5000 \
--restart=always \
--name registry \
-v /opt/tsvm/dockerrepo:/var/lib/registry \
registry:2This command creates a local Docker registry on port 5000.
Verify that Docker images have been pulled successfully by running the following command:
curl http://localhost:5000/v2/_catalogOr, use the following command for verification:
http://<dockerHostName>:5000/v2/_catalogIf successful, these commands return the following output:
{"repositories":["bmcsoftware/truesight-app-utilities","bmcsoftware/truesight-app-vulnerability-management-drm","bmcsoftware/truesight-app-vulnerability-management-drw","bmcsoftware/truesight-app-vulnerability-management-portal","bmcsoftware/truesight-common-discovery-connector","bmcsoftware/truesight-common-exception-management","bmcsoftware/truesight-common-itil","bmcsoftware/truesight-common-orchestration-connector","bmcsoftware/truesight-common-tagging","bmcsoftware/truesight-common-tsna-connector","bmcsoftware/truesight-common-tssa-connector","bmcsoftware/truesight-common-workmanager","bmcsoftware/truesight-config-configurator","bmcsoftware/truesight-infra-ext-consul","bmcsoftware/truesight-infra-ext-redis"]}
To set up Docker EE on an RHEL computer in an air-gapped environment
- Ensure that Docker EE is installed on the computer where you want to install the application.
Start the Docker daemon:
systemctl start dockerEnable the Docker services:
systemctl enable docker.serviceConnect to the computer that has internet access and download docker compose using the following command:
sudo curl -L https://github.com/docker/compose/releases/download/1.19.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-composeCopy the downloaded file to the /usr/local/bin directory on the computer where you want to install the application:
Grant the required permissions to docker compose:
sudo chmod +x /usr/local/bin/docker-compose- Create a local Docker registry to manage Docker images, as follows:
- Download the TSVM<versionNo>-IMAGES-LIN64.zip file from the BMC Electronic Products Distribution (EPD) on the computer where you have internet access.
Run the following command to download the files required to create the Docker registry:
docker pull registry:2 \
&& docker save docker.io/registry:2 -o docker-io.registry.tar- Copy the downloaded file (docker-io.registry.tar) to the computer on which you want to install the application (Docker host).
On the Docker host, run the following command to load the registry image:
docker load -i docker-io.registry.tar- Copy the TSVM<versionNo>-IMAGES-LIN64.zip to the computer on the Docker host.
Create a temporary directory on the Docker host (for example, /opt/tsvm/dockerrepo) and extract the TSVM<versionNo>-IMAGES-LIN64.zip into the temporary directory.
Examplemkdir -p /opt/tsvm/dockerrepo
unzip TSVM31-IMAGES-LIN64.zip -d /opt/tsvm/dockerrepRun the following command to create the local Docker registry. Replace <tempDirectory> with the complete path of the temporary directory that you created in step f. If there are multiple Docker hosts, repeat this step on all hosts.
docker run -d \
-p 5000:5000 \
--restart=always \
--name registry \
-v <tempDirectory>:/var/lib/registry \
registry:2Exampledocker run -d \
-p 5000:5000 \
--restart=always \
--name registry \
-v /opt/tsvm/dockerrepo:/var/lib/registry \
registry:2This command creates a local Docker registry on port 5000.
Verify that Docker images have been pulled successfully by running the following command:
curl http://localhost:5000/v2/_catalogOr, use the following command for verification:
http://<dockerHostName>:5000/v2/_catalogIf successful, these commands return the following output:
{"repositories":["bmcsoftware/truesight-app-utilities","bmcsoftware/truesight-app-vulnerability-management-drm","bmcsoftware/truesight-app-vulnerability-management-drw","bmcsoftware/truesight-app-vulnerability-management-portal","bmcsoftware/truesight-common-discovery-connector","bmcsoftware/truesight-common-exception-management","bmcsoftware/truesight-common-itil","bmcsoftware/truesight-common-orchestration-connector","bmcsoftware/truesight-common-tagging","bmcsoftware/truesight-common-tsna-connector","bmcsoftware/truesight-common-tssa-connector","bmcsoftware/truesight-common-workmanager","bmcsoftware/truesight-config-configurator","bmcsoftware/truesight-infra-ext-consul","bmcsoftware/truesight-infra-ext-redis"]}
Setting up the environment for installing the database and Elasticsearch
Set up Python on the computers on which you want to install the database and Elasticsearch in the following sequence:
These steps are explained in the following sections:
Setting up Python in an internet-enabled environment
- Log on to the computer on which you want to install the database or Elasticsearch.
Install the following software in the mentioned order:
Step
Software
Required version
Command to install
Command to check the existing version
1
Python
2.7.x
sudo yum -y install pythonpython --version2
Python setup tools package
0.9.8
sudo yum -y install python-setuptoolsrpm -qa | grep python-setuptools3
pip
9.0.1 or later
easy_install pippip --version
Setting up Python in an air-gapped environment
- Log on to the computer on which you want to install the database or Elasticsearch.
Ensure that the following software are installed:
Software
Required version
Command to check the existing version
Python
2.7.x
python --versionPython setup tools package
0.9.8
rpm -qa | grep python-setuptools- To install PIP:
- Connect to the computer that has Internet access and download get-pip.py using the following command: wget https://bootstrap.pypa.io/get-pip.py
- Download the wheel-0.32.3-py2.py3-none-any.whl and pip-18.1-py2.py3-none-any.whl files from the following links:
- Copy the get-pip.py, wheel-0.32.3-py2.py3-none-any.whl and pip-18.1-py2.py3-none-any.whl files to a temporary directory, prereq-tsvm on the computer where you want to install the application.
Navigate to the prereq-tsvm directory and use the following command to install PIP: python get-pip.py --no-index --find-links=.If installed successfully, the output of the command looks like the following:
Looking in links: .
Collecting pip
Collecting wheel
Installing collected packages: pip, wheel
Successfully installed pip-18.1 wheel-0.32.3- Check the PIP version using the following command: pip --version
Output of the command looks like the following:
pip 18.1 from /usr/lib/python2.7/site-packages/pip (python 2.7)
Configuring the product for firewall and Security-Enhanced Linux
Ensure that firewall is not running or won't start automatically, and Security-Enhanced Linux (SELinux) is disabled on the computers where you want to install the database, Elasticsearch, or application. By default, firewall is running and SELinux is enabled on Linux computers.
Alternatively, if the firewall is running and SELinux is enabled, follow these instructions for opening the ports:
- Open these ports on the firewall using the following command for each of the ports:
firewall-cmd --permanent --add-port portNumber/tcpPortProtocolConfigured onUser can choose port number?Firewall exception needed?Description8443TCPHost containing the TrueSight Vulnerability Management application installationYes (at the time of installation)YesSecure port used to access the TrueSight Vulnerability Management application using HTTPS5000TCPHost containing the TrueSight Vulnerability Management application installationYes (at the time of installation)YesPort used for communication with the Docker repository9443TCPHost containing the TrueSight Vulnerability Management application installationYes (at the time of installation)YesPort used for the WorkManager communication5432Host containing the database installationYes (at the time of installation)YesPort used by the database (PostgreSQL) for communication9200HTTPHost containing the Elasticsearch installationYes (at the time of installation)YesPort used for monitoring the Elasticsearch server. After installation, you can disable HTTP traffic with the Elasticsearch server if an open HTTP port is a security concern.9300TCPHost containing the Elasticsearch installationYes (at the time of installation)YesPort used for required transport layer traffic with the Elasticsearch server. - Restart the firewall by running the following command:
systemctl restart firewalld - Stop the docker service by running the following command:
systemctl stop docker - Reset the docker network adapter by running the following commands:
iptables -t nat -F
ifconfig docker0 down
brctl delbr docker0 - Start the docker service by running the following command:
systemctl start docker