Preparing for installation

Setting up your installation environment

Complete the following tasks to set up your environment:

• Ensure that the target computer meets the system requirements.
• Ensure that the servers on which you want to install the application and database are in the same time zone.

• Install a compatible TrueSight Server Automation version.
  For details, see System-requirements. 

  Note

  We recommend that you install the Automation Console and TrueSight Server Automation on different hosts.

• If you want to use Mirantis Container Runtime in a production environment, you need to purchase the license. You can use the trial version for a non-production environment. For more information, see the Mirantis website.

• Set up Docker in an internet-enabled environment.
  OR
  Set up Docker in an air-gapped environment.

  Note:

  To avoid docker network conflicts, do not install TrueSight Automation Console and TrueSight Vulnerability Management on the same docker host.

• If you want to install using a non-root user, ensure that the user has read and write permissions to the installation directory.
  This user must also be a part of the docker user group on the host.
• Make sure that the /var filesystem has at least 50 GB of storage space.

• If using an external PostgreSQL database, ensure that it is installed (along with the PostgresSQL contrib modules) and is running. 

  To verify whether the contrib modules are installed, run the following commands based on your version:

  For PostgreSQL 12

  yum list installed | grep postgresql12-contrib

  For PostgreSQL 11.2

  yum list installed | grep postgresql11-contrib

Setting up Docker in an internet-enabled environment

This section provides sample procedures for installing the Docker Community Edition (CE) on CentOS and the Mirantis Container Runtime on Red Hat Linux Enterprise (RHEL). Commands might vary for other operating system and Docker edition combinations.

• Install Docker CE on CentOS
• Install Mirantis Container Runtime on RHEL

To install Docker CE on a CentOS computer

1. Add a Docker repository to your system required to install Docker: 

   sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo

2. Install Docker Community Edition:

   sudo yum -y install docker-ce device-mapper-libs device-mapper-event-libs

3. Start the Docker daemon:

   systemctl start docker

4. Enable the Docker services:

   systemctl enable docker.service

5. Download Docker compose:

   sudo curl -L https://github.com/docker/compose/releases/download/1.19.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose

   Important

   After you download Docker compose, ensure that /usr/local/bin/ is added to the PATH variable.

6. Grant the required permissions to Docker compose:

   sudo chmod +x /usr/local/bin/docker-compose
7. To create a local Docker registry to manage Docker images, do the following:
   1. Download the TSAC<versionNo>-IMAGES-LIN64.zip file from the BMC Electronic Products Distribution (EPD).
   2. Create a directory on the Docker host (for example, /opt/tsac_<version>/dockerrepo) and extract the TSAC<versionNo>-IMAGES-LIN64.zip into the directory.
      Ensure that the file system size of this directory is at least 10 GB.

   3. Run the following command to create the local Docker registry. In the following command, replace <Directory> with the directory with its complete path that you created in step b. If there are multiple hosts, repeat this step on all the Docker hosts.

      docker run -d \
       -p 5000:5000 \
       --restart=always \
       --name registry \
       -v <Directory>:/var/lib/registry \
        registry:2 

      For example,

      docker run -d \
        -p 5000:5000 \
        --restart=always \
        --name registry \
        -v /opt/tsac_<version>/dockerrepo:/var/lib/registry \
        registry:2

      This command creates a local Docker registry on port 5000.

8. Verify that Docker images have been pulled successfully by running the following command:

   curl http://localhost:5000/v2/_catalog

   Alternatively, you can verify by using the http://localhost:5000/v2/_catalog URL in a browser. 

   If successful, the command returns the following output:

   {"repositories":["bmcsoftware/truesight-app-vulnerability-management-drm","bmcsoftware/truesight-app-vulnerability-management-drw","bmcsoftware/truesight-app-vulnerability-management-portal","bmcsoftware/truesight-common-discovery-connector","bmcsoftware/truesight-common-exception-management","bmcsoftware/truesight-common-orchestration-connector","bmcsoftware/truesight-common-tagging","bmcsoftware/truesight-common-tsna-connector","bmcsoftware/truesight-common-tssa-connector","bmcsoftware/truesight-common-workmanager","bmcsoftware/truesight-config-configurator","bmcsoftware/truesight-infra-ext-consul","bmcsoftware/truesight-infra-ext-redis"]}

To install Mirantis Container Runtime on an RHEL computer

Installing Mirantis Container Runtime (MCR) involves the following tasks. MCR was formerly called Docker EE.

1. Set up a Docker repository.
2. Install MCR from the repository.

To set up the Docker repository 

Do the following:

1. Log in to the host where you want to install MCR.

2. Remove the existing Docker repositories:

   $ sudo rm /etc/yum.repos.d/docker*.repo

3. Temporarily store "http://repos.mirantis.com" in an environment variable. This value does not persist after the session ends.

   $ export DOCKERURL="http://repos.mirantis.com"

4. Store the DOCKERURL value from the previous step in a yum variable:

   $ sudo -E sh -c 'echo "$DOCKERURL/rhel" > /etc/yum/vars/dockerurl'

5. Store the OS version string at /etc/yum/vars/dockerosversion.

   • (RHEL 7)

     $ sudo sh -c 'echo "7" > /etc/yum/vars/dockerosversion'

   • (RHEL 8)

     $ sudo sh -c 'echo "8" > /etc/yum/vars/dockerosversion'

   You can also store a specific minor version, such as 7.2.

6. Install yum-utils that provides the yum-config-manager utility.

   • (RHEL 7)

     $ sudo yum install -y yum-utils

   • (RHEL 8)

     $ sudo yum install -y yum-utils \
      device-mapper-persistent-data \
      lvm2

7. (RHEL 7) Enable the extras RHEL repository. This step ensures access to the container-selinux package required by docker-ee.

   sudo yum-config-manager --enable rhel-7-server-extras-rpms

8. Add the MCR repository to your system:

   sudo -E yum-config-manager --add-repo "$DOCKERURL/rhel/docker-ee.repo"

To install MCR from the repository 

Do the following:

1. Install the latest patch release or go to the next step to install a specific version:

   $ sudo yum -y install docker-ee docker-ee-cli containerd.io

   If you are prompted to accept the GPG key, verify that the fingerprint matches 77FE DA13 1A83 1D29 A418 D3E8 99E5 FF2E 7668 2BC9, and if yes, accept it.

2. To install a specific MCR version, do the following:

   1. List and sort the versions available in your repository. This example sorts results by version number, highest to lowest, and is truncated:

      $ sudo yum list docker-ee  --showduplicates | sort -r
      docker-ee.x86_64   20.10.ee.2-1.el7.rhel    docker-ee-stable-18.09

      The returned list depends on which repositories are enabled, and it is specific to your version of Red Hat Enterprise Linux (indicated by .el7 in the example).

   2. Install a specific version by specifying the fully qualified package name. For example, docker-ee-18.09.1

      $ sudo yum -y install docker-ee-<VERSION_STRING> docker-ee-cli-<VERSION_STRING> containerd.io

      For example, to install the 19.03 version, run this command:

      $ sudo yum -y install docker-ee-19.03.8 docker-ee-cli-19.03.8 containerd.io

3.  Start the Docker daemon:

   systemctl start docker

4. Enable the Docker services:

   systemctl enable docker.service

5. Download and install docker compose:

   sudo curl -L https://github.com/docker/compose/releases/download/1.19.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
6. After you download docker compose, add /usr/local/bin/ to the PATH variable.

7. Grant the required permissions to docker compose:

   sudo chmod +x /usr/local/bin/docker-compose

8. Create a local Docker registry to manage Docker images, as follows:

   1. Download the TSAC<versionNo>-IMAGES-LIN64.zip file from the BMC Electronic Products Distribution (EPD).
   2. Create a directory on the Docker host (for example, /opt/tsac_<version>/dockerrepo) and extract the TSAC<versionNo>-IMAGES-LIN64.zip into the directory.
      Ensure that the file system size of this directory is at least 10 GB.

   3. Run the following command to create the local Docker registry. Replace <Directory> with the complete path of the directory that you created in step b. If there are multiple Docker hosts, repeat this step on all hosts.
      docker run -d \
        -p 5000:5000 \
        --restart=always \
        --name registry \
        -v <Directory>:/var/lib/registry \
        registry:2
      
      For example,

      docker run -d \
        -p 5000:5000 \
        --restart=always \
        --name registry \
        -v /opt/tsac_<version>/dockerrepo:/var/lib/registry \
        registry:2

      This command creates a local Docker registry on port 5000.

9. Verify that Docker images have been pulled successfully by running the following command:

   curl http://localhost:5000/v2/_catalog

   If successful, the command returns the following output:

   {"repositories":["bmcsoftware/truesight-app-vulnerability-management-drm","bmcsoftware/truesight-app-vulnerability-management-drw","bmcsoftware/truesight-app-vulnerability-management-portal","bmcsoftware/truesight-common-discovery-connector","bmcsoftware/truesight-common-exception-management","bmcsoftware/truesight-common-orchestration-connector","bmcsoftware/truesight-common-tagging","bmcsoftware/truesight-common-tsna-connector","bmcsoftware/truesight-common-tssa-connector","bmcsoftware/truesight-common-workmanager","bmcsoftware/truesight-config-configurator","bmcsoftware/truesight-infra-ext-consul","bmcsoftware/truesight-infra-ext-redis"]}

Setting up Docker in an air-gapped environment

This section provides sample procedures for installing the Docker Community Edition (CE) on CentOS and the Mirantis Container Runtime on Red Hat Linux Enterprise (RHEL). Commands might vary for other operating system and Docker edition combinations.

To set up Docker CE on a CentOS computer in an air-gapped environment

To set up MCR on an RHEL computer in an air-gapped environment

Configuring the product for firewall and Security-Enhanced Linux

If firewall is running and SELinux is enabled, follow these instructions to open the ports:

1. Open these ports on the firewall using the following command for each of the ports:

   firewall-cmd --permanent --add-port portNumber/tcp
   

   Important

   You cannot change the port numbers after the installation or upgrade. You can use port numbers of your choice only during installation.

   Port	Protocol	Configured on	User can change the port number?	Firewall exception needed?	Description
   10443	TCP	Host containing the Automation Console application installation	Yes	Yes	Secure port used to access the Automation Console application.
   5000	TCP	Host containing the Automation Console application installation	Yes (at the time of installation)	Yes	Port used for communication with the Docker repository
   5432	TCP	Host containing the database installation	No	Yes	Port used by the database (PostgreSQL) for communication
   9843	TCP	Host containing the Automation Console application	No	Yes	Port used by the application to communicate with Server Automation

2. Restart the firewall by running the following command: 

   systemctl restart firewalld

3. Stop the Docker service by running the following command: 

   systemctl stop docker

4. Reset the Docker network adapter by running the following commands: 

   iptables -t nat -F
   ifconfig docker0 down

5. Start the Docker service by running the following command:

   systemctl start docker

Where to go from here?

After completing the pre-installation tasks, you can begin installing in the interactive mode.