Icon Journal

Home / news

Preparing for installation - Documentation for TrueSight Automation Console 21.02

William Jenkins |

Installation of TrueSight Automation Console requires you to complete these preinstallation tasks. You can download the installation files from the BMC Electronic Product Distribution (EPD) site. 

Setting up your installation environment

Complete the following tasks to set up your environment:

  • Ensure that the target computer meets the system requirements.
  • Ensure that the servers on which you want to install the application and database are in the same time zone.

  • Install a compatible TrueSight Server Automation version.
    For details, see System requirements

    Note

    We recommend that you install the Automation Console and TrueSight Server Automation on different hosts.

  • If you want to use Mirantis Container Runtime in a production environment, you need to purchase the license. You can use the trial version for a non-production environment. For more information, see the  Mirantis Open link website.

  • Set up Docker in an internet-enabled environment.
    OR
    Set up Docker in an air-gapped environment.

    Note:

    To avoid docker network conflicts, do not install TrueSight Automation Console and TrueSight Vulnerability Management on the same docker host.

  • If you want to install using a non-root user, ensure that the user has read and write permissions to the installation directory.
    This user must also be a part of the docker user group on the host.
  • Make sure that the /var filesystem has at least 50 GB of storage space.

  • If using an external PostgreSQL database, ensure that it is installed (along with the PostgresSQL contrib modules) and is running. 

     To verify whether the contrib modules are installed, run the following commands based on your version:

    For PostgreSQL 12 

    yum list installed | grep postgresql12-contrib

    For PostgreSQL 11.2 

    yum list installed | grep postgresql11-contrib

Setting up Docker in an internet-enabled environment

This section provides sample procedures for installing the Docker Community Edition (CE) on CentOS and the Mirantis Container Runtime on Red Hat Linux Enterprise (RHEL). Commands might vary for other operating system and Docker edition combinations.

Note

While setting up Docker in an internet-enabled or an air-gapped environment, the location where Docker is to be installed must have at least 50 GB storage space.

To install Docker CE on a CentOS computer

  1. Add a Docker repository to your system required to install Docker: 

    sudo yum-config-manager --add-repo

  2. Install Docker Community Edition:

    sudo yum -y install docker-ce device-mapper-libs device-mapper-event-libs

  3. Start the Docker daemon:

    systemctl start docker

  4. Enable the Docker services:

    systemctl enable docker.service

  5. Download Docker compose:

    sudo curl -L -s`-`uname -m` -o /usr/local/bin/docker-compose

    Important

    After you download Docker compose, ensure that /usr/local/bin/ is added to the PATH variable.

  6. Grant the required permissions to Docker compose:

    sudo chmod +x /usr/local/bin/docker-compose

  7. To create a local Docker registry to manage Docker images, do the following:

    1. Download the TSAC<versionNo>-IMAGES-LIN64.zip file from the BMC Electronic Products Distribution (EPD).

    2. Create a directory on the Docker host (for example, /opt/tsac_<version>/dockerrepo) and extract the TSAC<versionNo>-IMAGES-LIN64.zip into the directory.
      Ensure that the file system size of this directory is at least 10 GB.

    3. Run the following command to create the local Docker registry. In the following command, replace <Directory> with the directory with its complete path that you created in step b. If there are multiple hosts, repeat this step on all the Docker hosts.

      docker run -d \ -p 5000:5000 \ --restart=always \ --name registry \ -v <Directory>:/var/lib/registry \ registry:2

      For example,

      docker run -d \ -p 5000:5000 \ --restart=always \ --name registry \ -v /opt/tsac_<version>/dockerrepo:/var/lib/registry \ registry:2

      This command creates a local Docker registry on port 5000.

  8. Verify that Docker images have been pulled successfully by running the following command:

    curl

    Alternatively, you can verify by using the  URL in a browser. 

    If successful, the command returns the following output:

    {"repositories":["bmcsoftware/truesight-app-vulnerability-management-drm","bmcsoftware/truesight-app-vulnerability-management-drw","bmcsoftware/truesight-app-vulnerability-management-portal","bmcsoftware/truesight-common-discovery-connector","bmcsoftware/truesight-common-exception-management","bmcsoftware/truesight-common-orchestration-connector","bmcsoftware/truesight-common-tagging","bmcsoftware/truesight-common-tsna-connector","bmcsoftware/truesight-common-tssa-connector","bmcsoftware/truesight-common-workmanager","bmcsoftware/truesight-config-configurator","bmcsoftware/truesight-infra-ext-consul","bmcsoftware/truesight-infra-ext-redis"]}

To install Mirantis Container Runtime on an RHEL computer

Installing Mirantis Container Runtime (MCR) involves the following tasks. MCR was formerly called Docker EE.

  1. Set up a Docker repository.
  2. Install MCR from the repository.

To set up the Docker repository 

Do the following:

  1. Log in to the host where you want to install MCR.

  2. Remove the existing Docker repositories:

    $ sudo rm /etc/yum.repos.d/docker*.repo

  3. Temporarily store "" in an environment variable. This value does not persist after the session ends.

    $ export DOCKERURL=""

  4. Store the DOCKERURL value from the previous step in a yum variable:

    $ sudo -E sh -c 'echo "$DOCKERURL/rhel" > /etc/yum/vars/dockerurl'

  5. Store the OS version string at /etc/yum/vars/dockerosversion.

    $ sudo sh -c 'echo "7" > /etc/yum/vars/dockerosversion'

    You can also store a specific minor version, such as 7.2.

  6. Install yum-utils that provides the yum-config-manager utility.

    $ sudo yum install -y yum-utils

  7. Enable the extras RHEL repository. This ensures access to the container-selinux package required by docker-ee.

    sudo yum-config-manager --enable rhel-7-server-extras-rpms

  8. Add the MCR repository to your system:

    sudo -E yum-config-manager --add-repo "$DOCKERURL/rhel/docker-ee.repo"

To install MCR from the repository 

Do the following:

  1. Install the latest patch release or go to the next step to install a specific version:

    $ sudo yum -y install docker-ee docker-ee-cli containerd.io

    If you are prompted to accept the GPG key, verify that the fingerprint matches 77FE DA13 1A83 1D29 A418 D3E8 99E5 FF2E 7668 2BC9, and if yes, accept it.

  2. To install a specific MCR version, do the following:

    1. List and sort the versions available in your repository. This example sorts results by version number, highest to lowest, and is truncated:

      $ sudo yum list docker-ee --showduplicates | sort -r
docker-ee.x86_64 20.10.ee.2-1.el7.rhel docker-ee-stable-18.09

      The returned list depends on which repositories are enabled, and it is specific to your version of Red Hat Enterprise Linux (indicated by .el7 in the example).

    2. Install a specific version by specifying the fully qualified package name. For example, docker-ee-18.09.1

      $ sudo yum -y install docker-ee-<VERSION_STRING> docker-ee-cli-<VERSION_STRING> containerd.io

      For example, to install the 19.03 version, run this command:

      $ sudo yum -y install docker-ee-19.03.8 docker-ee-cli-19.03.8 containerd.io

  3.  Start the Docker daemon:

    systemctl start docker

  4. Enable the Docker services:

    systemctl enable docker.service

  5. Download and install docker compose:

    sudo curl -L -s`-`uname -m` -o /usr/local/bin/docker-compose

  6. After you download docker compose, add /usr/local/bin/ to the PATH variable.

  7. Grant the required permissions to docker compose:

    sudo chmod +x /usr/local/bin/docker-compose

  8. Create a local Docker registry to manage Docker images, as follows:

    1. Download the TSAC<versionNo>-IMAGES-LIN64.zip file from the BMC Electronic Products Distribution (EPD).

    2. Create a directory on the Docker host (for example, /opt/tsac_<version>/dockerrepo) and extract the TSAC<versionNo>-IMAGES-LIN64.zip into the directory.
      Ensure that the file system size of this directory is at least 10 GB.

    3. Run the following command to create the local Docker registry. Replace <Directory> with the complete path of the directory that you created in step b. If there are multiple Docker hosts, repeat this step on all hosts.
      docker run -d \
        -p 5000:5000 \
        --restart=always \
        --name registry \
        -v <Directory>:/var/lib/registry \
        registry:2

      For example,

      docker run -d \ -p 5000:5000 \ --restart=always \ --name registry \ -v /opt/tsac_<version>/dockerrepo:/var/lib/registry \ registry:2

      This command creates a local Docker registry on port 5000.

  9. Verify that Docker images have been pulled successfully by running the following command:

    curl

    If successful, the command returns the following output:

    {"repositories":["bmcsoftware/truesight-app-vulnerability-management-drm","bmcsoftware/truesight-app-vulnerability-management-drw","bmcsoftware/truesight-app-vulnerability-management-portal","bmcsoftware/truesight-common-discovery-connector","bmcsoftware/truesight-common-exception-management","bmcsoftware/truesight-common-orchestration-connector","bmcsoftware/truesight-common-tagging","bmcsoftware/truesight-common-tsna-connector","bmcsoftware/truesight-common-tssa-connector","bmcsoftware/truesight-common-workmanager","bmcsoftware/truesight-config-configurator","bmcsoftware/truesight-infra-ext-consul","bmcsoftware/truesight-infra-ext-redis"]}

Setting up Docker in an air-gapped environment

This section provides sample procedures for installing the Docker Community Edition (CE) on CentOS and the Mirantis Container Runtime on Red Hat Linux Enterprise (RHEL). Commands might vary for other operating system and Docker edition combinations.

To set up Docker CE on a CentOS computer in an air-gapped environment

 Click here to expand...

  1. Ensure that Docker CE is installed on the computer where you want to install the application.

  2. Start the Docker daemon:

    systemctl start docker

  3. Enable the Docker services:

    systemctl enable docker.service

  4. Switch to the computer that has internet access and download docker compose using the following command:

    sudo curl -L -s`-`uname -m` -o /usr/local/bin/docker-compose

  5. Copy the downloaded file to the /usr/local/bin directory on the computer where you want to install the application:

    Important

    After you download docker compose, ensure that /usr/local/bin/ is added to the PATH variable.

  6. Grant the required permissions to docker compose:

    sudo chmod +x /usr/local/bin/docker-compose

  7. Create a local Docker registry to manage Docker images, as follows:

    1. Download the TSAC<versionNo>-IMAGES-LIN64.zip file from the BMC Electronic Products Distribution (EPD) on the computer where you have internet access.
      The zip file also contains the registryv2.tar file inside the /registry location, which is used to load the registry image on a Docker host.

    2. On the Docker host, run the following command to load the registry image:

      docker load -i <installer unzip location>/registry/registryv2.tar
    3. Copy the TSAC<versionNo>-IMAGES-LIN64.zip to the computer on the Docker host.

    4. Create a directory on the Docker host (for example, /opt/tsac_<version>/dockerrepo) and extract the TSAC<versionNo>-IMAGES-LIN64.zip into the directory.
      Example:

      mkdir -p //opt/tsac_<version>/dockerrepo
unzip TSAC-<version>-IMAGES-LIN64.zip -d /opt/tsac_<version>/dockerrepo

    5. Run the following command to create the local Docker registry. In the following command, replace <Directory> with the directory with its complete path that you created in step f. If there are multiple hosts, repeat this step on all the Docker hosts.

      docker run -d \ -p 5000:5000 \ --restart=always \ --name registry \ -v <Directory>:/var/lib/registry \ registry:2

      Example:

      docker run -d \ -p 5000:5000 \ --restart=always \ --name registry \ -v /opt/tsac_<version>/dockerrepo:/var/lib/registry \ registry:2

      This command creates a local Docker registry on port 5000.

  8. Verify that Docker images have been pulled successfully by running the following command:

    curl

    If successful, the command returns the following output:

    {"repositories":["bmcsoftware/truesight-app-utilities","bmcsoftware/truesight-app-vulnerability-management-drm","bmcsoftware/truesight-app-vulnerability-management-drw","bmcsoftware/truesight-app-vulnerability-management-portal","bmcsoftware/truesight-common-discovery-connector","bmcsoftware/truesight-common-exception-management","bmcsoftware/truesight-common-itil","bmcsoftware/truesight-common-orchestration-connector","bmcsoftware/truesight-common-tagging","bmcsoftware/truesight-common-tsna-connector","bmcsoftware/truesight-common-tssa-connector","bmcsoftware/truesight-common-workmanager","bmcsoftware/truesight-config-configurator","bmcsoftware/truesight-infra-ext-consul","bmcsoftware/truesight-infra-ext-redis"]}

To set up MCR on an RHEL computer in an air-gapped environment

 Click here to expand...

  1. Ensure that MCR is installed on the computer where you want to install the application.

  2. Run the following command to start the Docker daemon:

    systemctl start docker

  3. Enable the Docker services:

    systemctl enable docker.service

  4. Connect to the computer that has internet access and download docker compose using this command:

    sudo curl -L
`uname -s`-`uname -m` -o /usr/local/bin/docker-compose

  5. Copy the downloaded file to the /usr/local/bin directory on the computer where you want to install the application:

    Important

    After you download docker compose, ensure that /usr/local/bin/ is added to the PATH variable.

  6. Grant the required permissions to docker compose:

    sudo chmod +x /usr/local/bin/docker-compose

  7. Create a local Docker registry to manage Docker images, as follows:

    1. Download the TSAC<versionNo>-IMAGES-LIN64.zip file from the BMC Electronic Products Distribution (EPD) on the computer where you have internet access.

      The zip file also contains the registryv2.tar file inside the /registry location, which is used to load the registry image on a Docker host.

    2. On the Docker host, run the following command to load the registry image:

      docker load -i <installer unzip location>/registry/registryv2.tar
    3. Copy the TSAC<versionNo>-IMAGES-LIN64.zip to the computer on the Docker host.

    4. Create a directory on the Docker host (for example, /opt/tsac_<version>/dockerrepo) and extract the TSAC<versionNo>-IMAGES-LIN64.zip into the directory.
      Example

      mkdir -p /opt/tsac_<version>/dockerrepo
unzip TSAC-<version>-IMAGES-LIN64.zip -d /opt/tsac/dockerrep

    5. Create the local Docker registry. Replace <Directory> with the complete path of the directory that you created in step f. If there are multiple Docker hosts, repeat this step on all hosts.

      docker run -d \ -p 5000:5000 \ --restart=always \ --name registry \ -v <Directory>:/var/lib/registry \ registry:2


      Example:

      docker run -d \ -p 5000:5000 \ --restart=always \ --name registry \ -v /opt/tsac_<version>/dockerrepo:/var/lib/registry \ registry:2

      This command creates a local Docker registry on port 5000.

  8. Verify that Docker images have been pulled successfully by running the following command:

    curl

    If successful, the command returns the following output:

    {"repositories":["bmcsoftware/truesight-app-utilities","bmcsoftware/truesight-app-vulnerability-management-drm","bmcsoftware/truesight-app-vulnerability-management-drw","bmcsoftware/truesight-app-vulnerability-management-portal","bmcsoftware/truesight-common-discovery-connector","bmcsoftware/truesight-common-exception-management","bmcsoftware/truesight-common-itil","bmcsoftware/truesight-common-orchestration-connector","bmcsoftware/truesight-common-tagging","bmcsoftware/truesight-common-tsna-connector","bmcsoftware/truesight-common-tssa-connector","bmcsoftware/truesight-common-workmanager","bmcsoftware/truesight-config-configurator","bmcsoftware/truesight-infra-ext-consul","bmcsoftware/truesight-infra-ext-redis"]}

Configuring the product for firewall and Security-Enhanced Linux

If firewall is running and SELinux is enabled, follow these instructions to open the ports:

  1. Open these ports on the firewall using the following command for each of the ports:

    firewall-cmd --permanent --add-port portNumber/tcp

    Important

    You cannot change the port numbers after the installation or upgrade. You can use port numbers of your choice only during installation.

    Port

    Protocol

    Configured on

    User can change the port number?

    Firewall exception needed?

    Description

    10443TCPHost containing the Automation Console application installationYesYesSecure port used to access the Automation Console application.
    5000TCP

    Host containing the Automation Console application installation

    		Yes (at the time of installation)YesPort used for communication with the Docker repository
    5432TCPHost containing the database installationNoYesPort used by the database (PostgreSQL) for communication
    9843TCPHost containing the Automation Console applicationNoYes

    Port used by the application to communicate with Server Automation

  2. Restart the firewall by running the following command: 

    systemctl restart firewalld

  3. Stop the Docker service by running the following command: 

    systemctl stop docker

  4. Reset the Docker network adapter by running the following commands: 

    iptables -t nat -F
ifconfig docker0 down

  5. Start the Docker service by running the following command:

    systemctl start docker

Where to go from here?

After completing the pre-installation tasks, you can begin installing in the interactive mode

You Might Also Like