Itential Prospector resides on a server configured as indicated below.
Note: The Itential Automation Platform (IAP) is compatible with several third-party software products for network operating environments. Beginning with the system requirements for 2019.1.2, all third-party software version compatibility is documented in Release Notes. To get the most up-to-date requirements for any third-party software, including open source, first identify which IAP release you’re using and then refer to the respective release note.
Prerequisites
- Java 7 (OpenJDK 1.7) or higher.
- MongoDB 3.4.
- Port 1849 availability (configurable).
Install Prospector
The Prospector bin installer can be used to install, upgrade, and uninstall Prospector.
For more information on the bin installer, run the following command:
bash prospector-1.2.3.linux.x86_64.bin —helpprospector-1.2.3 is the version of Prospector.
Output
********************************************************************************
Prospector Compliance Engine (c) 2017 Itential, LLC
This installer will configures the Itential Prospector Compliance Engine. You must have java (>=7) and mongodb (>=3.0) installed to use Prospector.Prospector Installation Help:
Usage: /opt/installers/prospector-1.2.3.linux.x86_64.bin [OPTIONS]
Install / Uninstall / Upgrade:
-i|--install Install
-u|--uninstall Uninstall
-p|--upgrade Upgrade
Locations:
-d | --dir <path> Installation directory. Default: /opt/prospector
-l | --log <path> Log directory. Default: /var/log/prospector
Miscellaneous:
-v | --verbose Enable verbose output
-h | --help Print this help information and exit
-y | --unattended Assume defaults for all prompts & run non-interactively
********************************************************************************Install Prospector with the following command.
$ sh prospector-1.2.3.linux.x86_64.bin -i
...
Complete!Post Installation
Once Prospector is installed and configured, use the information in this section to set your security keys with the database.
Create Database
If no authentication or SSL is enabled, skip these steps.
If MongoDB authentication is enabled, then you may need to create the initial database and specified users in the properties.json database and authUsername properties.
Create a Java Keystore File
To create a Java keystore file for use within the Prospector configuration file, run the following example command.
Example Command Java Keystore
keytool -importcert -trustcacerts -file /usr/local/etc/ssl/mongodb_rootCA.crt-keystore prospector_keystore -storepass prospectorCreate a Java Keystore for Multiple SSL Certificates (replica sets)
To create a Java keystore file for use in a situation where there is a MongoDB setup with a multiple replica set (each with its own SSL certificate), use the same keystore and then use aliases to add multiple certificates.
Java KeyStore - Multiple SSL Certificates
keytool -importcert -trustcacerts -alias server1.itential.com -file/tmp/server1.itential.com -keystore prospector_keystore -storepass prospector
keytool -importcert -trustcacerts -alias server2.itential.com -file/tmp/server2.itential.com -keystore prospector_keystore -storepass prospector
keytool -importcert -trustcacerts -alias server3.itential.com -file/tmp/server3.itential.com -keystore prospector_keystore -storepass prospectorThe keystore file can contain many SSL certificates, but each must have a unique alias. This allows you to identify and control them better. For example, if you need to update or delete a certificate, it is useful to name the alias after the FQDN. Prospector will read in all the SSL certificates and verify any servers that match these certificates. As a result, you can create a single keystore that will work with multiple unique MongoDB environments.
How to Update Prospector
Use the -p option to update Prospector.
bash prospector-1.2.3.linux.x86_64.bin -p