Installing and Configuring Qualys Cloud Agent for VMware Tanzu
This topic describes steps to install and configure Qualys Cloud Agent for VMware Tanzu.
Steps to install the Qualys Cloud Agent for VMware Tanzu file on the Ops Manager Installation Dashboard:
Download the product file from VMware Tanzu Network.
Navigate to the Ops Manager Installation Dashboard and click Import a Product to upload the product file.
Under Import a Product, click + next to the version number of Qualys Cloud Agent for VMware Tanzu. This adds the tile to your staging area.
Click the newly added Qualys Cloud Agent for VMware Tanzu tile.
Populate the data in the Qualys Account Configuration form.
For Qualys Cloud Platform, select a platform from dropdown. If you select Private Cloud Platform (PCP), configure the URL in Download URL for Cloud Agent field. The PCP users are required to host their cloud agent debian package at some location internal to their network and then provide that URL in the Download URL for Cloud Agent field while account configuration. This .deb package should be downloadable through either curl or wget and the location should be accessible within the deployments.
Enter Qualys Activation ID and Qualys Customer ID obtained from Qualys Platform. For more information about getting these parameters, refer to Qualys Cloud Agent Getting Started Guide.
If Qualys Cloud Platform is not directly accessible from target VMs, click Proxy Settings tab to configure proxy settings. These settings are optional and need to provide only when you need proxy for target VMs.
For Proxy Server and Port, specify the proxy server and port in the http[s]://host[:port] format. For authenticated proxy, provide Proxy Username and Proxy Password. For PCP users to download Qualys Cloud Agent using proxy, select Use the same proxy for downloading Qualys Cloud Agent from your hosted location (applicable only to PCP customers) checkbox.
Return to the Ops Manager Installation Dashboard and click Apply changes to install Qualys Cloud Agent for VMware Tanzu tile. When installation is successful, you can see Qualys Cloud Agents installed on your deployments.
The output of
$bosh deploymentsshows qualys-cloud-agent/x.x.x
To verify the Qualys Cloud Agent installation and provisioning, you can use BOSH CLI on the Ops Manager VM and check with command:
$bosh vms. List of VMs with IP address are listed in the following screenshot. You can check that same IP address is listed on the Qualys Platform UI( Refer screnshot in #5 listed below).
Qualys Cloud Agent is installed on all of the cf-XXXXXXX deployment VMs. You can ssh into any of these VMs and verify:
$ bosh ssh -d cf-56372e3e3422ffa3b888 compute/3018e0a3-175a-4be0-ac53-4ed454a1218eTo check if the Qualys Cloud Agent process is running, run the command:
$ ps -eaf | grep qualys
In case of custom BOSH deployments, other than cf-deployment, make sure to re-deploy the deployment after tile installation to get the Qualys Cloud Agent Bosh release deployed on it’s VMs.
You can check logs at
You can verify on respective Qualys Platform UI > Cloud Agent module, to see if this new instance VM has a Qualys Cloud Agent provisioned and functioning properly.
This topic describes how to resolve common errors that arise when configuring Qualys Cloud Agent for VMware Tanzu.
1. Pre-start script failed
Symptom: If you see error while installation of tile: 1 of 7 pre-start scripts failed. Failed Jobs: qualys-cloud-agent-linux.
Explanation: There could be some issue while running the pre-start script. If its PCP, the download of agent might have failed or there is some issue with the installation of the .deb package.
Log into the VM for which pre-start script failed. Check logs at following location:
In case of PCP, the download URL might not be accessible within the deployment, check if it is downloadable through curl from within the deployment VM.
2. Deployed VM and Vulnerability Data is not displayed on Qualys UI
Symptom: You do not see your deployment VM listed on Qualys UI and no vulnerability data associated with it.
Explanation: The Qualys Cloud agent might have not provisioned properly or there is issue with the deployed Cloud Agent communicating to Qualys platform.
Check the installation status in job start log at:
Check the Qualys Cloud Agent logs at:
There you might see the API response code as 404 or a non-200 code, check if Qualys platform is reachable from the VM.
Also re-check if you have used correct Activation Id and Customer Id for the selected Qualys Platform.
If everything is in place and Agent log shows successful API calls, then wait for some time for data to be available on Qualys UI. Depending on Platform workload it might take time to process the data. If still no data is available, contact Qualys support.