Installing and Configuring Qualys Cloud Agent for VMware Tanzu

This topic describes steps to install and configure Qualys Cloud Agent for VMware Tanzu.

Install and Configure Qualys Cloud Agent for VMware Tanzu

Steps to install the Qualys Cloud Agent for VMware Tanzu file on the Ops Manager Installation Dashboard:

  1. Download the product file from VMware Tanzu Network.

  2. Navigate to the Ops Manager Installation Dashboard and click Import a Product to upload the product file.

  3. Under Import a Product, click + next to the version number of Qualys Cloud Agent for VMware Tanzu. This adds the tile to your staging area.

  4. Click the newly added Qualys Cloud Agent for VMware Tanzu tile.

  5. Populate the data in the Qualys Account Configuration form. Qualys Account Configuration

  6. For Qualys Cloud Platform, select a platform from dropdown. If you select Private Cloud Platform (PCP), configure the URL in Download URL for Cloud Agent field. The PCP users are required to host their cloud agent debian package at some location internal to their network and then provide that URL in the Download URL for Cloud Agent field while account configuration. This .deb package should be downloadable through either curl or wget and the location should be accessible within the deployments.

  7. Enter Qualys Activation ID and Qualys Customer ID obtained from Qualys Platform. For more information about getting these parameters, refer to Qualys Cloud Agent Getting Started Guide.

  8. Click Save.

  9. Return to the Ops Manager Installation Dashboard and click Apply changes to install Qualys Cloud Agent for VMware Tanzu tile. When installation is successful, you can see Qualys Cloud Agents installed on your deployments.

Verification of Installation and Configuration

  1. The output of $bosh deployments shows qualys-cloud-agent/1.0.0 Qualys Cloud Agent Bosh Output

  2. To verify the Qualys Cloud Agent installation and provisioning, you can use BOSH CLI on the Ops Manager VM and check with command:$bosh vms. List of VMs with IP address are listed in the following screenshot. You can check that same IP address is listed on the Qualys Platform UI( Refer screnshot in #5 listed below). Qualys Cloud Agent Verification

  3. Qualys Cloud Agent is installed on all of the cf-XXXXXXX deployment VMs. You can ssh into any of these VMs and verify: $ bosh ssh -d cf-56372e3e3422ffa3b888 compute/3018e0a3-175a-4be0-ac53-4ed454a1218e To check if the Qualys Cloud Agent process is running, run the command: $ ps -eaf | grep qualys Qualys Cloud Agent SSH

  4. You can check logs at

    /var/vcap/sys/log/qualys-cloud-agent-linux/qualys-cloud-agent.log

  5. You can verify on respective Qualys Platform UI > Cloud Agent module, to see if this new instance VM has a Qualys Cloud Agent provisioned and functioning properly. Qualys Cloud Agent UI

Troubleshooting

This topic describes how to resolve common errors that arise when configuring Qualys Cloud Agent for VMware Tanzu.

1. Pre-start script failed

  • Symptom: If you see error while installation of tile: 1 of 7 pre-start scripts failed. Failed Jobs: qualys-cloud-agent-linux.

  • Explanation: There could be some issue while running the pre-start script. If its PCP, the download of agent might have failed or there is some issue with the installation of the .deb package.

  • Solution:

Log into the VM for which pre-start script failed. Check logs at following location:

/var/vcap/sys/log/qualys-cloud-agent-linux/pre-start.stdout.log
/var/vcap/sys/log/qualys-cloud-agent-linux/pre-start.stderr.log
/var/vcap/sys/log/qualys-cloud-agent-linux/qualys-agent-pre-install.log

In case of PCP, the download URL might not be accessible within the deployment, check if it is downloadable through curl from within the deployment VM.

2. Deployed VM and Vulnerability Data is not displayed on Qualys UI

  • Symptom: You do not see your deployment VM listed on Qualys UI and no vulnerability data associated with it.

  • Explanation: The Qualys Cloud agent might have not provisioned properly or there is issue with the deployed Cloud Agent communicating to Qualys platform.

  • Solution:

Check the installation status in job start log at:

/var/vcap/sys/log/qualys-cloud-agent-linux/qualys-agent-install.log

Check the Qualys Cloud Agent logs at:

/var/vcap/sys/log/qualys-cloud-agent-linux/qualys-cloud-agent.log

There you might see the API response code as 404 or a non-200 code, check if Qualys platform is reachable from the VM.

Also re-check if you have used correct Activation Id and Customer Id for the selected Qualys Platform.

If everything is in place and Agent log shows successful API calls, then wait for some time for data to be available on Qualys UI. Depending on Platform workload it might take time to process the data. If still no data is available, contact Qualys support.