Chapter 2. Installing prerequisites for Discovery


Discovery is a containerized solution that can be deployed on any RHEL or OpenShift Container Platform platform. The following documentation assumes Discovery is installed on a dedicated RHEL system. Adoption of this implementation will minimize impact on production servers, avoid complications of UI-to-server port mapping, and adhere to the officially documented and supported path for installation. You must install Discovery on a dedicated system that does not run any other workloads. No warranty or support is offered for installation on a nondedicated system.

Procedure

  • Install the following requirements for hardware, software, and the environment in which you are going to install and use Discovery.

2.1. Hardware prerequisites

The system on which you are going to install Discovery must meet or exceed the following hardware requirements:

  • CPU: 2 core minimum, with a recommended 4 cores
  • RAM: 2 GB minimum, with a recommended 4 GB
  • Disk Storage: 30 GB
Note

Discovery uses rootless Podman, which, by default, stores containers in the following filepath: ${HOME}/.local/share/containers. Ensure that the partition that contains this directory has at least 30 GB of storage. If Podman is configured to use a non-standard directory for container storage, ensure that the configured directory has 30 GB of storage.

2.2. Software prerequisites

The system on which you are going to install Discovery must meet the following software requirements:

  • Operating system: The latest version of Red Hat Enterprise Linux 8 or Red Hat Enterprise Linux 9, installed as a clean install and specifically not upgraded from RHEL 7. You must also have cgroups v2 enabled.
  • File system: Must run with d_type (Podman requirement)

In addition to these software requirements, Discovery has dependencies on other software that is required to install and run Discovery, primarily the Podman container tool. The Podman package is included with Red Hat Enterprise Linux 8 and later, so you are not required to obtain the Podman package separately. You will need sudo privileges to install Podman.

Related Information

  • For more information about the definition of Red Hat Enterprise Linux clean installs, see the key migration terminology section in the Upgrading from RHEL 8 to RHEL 9 guide.

2.3. Other environment prerequisites

The environment in which you are going to install and use Discovery must meet the following requirements. Some of these requirements affect the systems on which you are going to install and run Discovery. Others affect the systems in your IT infrastructure that you are going to scan with Discovery.

In your network:

  • If you want to use Discovery to scan a network that contains multiple air-gapped environments, you must install a Discovery server for each of those air-gapped environments.

On the system where Discovery is installed and running:

  • The system should be a system that is dedicated to Discovery work only and should not be used for either development or production work.
  • The system must have an internet connection to register to Red Hat subscription management tools and access Red Hat content.

    • For a disconnected installation, the connected system on which you are downloading the containers must meet this requirement.
  • The system must have access to the Red Hat Ecosystem Catalog with your Red Hat Customer Portal credentials.

    • For a disconnected installation, the connected system on which you are downloading the containers must meet this requirement.

      Note

      If you cannot use the Red Hat Ecosystem Catalog to download Red Hat content, join the Red Hat Developer program to create a Red Hat Customer Portal account, obtain a Red Hat Developer subscription, and gain access to Red Hat content. For more information, see the Red Hat Developer website.

  • The Discovery server must have access, through the SSH protocol, to the IT infrastructure assets that are to be scanned.

On the systems in your network where Discovery runs scans:

  • Any network sources that are targeted for scanning must be running the SSH protocol.
  • A user account that is used as a credential for a scan requires the bash shell. The shell cannot be the /sbin/nologin shell or the /bin/false shell.
  • A user account that is used as a credential for a network scan must have adequate permissions to run commands and read certain files on those systems. For example, some commands that run during a scan require privilege elevation to gather the complete set of facts for the scan. The Using Discovery guide has additional information about the creation of credentials for network scans and the privileges that must be associated with those credentials to enable a more complete scan of network assets.
  • The user account that runs the podman commands to install and run Discovery must not be the root user, and it must not invoke these commands by using sudo or su to grant elevated user privileges. These actions are not supported.
  • Discovery network scans will use program paths as defined in the target system’s PATH variable.

Additional resources

  • For more information about the creation of credentials for network scans and their association with elevated privileges, see the topic about adding network sources and credentials in the Installing and Configuring Discovery guide.
Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.