How to install Hyperglance on your own Instance or VM

If you need to install Hyperglance on your own hardened/golden VM, follow these instructions

The Hyperglance installer uses Ansible and Docker to install Hyperglance to your own Instance/VM. 

The installer has been tested against:

  • Amazon Linux 2
  • CentOS 7
  • RHEL (Red Hat Enterprise Linux) 7
  • RHEL (Red Hat Enterprise Linux) 8
  • Ubuntu 16.04 (LTS), Ubuntu 18.04 (LTS) & Ubuntu 20.04 (LTS)
Please use one of these distributions.

General Pre-Requisites

The installer should NOT be run from the same machine (localhost/127.0.0.1) that it is installing to. Please run it from a separate machine that has SSH access to the target host.

  1. Docker Installed and Running on the system you're running the installer from.
    1. python - Found on most *nix based systems
    2. Access to the SSH key to access the target host.

    The Hyperglance Installer takes care of all other pre-requisites on the target host, including docker installation.

    AWS Prerequisites

    The Instance must have the appropriate role & policy applied so Hyperglance is authorised to pull data from the AWS API. See here for details of AWS commercial: https://support.hyperglance.com/knowledge/aws-iam-policy-requirements

    {
    "Version": "2012-10-17",
    "Statement": [
    {
    "Effect": "Allow",
    "Action": [
                    "access-analyzer:List*",
                    "apigateway:GET",
                    "autoscaling:Describe*",
                    "backup:ListProtectedResources",
                    "cloudwatch:Describe*",
                    "cloudwatch:GetMetricStatistics",
                    "cloudwatch:ListMetrics",
                    "cur:DescribeReportDefinitions",
                    "dax:Describe*",
                    "dax:ListTags",
                    "dynamodb:Describe*",
                    "dynamodb:ListTables",
                    "dynamodb:ListTagsOfResource",
                    "directconnect:Describe*",
                    "ec2:Describe*",
                    "ec2:Get*",
                    "ec2:Search*",
                    "ecs:Describe*",
                    "ecs:List*",
                    "eks:Describe*",
                    "eks:List*",
                    "elasticloadbalancing:Describe*",
                    "iam:List*",
                    "iam:Get*",
                    "iam:GenerateCredentialReport",
                    "lambda:List*",
                    "ram:GetResourceShareAssociations",
                    "redshift:Describe*",
                    "redshift:List*",
                    "rds:Describe*",
                    "rds:ListTagsForResource",
                    "route53:List*",
                    "route53:Get*",
                    "s3:Get*",
                    "s3:ListAllMyBuckets",
                    "s3:ListBucket",
                    "sts:AssumeRole",
                    "sts:GetCallerIdentity",
                    "workspaces:Describe*",
                    "sns:List*",
                    "sns:Get*",
                    "sqs:List*",
                    "sqs:Get*",
                    "pricing:GetProducts"
    ],
    "Resource": "*"
    }
    ]
    }

    See here for GovCloud policy requirements:

    https://support.hyperglance.com/knowledge/aws-iam-policy-requirements-for-govcloud

     

    Deployment instructions


    This deployment should be run from any system that has ssh access to the target. Do NOT run it on the same machine that you are installing to. Execute the deployment from a remote system, or control node where your private key(s) already resides.

    Deploy Hyperglance remotely to your target instance

    This method will use a docker container to deploy Hyperglance to another system that you have SSH access to.

    Use the following Commands to start the deployment, this example assumes the Inventory file is in the same path as where the commands are being ran from.

    1. docker pull hyperglance/hyperglance_installer

    2. In the directory where you're executing the commands, create and inventory file:
      touch inventory 
    3. Populate this file with the following content, replace the IP Address with the target IP, and change the ansible_user if required, you do not need to change the key name.
      [hg]
      HOST_IP OR DNS NAME

      [all:vars]
      ansible_user=<SSH username>
      ansible_ssh_private_key_file=~/.ssh/id_rsa

    You cannot use `localhost` or `127.0.0.1` as this resolves to the container.

    4.  Execute the following command, if the key is not in your current working directory, update the key path to the correct location i.e. -v ~/.ssh/id_rsa:/root/.ssh/id_rsa
    docker run --rm -it \
    -v ~/.ssh/id_rsa:/root/.ssh/id_rsa \
    -v $(pwd)/inventory:/ansible/playbooks/inventory \
    hyperglance/hyperglance_installer:latest deploy.yml -i inventory

    5. You will see some output from the container as it deploys, failed=0 is a good sign of success

    PLAY RECAP *******************************************************************************************************************************************************************************
    ip-172-31-30-191 : ok=14 changed=8 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0

    DONE! Hyperglance should now be available using the IP / DNS Name of the host. 

    Apply the Hyperglance licence: https://support.hyperglance.com/knowledge/how-to-apply-a-new-license.