Hi, friends.
I'm a developer and I am learning about Qradar, i use the Qradar CE 7.3.3 for my development environment.
After i installed the latest SDKv2, use
"qapp create" to create a sample app, then i run "qapp run",
SDKv2 will start a docker container in my local, and everything is working well, i can request flask HTTP service from the export port.
But when i run "qapp package -p com.mycompany.myapp.zip" and "qapp deploy -q **.**.**.** -u ***** -p com.mycompany.myapp.zip",
why the app always creating ERROR? The sample app use "qradar-app-base:2.0.4".
After investigation i found below:
1. From dev rest-api i can get error message: "[Health check could not reach app 1055 after 20 attempts over 600 seconds]",
so i think is due to health check can't request the /debug.
2. Then i run "docker ps" on my Qradar CE server, i can see the sample app container is starting:
but after enter the container and inspect this container, i found this container is not support run SDKv2's app?
i can see this docker start point is:
"Args": [
"/start_container.sh"
],
this shell use some directory like "src_deps"? but this are for SDKv1's app, right?
and i think the right command is:
"Args": [
"/opt/app-root/bin/start.sh"
]
and this directly cause the Flask server init failed:
2021-11-27 14:55:58,404 INFO spawned: 'startflask' with pid 33
2021-11-27 14:55:58,664 INFO exited: startflask (exit status 0; not expected)
2021-11-27 14:55:59,666 INFO spawned: 'startflask' with pid 44
2021-11-27 14:55:59,906 INFO exited: startflask (exit status 0; not expected)
2021-11-27 14:56:01,909 INFO spawned: 'startflask' with pid 55
2021-11-27 14:56:02,332 INFO exited: startflask (exit status 0; not expected)
2021-11-27 14:56:05,337 INFO spawned: 'startflask' with pid 66
2021-11-27 14:56:05,628 INFO exited: startflask (exit status 0; not expected)
2021-11-27 14:56:06,629 INFO gave up: startflask entered FATAL state, too many start retries too quickly
I want to know is the Qradar CE 7.3.3 only support SDKv1's app ? But...Why ?
Is there any solution ?