IBM Security QRadar

 View Only
  • 1.  Updating the Factory Re-Install option at boot

    Posted Wed July 10, 2019 05:56 PM
    Edited by Anthony Gayadeen Wed July 10, 2019 05:59 PM
    Hi everyone,

    last time we installed Qradar from scratch, it was on version 7.3.0. But since, we've upgraded a few times using the SFS patches, and we're now at the latest patch on 7.3.1 version. However, I've discovered a few weeks ago that the Factory re-install option at the boot as not been upgraded since. It's still on version 7.3.0 which is a problem in a recovery situation. Therefore, if we need to re-install the server, we'll need to re-apply other patches to bring it back up to date, thus loosing precious time.

    Is there a way to upgrade the re-install boot option? To avoid this issue, must I use the ISO files to update the server instead of the SFS files?

    Thanks!




    ------------------------------
    Anthony Gayadeen, Videotron Ltd
    Montreal QC
    ------------------------------


  • 2.  RE: Updating the Factory Re-Install option at boot
    Best Answer

    Posted Thu July 11, 2019 08:40 AM
    Hi Anthony,
    There's a script that can add a new iso image, or replace the existing iso image on the recovery partition:
    /opt/qradar/bin/recovery.py --help will show the options.
    -r, --replace replace existing iso's on recovery partition with ISO
    -a, --add copy ISO to recovery partition add it to re-install menu

    Thanks,
    Kelly


    ------------------------------
    Kelly Abbott
    ------------------------------



  • 3.  RE: Updating the Factory Re-Install option at boot

    Posted Thu July 11, 2019 02:00 PM

    Hi Kelly,

    Wouhou!!! Thanks for your quick reply. It seems to work great.

    [root@hostname ~]# /opt/qradar/bin/recovery.py -r /storetmp/Rhe764QRadar7_3_1_20181123182336.stable-7-3-1.iso
    INFO : Successfully mounted /recovery
    INFO : copying /storetmp/Rhe764QRadar7_3_1_20181123182336.stable-7-3-1.iso to /recovery/731/Rhe764QRadar7_3_1_20181123182336.stable-7-3-1.iso
    INFO : copying /mnt/iso/images/updates.img to /recovery/731/images/updates.img
    INFO : Found iso /recovery/731/Rhe764QRadar7_3_1_20181123182336.stable-7-3-1.iso as QRadar 7.3.1.20181123182336
    INFO : Wrote new grub.cfg
    INFO : Synced the new grub.cfg to disk
    INFO : copying /var/log/recovery.log to /recovery/recovery-2019-07-11.log
    INFO : Re-install ready

    Now, let's try a reboot and factory re-install ;)
    I'll be right back!
    Thanks!



    ------------------------------
    Anthony Gayadeen
    Analyst
    Videotron
    Montreal QC
    ------------------------------



  • 4.  RE: Updating the Factory Re-Install option at boot

    Posted Thu July 11, 2019 06:12 PM
    Hi Kelly,

    it worked perfectly. The re-install is on the newer version now. I wonder why this is not in the installation guide. It's a very usefull information that system admin should know when updating the system. When everything is stable and that you're not going to rollback, then the recovery install should also be updated as a best practive.

    before:
    730_boot_menu

    after:
    731_boot_menu

    Thanks again Kelly!!

    Regards,

    ------------------------------
    Anthony Gayadeen
    Analyst
    Videotron
    Montreal QC
    ------------------------------



  • 5.  RE: Updating the Factory Re-Install option at boot

    Posted Fri July 12, 2019 12:19 AM
    Hi Anthony,
    That's great, thanks for the update! I agree with your thoughts as I initially looked for a documentation reference to send you, but was unable to find one so ended up digging through the bin directory and my notes for the utility (which I hadn't' run for quite some time :)

    @Jonathan Pechta  ​any doc reference to the /opt/qradar/bin/recovery.py utility that you are aware of?

    Thanks,
    Kelly

    ------------------------------
    Kelly Abbott
    ------------------------------



  • 6.  RE: Updating the Factory Re-Install option at boot

    Posted Mon September 21, 2020 04:08 AM
    Info update.
    For version  7.4.0 (Build 20200304205308) ISO something goes wrong.  On reinstall error: can't find command 'linux',  can't find command 'initrd'.
    Recovery.py  copy iso as expected but seems with wrong parameters.


    regards,
    Smith

    ------------------------------
    John Woodpack
    ------------------------------



  • 7.  RE: Updating the Factory Re-Install option at boot

    Posted Wed October 13, 2021 02:40 PM

    Hi @Kelly Abbott,
    finally, two years later, a tech note as been created for this ;) However, they could have updated the QRadar version in the example instead of taking the one in this thread... it even looks like my screenshots ;)

    I've used this script recently to update the factory image from 7.4.1 to 7.4.2 and it works just fine.

    https://www.ibm.com/support/pages/node/6490659?myns=swgother&mynp=OCSSBQAC&mync=E&cm_sp=swgother-_-OCSSBQAC-_-E



    ------------------------------
    Anthony Gayadeen
    ------------------------------