Looks like qapp create still puts it in __init__.py, inside create_app(). It is there :(
Original Message:
Sent: Thu March 11, 2021 09:46 AM
From: Stephen Kelly
Subject: App deployment fails (v2 framework)
mmm does your app have a debug endpoint my initial thoughts is that it could be that. You need to add that yourself now on your app previously we automatically added the debug endpoint.
e.g.
@qflask.route('/debug')
def debug():
return 'Pong!'
From the helloworld sample app in __init__.py
It just needs to return some simple text like Pong
Let me know if adding the debug endpoint fixes it
Thanks
------------------------------
Stephen Kelly
Original Message:
Sent: Thu March 11, 2021 08:57 AM
From: Milen Rangelov
Subject: App deployment fails (v2 framework)
Hello Stephen,
Unfortunately, applications still fail to deploy for some reason even though the images are built successfully (and that happens to all applications even a barebone one). I did a "docker save" on a built image of a barebone app (as QRadar deletes it after deployment fails). Then I ran it manually and it seems it runs fine without errors:
docker run 6a74e745a34e /bin/bash
2021-03-11 13:46:08 as_root command [chown -R 99:99 /opt/app-root] exited with status 0
2021-03-11 13:46:09,254 WARN No file matches via include "/etc/supervisord.d/*.conf"
2021-03-11 13:46:09,260 INFO RPC interface 'supervisor' initialized
2021-03-11 13:46:09,260 CRIT Server 'unix_http_server' running without any HTTP authentication checking
2021-03-11 13:46:09,261 INFO supervisord started with pid 40
2021-03-11 13:46:10,264 INFO spawned: 'startflask' with pid 43
2021-03-11 13:46:11,797 INFO success: startflask entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
Unfortunately I can find no events related to the deployment failure in any of the logs. I was wondering if a complete restart of all the QRadar services would solve the issue?
------------------------------
Milen Rangelov
Original Message:
Sent: Wed March 10, 2021 06:30 AM
From: Stephen Kelly
Subject: App deployment fails (v2 framework)
Hi Milen,
Excellent ;) weird that an empty app is failing do you mean you created a workspace with the default hello world template in it and that failed to deploy? At least your app is working and the /bin/sh problem is resolved. Sounds like the image wasnt loading correctly from the sfs for some reason :(
Thanks for letting me know which version etc you are on anyway
Regards
Stephen
------------------------------
Stephen Kelly
Original Message:
Sent: Wed March 10, 2021 06:13 AM
From: Milen Rangelov
Subject: App deployment fails (v2 framework)
Hello Stephen,
This finally solved the issue! A new empty application (qapp create && qapp package && qapp deploy) still fails to deploy for some reason (might be completely normal as I didn't do any changes to it) however I can now see in /var/log/qradar/app/docker_build/docker_build.log.0 that the image builds successfully and the "no /bin/sh" error is gone. I can now resume development!
In case you find it useful, I am running QRadar 7.3.3.6, which I updated to 7.3.3.7 later on, so I did the procedure from the SFS image.
Thank you a lot for your help!!!
------------------------------
Milen Rangelov
Original Message:
Sent: Tue March 09, 2021 01:03 PM
From: Stephen Kelly
Subject: App deployment fails (v2 framework)
Hi Milen,
mmm it sounds like its not loading the base image from the filesystem. What version of QRadar are you using?
Is this an upgraded QRadar server or a fresh install?
I'd try removing the image from the local registry by running docker rmi -f <image id for qradar- base-app image>
Get the image id by running docker images on the QRadar console
Then retry the steps from my previous post only this time don't run deliver.sh push but follow the below steps to replace the contents of the images folder to make sure the base image is there
- Mount the ISO/SFS (Use the ISO if it was a fresh install or SFS if it was a patch)
- If you are using the sfs there should be a directory named
docker at the top level. If you are using the iso its underpost/qradar/docker
Confirm that the images.json file in this directory contains an entry for qradar-app-base:2.0.4. - Back in the QRadar file system, as a precaution, rename directory
/store/docker-data/images . This is a backup of the existing image info, which you're going to replace. - Make a new
/store/docker-data/images directory. - Recursively copy the content of the sfs
docker dir into /store/docker-data/images . - Execute
/store/docker-data/images/deliver.sh push. - The
qradar-app-base image should now be in your registry.
Check you can pull the image and that you can run docker run then after this by running
docker pull console.localdeployment:5000/qradar-app-base:2.0.4
Then run
docker run -d -it console.localdeployment:5000/qradar-app-base:2.0.4 /bin/sh
If that works remove that container
Run
docker ps -a
to see the containers running
then run
docker stop <container id of started container>
docker rm <container id of started container>
Then retry the deploy if all the above is working correctly
------------------------------
Stephen Kelly
Original Message:
Sent: Tue March 09, 2021 12:29 PM
From: Milen Rangelov
Subject: App deployment fails (v2 framework)
Hello Stephen,
I tried the steps you suggested. Deployment failed with the following error:
Please enter password for user admin:
Application fresh install detected
Uploading test.zip 18618 bytes
The supplied image qradar-app-base:2.0.4 for the application definition is not currently supported as it does not exist in the docker registry
Then I proceeded to manually push the image to the registry:
tar -c qradar-app-base-2.0.4.xz | docker image import - qradar-app-base
docker tag 27357bf9b96f console.localdeployment:5000/qradar-app-base:2.0.4
docker push console.localdeployment:5000/qradar-app-base:2.0.4
After that, it doesn't complain about missing image in the registry, but it fails with the "no /bin/sh" error again.
I think I am doing something very wrong with the way I push that image to the local registry and maybe that's what the root cause of the problem is...
------------------------------
Milen Rangelov
Original Message:
Sent: Tue March 09, 2021 10:48 AM
From: Stephen Kelly
Subject: App deployment fails (v2 framework)
Hi Milen,
Try this on the QRadar console:
1) Stop hostcontext by executing this
systemctl stop hostcontext
2) Stop the registry by executing this
systemctl stop si-registry
3) Move /store/docker-data/registry to another location by running this for example
mv /store/docker-data/registry /root
4) Start the registry again by executing this
systemctl start si-registry
5) Load the image from the filesystem to the registry by executing this
/store/docker-data/images/deliver.sh push
6) Start hostcontext again by executing this
systemctl start hostcontext
Then retry the deploy
------------------------------
Stephen Kelly
Original Message:
Sent: Tue March 09, 2021 10:13 AM
From: Milen Rangelov
Subject: App deployment fails (v2 framework)
Not that lucky with the QRadar console host though. Found out it isn't that simple and a third party tool is required to delete images from registry. Anyway, I have just two images currently in the registry: centos-base and qradar-app-base. I tried removing qradar-app-base and then "qapp deploy" complained about qradar-app-base:2.0.4 not being available in the registry (which was expected). I then proceeded to import the image from the .xf file, tag it and push it again to the registry. Unfortunately after this I still have the /bin/sh issue again. Should I try to remove centos-base image from registry as well? And if I do, would older apps that have centos-base as base image still be able to deploy?
------------------------------
Milen Rangelov
Original Message:
Sent: Tue March 09, 2021 05:43 AM
From: Michael Benson
Subject: App deployment fails (v2 framework)
I'm puzzled as to how an image in the server registry could become corrupted. But to clean up I'd suggest you try to uninstall all of your apps via Extension Management. If you remove the docker images first then the uninstall will fail.
------------------------------
Michael Benson
Original Message:
Sent: Tue March 09, 2021 05:18 AM
From: Milen Rangelov
Subject: App deployment fails (v2 framework)
Thanks a lot, I have some progress with that!
I deleted all my docker images on the MacOS machine ("docker rmi -f $(docker images -a -q)"). qapp build now works and it doesn't fail anymore. I don't have a local registry on my development machine though.
On the QRadar console host, the problem remains and there is a local registry (that was setup by QRadar installation I believe). I am not quite sure as to how to completely remove the images from there though. Would just untagging the images do the trick? Also, I have several applications already deployed, I guess they would get "broken" that way and then they would need to be reinstalled from the extension zip files. I am afraid I might leave them in a state where they might have problems uninstalling (might be a bit paranoid, but not that well acquainted with QRadar yet). Would they be abe to uninstall after the docker images are removed?
------------------------------
Milen Rangelov
Original Message:
Sent: Mon March 08, 2021 01:48 PM
From: Michael Benson
Subject: App deployment fails (v2 framework)
Another user has reported seeing the same SDK behaviour as you. They think the issue was caused by a corrupted image in their docker registry, and solved it by removing all images from their registry.
------------------------------
Michael Benson
Original Message:
Sent: Mon March 08, 2021 01:05 PM
From: Milen Rangelov
Subject: App deployment fails (v2 framework)
MacOS is Catalina (10.15.7).
Docker Desktop is 2.5.0.1
Docker version is 19.03.13
------------------------------
Milen Rangelov
Original Message:
Sent: Mon March 08, 2021 11:27 AM
From: Michael Benson
Subject: App deployment fails (v2 framework)
Also, what's your MacOS version? I'm on 11.1.
------------------------------
Michael Benson
Original Message:
Sent: Mon March 08, 2021 10:19 AM
From: Michael Benson
Subject: App deployment fails (v2 framework)
On your Mac, what's your Docker Desktop version? This is mine:
Docker Desktop v3.2.1
Docker version 20.10.5
------------------------------
Michael Benson
Original Message:
Sent: Mon March 08, 2021 09:46 AM
From: Milen Rangelov
Subject: App deployment fails (v2 framework)
Reinstalled the SDK but unfortunately it's the same issue :(
Checking SDK version...
SDK is up-to-date
Found base image q1docker-release.canlab.ibm.com/gaf/qradar-app-base:2.0.4
Preparing image build directory /Users/mrangelov/qradarappsdk/docker/build
Using /Users/mrangelov/qradarappsdk/docker/build/Dockerfile
Creating Supervisor program entry for Flask
Building image [test]
Using user ID 502 and group ID 20
DOCKER BUILD LOG: START
Step 1/14 : FROM q1docker-release.canlab.ibm.com/gaf/qradar-app-base:2.0.4
Step 2/14 : LABEL com.ibm.si.app.origin=SDK
Step 3/14 : ARG APP_USER_ID
Step 4/14 : ARG APP_GROUP_ID
Step 5/14 : ARG APP_USER_NAME=appuser
Step 6/14 : ARG APP_GROUP_NAME=appuser
Step 7/14 : ENV APP_ROOT /opt/app-root
Step 8/14 : ENV APP_USER_ID $APP_USER_ID
Step 9/14 : ENV APP_GROUP_ID $APP_GROUP_ID
Step 10/14 : ENV PATH $APP_ROOT/bin:$PATH
Step 11/14 : COPY / $APP_ROOT
Step 12/14 : RUN groupadd -o -g $APP_GROUP_ID $APP_GROUP_NAME && useradd -l -u $APP_USER_ID -g $APP_GROUP_ID $APP_USER_NAME && mkdir -p /etc/supervisord.d && if [ -f $APP_ROOT/init/supervisord.conf ]; then mv $APP_ROOT/init/supervisord.conf /etc; fi && rm -rf $APP_ROOT/init/* && if [ -d $APP_ROOT/bin ]; then chmod -R 755 $APP_ROOT/bin; fi && if [ -d $APP_ROOT/container/build ]; then chmod -R 755 $APP_ROOT/container/build; fi && if [ -d $APP_ROOT/container/run ]; then chmod -R 755 $APP_ROOT/container/run; fi && if [ -d $APP_ROOT/container/clean ]; then chmod -R 755 $APP_ROOT/container/clean; fi && if [ -d $APP_ROOT/container/service ]; then chmod -R 755 $APP_ROOT/container/service; fi && if [ -d $APP_ROOT/startup.d ]; then chmod -R 755 $APP_ROOT/startup.d; fi && if [ -d $APP_ROOT/container/conf/supervisord.d ]; then mv $APP_ROOT/container/conf/supervisord.d/*.conf /etc/supervisord.d; fi && if [ -d /etc/supervisord.d ]; then chmod -R 755 /etc/supervisord.d ; fi && echo -e "appuser ALL=(ALL) NOPASSWD:ALL\n" >> /etc/sudoers && visudo -cf /etc/sudoers
OCI runtime create failed: container_linux.go:349: starting container process caused "exec: \"/bin/sh\": stat /bin/sh: no such file or directory": unknown
DOCKER BUILD LOG: END
Cleaning up build remnants
Build failed: see DOCKER BUILD LOG above for error details
------------------------------
Milen Rangelov
Original Message:
Sent: Fri March 05, 2021 11:35 AM
From: Michael Benson
Subject: App deployment fails (v2 framework)
Step 12/15 : RUN ls -l $APP_ROOT
That command isn't in the SDK Dockerfile template, which suggests you've been editing the contents of your SDK install.
I suggest you re-install the SDK from scratch and try again.
------------------------------
Michael Benson
Original Message:
Sent: Fri March 05, 2021 11:09 AM
From: Milen Rangelov
Subject: App deployment fails (v2 framework)
From a clean environment (and not using the virtualbox driver) I created a new project from scratch and tried to build it. Still the same :(
mrangelov@mrangelov-a01 /tmp % /usr/local/bin/qapp create -w test
Template source directory: /Users/mrangelov/qradarappsdk/template
Destination directory: /private/tmp/test
Creating directories
Adding template files and directories
Adding uuid to manifest.json
Workspace [/private/tmp/test] is ready
mrangelov@mrangelov-a01 /tmp % /usr/local/bin/qapp package -w test -p test.zip
Adding file: manifest.json
Adding directory: app
Adding directory: app/static
Adding directory: app/templates
Adding file: app/__init__.py
Adding file: app/dev.py
Adding file: app/views.py
Adding directory: app/static/qjslib
Adding file: app/static/favicon-16x16.png
Adding file: app/static/styles.css
Adding file: app/static/qjslib/qappfw.min.js
Adding file: app/templates/hello.html
Adding directory: container
Adding file: container/README.txt
Created package test.zip
mrangelov@mrangelov-a01 /tmp % qapp build -w test
Found base image q1docker-release.canlab.ibm.com/gaf/qradar-app-base:2.0.4
Preparing image build directory /Users/mrangelov/qradarappsdk/docker/build
Using /Users/mrangelov/qradarappsdk/docker/build/Dockerfile
Creating Supervisor program entry for Flask
Building image [test]
Using user ID 502 and group ID 20
DOCKER BUILD LOG: START
Step 1/15 : FROM q1docker-release.canlab.ibm.com/gaf/qradar-app-base:2.0.4
Step 2/15 : LABEL com.ibm.si.app.origin=SDK
Step 3/15 : ARG APP_USER_ID
Step 4/15 : ARG APP_GROUP_ID
Step 5/15 : ARG APP_USER_NAME=appuser
Step 6/15 : ARG APP_GROUP_NAME=appuser
Step 7/15 : ENV APP_ROOT /opt/app-root
Step 8/15 : ENV APP_USER_ID $APP_USER_ID
Step 9/15 : ENV APP_GROUP_ID $APP_GROUP_ID
Step 10/15 : ENV PATH $APP_ROOT/bin:$PATH
Step 11/15 : COPY / $APP_ROOT
Step 12/15 : RUN ls -l $APP_ROOT
OCI runtime create failed: container_linux.go:349: starting container process caused "exec: \"/bin/sh\": stat /bin/sh: no such file or directory": unknown
DOCKER BUILD LOG: END
Cleaning up build remnants
Build failed: see DOCKER BUILD LOG above for error details
------------------------------
Milen Rangelov
Original Message:
Sent: Fri March 05, 2021 10:45 AM
From: Michael Benson
Subject: App deployment fails (v2 framework)
That MD5 hash is correct. But if you're seeing the same error when your image is building on the console, then the issue isn't specific to your local docker environment, it's something to do with what's inside your app zip.
I'd start by checking your python wheels, and also remove that bash rpm, you don't need it.
Another thing to try is use qapp create to set up the SDK template app and see if you can qapp build/run/deploy that.
------------------------------
Michael Benson
Original Message:
Sent: Fri March 05, 2021 09:33 AM
From: Milen Rangelov
Subject: App deployment fails (v2 framework)
Hello,
I am using the Docker Desktop (it gave the "no /bin/sh" error before I switched to using the virtualBox driver). I am starting to think whether this could be somehow a result of partial incomplete download of qradar-app-base-2.0.4.xz? I got a MD5 hash of the image file as follows:
MD5 (/Users/mrangelov/qradarappsdk/base_image/qradar-app-base-2.0.4.xz) = f64c42f59cb60ec36b0764a09d763496
Might be my base image is corrupt?
As per the contents of the app zip, here is the output from "qapp package" (I still have qpylib as part of the app, still haven't completely migrated to v2 framework):
Adding file: manifest.json
Adding directory: app
Adding directory: app/qpylib
Adding directory: app/static
Adding directory: app/templates
Adding directory: app/jsx
Adding file: app/run.py
Adding file: app/qradar.py
Adding file: app/__init__.py
Adding file: app/dev.py
Adding file: app/poll.py
Adding file: app/views.py
Adding file: app/qpylib/sdk_qpylib.py
Adding file: app/qpylib/asset_qpylib.py
Adding file: app/qpylib/__init__.py
Adding file: app/qpylib/oauth_qpylib.py
Adding file: app/qpylib/json_qpylib.py
Adding file: app/qpylib/encdec.py
Adding file: app/qpylib/live_qpylib.py
Adding file: app/qpylib/qpylib.py
Adding file: app/qpylib/offense_qpylib.py
Adding file: app/qpylib/abstract_qpylib.py
Adding directory: app/static/images
Adding directory: app/static/js
Adding directory: app/static/qjslib
Adding directory: app/static/vendor
Adding file: app/static/favicon-16x16.png
Adding file: app/static/index.html
Adding file: app/static/styles.css
Adding file: app/static/app.css
Adding file: app/static/images/defense-logo-50.png
Adding file: app/static/images/defense-logo.png
Adding file: app/static/images/defenselogo.png
Adding file: app/static/images/carbon_black_-_200x72.png
Adding file: app/static/js/app.bundle.js
Adding file: app/static/qjslib/qjson.js
Adding file: app/static/qjslib/qappfw.js
Adding file: app/static/qjslib/qappfw.min.js
Adding directory: app/static/vendor/themes
Adding file: app/static/vendor/semantic.min.css
Adding file: app/static/vendor/semantic.min.js
Adding file: app/static/vendor/jquery-3.4.1.min.js
Adding directory: app/static/vendor/themes/default
Adding directory: app/static/vendor/themes/default/assets
Adding directory: app/static/vendor/themes/default/assets/images
Adding directory: app/static/vendor/themes/default/assets/fonts
Adding file: app/static/vendor/themes/default/assets/images/flags.png
Adding file: app/static/vendor/themes/default/assets/fonts/brand-icons.woff
Adding file: app/static/vendor/themes/default/assets/fonts/outline-icons.ttf
Adding file: app/static/vendor/themes/default/assets/fonts/icons.eot
Adding file: app/static/vendor/themes/default/assets/fonts/brand-icons.ttf
Adding file: app/static/vendor/themes/default/assets/fonts/icons.woff2
Adding file: app/static/vendor/themes/default/assets/fonts/icons.otf
Adding file: app/static/vendor/themes/default/assets/fonts/icons.woff
Adding file: app/static/vendor/themes/default/assets/fonts/outline-icons.eot
Adding file: app/static/vendor/themes/default/assets/fonts/icons.ttf
Adding file: app/static/vendor/themes/default/assets/fonts/outline-icons.woff2
Adding file: app/static/vendor/themes/default/assets/fonts/brand-icons.eot
Adding file: app/static/vendor/themes/default/assets/fonts/brand-icons.woff2
Adding file: app/static/vendor/themes/default/assets/fonts/outline-icons.woff
Adding file: app/static/vendor/themes/default/assets/fonts/outline-icons.svg
Adding file: app/static/vendor/themes/default/assets/fonts/brand-icons.svg
Adding file: app/static/vendor/themes/default/assets/fonts/icons.svg
Adding file: app/templates/admin.html
Adding file: app/templates/hello.html
Adding directory: app/jsx/components
Adding directory: utils
Adding file: utils/config.py
Adding file: utils/mock_cb_cloud_api.py
Adding file: utils/__init__.py
Adding file: utils/output.py
Adding file: utils/output.py.bak
Adding file: utils/cb_cloud_api.py
Adding directory: container
Adding directory: container/pip
Adding directory: container/rpm
Adding directory: container/conf
Adding file: container/README.txt
Adding file: container/pip/Flask_WTF-0.14.2-py2.py3-none-any.whl
Adding file: container/pip/WTForms-2.2.1-py2.py3-none-any.whl
Adding file: container/rpm/bash-4.4.19-12.el8.x86_64.rpm
Adding file: container/conf/config.json
Adding file: container/conf/poll.conf
Adding file: container/conf/last_poll_time
Adding file: container/conf/supervisord.conf
Adding file: container/conf/ordering.txt
There is no custom script to be executed during container build.
------------------------------
Milen Rangelov
Original Message:
Sent: Fri March 05, 2021 09:10 AM
From: Michael Benson
Subject: App deployment fails (v2 framework)
Is there a reason you're not using Docker Desktop on your Mac? That's the prerequisite setup for SDK v2.
Setting that aside, the fact that your app image fails to build in the SDK and on the QRadar console suggests that there's something fundamentally wrong with the content of your app. Can you list what's in your app zip file and state what processing you expect to happen when your app image is built by docker?
------------------------------
Michael Benson
Original Message:
Sent: Fri March 05, 2021 07:56 AM
From: Milen Rangelov
Subject: App deployment fails (v2 framework)
Hello,
By "switching the docker driver to Virtualbox" I mean installing virtualbox and docker-machine, creating a new 'dev' docker machine with virtualbox driver (docker-machine create --driver virtualbox dev) then setting up the environment to use it (eval "$(docker-machine env dev)")
This resolved the /bin/sh error for me (locally on MacOS)...but then I have the same issue when I try to deploy the app on the QRadar console (running on RHEL). It fails to deploy and in /var/log/qradar/app/docker_build/docker_build.log.0 I can see it fails with the same "no /bin/sh" error. I tried setting the base image (in manifest.json) to centos-base:6.9.10. In this case, it deploys successfully, which makes me think it's possibly related to the qradar-app-base image. I may be wrong on that though.
I tried to modify the Dockerfile in APPSDKROOT/image_files to list the contents of container /bin directory, but then it complained it lacks /bin/ls as well. Then I experimented putting SHELL ["/bin/bash", "-c"] in case it has /bin/bash but lacks /bin/sh for some reason, but it said there is no /bin/bash either.
I am not using any scripts in container/build.
I forgot to mention I am using QRadar 7.3.3 latest patch 7.
------------------------------
Milen Rangelov
Original Message:
Sent: Fri March 05, 2021 03:08 AM
From: Michael Benson
Subject: App deployment fails (v2 framework)
There is no issue with the app base image, it definitely has /bin/sh.
After Step 12/15, qapp build attempts to (1) install any dependencies in container/pip and container/rpm, and then (2) runs any scripts in container/build. It's likely that your problem is in one of those two steps. Do you have scripts in container/build? What do they do?
Also, I don't understand what "switch the docker driver to Virtualbox" means. What version of Docker Desktop are you using on your Mac?
------------------------------
Michael Benson
Original Message:
Sent: Thu March 04, 2021 08:11 AM
From: Milen Rangelov
Subject: App deployment fails (v2 framework)
Hello all,
We are updating our QRadar app to the new framework and unfortunately we have an issue trying to use the QRadar App SDK to build and/or deploy our application to the QRadar console. We are using the latest version of the App SDK. When we try to do a local build (qapp build) or deploy the app to a console (qapp deploy) we've got a docker error as the image is getting built:
Step 12/15 : RUN groupadd -o -g $APP_GROUP_ID $APP_GROUP_NAME && useradd -l -u $APP_USER_ID -g $APP_GROUP_ID $APP_USER_NAME && mkdir -p /etc/supervisord.d && if [ -f $APP_ROOT/init/supervisord.conf ]; then mv $APP_ROOT/init/supervisord.conf /etc; fi && rm -rf $APP_ROOT/init/* && if [ -d $APP_ROOT/bin ]; then chmod -R 755 $APP_ROOT/bin; fi && if [ -d $APP_ROOT/container/build ]; then chmod -R 755 $APP_ROOT/container/build; fi && if [ -d $APP_ROOT/container/run ]; then chmod -R 755 $APP_ROOT/container/run; fi && if [ -d $APP_ROOT/container/clean ]; then chmod -R 755 $APP_ROOT/container/clean; fi && if [ -d $APP_ROOT/container/service ]; then chmod -R 755 $APP_ROOT/container/service; fi && if [ -d $APP_ROOT/startup.d ]; then chmod -R 755 $APP_ROOT/startup.d; fi && if [ -d $APP_ROOT/container/conf/supervisord.d ]; then mv $APP_ROOT/container/conf/supervisord.d/*.conf /etc/supervisord.d; fi && if [ -d /etc/supervisord.d ]; then chmod -R 755 /etc/supervisord.d ; fi && echo -e "appuser ALL=(ALL) NOPASSWD:ALL\n" >> /etc/sudoers && visudo -cf /etc/sudoers OCI runtime create failed: container_linux.go:349: starting container process caused "exec: \"/bin/sh\": stat /bin/sh: no such file or directory": unknown
We are using the qradar-app-base:2.0.4 base image which comes with the latest SDK.
From what I can see, there is indeed no /bin/sh (or any shell) in the base image which leads to that image build error.
We tried to put the bash el8 rpm in the container/rpm directory but it looks like the RPMs are installed later on in the image build process and it would not prevent the error. We were trying to find an older version of the base image to download, but to no avail.
Do you know if there is a workaround to it?
P.S on MacOS the qapp build command succeeds if we switch the docker driver to Virtualbox. However qapp deploy still fails with that "no /bin/sh" error.
Best Regards,
Milen Rangelov
------------------------------
Milen Rangelov
------------------------------