IBM Security QRadar SOAR

 View Only
  • 1.  Deploy AppHost in air gap environment

    Posted Wed August 31, 2022 10:26 AM
    I'm testing deploy the SOAR AppHost in air gap environment. I have build a private repository base on docker and perform every steps in IBM document: Virtual appliance in an air gap environment - IBM Documentation
    But when pairing AppHost with SOAR platform, it only show paired and not running. On the AppHost server, I see that it still call to quay.io to get apps-operator and apps-synchronizer.
    Have anyone face this issue and already fixed? Please help.
    Thanks.

    ------------------------------
    Ngoc Dai
    ------------------------------


  • 2.  RE: Deploy AppHost in air gap environment

    Posted Thu September 01, 2022 03:37 PM
    Edited by Howard Lu Thu September 01, 2022 03:41 PM

    This documentation needs to be updated to include how to reference a different registry/repository for the apps-operator and apps-synchronizer containers.

    By default, the registry is quay.io and the repository will be ibmresilient.

    You can change the registry and repository for the apps-synchronizer and apps-operator when you run the

    "manageAppHost install" command.  You specify them with --registry and --repository flags.

    e.g. manageAppHost install --registry <private registry> --repository <repository name> <other options>

    This only tells apphost where to pull the synchronizer and operator containers from.

    To tell apphost where to pull the app containers from, you should use manageAppHost registry

    If your own registry is private and requires authentication, you need to supply the credentials using the registries.yaml file.
    You can refer to the k3s documentation for the syntax: https://rancher.com/docs/k3s/latest/en/installation/private-registry/

    ------------------------------
    Howard Lu
    ------------------------------



  • 3.  RE: Deploy AppHost in air gap environment

    Posted Sun September 04, 2022 11:15 PM
    Hi Howard,

    Thanks for your response.
    I tried command that you suggested "manageAppHost install" but there are no option --registry as you note.

    ------------------------------
    Ngoc Dai
    ------------------------------



  • 4.  RE: Deploy AppHost in air gap environment

    Posted Mon September 12, 2022 08:35 AM
    Hi everyone,

    Does anyone have experienced this scenario? Please give me some advices.

    Thanks

    ------------------------------
    Ngoc Dai
    ------------------------------



  • 5.  RE: Deploy AppHost in air gap environment

    Posted Mon September 12, 2022 10:23 AM
    Sorry, --registry and --repository are hidden options for the "manageAppHost install".  But they do work.

    ------------------------------
    Howard Lu
    ------------------------------



  • 6.  RE: Deploy AppHost in air gap environment

    Posted Mon September 12, 2022 10:18 PM
    Hi Howard,

    Thanks for your response. I tried your suggest.
    For example: sudo manageAppHost install --registry https://<IP>:<Port> --repository ibmresilient
    where IP and Port from my private registry server and ibmresilient because I mirror all apps on ibmresilient quay.io to my private registry which are include app-operator and app-synchronize.
    But when I hit Enter, it require pair info like when I pair AppHost with SOAR Platform. Is it error from my command or if it is expected behaviour, how could I get pair info from my private registry server?

    Thanks

    ------------------------------
    Ngoc Dai
    ------------------------------



  • 7.  RE: Deploy AppHost in air gap environment

    Posted Tue September 13, 2022 08:59 AM
    Yes, you need to pair your apphost with SOAR. 

    https://www.ibm.com/docs/en/sqsp/46?topic=installation-create-pairing

    If you already created a pairing, you can use that if you saved it.  If not, then follow the above steps and recreate the pairing.

    ------------------------------
    Howard Lu
    ------------------------------



  • 8.  RE: Deploy AppHost in air gap environment

    Posted Fri September 30, 2022 07:08 AM
    Hi Howard,

    Sorry for my delay. I test with your suggestion and there are different error on the log. 
    Although I coppied and updatat self-sign cert from private repo to AppHost as instruction in IBM document, it still show that AppHost not trust the cert and when pull synchronize and operator image, it show "x509: certificate signed by unknown authority"

    Thanks

    ------------------------------
    Ngoc Dai
    ------------------------------



  • 9.  RE: Deploy AppHost in air gap environment

    Posted Fri September 30, 2022 03:35 PM

    If I understand you correctly, you are getting the "x509 certificate signed by unknown authority" error when kubernetes is trying to pull the apps-synchronizer and apps-operator container, is that correct?

    Due to the fact that it seems TLS is required for your private registry, have you tried using the registries.yaml file as described here:
    https://rancher.com/docs/k3s/latest/en/installation/private-registry/

    In this configuration, you can specify the path to the required certificate as well.



    ------------------------------
    Howard Lu
    ------------------------------