IBM Security QRadar

Hi community,

I'm struggling with the new "App-Framework" in our qradar-lab which comes with UP8. Instead of docker now podman is used to manage apps. qappmanager shows running and completed, but the apps are not running and no tab shows up in the console ui.

The command podman ps on the apphost shows nothing. podman images shows all containers which worked with UP8 and before as expected. If I try to restart an app a message occurs saying that this container is missing in the registry.

@IBM Support With docker there was an option with the deliver.sh push command to update the registry... How does this work with podman? How can I fix this issue, are you aware about this issue with apps which worked before and stopped working after applying UP8IF01?

Thanks in advance for any advice or helpful hints to get the installed apps up and running again :)

Ralph

Hello Ralph,

Have you solved the issue?

Thanks

Ali

Hi community,

I'm struggling with the new "App-Framework" in our qradar-lab which comes with UP8. Instead of docker now podman is used to manage apps. qappmanager shows running and completed, but the apps are not running and no tab shows up in the console ui.

The command podman ps on the apphost shows nothing. podman images shows all containers which worked with UP8 and before as expected. If I try to restart an app a message occurs saying that this container is missing in the registry.

@IBM Support With docker there was an option with the deliver.sh push command to update the registry... How does this work with podman? How can I fix this issue, are you aware about this issue with apps which worked before and stopped working after applying UP8IF01?

Thanks in advance for any advice or helpful hints to get the installed apps up and running again :)

Ralph

Hi community,

I'm struggling with the new "App-Framework" in our qradar-lab which comes with UP8. Instead of docker now podman is used to manage apps. qappmanager shows running and completed, but the apps are not running and no tab shows up in the console ui.

The command podman ps on the apphost shows nothing. podman images shows all containers which worked with UP8 and before as expected. If I try to restart an app a message occurs saying that this container is missing in the registry.

@IBM Support With docker there was an option with the deliver.sh push command to update the registry... How does this work with podman? How can I fix this issue, are you aware about this issue with apps which worked before and stopped working after applying UP8IF01?

Thanks in advance for any advice or helpful hints to get the installed apps up and running again :)

Ralph

------------------------------
Ralph Belfiore
Managing Consultant | Senior SIEM Expert
connecT SYSTEMHAUS AG
Siegen
+491726365525
------------------------------

Hello my friend @Ralph Belfiore :)

I hope you're doing well. 

We encountered the same issue in UP8 after applying IF1 (and a few others as well)...

Indeed, switching to podman makes a lot of the support tech notes obsolete, but the recon and qappmanager commands are still there.

To resolve this registry issue, we proceeded as follows:

• systemctl stop hostcontext
• rm -rf /opt/qradar/ca/certs/* ; /opt/qradar/ca/bin/reset-qradar-ca.sh all --reset (This command take a long time, go to /var/log to see the update process)
• systemctl start hostcontext
• Unfortunately, you will have to re-import your certificates afterward.

Of course, it's essential to test this on a test environment before making changes in production where you should be assisted by support via a ticket.

Hope this help ;) 

Regards,

Pascal

Alias zoldax

https://github.com/zoldax

------------------------------
zoldax

https://www.credly.com/users/pascal-weber.029e134d/badges

Original Message:
Sent: Fri April 19, 2024 05:45 AM
From: Ralph Belfiore
Subject: Apps stopped working after update 7.5.0UP8IF01 - docker replaced with podman..

Hi community,

I'm struggling with the new "App-Framework" in our qradar-lab which comes with UP8. Instead of docker now podman is used to manage apps. qappmanager shows running and completed, but the apps are not running and no tab shows up in the console ui.

The command podman ps on the apphost shows nothing. podman images shows all containers which worked with UP8 and before as expected. If I try to restart an app a message occurs saying that this container is missing in the registry.

@IBM Support With docker there was an option with the deliver.sh push command to update the registry... How does this work with podman? How can I fix this issue, are you aware about this issue with apps which worked before and stopped working after applying UP8IF01?

Thanks in advance for any advice or helpful hints to get the installed apps up and running again :)

Ralph

------------------------------
Ralph Belfiore
Managing Consultant | Senior SIEM Expert
connecT SYSTEMHAUS AG
Siegen
+491726365525
------------------------------

Hi community,

I'm struggling with the new "App-Framework" in our qradar-lab which comes with UP8. Instead of docker now podman is used to manage apps. qappmanager shows running and completed, but the apps are not running and no tab shows up in the console ui.

The command podman ps on the apphost shows nothing. podman images shows all containers which worked with UP8 and before as expected. If I try to restart an app a message occurs saying that this container is missing in the registry.

@IBM Support With docker there was an option with the deliver.sh push command to update the registry... How does this work with podman? How can I fix this issue, are you aware about this issue with apps which worked before and stopped working after applying UP8IF01?

Thanks in advance for any advice or helpful hints to get the installed apps up and running again :)

Ralph

Hi Ralph,

Are you seeing anything in the logs like the below?

Unable to read keystore podman-client-registry.p12

What is the output of the following command on the console?

keytool -list -v -storetype pkcs12 -keystore /etc/podman/tls/registry/podman-client-registry.p12 -storepass $(echo $(psql -U qradar -tAc "select token from application_credentials where name = 'podman-client-registry';") | java -jar /opt/qradar/jars/ibm-si-mks.jar decrypt_command_line 2>&1) 

Thanks

Hi community,

I'm struggling with the new "App-Framework" in our qradar-lab which comes with UP8. Instead of docker now podman is used to manage apps. qappmanager shows running and completed, but the apps are not running and no tab shows up in the console ui.

The command podman ps on the apphost shows nothing. podman images shows all containers which worked with UP8 and before as expected. If I try to restart an app a message occurs saying that this container is missing in the registry.

@IBM Support With docker there was an option with the deliver.sh push command to update the registry... How does this work with podman? How can I fix this issue, are you aware about this issue with apps which worked before and stopped working after applying UP8IF01?

Thanks in advance for any advice or helpful hints to get the installed apps up and running again :)

Ralph

Hi Ralph,

Are you seeing anything in the logs like the below?

Unable to read keystore podman-client-registry.p12

What is the output of the following command on the console?

keytool -list -v -storetype pkcs12 -keystore /etc/podman/tls/registry/podman-client-registry.p12 -storepass $(echo $(psql -U qradar -tAc "select token from application_credentials where name = 'podman-client-registry';") | java -jar /opt/qradar/jars/ibm-si-mks.jar decrypt_command_line 2>&1) 

Thanks

Hi community,

I'm struggling with the new "App-Framework" in our qradar-lab which comes with UP8. Instead of docker now podman is used to manage apps. qappmanager shows running and completed, but the apps are not running and no tab shows up in the console ui.

The command podman ps on the apphost shows nothing. podman images shows all containers which worked with UP8 and before as expected. If I try to restart an app a message occurs saying that this container is missing in the registry.

@IBM Support With docker there was an option with the deliver.sh push command to update the registry... How does this work with podman? How can I fix this issue, are you aware about this issue with apps which worked before and stopped working after applying UP8IF01?

Thanks in advance for any advice or helpful hints to get the installed apps up and running again :)

Ralph

Hi John.

  I have the same issue, my log conatines the 

Unable to read keystore podman-client-registry.p12

The keytool ... command says: 

keytool error (likely untranslated): java.io.IOException: keystore password was incorrect  

Did you manage to find any solution?

Thank you

Hi Ralph,

Are you seeing anything in the logs like the below?

Unable to read keystore podman-client-registry.p12

What is the output of the following command on the console?

keytool -list -v -storetype pkcs12 -keystore /etc/podman/tls/registry/podman-client-registry.p12 -storepass $(echo $(psql -U qradar -tAc "select token from application_credentials where name = 'podman-client-registry';") | java -jar /opt/qradar/jars/ibm-si-mks.jar decrypt_command_line 2>&1) 

Thanks

Hi community,

I'm struggling with the new "App-Framework" in our qradar-lab which comes with UP8. Instead of docker now podman is used to manage apps. qappmanager shows running and completed, but the apps are not running and no tab shows up in the console ui.

The command podman ps on the apphost shows nothing. podman images shows all containers which worked with UP8 and before as expected. If I try to restart an app a message occurs saying that this container is missing in the registry.

@IBM Support With docker there was an option with the deliver.sh push command to update the registry... How does this work with podman? How can I fix this issue, are you aware about this issue with apps which worked before and stopped working after applying UP8IF01?

Thanks in advance for any advice or helpful hints to get the installed apps up and running again :)

Ralph

Test if the podman-client-registry password works with this command:

keytool -list -v -storetype pkcs12 -keystore /etc/podman/tls/registry/podman-client-registry.p12 -storepass $(echo $(psql -U qradar -tAc "select token from application_credentials where name = 'podman-client-registry';") | java -jar /opt/qradar/jars/ibm-si-mks.jar decrypt_command_line 2>&1) 

Failed password will look like:

keytool error (likely untranslated): java.io.IOException: keystore password was incorrect 

#regenerate password for podman-client-registry/opt/qradar/bin/runjava.sh com.ibm.si.application.commandline.KeyStoreGenerator -c /etc/podman/tls/registry/podman-client-registry.cert -k /etc/podman/tls/registry/podman-client-registry.key -s /etc/podman/tls/registry/podman-client-registry.p12

#regenerate password for podman-client-registry/opt/qradar/bin/runjava.sh com.ibm.si.application.commandline.KeyStoreGenerator -c /etc/podman/tls/registry/podman-client-registry.cert -k /etc/podman/tls/registry/podman-client-registry.key -s /etc/podman/tls/registry/podman-client-registry.p12

Hi John.

  I have the same issue, my log conatines the 

Unable to read keystore podman-client-registry.p12

The keytool ... command says: 

keytool error (likely untranslated): java.io.IOException: keystore password was incorrect  

Did you manage to find any solution?

Thank you

Hi Ralph,

Are you seeing anything in the logs like the below?

Unable to read keystore podman-client-registry.p12

What is the output of the following command on the console?

keytool -list -v -storetype pkcs12 -keystore /etc/podman/tls/registry/podman-client-registry.p12 -storepass $(echo $(psql -U qradar -tAc "select token from application_credentials where name = 'podman-client-registry';") | java -jar /opt/qradar/jars/ibm-si-mks.jar decrypt_command_line 2>&1) 

Thanks

Hi community,

I'm struggling with the new "App-Framework" in our qradar-lab which comes with UP8. Instead of docker now podman is used to manage apps. qappmanager shows running and completed, but the apps are not running and no tab shows up in the console ui.

The command podman ps on the apphost shows nothing. podman images shows all containers which worked with UP8 and before as expected. If I try to restart an app a message occurs saying that this container is missing in the registry.

@IBM Support With docker there was an option with the deliver.sh push command to update the registry... How does this work with podman? How can I fix this issue, are you aware about this issue with apps which worked before and stopped working after applying UP8IF01?

Thanks in advance for any advice or helpful hints to get the installed apps up and running again :)

Ralph