IJ41796: DOCKER SERVICES DO NOT START WHEN 7.2.8 OR EARLIER APPLIANCES ARE UPDATED TO 7.5.0 UP2 IF2

APAR status

• Closed as Permanent restriction.

Error description

• Docker services fail to start on QRadar appliances that were
  originally installed at version 7.2.8 or earlier, then upgraded
  to 7.5.0 Update Pack 2 Interim Fix 2. This service issue
  prevents applications from starting as the original Red Hat
  Enterprise (RHEL) install for QRadar 7.2.8 or earlier sets XFS
  to ftype=0. When QRadar is upgraded to 7.5.0 Update Pack 2
  Interim Fix 2, the Docker service expects ftype=1, preventing
  services from starting as expected.
  
  Important: Users with QRadar appliances originally installed at
  7.2.8 or earlier must confirm their ftype settings before you
  install QRadar 7.5.0 Update Pack 2 Interim Fix 2.
  
  
  Before you upgrade to QRadar 7.5.0 Update Pack 2 Interim Fix
  2:
  1. Use SSH to log into the QRadar Console.
  2. Type the following command: xfs_info /store | grep ftype
  
  
  Example output
  naming=version 2 bsize=4096 ascii-ci=0 ftype=0
  
  Results
  Review the output of the command to confirm the ftype setting:
  
  A. If the output displays ftype=1, you can continue with an
  upgrade to 7.5.0 Update Pack 2 Interim Fix 2.
  
  B. If the output displays ftype=0, do NOT upgrade to QRadar
  7.5.0 Update Pack 2 Interim Fix 2.
  
   You can subscribe to this APAR to be notified when this issue
  is resolved.
  
  C. If you upgraded to QRadar 7.5.0 Update Pack 2 Interim Fix 2
  and experiencing application issues, review the stack trace to
  confirm the error and contact QRadar Support.
  
  
  
  
  
  If you installed QRadar 7.5.0 UP2 IF2 and experience Docker
  service issues, review /var/log/qradar.log for the following
  error message:
  
  Hostname dockerd[9053]: Error starting daemon: error
  initializing graphdriver: overlay2: the backing xfs filesystem
  is formatted without d_type support, which leads to incorrect
  behavior. Reformat the filesystem with ftype=1 to enable d_type
  support. Backing filesystems without d_type support are not
  supported.
  Hostname systemd[1]: docker.service: main process exited,
  code=exited, status=1/FAILURE
  
  Hostname systemd[1]: Failed to start Docker Application
  Container Engine.
  

Local fix

• Administrators who started with QRadar 7.2.8 and plan to upgrade 
  to 7.5.o UP2 IF2 or later must migrate to a new Console version 
  as described in the following flash notice: 
  https://www.ibm.com/support/pages/node/6612393 
  
  If you have questions about migrating or completing the procedure 
  in the flash notice, contact QRadar Support.
  
  
  

Problem summary

• Issues such as this are slated to be addressed in the next
  generation of QRadar SIEM that is due for General Availability
  in 2023. This APAR will be closed due to exclusion from current
  plans to remediate the issue within this generation of QRadar
  SIEM. If you have further questions, please feel welcome to
  reach out to your support representative. Thank you for your
  understanding.
  

Problem conclusion

• Issues such as this are slated to be addressed in the next
  generation of QRadar SIEM that is due for General Availability
  in 2023. This APAR will be closed due to exclusion from current
  plans to remediate the issue within this generation of QRadar
  SIEM. If you have further questions, please feel welcome to
  reach out to your support representative. Thank you for your
  understanding.
  

Temporary fix

Comments

APAR Information

• APAR is sysrouted FROM one or more of the following:

• APAR is sysrouted TO one or more of the following:

Fix information

Applicable component levels