IBM Support

QRadar Deployment Intelligence: How to preserve QDI 3.0.0 application data and upgrade to QDI 3.0.1

How To


Summary

Administrators with QRadar Deployment Intelligence version 3.0.0 who plan to upgrade to QDI 3.0.1 must follow the procedure outlined in this support technical note to ensure application data is preserved during the installation of QDI 3.0.1. Due to enhancements in QDI, a direct upgrade from version 3.0.0 to 3.0.1 is not supported. Administrators must backup their QDI database with the included support utility, uninstall QDI 3.0.0, install QDI 3.0.1, then restore the database. This technical note includes the Support_QDI_300_Backup.sh utility as an attachment to complete the upgrade of your QDI application.

Objective

About the Support_QDI_300_Backup.sh utility:
This technical note and attached support utility is intended for administrators who are currently using QDI 3.0.0 and plan to install QDI 3.0.1. If you are upgrading from QRadar Deployment Intelligence 2.2.x, administrators are not required to run Support_QDI_300_Backup-2.sh.
 
  • Important: A direct upgrade from QDI 3.0.0 to QDI 3.0.1 is not supported. If the Support_QDI_300_Backup.sh utility is not run before you install QDI 3.0.1, any previous data stored in the QDI 3.0.0 database is removed when QDI 3.0.0 is uninstalled. Administrators who need to preserve existing data for the QDI application must run the utility on the QRadar Console or the App Host appliance where QDI 3.0.0 is installed.
  • Administrators must run the utility two times in total:
    1. Before you uninstall QDI 3.0.0, run  Support_QDI_300_Backup.sh to back up the existing QDI database.
    2. After you install QDI 3.0.1, the utility must be run to restore the database to the updated application.

Environment

QRadar Deployment Intelligence 3.0.1 is available on the IBM X-Force App Exchange and compatible with the following QRadar versions:
  • QRadar 7.3.3 Fix Pack 6 or later
  • QRadar 7.4.1 Fix Pack 2 or later
  • QRadar 7.4.2 any Fix Pack version
  • QRadar 7.4.3 any Fix Pack version

Steps

  1. Download the Support_QDI_300_Backup-2.sh utility: Download link 
    SHA256: e0a93a46a8363dbbbfe21e6804e903c08b2f961c1f1b31a2fc45a47d7f5cb9d0
    Note: If you previously downloaded a copy of Support_QDI_300_Backup.sh, replace your existing version with Support_QDI_300_Backup-2.sh as a newer version is available.
  2. Copy the utility to a temp directory on the QRadar Console. For example, /storetmp.
  3. Optional. If the QDI application runs on an App Host, type the following command to scp the utility to your App Host appliance: 
    scp Support_QDI_300_Backup-2.sh root@<app_host_ip>:/storetmp
  4. Type the following command to set permissions on the file: 
    chmod +x /storetmp/Support_QDI_300_Backup-2.sh
  5. To back up the QDI 3.0.0 database, type: 
    /storetmp/Support_QDI_300_Backup-2.sh
  6. If the script completes successfully, the following output is displayed: 
    [root@examplehost ~]# ./Support_QDI_300_Backup-2.sh

QDI Version 3.0.0
Backing up QRadar Deployment Intelligence database to /store/docker/volumes/qapp-[appid]/store/qdi.dump 
   located on QRadar deployment
Backing up QDI Health Reports to /root/reports/ on the current host the QDI Application is running 
   on. i.e Console or App Host
Successfully backed up QRadar Deployment Intelligence database and reports ...
    Important: Administrators must confirm qdi.dump is backed up in /root/reports/ BEFORE you uninstall QDI 3.0.0.
  7. Log in to the QRadar Console as an administrator.
  8. Click Admin > Extension Management.
  9. Select QRadar Deployment Intelligence 3.0.0 from the application list, click Uninstall.
  10. Download QRadar Deployment Intelligence 3.0.1: Download link
  11. In the Extension Management window, click Add and select QDI-3.0.1-extension.signed.zip file.
    Note: QDI 3.0.1 is compatible with the following QRadar versions:
    • QRadar 7.3.3 Fix Pack 6 or later
    • QRadar 7.4.1 Fix Pack 2 or later
    • QRadar 7.4.2 any Fix Pack version
    • QRadar 7.4.3
  12. Select the Install Immediately check box and click OK.
  13. After the app finishes installing, type the following command to restore the qdi.dump database:
    Important: You must run Support_QDI_300_Backup.sh and BEFORE you run the app and configure an Authorized Service token. 
    /storetmp/Support_QDI_300_Backup-2.sh

    The script restores qdi.dump to the QDI 3.0.1 docker container and runs a pg_restore.  Restoring the qdi.dump database might take several minutes to complete. When complete and successful, the following output is displayed: 
    [root@examplehost ~]# ./Support_QDI_300_Backup-2.sh
QDI Version 3.0.1
Restoring database for QRadar Deployment Intelligence from /root/qdi.dump
Copying backup file from QRadar to QDI...
pg_restore: while PROCESSING TOC:
pg_restore: from TOC entry 3; 2615 2200 SCHEMA public postgres
pg_restore: error: could not execute query: ERROR:  schema "public" already exists
Command was: CREATE SCHEMA public;
pg_restore: warning: errors ignored on restore: 1
Old App ID:  1404
ALTER TABLE
ALTER TABLE
ALTER TABLE
UPDATE 1
UPDATE 3
UPDATE 3
UPDATE 3
ALTER TABLE
ALTER TABLE
ALTER TABLE
Copying reports from QRadar to QDI...
'/opt/app-root/app/static/reports/*' -> '/opt/app-root/store/reports/*'
Copying reports from QRadar to QDI...
Successfully backed up QRadar Deployment Intelligence database...

    Results
    After the QDI database is restored, administrators can run the application to add their existing authorized service token or create a new Authorized Service token. If the QDI tab does not display after the installation is complete, clear your browser cache and refresh your browser window or use Incognito or a Private Browsing mode to verify the tab is visible. If you experience issues with the Support_QDI_300_Backup-2.sh or you are unsure of any of the steps in this technical note, contact QRadar Support.

Document Location

Worldwide

[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwt3AAA","label":"QRadar Apps"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.4.2;7.4.3"}]

Document Information

Modified date:
25 August 2021

UID

ibm16458031

Page Feedback