Troubleshooting
Problem
Users can experience issues upgrading to QRadar 7.5.0 UP8 when FIPS is enabled on any appliance like Event Processor or Apphost.
Symptom
When the installer is executed, the user can get the following error with the Leapp pretests:
Host server_name (xx.xx.xx.xx): Failed
[ERROR] The following inhibitors prevent the RHEL 8 migration:
--------
Title: Cannot upgrade a system with FIPS mode enabled
Summary: Leapp has detected that FIPS is enabled on this system. In-place upgrade of systems in FIPS mode is currently unsupported.
Severity: high
Resolution: The following inhibitor issue is unknown to QRadar migration process: 8ea956acf385f58cc87eeac9e5b29431f33ed572.
Please follow instructions provided by RHEL to handle it.
--------
If any of the inhibitors above are already handled manually and should be ignored,
add their hash keys into /var/log/leapp/patch_migration_pretest_external_known_issues.
Only one hash key per line. Lines starting with '#' will be ignored.
Cause
FIPS should be disabled to install new QRadar version 7.5.0 UP8.
Resolving The Problem
- SSH to the QRadar console as the root user.
- Download the package to upgrade QRadar from Fix Central and move to the /storetmp directory in the QRadar console:
Release of QRadar 7.5.0 Update Package 8 SFS - Create the /media/updates directory, run the following command:
mkdir -p /media/updates
- Mount the patch file to the /media/updates directory, type the following command:
mount -o loop -t squashfs /storetmp/750-QRADAR-QRSIEM-2021.6.8.20240302192142.sfs /media/updates
- Use SCP command to copy the FIPS update script from the console to each affected managed host.
Notes:
• Replace XX.XX.XX.XX with the IP address of a managed host with the error.
• Run the same command for each of the IP addresses of the affected managed hosts, one at the time.scp /media/updates/supplementary_scripts/qradar_fips_update.sh root@XX.XX.XX.XX:/root/
- Run the QRadar FIPS update script in each managed host where you copy the FIPS update script:
./qradar_fips_update.sh
- Reboot each managed host after the script was done.
- In the QRadar console, run the following FIPS update script:
/media/updates/supplementary_scripts/qradar_fips_update.sh
- Reboot the console after the script is done.
- Wait for the system to come back, SSH into QRadar console, mount the system with the sfs file, and run again the upgrade.
Result:
Administrator is able to upgrade QRadar to 7.5.0 UP8 on the managed without FIPS mode errors.
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwszAAA","label":"Install"}],"ARM Case Number":"TS015933892","Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
12 April 2024
UID
ibm17148078