Unable to run common manageAppHost commands on the IBM Security QRadar SOAR App Host server

Troubleshooting

Problem

An error is displayed running these common manageAppHost commands

# manageAppHost install
# manageAppHost upgrade

Both are failing in the same manner.

Symptom

Unable to complete an upgrade or installation of an App Host by using the manageAppHost command, generating an error message.

Example:

# manageAppHost upgrade
io.fabric8.kubernetes.client.KubernetesClientException: Operation: [list]  for kind: [Namespace]  with name: [null]  in namespace: [null]  failed.
        at io.fabric8.kubernetes.client.KubernetesClientException.launderThrowable(KubernetesClientException.java:130)
        at io.fabric8.kubernetes.client.dsl.base.BaseOperation.listRequestHelper(BaseOperation.java:147)
        at io.fabric8.kubernetes.client.dsl.base.BaseOperation.list(BaseOperation.java:422)
        at io.fabric8.kubernetes.client.dsl.base.BaseOperation.list(BaseOperation.java:411)
        at io.fabric8.kubernetes.client.dsl.base.BaseOperation.list(BaseOperation.java:91)
        at com.ibm.security.apps.controller.management.setup.command.CommandBase.getControllerNamespaces(CommandBase.java:253)
        at com.ibm.security.apps.controller.management.setup.command.CommandBase.selectControllers(CommandBase.java:170)
        at com.ibm.security.apps.controller.management.setup.command.UpgradeCommand.call(UpgradeCommand.java:164)
        at com.ibm.security.apps.controller.management.setup.command.UpgradeCommand.call(UpgradeCommand.java:46)
        at picocli.CommandLine.executeUserObject(CommandLine.java:1953)
        at picocli.CommandLine.access$1300(CommandLine.java:145)
        at picocli.CommandLine$RunLast.executeUserObjectOfLastSubcommandWithSameParent(CommandLine.java:2352)
        at picocli.CommandLine$RunLast.handle(CommandLine.java:2346)
        at picocli.CommandLine$RunLast.handle(CommandLine.java:2311)
        at picocli.CommandLine$AbstractParseResultHandler.execute(CommandLine.java:2179)
        at picocli.CommandLine.execute(CommandLine.java:2078)
        at com.ibm.security.apps.controller.management.setup.command.PicoCliCommandExecutor.execute(PicoCliCommandExecutor.java:24)
        at com.ibm.security.apps.controller.management.setup.ControllerSetup.main(ControllerSetup.java:31)
Caused by: java.net.NoRouteToHostException: No route to host (Host unreachable)
        at java.net.PlainSocketImpl.socketConnect(Native Method)
        at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:380)
        at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:236)
        at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:218)
        at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:403)
        at java.net.Socket.connect(Socket.java:682)
        at okhttp3.internal.platform.Platform.connectSocket(Platform.java:129)
        at okhttp3.internal.connection.RealConnection.connectSocket(RealConnection.java:247)
        at okhttp3.internal.connection.RealConnection.connectTunnel(RealConnection.java:219)
        at okhttp3.internal.connection.RealConnection.connect(RealConnection.java:161)
        at okhttp3.internal.connection.StreamAllocation.findConnection(StreamAllocation.java:258)
        at okhttp3.internal.connection.StreamAllocation.findHealthyConnection(StreamAllocation.java:135)
        at okhttp3.internal.connection.StreamAllocation.newStream(StreamAllocation.java:114)
        at okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.java:42)
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121)
        at okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.java:93)
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121)
        at okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.java:93)
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
        at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.java:127)
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121)
        at io.fabric8.kubernetes.client.utils.BackwardsCompatibilityInterceptor.intercept(BackwardsCompatibilityInterceptor.java:133)
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121)
        at io.fabric8.kubernetes.client.utils.TokenRefreshInterceptor.intercept(TokenRefreshInterceptor.java:38)
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121)
        at io.fabric8.kubernetes.client.utils.ImpersonatorInterceptor.intercept(ImpersonatorInterceptor.java:68)
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121)
        at io.fabric8.kubernetes.client.utils.HttpClientUtils.lambda$createApplicableInterceptors$6(HttpClientUtils.java:311)
        at io.fabric8.kubernetes.client.utils.HttpClientUtils$$Lambda$115/0x00000000b049e230.intercept(Unknown Source)
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121)
        at okhttp3.RealCall.getResponseWithInterceptorChain(RealCall.java:257)
        at okhttp3.RealCall.execute(RealCall.java:93)
        at io.fabric8.kubernetes.client.dsl.base.OperationSupport.retryWithExponentialBackoff(OperationSupport.java:591)
        at io.fabric8.kubernetes.client.dsl.base.OperationSupport.handleResponse(OperationSupport.java:564)
        at io.fabric8.kubernetes.client.dsl.base.OperationSupport.handleResponse(OperationSupport.java:527)
        at io.fabric8.kubernetes.client.dsl.base.OperationSupport.handleResponse(OperationSupport.java:510)
        at io.fabric8.kubernetes.client.dsl.base.BaseOperation.listRequestHelper(BaseOperation.java:140)
        ... 16 more
ERROR: Command failed; error: 1. Log File: /var/log/apphost/management-20221128152921904.log.

Cause

The error occurs when you have incorrect OS level Proxy settings and running manageAppHost as the root user without using sudo

The NO_PROXY setting is missing at the OS level, which needs to match the /etc/systemd/system/k3s.service.env proxy settings.

Resolving The Problem

The NO_PROXY setting at the OS level and in the /etc/systemd/system/k3s.service.env file must match. You need to contact your internal IT department to make those changes.

Use uppercase variables setting the proxy at the OS level (HTTP_PROXY, HTTPS_PROXY, NO_PROXY) as manageAppHost crashes using lowercase variables

Example of current proxy settings at the OS level

#env |grep -i proxy
HTTP_PROXY=http://proxy.corp.com:8080
HTTPS_PROXY=http://proxy.corp.com:8080

Example of the /etc/systemd/system/k3s.service.env file

HTTP_PROXY=http://proxy.corp.com:8080 
HTTPS_PROXY=http://proxy.corp.com:8080
NO_PROXY=localhost,127.0.0.1,0.0.0.0,localaddress,corp.com,10.0.0.0/8

* Run this command to add the NO_PROXY Setting for your current session

#export NO_PROXY=localhost,127.0.0.1,0.0.0.0,localaddress,corp.com,10.0.0.0/8

With the NO_PROXY setting now corrected, running this command displays the same information as seen in the /etc/systemd/system/k3s.service.env file

$env |grep -i proxy
HTTP_PROXY=http://proxy.corp.com:8080 
HTTPS_PROXY=http://proxy.corp.com:8080 
NO_PROXY=localhost,127.0.0.1,0.0.0.0,localaddress,corp.com,10.0.0.0/8

If logged in as the root user and your proxy settings are missing NO_PROXY, then you need to use sudo with the manageAppHost command to run install and upgrade.

Adding the NO_PROXY setting to match the etc/systemd/system/k3s.service.env file permits you to run the manageAppHost commands.

When logged in as the appadmin user, or another non-root privileged user, you are forced to use sudo with the manageAppHost command so the command succeeds.

$ manageAppHost install
Please run this command with sudo.
$

Related Information

Configure proxy authentication

Document Location

Worldwide

[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSA230","label":"IBM Security QRadar SOAR"},"ARM Category":[{"code":"a8m0z0000001jTpAAI","label":"Integrations-\u003EAppHost"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Tips

Unable to run common manageAppHost commands on the IBM Security QRadar SOAR App Host server

Troubleshooting

Problem

Symptom

Cause

Resolving The Problem

Related Information

Document Location

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?