Troubleshooting
Problem
The upgrade of QRadar SOAR from 50.0.x/50.1.x/50.2.x to 51.0.0.x might fail because the file, /etc/passwd was changed to stop the postgres user from being able to log in to a shell.
Symptom
The upgrade output shows an error such. The upgrade failed.
Installing packages...
Backing up elasticsearch configuration files...
Upgrading IBM Security SOAR...
Upgrading Postgres to 14...
Updating Function res_sha256...
Stopping postgresql-12...
Initialising postgresql-14...
Stopping services...
Checking upgrade...
Installing pgcrypto extension...
2023-11-21 06:53:10.568 GMT [78025] LOG: skipping missing configuration file "/var/lib/pgsql/14/data/postgresql.auto.conf"
pg_ctl: directory "/var/lib/pgsql/14/data" is not a database cluster directory
psql: error: connection to server on socket "/var/run/postgresql/.s.PGSQL.5432" failed: No such file or directory
Is the server running locally and accepting connections on that socket?
2023-11-21 06:53:10.636 GMT [78037] LOG: skipping missing configuration file "/var/lib/pgsql/14/data/postgresql.auto.conf"
pg_ctl: directory "/var/lib/pgsql/14/data" is not a database cluster directory
Rolling back because stopping Postgres 12 failed
Please check /usr/share/co3/logs/postgresql_12_to_14_2023-11-21_06:50:28.log for further information
Failed to upgrade IBM Security SOAR
To roll back the installation, run the command: sudo bash /crypt/resRollbackServerUpgrade /crypt/db_restore_points/before-upgrade-51.0.0.0.9335-20231114234143 7
Cause
This PostgreSQL bug means that the postgres user needs to be able to log in to a shell as part of its installation.
Diagnosing The Problem
Check that the postgres user has bash as its shell. Run the following command.
sudo grep 'postgres.*bash' /etc/passwd
If nothing is returned, it means the file /etc/passwd was modified so that the postgres user is unable to log in to a shell.
The postgres users must be able to log in to a shell while upgrading from 50.x to 51.0.0.x.
Resolving The Problem
Before running the rollback command, you must do the following.
sudo systemctl --now mask postgresql-14
sudo systemctl restart postgresql-12
Now you can roll back by using the rollback command provided in the failed upgrade output.
Before attempting the upgrade again, you must temporarily allow the postgres user to log into a bash shell.
usermod postgres -s /bin/bash
After the upgrade, revert to disallowing the postgres user from being able to log in to a bash shell.
sudo usermod postgres -s /usr/sbin/nologin
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSA230","label":"IBM Security QRadar SOAR"},"ARM Category":[{"code":"a8m0z000000cw4bAAA","label":"Resilient Core"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
26 November 2023
UID
ibm17080121