Troubleshooting
Problem
When done performing the initial pairing, the App Host or Edge Gateway shows as running, after 5 minutes, it goes offline.
Cause
There is a conflict with the network used for the App Host or Edge Gateway primary IP address and the network used for kubernetes
App Host network is using 10.0.0.0/8
Kubernetes.K3s is using 10.42.0.0/24
Environment
SOAR 51.x
App Host or Edge Gateway 1.15.x
Diagnosing The Problem
With the netstat command you can see the networking configuration observing the cni0 and eth0 interfaces
$ netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 10.0.x.x 0.0.0.0 UG 0 0 0 eth0
10.42.0.0 0.0.0.0 255.255.0.0 U 0 0 0 cni0
10.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 eth0
Can also confirm the k3s CIDR network with
$ sudo kubectl get nodes -A -o yaml | grep -A 2 CIDR
podCIDR: 10.42.0.0/24
podCIDRs:
- 10.42.0.0/24
providerID: k3s://apphost.localdomain
Resolving The Problem
If installed on an appliance using the .ova, you need to perform a fresh install, of the OVA on a new system, which will give you the option to change the CIDR range
The cluster settings are listed as
Cluster CIDR and Service CIDR, the default values of which are 10.42.0.0/16 and 10.43.0.0/16 respectively. You can change these to valid CIDR values, such as 172.16.0.0/16 and 172.17.0.0/16
BOOTPROTO : dhcp
IP Address : 192.168.x.x
CLUSTER CIDR : 10.42.0.0/16
SERVICE CIDR : 10.43.0.0/16
Does this look correct? Y/[NO] N
Please specify "static" or "dhcp": static
Please specify your desired IP address: 192.168.x.x
success
Please specify your desired Gateway: 192.168.x.x
success
Please specify your desired Netmask: 255.255.255.0
success
Please specify your desired DNS Server: x.x.x.x
success
Please specify the DNS Search Domain: add or leave blank
Please specify your cluster CIDR (or press ENTER for the default 10.42.0.0.16): 172.16.0.0/16
success
Please specify your service CIDR (or press ENTER for the default 10.43.0.0.16): 172.17.0.0/16
Please verify the new network settings:
BOOTPROTO : static
IP ADDRESS : 192.168.x.x
GATEWAY : 192.168.x.x
NETMASK : 255.255.255.0
DNS : x.x.x.x
DOMAIN :
CLUSTER CIDR: 172.16.0.0/16
SERVICE CIDR: 172.17.0.0/16
Does this look correct? Y/[N] Y
If installed on a stand-alone BYORH you can perform an uninstall of App Host or Edge Gateway and k3s
$ sudo yum remove apphost --setopt=clean_requirements_on_remove=1
$ sudo yum remove k3s
Next is to re-install App Host or Edge Gateway
assuming you have apphost-1.15.0.698.run in the /tmp directory
$ sudo bash /tmp/apphost-1.15.0.698.run -- --cluster-cidr=172.16.0.0/16 --service-cidr=172.17.0.0/16
Running the netstat command you will now see
$ netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 10.0.x.x 0.0.0.0 UG 0 0 0 eth0
172.16.0.0 0.0.0.0 255.255.0.0 U 0 0 0 cni0
10.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 eth0
Related Information
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSA230","label":"IBM Security QRadar SOAR"},"ARM Category":[{"code":"a8m0z0000001jTpAAI","label":"Integrations-\u003EAppHost"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
24 June 2024
UID
ibm17158308