How To
Summary
When you install IBM QRadar® products, the installer (ISO image) is copied to the recovery partition. From this partition, you can reinstall QRadar products.
Objective
The factory reinstall image from the recovery partition does not get upgraded when the running partition is being patched. If a server must be factory reinstalled, all the upgrades need to be reapplied to bring the system up to date. To avoid losing time and recover a system faster, the original recovery image can be replaced with a newer image, thus allowing the system rebuild to be closer to the wanted version.
Steps
Not all QRadar systems have a recovery partition. For example, software installs do not. For systems that have a recovery partition, the recovery.py script allows for the replacement of the factory ISO image with a newer or older image. If you do not have the ISO, go to Fix Central, and download the version you want to set in the recovery partition.
- SSH into the QRadar Console as root.
- Run the following command to verify the current image in the recovery partition:
file /recovery/2020110/product.iso
- To replace the existing ISO on the recovery partition with a new ISO, type the following command:
/opt/qradar/bin/recovery.py -r <Path to new ISO>
[root@qradar-750 ~]# /opt/qradar/bin/recovery.py -r /storetmp/750_QRadar_QRFULL_2021.6.0.20211220195207.iso INFO : Successfully mounted /recovery INFO : copying /storetmp/750_QRadar_QRFULL_2021.6.0.20211220195207.iso to /recovery/202160/750_QRadar_QRFULL_2021.6.0.20211220195207.iso INFO : copying /mnt/iso/images/updates.img to /recovery/202160/images/updates.img INFO : Found iso /recovery/202160/750_QRadar_QRFULL_2021.6.0.20211220195207.iso as QRadar 7.5.0 GA (Build 20211220195207) INFO : Wrote new grub.cfg INFO : Synced the new grub.cfg to disk INFO : copying /var/log/recovery.log to /recovery/recovery-2022-09-21.log INFO : Re-install ready
Result
Upon restart, the GRUB menu shows the new version of the recovery image. The following is an example of what the GRUB menu might display for a QRadar 7.5.0 ISO:
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwsyAAA","label":"Admin Tasks"}],"ARM Case Number":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
28 September 2022
UID
ibm16490659