IBM Support

QRadar: Patch update failed with error "Patch pretest 'Validate deployment hostnames' failed. (validate_hostname.sh)"

Troubleshooting


Problem

During a QRadar® upgrade, the patch fails on the pre-test stage with the error:
[INFO](testmode) Running pretest 7/11: Validate deployment hostnames
ERROR: The hostnames in the deployment failed validation.
Patch pretest 'Validate deployment hostnames' failed. (validate_hostname.sh)

Cause

This issue is caused by one of the managed hosts in the deployment without a proper FQDN in the /etc/hostname file.

Diagnosing The Problem

Starting on QRadar® 7.4 the patch reports the managed host that does not have an FQDN in the /etc/hostname. Review the /var/log/setup-xxxx-xx.xxxx/patches.log for this error:
 [INFO](testmode) Running pretest 7/11: Validate deployment hostnames
ERROR: The hostnames in the deployment failed validation.
 - Failed to validate full hostname for qradar-ec01: 'Hostname is not fully qualified (no domain).'

ERROR: The hosts with the invalid hostname must be renamed using the qchange_netsetup command before patching.
[ERROR](testmode) Patch pretest 'Validate deployment hostnames' failed. (validate_hostname.sh)
 [INFO](testmode) Running pretest 8/11: Check for QIF appliances in deployment
Before QRadar® 7.4, the FQDN can be checked in the managed hosts by running:
cat /etc/hostname
On larger deployments, the all_servers.sh script can be used to check the whole deployment. In the following example, the managed host "qradar-ec01" does not have an FQDN as the domain portion is missing.
/opt/qradar/support/all_servers.sh -Ck "echo '-> hostname -f'; hostname -f; echo '-> /etc/hostname'; cat /etc/hostname; echo '-> hostnamectl'; hostnamectl | grep hostname"

10.11.12.2 -> qradar-con01.test.local
Appliance Type: 3199    Product Version: 2019.14.5.20200929154613
 20:50:34 up 10:43,  1 user,  load average: 1.56, 1.36, 1.41
------------------------------------------------------------------------
-> hostname -f
qradar-con01.test.local
-> /etc/hostname
qradar-con01.test.local
-> hostnamectl
   Static hostname: qradar-con01.test.local

10.11.12.3 -> qradar-ep01.test.local
Appliance Type: 1699    Product Version: 2019.14.5.20200929154613
 20:50:34 up 13:38,  0 users,  load average: 0.54, 0.60, 0.79
------------------------------------------------------------------------
-> hostname -f
qradar-ep01.test.local
-> /etc/hostname
qradar-ep01.test.local
-> hostnamectl
   Static hostname: qradar-ep01.test.local
   
10.11.12.4  -> qradar-ec01
Appliance Type: 1599    Product Version: 2019.14.5.20200929154613
 20:50:34 up 13:29,  0 users,  load average: 0.28, 0.53, 0.61
------------------------------------------------------------------------
-> hostname -f
qradar-ec01
-> /etc/hostname
qradar-ec01
-> hostnamectl
   Static hostname: qradar-ec01

Resolving The Problem

To correct this issue, the administrator needs to set the FQDN in the affected managed host.
Note: The instructions in this technote are meant to address only this patch precheck on managed hosts. These instructions do not apply when the Console or the App host is the one without an FQDN. 
To perform any network-related task such as changing hostname, changing IP, or subnet, the administrator must use the qchange_netsetup utility.
  1. Press enter until the patch screen session is closed.
  2. SSH into the managed host without the FQDN.
      
    ssh <managed_host_ip>
  3. Then, run the following command to set the FQDN:
    Note: It is recommended that the domain portion matches the Console unless otherwise designed by the administrator and ensure the FQDN is all lowercase.
     
    hostnamectl set-hostname <fqdn>
    Example based on the "Diagnosing the Problem" section: 
    hostnamectl set-hostname qradar-ec01.test.local
  4. Verify the FQDN is set properly by running these commands:
      
    # hostname -f
qradar-ec01.test.local

# cat /etc/hostname
qradar-ec01.test.local

# hostnamectl | grep hostname
   Static hostname: qradar-ec01.test.local
  5. Run the patch again. 
      
    /media/updates/installer

Document Location

Worldwide

[{"Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwtdAAA","label":"Upgrade"}],"ARM Case Number":"TS004565666","Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Version(s)"}]

Document Information

Modified date:
22 September 2021

UID

ibm16378240

Page Feedback