Setting up a JSA Silent Installation
JSA Console only Install IBM JSA "silently," or perform an unattended installation.
-
You must have the JSA ISO for the release that you want to install.
-
Modify the SELINUX value in the
/etc/sysconfig/selinux
file toSELINUX=disabled
, and restart the system. -
You must install Red Hat Enterprise Linux (RHEL) on the system where you want to install JSA. For more information, see Installing RHEL on your own appliance. The following table describes the version of Red Hat Enterprise Linux used with the JSA version.
JSA Version |
Red Hat Enterprise Linux Version |
---|---|
JSA 7.5.0 GA to JSA 7.5.0 Update Package 7 |
Red Hat Enterprise Linux V7.9 64-bit |
JSA 7.5.0 Update Package 8 |
Red Hat Enterprise Linux V8.8 64-bit |
As the root user, use SSH to log on to the host where you want to install JSA.
In the root directory of the host where you want to install JSA, create a file that is named AUTO_INSTALL_INSTRUCTIONS and contains the following content:
Table 2: Silent Install File parameters. Parameters that are listed as "Optional" are required in the AUTO_INSTALL_INSTRUCTIONS file, but can have no value. Parameter
Value
Required?
Description
Permitted values
force
Required
Forces the installation of the appliance despite any hardware issues. true or false
api_auth_token
Optional An authorization token. For more information about managing authorized services, see the Juniper Secure Analytics Administration Guide Authorization token appliance_number
Optional The identifier for the appliance 0, 3105, 1201, and so on. appliance_oem
Required Identifies the appliance provider. JSA and so on
appliance_filter
Required The appliance name or identifier. vmware, na
bonding enabled
Required Specifies whether you are using bonded interfaces. true or false
bonding_interface
If using bonded interfaces, then required. The MAC addresses for the interfaces that you are bonding, separated by commas. <interface_name =mac_address><secondary_interface_name=mac_address> bonding_interface_name
If using bonded interfaces, then required. Identifies the bonding interface. bond0 bonding_options
If using bonded interfaces, then required. The Linux options for bonded interfaces. Example: miimon=100 mode=4 lacp_rate=1 ha_cluster_virtual_ip
Optional Specifies the IP address for the HA cluster ip_address hostname
Required The fully qualified host name for JSA system ip_protocol
Required The IP protocol for this host. ipv4, ipv6 ip_dns_primary
If ip_protocol is set to IPv4, then required The primary DNS server. A valid IPv4 address ip_dns_secondary
If ip_protocol is set to IPv4, then required The secondary DNS server. A valid IPv4 address ip_management_interface
Required The interface name, and the MAC address of the management interface. You can use either, or both separated by "=". ipv4_address
If ip_protocol is set to IPv4, then required The IP address of the host that you are installing the software on. A valid IPv4 address ipv4_address_public
If ip_protocol is set to IPv4, and NATed, then required The public IP address of the host that you are installing the software on. A valid IPv4 address ipv4_gateway
If ip_protocol is set to IPv4, then required The network gateway for this host A valid IPv4 address ipv4_network_mask
If ip_protocol is set to IPv4, then required The netmask for this host ip_v6_address
If ip_protocol is set to IPv6, then required The IPv6 address of the JSA installation if required. A valid IPv6 address ip_v6_address_public
If ip_protocol is set to IPv6, and NATed, then required The public IP address of the host that you are installing the software on. A valid IPv6 address ip_v6_autoconf
Required Specifies whether IPv6 is autoconfigured. true or false
ip_v6_gateway
Not Required Leave empty. is_console
Required Specifies whether this host is the console within the deployment
console in the deploymenttrue
- This host is thefalse
- This is not the console and is another type of managed host (Event or Flow Processor, and so on)is_console_standby
Required Specifies whether this host is an HA console standby true or false
admin_password
Optional The password for the administrator account. You can encrypt the password if required. If you leave this parameter blank, the password is not updated. <password>
Important: Your
company's security policies can prevent you from entering a password in a static file on theappliance.Defined, or leaving the value empty to use a previously entered password on an upgrade.
root_password
Required The password for the root account. You can encrypt the password, if required. If you leave this parameter blank, the password is not updated. <password>
Important: Your
company's security policies can prevent you from entering a password in a static file on the appliance.Defined, or leaving
the value empty uses a previously entered password on an upgrade.security_template
If isconsole is set to Y, then required The security template
This value must be consistent with the value entered in appliance_number.Enterprise - for all
SIEM-based hosts
Logger - for Log Manager
time_current_date
Required The current date for this host.
Use the following format:
YYYY/MM/DD format
time_current_time
Required The time for the host in the 24 hour
format HH:MM:SS.
time_ntp_server
Optional The FQHN or IP address of the network time protocol (NTP) server. timezone
Required The time zone from the TZ database. Europe/London
GMT
America/Montreal
America/New_York
America/Los_Angeles
Asia/Tokyo, and so on.
type_of_setup
Required Specifies the type of installation for this host normal- A standard JSA managed host or console deployment.
recovery - A High Availability (HA) recovery installation on this host.
Example:
#0.0.1 ai_force=<true_false> ai_api_auth_token= <certificate> ai_appliance_number= <####> ai_appliance_oem= <qradar_forensics_or_oem> ai_appliance_filter= <appliance_number_or_identifier> ai_bonding_enabled= <true_or_false> ai_bonding_interfaces= <mac_address> ai_bonding_interface_name= <interface_identifier> ai_bonding_options= <bonding_option_identifiers> ai_gateway_setup_choice= <true_or_false> ai_ha_cluster_virtual_ip= <IP_address> ai_hostname= <hostname_with_FQDN> ai_ip_dns_primary= <IP_address_of _primary_DNS> ai_ip_dns_secondary= <IP_address_of_secondary DNS> ai_ip_management_interface= <MAC_address> ai_ip_protocol= <ipv4_or_ipv6> ai_ip_v4_address= <IP_address> ai_ip_v4_address_public= <public_IP_address> ai_ip_v4_gateway= <IP_address_of_gateway> ai_ip_v4_network_mask= <network_mask> ai_ip_v6_address= <IPv6_address> ai_ip_v6_address_public= <IPv6_public_address> ai_ip_v6_autoconf= <true_false> ai_ip_v6_gateway= <IP_address> ai_is_console= <true_or_false>ai_is_console_standby= <true_or_false> ai_root_password= <password_for_root_account> ai_security_template= <enterprise_or_logger> ai_time_current_date= <yyyy-mm-dd> ai_time_current_time= <hh:mm:ss> ai_time_ntp_server= <ntpserver_hostserver> ai_timezone= <EST_or_PST_or_timezone> ai_type_of_setup= <normal_or_recovery> ai_console_host= <IP_address_or_identifier_for_SIOC_7000_host> ai_http_proxy_host= <SIOC_7000_proxy_hostname> ai_http_proxy_password= <SIOC_7000_proxy_password> ai_http_proxy_port= <SIOC_7000_proxy_port> ai_http_proxy_user= <SIOC_7000_proxy_user_name> ai_internet_access_mode= <SIOC_7000_direct_or_proxy>
Replace the configuration settings in the file with ones that are suitable for your environment.
Note:Ensure that the
AUTO_INSTALL_INSTRUCTIONS
file has no extension, such as .txt, or .doc. The installation does not succeed if the file has an extension.Using an SFTP program copy the JSA ISO to the host where you want to install JSA.
On the host where you are installing, create a /media/cdrom directory on the host by using the command:
mkdir /media/cdrom
Mount the JSA ISO by using the command:
mount -o loop <qradar.iso> /media/cdrom
Run the JSA setup by using the command:
/media/cdrom/setup
Open the End User License Agreement (EULA) at /media/cdrom/EULA.txt and review.
To agree to the EULA,
add --accept-eula
to the /media/cdrom/setup command.When you add
--accept-eula
, you bypass the EULA prompt.