Setting up a JSA Silent Installation
JSA Console only Install IBM JSA "silently," or perform an unattended installation.
-
You must have the JSA ISO for the release that you want to install.
-
Modify the SELINUX value in the
/etc/sysconfig/selinuxfile toSELINUX=disabled, and restart the system. -
You must install Red Hat Enterprise Linux (RHEL) on the system where you want to install JSA. For more information, see Installing RHEL on your own appliance. The following table describes the version of Red Hat Enterprise Linux used with the JSA version.
|
JSA Version |
Red Hat Enterprise Linux Version |
|---|---|
|
JSA 7.5.0 GA to JSA 7.5.0 Update Package 7 |
Red Hat Enterprise Linux V7.9 64-bit |
| JSA 7.5.0 Update Package 8 |
Red Hat Enterprise Linux V8.8 64-bit |
As the root user, use SSH to log on to the host where you want to install JSA.
In the root directory of the host where you want to install JSA, create a file that is named AUTO_INSTALL_INSTRUCTIONS and contains the following content:
Table 2: Silent Install File parameters. Parameters that are listed as "Optional" are required in the AUTO_INSTALL_INSTRUCTIONS file, but can have no value. Parameter
Value
Required?
Description
Permitted values
forceRequired
Forces the installation of the appliance despite any hardware issues. true or falseapi_auth_tokenOptional An authorization token. For more information about managing authorized services, see the Juniper Secure Analytics Administration Guide Authorization token appliance_numberOptional The identifier for the appliance 0, 3105, 1201, and so on. appliance_oemRequired Identifies the appliance provider. JSA and so onappliance_filterRequired The appliance name or identifier. vmware, nabonding enabledRequired Specifies whether you are using bonded interfaces. true or falsebonding_interfaceIf using bonded interfaces, then required. The MAC addresses for the interfaces that you are bonding, separated by commas. <interface_name =mac_address><secondary_interface_name=mac_address> bonding_interface_nameIf using bonded interfaces, then required. Identifies the bonding interface. bond0 bonding_optionsIf using bonded interfaces, then required. The Linux options for bonded interfaces. Example: miimon=100 mode=4 lacp_rate=1 ha_cluster_virtual_ipOptional Specifies the IP address for the HA cluster ip_address hostnameRequired The fully qualified host name for JSA system ip_protocolRequired The IP protocol for this host. ipv4, ipv6 ip_dns_primaryIf ip_protocol is set to IPv4, then required The primary DNS server. A valid IPv4 address ip_dns_secondaryIf ip_protocol is set to IPv4, then required The secondary DNS server. A valid IPv4 address ip_management_interfaceRequired The interface name, and the MAC address of the management interface. You can use either, or both separated by "=". ipv4_addressIf ip_protocol is set to IPv4, then required The IP address of the host that you are installing the software on. A valid IPv4 address ipv4_address_publicIf ip_protocol is set to IPv4, and NATed, then required The public IP address of the host that you are installing the software on. A valid IPv4 address ipv4_gatewayIf ip_protocol is set to IPv4, then required The network gateway for this host A valid IPv4 address ipv4_network_maskIf ip_protocol is set to IPv4, then required The netmask for this host ip_v6_addressIf ip_protocol is set to IPv6, then required The IPv6 address of the JSA installation if required. A valid IPv6 address ip_v6_address_publicIf ip_protocol is set to IPv6, and NATed, then required The public IP address of the host that you are installing the software on. A valid IPv6 address ip_v6_autoconfRequired Specifies whether IPv6 is autoconfigured. true or falseip_v6_gatewayNot Required Leave empty. is_consoleRequired Specifies whether this host is the console within the deployment
console in the deploymenttrue- This host is thefalse- This is not the console and is another type of managed host (Event or Flow Processor, and so on)is_console_standbyRequired Specifies whether this host is an HA console standby true or falseadmin_passwordOptional The password for the administrator account. You can encrypt the password if required. If you leave this parameter blank, the password is not updated. <password>
Important: Your
company's security policies can prevent you from entering a password in a static file on theappliance.Defined, or leaving the value empty to use a previously entered password on an upgrade.
root_passwordRequired The password for the root account. You can encrypt the password, if required. If you leave this parameter blank, the password is not updated. <password>
Important: Your
company's security policies can prevent you from entering a password in a static file on the appliance.Defined, or leaving
the value empty uses a previously entered password on an upgrade.security_templateIf isconsole is set to Y, then required The security template
This value must be consistent with the value entered in appliance_number.Enterprise - for all
SIEM-based hosts
Logger - for Log Manager
time_current_dateRequired The current date for this host.
Use the following format:
YYYY/MM/DD format
time_current_timeRequired The time for the host in the 24 hour
format HH:MM:SS.
time_ntp_serverOptional The FQHN or IP address of the network time protocol (NTP) server. timezoneRequired The time zone from the TZ database. Europe/London
GMT
America/Montreal
America/New_York
America/Los_Angeles
Asia/Tokyo, and so on.
type_of_setupRequired Specifies the type of installation for this host normal- A standard JSA managed host or console deployment.
recovery - A High Availability (HA) recovery installation on this host.
Example:
#0.0.1 ai_force=<true_false> ai_api_auth_token= <certificate> ai_appliance_number= <####> ai_appliance_oem= <qradar_forensics_or_oem> ai_appliance_filter= <appliance_number_or_identifier> ai_bonding_enabled= <true_or_false> ai_bonding_interfaces= <mac_address> ai_bonding_interface_name= <interface_identifier> ai_bonding_options= <bonding_option_identifiers> ai_gateway_setup_choice= <true_or_false> ai_ha_cluster_virtual_ip= <IP_address> ai_hostname= <hostname_with_FQDN> ai_ip_dns_primary= <IP_address_of _primary_DNS> ai_ip_dns_secondary= <IP_address_of_secondary DNS> ai_ip_management_interface= <MAC_address> ai_ip_protocol= <ipv4_or_ipv6> ai_ip_v4_address= <IP_address> ai_ip_v4_address_public= <public_IP_address> ai_ip_v4_gateway= <IP_address_of_gateway> ai_ip_v4_network_mask= <network_mask> ai_ip_v6_address= <IPv6_address> ai_ip_v6_address_public= <IPv6_public_address> ai_ip_v6_autoconf= <true_false> ai_ip_v6_gateway= <IP_address> ai_is_console= <true_or_false>ai_is_console_standby= <true_or_false> ai_root_password= <password_for_root_account> ai_security_template= <enterprise_or_logger> ai_time_current_date= <yyyy-mm-dd> ai_time_current_time= <hh:mm:ss> ai_time_ntp_server= <ntpserver_hostserver> ai_timezone= <EST_or_PST_or_timezone> ai_type_of_setup= <normal_or_recovery> ai_console_host= <IP_address_or_identifier_for_SIOC_7000_host> ai_http_proxy_host= <SIOC_7000_proxy_hostname> ai_http_proxy_password= <SIOC_7000_proxy_password> ai_http_proxy_port= <SIOC_7000_proxy_port> ai_http_proxy_user= <SIOC_7000_proxy_user_name> ai_internet_access_mode= <SIOC_7000_direct_or_proxy>Replace the configuration settings in the file with ones that are suitable for your environment.
Note:Ensure that the
AUTO_INSTALL_INSTRUCTIONSfile has no extension, such as .txt, or .doc. The installation does not succeed if the file has an extension.Using an SFTP program copy the JSA ISO to the host where you want to install JSA.
On the host where you are installing, create a /media/cdrom directory on the host by using the command:
mkdir /media/cdromMount the JSA ISO by using the command:
mount -o loop <qradar.iso> /media/cdromRun the JSA setup by using the command:
/media/cdrom/setupOpen the End User License Agreement (EULA) at /media/cdrom/EULA.txt and review.
To agree to the EULA,
add --accept-eulato the /media/cdrom/setup command.When you add
--accept-eula, you bypass the EULA prompt.