Run QRadar CE on Mac OS X with Vagrant
The Vagrant file provided by IBM for running QRadar Community Edition on Mac OS X currently does not work properly. It fails with the following error:
Failure: repodata/repomd.xml from centos-gluster38: [Errno 256] No more mirrors to try. http://mirror.centos.org/centos/7/storage/x86_64/gluster-3.8/repodata/repomd.xml: [Errno 14] HTTP Error 404
The problem is that gluster3.8 was moved out of this CentOS repository and now the download fails. But the gluster3.8 RPMs are also provided with the QRadar CE installation ISO file.
Based on the workaround described here, I've extended the IBM provided Vagrantfile so that the RPMs are taken from the ISO file instead of the CentOS repository. With the modified Vagrantfile the automatic provisioning script no longer fails.
The instructions for running QRadar CE with Vagrant now look like this:
- Download the zipfile with the original Vagrantfile and the accompanying helper files from the IBM website: https://developer.ibm.com/qradar/ce/
- Create a folder and extract the zipfile:
mkdir community_edition unzip QRadarCE_Vagrantfile.20171003084145.zip -d community_edition/
- Download the modified Vagrantfile and overwrite the original one:
curl -o community_edition/Vagrantfile https://blog.x-way.org/stuff/Vagrantfile
- Make sure you have the requried Vagrant plugins installed:
vagrant plugin install vagrant-disksize vagrant plugin install vagrant-reload
- Make sure you have the QRadar CE ISO file (downloaded from the IBM website) in the same folder as the Vagrantfile:
cp QRadarCE.iso community_edition/
- Create the auto_install file to automatically install QRadar:
touch community_edition/auto_install
- Accept the EULA by adding the corresponding setup parameter in the Vagrantfile:
Edit the Vagrantfile and add the --accept-eula argument to /media/cdrom/setup --no-screen to automatically accept the EULA - Change into the folder and start the QRadar installation (takes about 1 hour):
cd community_edition vagrant up