Troubleshooting

The scanner appliance is not picking up the user data provided in the customization script.

If you are facing any issues, you need to check few things.

  • Metadata service is configured correctly and it'’ enabled and working fine.
  • Your security group rules are configured correctly.

  • Our appliance supports both modes. At least No valid host was found. There are not enough hosts available. A scanner appliance instance requires at least 56 GB of free disk space and 2GB of memory. Choose the correct flavor while launching the instance.

  • In OpenStack, there are two ways in which an instance can access the metadata over the network.
  • Router NameSpace
  • DHCP NameSpaceOur appliance supports both modes.

No valid host was found. There are not enough hosts available.

Scanner appliance instance requires at least 56 GB free disk space and 2GB memory.

Choose the correct flavor while launching the instance.

Sample XML TemplateSample XML Template

This is the XML template extracted from the tar. You can modify this according to your environment before using it.

 XML Template

<domain type='kvm'>
    <name>qVSA-2.7.29-1</name>
    <uuid></uuid>
    <title>Qualys Virtual Scanner Appliance, build:qVSA-2.7.29-1</title>
    <description>Qualys Virtual Scanner Appliance, build:qVSA-2.7.29-1</description>
    <memory unit='MiB'>2048</memory>
    <vcpu placement='auto'>1</vcpu>
    <sysinfo type='smbios'>
        <system>
            <entry name='serial'>CONFIG:|k=v..,base64-encoded|</entry>
        </system>
    </sysinfo>
    <os>
        <type arch='i686' machine='pc'>hvm</type>
        <boot dev='hd'/>
        <smbios mode='sysinfo'/>
    </os>
    <features>
        <acpi/>
        <apic/>
        <pae/>
    </features>
    <cpu mode='host-passthrough' check='none'/>
    <clock offset='utc'>
        <timer name='rtc' tickpolicy='catchup'/>
        <timer name='pit' tickpolicy='delay'/>
        <timer name='hpet' tickpolicy='catchup'/>
    </clock>
    <on_poweroff>destroy</on_poweroff>
    <on_reboot>restart</on_reboot>
    <on_crash>destroy</on_crash>
    <pm>
        <suspend-to-mem enabled='yes'/>
        <suspend-to-disk enabled='no'/>
    </pm>
    <devices>
        <disk type='file' device='disk'>
            <driver name='qemu' type='qcow2'/>
            <source file='qVSA-2.7.29-1.qcow2'/>
            <backingStore/>
            <target dev='vda' bus='virtio'/>
            <alias name='virtio-disk0'/>
        </disk>
        <controller type='pci' index='0' model='pci-root'>
            <alias name='pci.0'/>
        </controller>
        <controller type='usb' index='0' model='none'>
            <alias name='usb'/>
        </controller>
        <controller type='virtio-serial' index='0'>
            <alias name='virtio-serial0'/>
        </controller>
        <interface type='network'>
            <source network='default'/>
            <model type='virtio'/>
            <alias name='net0'/>
        </interface>
        <serial type='pty'>
            <target type='isa-serial' port='0'>
                <model name='isa-serial'/>
            </target>
            <alias name='serial0'/>
        </serial>
        <console type='pty'>
            <target type='serial' port='0'/>
            <alias name='serial0'/>
        </console>
        <input type='keyboard' bus='ps2'>
            <alias name='input0'/>
        </input>
        <graphics type='vnc' port='-1' autoport='yes' listen='0.0.0.0'>
            <listen type='address' address='0.0.0.0'/>
        </graphics>
        <video>
            <model type='cirrus' vram='16384' heads='1' primary='yes'/>
            <alias name='video0'/>
        </video>
        <rng model='virtio'>
            <backend model='random'>/dev/random</backend>
            <alias name='rng0'/>
        </rng>
    </devices>
</domain>

Issues Deploying QVSA image with Q35 as the Default Hardware

For an OpenStack setup configured with the default Q35 virtualization machine chipset type, qVSA loads virtio_blk/virtio_scsi to take control of the virtio block/scsi device. Still, because it cannot probe and take control of the storage device, initrd operations fail. There are 2 possible solutions to resolve this issue, depending on whether you are comfortable using i440fx. 

Solution 1: Customers who do not want to use i440fx

In this solution, we try to use other qemu emulations for storage and network. We use qemu emulation for Intel 82540EM Gigabit Ethernet Controller (e1000) as a network adapter and qemu-scsi-disk emulation for storage using the below command on the controller node.   Execute the following command on the controller node:

openstack image set --property hw_vif_model='e1000' --property hw_disk_bus='sata' <qvsa-image-id>

Example: 

openstack image set --property hw_vif_model='e1000' --property hw_disk_bus='sata' 9a1022bb-8bec-4ba1-8935-abdc2931e8b7

Solution 2: Customers who are flexible using i440fx

This solution is for customers with infrastructure-wide default configuration as Q35, but flexibility to use i440fx as long as they can create an exception on the compute node just for the scanner vm to use i440fx. Execute the following command on controller node: 

openstack image set --property hw_machine_type='pc-i440fx-rhel7.0.0' --property os_distro=rhel --property os_version='6.10' <qvsa-image-id>

Example: 

openstack image set --property hw_machine_type='pc-i440fx-rhel7.0.0' --property os_distro=rhel --property os_version='6.10' 9a1022bb-8bec-4ba1-8935-abdc2931e8b7

To check the machine type supported by OpenStack/qemu-compute

To check what machine type OpenStack or qemu-compute supports, run the command 'virsh capabilities' on the compute node.  Execute the following command on the compute node: 

[root@compute1 ~]# virsh capabilities

Sample command outputSample command output

 Sample

<capabilities>
...
    <guest>
        <os_type>hvm</os_type>
        <arch name='i686'>
            <wordsize>32</wordsize>
            <emulator>/usr/libexec/qemu-kvm</emulator>
            <machine maxCpus='240'>pc-i440fx-rhel7.6.0</machine>
            <machine canonical='pc-i440fx-rhel7.6.0' maxCpus='240'>pc</machine>
            <machine maxCpus='240'>pc-i440fx-rhel7.0.0</machine>
            <machine maxCpus='240'>pc-i440fx-rhel7.5.0</machine>
            <machine maxCpus='240'>pc-i440fx-rhel7.3.0</machine>
            <machine maxCpus='710'>pc-q35-rhel8.3.0</machine>
            <machine maxCpus='710'>pc-q35-rhel7.6.0</machine>
            <machine maxCpus='240'>pc-i440fx-rhel7.1.0</machine>
            <machine maxCpus='710'>pc-q35-rhel8.1.0</machine>
            <machine maxCpus='710'>pc-q35-rhel7.4.0</machine>
            <machine maxCpus='710'>pc-q35-rhel8.4.0</machine>
            <machine canonical='pc-q35-rhel8.4.0' maxCpus='710'>q35</machine>
            <machine maxCpus='240'>pc-i440fx-rhel7.4.0</machine>
            <machine maxCpus='710'>pc-q35-rhel8.2.0</machine>
            <machine maxCpus='710'>pc-q35-rhel7.5.0</machine>
            <machine maxCpus='240'>pc-i440fx-rhel7.2.0</machine>
            <machine maxCpus='710'>pc-q35-rhel8.0.0</machine>
            <machine maxCpus='255'>pc-q35-rhel7.3.0</machine>
            <domain type='qemu'/>
            <domain type='kvm'/>
        </arch>
...

For more help on troubleshooting, refer to the Scanner Appliance Troubleshooting guide

© 2024 Qualys, Inc. All rights reserved. Privacy Policy.