Wednesday, October 1, 2025

ThreatQ Version 6.12.0 Installation with Kubernetes setup in RedHat Enterprise Linux 9.4

 

Setup Details: 

CPU: 12Cores

Memory : 64GB

Disk: 800GB Disk (Thin Provisioned)

OS: RedHat Enterprise 9.4

VM IP Address: 10.50.10.40 / threatqv6.cdsys.local

Non-sudo user: crest


Steps: 

Reference Document: Document

Set the maximum number of inotify instances for the installing user to 300.

sudo sed -i '/^fs\.inotify\.max_user_instances/d' /etc/sysctl.conf && printf "fs.inotify.max_user_instances = 300\n" | sudo tee -a /etc/sysctl.conf >/dev/null && sudo sysctl -p

Enable the RedHat subscription and pin current RHEL 9 release so that you cannot inadvertently upgrade your RHEL 9 environment to an unsupported release

subscription-manager register --username=username --password=password  (Use correct username and passwords)

subscription-manager release --show

subscription-manager release --set=9.4

subscription-manager release --show

yum clean all

Add a configuration file for RKE2

sudo mkdir -p /etc/rancher/rke2

sudo tee /etc/rancher/rke2/config.yaml <<EOF > /dev/null
node-name: node
node-ip:     10.50.10.40
node-external-ip: 10.50.10.40
EOF


Enable SElinux in the rke2 config file:

echo "selinux: true" | sudo tee -a /etc/rancher/rke2/config.yaml > /dev/null

Add RKE2 and associated utilities:

sudo tee /etc/profile.d/rke2.sh <<EOF > /dev/null
export PATH="\$PATH:/var/lib/rancher/rke2/bin"
EOF

source /etc/profile.d/rke2.sh

Reboot the VM

reboot

Install RKE2 as a Server Node (Don't Start the service)

curl -sfL https://get.rke2.io | sh -

systemctl status rke2-server.service

systemctl enable rke2-server.service

Reboot the VM

reboot

Check RKE2 service status

systemctl status rke2-server.service

Copy the RKE2 kubeconfig file to non-root user's home directory and set the appropriate permissions (same can be created for root user as well)

mkdir -p ~/.kube
sudo cp /etc/rancher/rke2/rke2.yaml ~/.kube/config
sudo chmod 600 ~/.kube/config

su - crest

mkdir -p ~/.kube
sudo cp /etc/rancher/rke2/rke2.yaml ~/.kube/config
sudo chmod 600 ~/.kube/config
sudo chown crest:crest ~/.kube/config

Switch to root user and check the status of pods.

su - root

kubectl get pods -A

Download the most recent version of TQAdmin by below command.

cd /opt/

curl -fO -u cds https://install-v6.threatq.com/tqadmin.rpm

Install TQAdmin

sudo rpm -Uvh tqadmin.rpm

Run the following command to provision your deployment:

sudo /usr/local/bin/tqadmin configure

Do you want to enable OpenDXL (TQX)? (yes/no): no
Do you want to enable the embedded TAXII server? (yes/no): yes
Do you want to use your own SSL certificate? (yes/no): yes
Enter the file path for your certificate: /opt/certs/cert.crt
Enter the file path for your private key: /opt/certs/cert.key
Do you want to enable CAC/mTLS? (yes/no): no
Enter the FQDN of the server: threatqv6.cdsys.local
Enter your YUM repository username: cds
Enter your YUM repository password: <yum repo password which is of threatq portal to get the threatq updates>

Run the following command to Install ThreatQ (Installer will take approximately 15mins and during this window keep an eye on the screen and don't leave it idle, you can press space bar to keep the session active)

/usr/local/bin/tqadmin platform install

Run the following command to generate the initial password for the ThreatQ Admin user (username = admin):

sudo /usr/local/bin/tqadmin password

Verify your ThreatQ installation, check the status of the pods and services in your Kubernetes cluster.

kubectl get pods -A

kubectl get svc -A

kubectl get pods -n threatq

Access the ThreatQ using WebUI with https



No comments:

Post a Comment