DAST 23.2 IncompatibleOperatingSystem Kubernetes Install

I am trying to initialize DAST in a Kubernetes Cluster

  • All my Cluster VMs are Rhel9 Stigged
  • My Kubernetes is Rancher RKE 2
  • I am using fluxCD to handle pulling my Helm configurations from gitops repositories
  • I have a LIM server on a Windows Server 2019 VM
  • I have a SSC server on a Centos 8 VM

Postgresql Chart Version: 12.12.10

Postgresql Image: ironbank/opensource/postgres/postgresql:15.7

Utilizing charts from the fortify/helm-3 github repository.

ScanCentral-Dast Chart Version: 23.2.0

I made certain to load the `scancentral-dast-config-linux.tar` into docker and then push to my private registry to be referenced by my helm chart configuration, that way I am using a dast-config image with SecureBase

So far the upgradeJob is failing. I can trail the logs and watch it add/update some database entries and policies, but eventually the job halts with an error IncompatibleOperatingSystem.

kubectl -n dast logs dast-upgrade-job-kg86c -f
Defaulted container "upgrade-job" out of: upgrade-job, upgrade-prep-job (init)
2024-07-26 16:04:31 - Starting dotnet, Application Version: 23.2.0.107.
Validation error occurred. Error code: IncompatibleOperatingSystem. Error Message: One or more actions are not compatible with the current operating system.

What Operating System isn't Compatible?

I used the scancentral-dast-config-linux.tar, for dast-config-sb, and is based on UBI 8.8

The postgresql image from ironbank, at least according to it's page, is base don Redhat UBI 8 as well.

The Cluster VMs are Rhel 9.

What OS incompatibility is there?

Is there anyway to get better debug logs out of this?
I saw a similar post here at https://community.microfocus.com/cyberres/fortify/f/discussions/520533/unable-to-deploy-scancentral-dast-services-containers-in-rhel-vm_

However no answers were provided on if there was a solution, or what it would be

  • 0  

    Is this a new installation or upgrade?

    Did you start an installation and it fail, then you started a subsequent?

    Two things:

    1. We currently only support RHEL 8.x - https://www.microfocus.com/documentation/fortify-core-documents/2320/Fortify_Sys_Reqs_23.2.0/index.htm#ScanCentralDAST/SCDAST_ConfigTool.htm?TocPath=Fortify%2520ScanCentral%2520DAST%2520Requirements%257C_____2. I'm not sure this is the cause of your issue though, but you may encounter other challenges along the way.
    2. That error is a bit misleading. What's happening is you hit a scenario where we are trying to execute our older encryption that is only compatible with Windows. If you are migrating from Windows to Linux, this must be completed with the Windows version of the DAST Config CLI tool. There are edge cases where we may pick up on a value in the values.yaml file that will trigger or if a first attempt failed and you are try a subsequent attempt.
  • 0 in reply to   

    This is for a new installation of DAST, we have never had a DAST instance before, so this is new territory for us

  • 0

     

    I have sense built a New Kubernetes Cluster.
    Cluster VMs are all RHEL8

    This is a new, clean, first time install of DAST.

    Once again I am running into the Error Code: IncompatibleOperatingSystem. Error Message; One or more actions are not compatible with the current operating system.

    217000 of 223835 entries added/updated to Link_Check_ReportSection.
    217500 of 223835 entries added/updated to Link_Check_ReportSection.
    218000 of 223835 entries added/updated to Link_Check_ReportSection.
    218500 of 223835 entries added/updated to Link_Check_ReportSection.
    219000 of 223835 entries added/updated to Link_Check_ReportSection.
    219500 of 223835 entries added/updated to Link_Check_ReportSection.
    220000 of 223835 entries added/updated to Link_Check_ReportSection.
    220500 of 223835 entries added/updated to Link_Check_ReportSection.
    221000 of 223835 entries added/updated to Link_Check_ReportSection.
    221500 of 223835 entries added/updated to Link_Check_ReportSection.
    222000 of 223835 entries added/updated to Link_Check_ReportSection.
    [root@0151ecd6a4c5 flux-cluster-management]# kubectl -n dast logs dast-upgrade-job-qspwv -f
    Defaulted container "upgrade-job" out of: upgrade-job, upgrade-prep-job (init)
    Error from server (BadRequest): container "upgrade-job" in pod "dast-upgrade-job-qspwv" is waiting to start: PodInitializing
    [root@0151ecd6a4c5 flux-cluster-management]# kubectl -n dast logs dast-upgrade-job-qspwv -f
    Defaulted container "upgrade-job" out of: upgrade-job, upgrade-prep-job (init)
    2024-08-01 15:40:50 - Starting dotnet, Application Version: 23.2.0.107.
    Validation error occurred. Error code: IncompatibleOperatingSystem. Error Message: One or more actions are not compatible with the current operating system.

    The Installation executes a Dast-Upgrade-Job, and the first generated pod, runs all the way through adding/updating Link_Check_reportSeciton, and then closes out.
    A new Dast-Upgrade-Job pod spins up, and then reports the validation error.

  • 0   in reply to 

    Did you happen to wipe the database and start with a clean one?

    If not, this can It there was an error in the execution of the migration scripts and you try running the migration again. We are trying to pull a value from the database that isn't present and it throws us into a "wonky" state.

  • 0 in reply to   

    The database is completely new as well. It is also running in the kubernetes cluster.