Install Podman on engines for RHEL v8 or later.
This procedure for engines running on RHEL 8 or later. It may not work for other OS types.
Note
Do not use NAS storage for the $HOME directory. The directory needs to be a local directory for Podman to work.
Install Podman with related packages by typing the following commands:
sudo yum -y install slirp4netns fuse-overlayfssudo yum -y module install container-tools
Run the following commands:
sudo touch /etc/subuid /etc/subgidsudo mkdir -p /home/demistosudo chown demisto:demisto /home/demisto
Configure the
unqualified-search-registriesused by Podman.Podman by default uses the fedoraproject.org, redhat.com, centos.org, and docker.io unqualified search registries. Since Cortex XSIAM images use only the docker.io registry, you can speed up download times for container images by setting
unqualified-search-registriesto just docker.io.Create or edit the
/home/demisto/.config/containers/registries.confconfig file.In the file, set
unqualified-search-registries = ["docker.io"].Note
If you edit the file with the
rootuser, make sure to set thedemistouser as file owner by runningchown demisto:demisto /home/demisto/.config/containers/registries.conf
Change the
subuidsandsubgidsby running the following command:sudo usermod --add-subuids 200000-265535 --add-subgids 200000-265535 demistoSet the
net.ipv4.ping-group-range, by typing the following commands:sudo sh -c "echo 'net.ipv4.ping_group_range=0 2000000' > /etc/sysctl.d/demisto-ping.conf"sudo sysctl -w "net.ipv4.ping_group_range=0 2000000"
As root user, edit the following
configfile:/usr/local/demisto/d1.confChange the
"container.engine.type": "docker"to“podman”.If this line does not exist, add the following line to the file:
"container.engine.type": "podman""Server": { "HttpsPort": "443", "ProxyMode": true }, "container": { "engine": { "type": "podman" } }, "db": { "index": { "entry": { "disable": true