Install Podman - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Administrator Guide

Product
Cortex XSIAM
Creation date
2024-07-16
Last date published
2024-10-01
Category
Administrator Guide
Abstract

Install Podman on engines for RHEL v8 or later.

This procedure for engines running on RHEL 8 or later. It may not work for other OS types.

Note

Do not use NAS storage for the $HOME directory. The directory needs to be a local directory for Podman to work.

  1. Install Podman with related packages by typing the following commands:

    • sudo yum -y install slirp4netns fuse-overlayfs

    • sudo yum -y module install container-tools

  2. Run the following commands:

    • sudo touch /etc/subuid /etc/subgid

    • sudo mkdir -p /home/demisto

    • sudo chown demisto:demisto /home/demisto

  3. Configure the unqualified-search-registries used by Podman.

    Podman by default uses the fedoraproject.org, redhat.com and docker.io unqualified search registries. Since Cortex XSIAM images use only the docker.io registry, you can speed up download times for container images by setting unqualified-search-registries to just docker.io.

    1. Create or edit the /home/demisto/.config/containers/registries.conf config file.

    2. In the file, set the following:

      unqualified-search-registries = ['docker.io']

      Note

      If you edit the file with the root user, make sure to set the demisto user as file owner by running chown demisto:demisto /home/demisto/.config/containers/registries.conf

  4. Change the subuids and subgids by running the following command:

    sudo usermod --add-subuids 200000-265535 --add-subgids 200000-265535 demisto

  5. Set the net.ipv4.ping-group-range, by typing the following commands:

    • sudo sh -c "echo 'net.ipv4.ping_group_range=0 2000000' > /etc/sysctl.d/demisto-ping.conf"

    • sudo sysctl -w "net.ipv4.ping_group_range=0 2000000"

  6. As root user, edit the following config file:

    /usr/local/demisto/d1.conf

  7. Change the "container.engine.type": "docker"to “podman”.

    If this line does not exist, add the following line to the file:

    "container.engine.type": "podman"

    "Server": {
                    "HttpsPort": "443",
                    "ProxyMode": true
            },
            "container": {
                                    "engine": {
                                            "type": "podman"
                                    }
            },
            "db": {
                    "index": {
                            "entry": {
                                    "disable": true