Troubleshoot Podman - Troubleshoot issues for Podman for Cortex XSOAR. - Administrator Guide - 6.5 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide
Product
Cortex XSOAR
Version
6.5
Creation date
2022-09-28
Last date published
2025-08-19
End_of_Life
EoL
Category
Administrator Guide
Abstract

Troubleshoot issues for Podman for Cortex XSOAR.

If you experience issues with Podman, try troubleshooting the following issues.

dbus-daemon Process Leak

Podman version 3.4.1 and lower has a known issue that dbus-daemon processes may leak when running in an environment containing the dbus-x11 OS package. The issue occurs when the dbus-x11 OS package is installed, for example when installing an X11 desktop environment like GNOME desktop on the host machine.If you experience this isue you see a large number of dbus-daemon processes owned by the demisto OS user. To check if you are affected by the issue, run the following command:

ps -fe | grep demisto | grep dbus-daemon

To fix this issue:

  1. Remove the dbus-x11 OS package and dependent packages by running the following command:

    sudo yum remove dbus-x11

  2. After removal you can kill the leaked dbus-daemon processes by running the following OS command:

    pgrep -u demisto dbus-daemon | xargs sudo kill

Verify Podman Installation

When encountering errors in Cortex XSOAR that are Podman related, such as:

  • failed to run "docker ps". stderr: [], err: [Timeout. Process killed (1400)

  • Timeout while waiting for pong response [error 'Read timed out (15s)

  • Error: error joining network namespace of container 06b8aec6eabe2e735128e3a72cb06c8ae2d97ade60a56ab555034442ea4e2a84: error retrieving network namespace at /tmp/podman-run-989/netns/cni-86dca01c-bd84-1aaf-85fb-72b659a8e42a: unknown FS magic on "/tmp/podman-run-993/netns/cni-86dca01c-bd84-1aaf-85fb-72b659a8e42a": 58465342

verify that Podman is running properly and consider whether to delete Podman data directories.

  1. Verify that Podman is running properly with the demisto OS user, by performing the following steps:

    • Change the OS user to demisto by running the following command:

      sudo su - -s /bin/bash demisto

    • Check that your system complies with the minimum requirements, and view general system information such as host architecture, CPU, OS, registries, container storage path, etc., by running the following command:

      podman info

    • Check all active running containers, container names and IDs, by running the following command:

      podman ps

    • Check that Podman is able to run a container, by running the following command:

      podman run --rm -t demisto/python3:3.10.4.29342 echo "podman is working"

    If any of the Podman commands are not working, try running with the --log-level=debug to receive additional details as to why it is failing. For example:

    podman --log-level=debug ps
podman --log-level=debug run --rm -t demisto/python3:3.10.4.29342 echo "podman is working"

  2. Reset the Podman Data Directories.

    If the Podman commands in step 1 are failing you should clean the Podman working directories. Sometimes Podman's data directories get corrupted (for example, as a result of insufficient disk space).

    Note

    This step removes all Podman images including any custom images customers may have created.

    1. Stop the Cortex XSOAR server by running the following command:

      sudo systemctl stop demisto

    2. Ensure that all Podman containers of the demisto user are stopped by running the following command:

      ps -fe | grep demisto | grep 'podman run'

      If required, kill the running containers.

    3. Delete the following directories (assuming the demisto OS user's home directory is at: /home/demisto)

      • sudo rm -rf /home/demisto/.cache/containers/

      • sudo rm -rf /home/demisto/.local/share/containers/

      • sudo rm -rf /tmp/podman-run-$(id -u demisto)

      • sudo rm -rf /tmp/containers-user-$(id -u demisto)

      • sudo rm -rf /tmp/tmp/run-$(id -u demisto)

      Note

      $(id -u demisto) is used to get the demisto user ID, which is part of the directory name. For example, /tmp/podman-run-993

      Not all the directories above may be present.

    4. Start the Cortex XSOAR server, by running the following command:

      sudo systemctl start demisto

    5. Verify that Podman is working properly with the demisto OS user by following step 1.

Report a Support Case for Installation issues

If the procedure set out in the ??? topic does solve the Podman issue and you require assistance from Support, ensure to do the following:

  1. Include the following files as part of the support case:

    • /etc/containers/storage.conf

    • /home/demisto/.config/containers/storage.conf

      If the file does not exist, indicate that there is no such file.

    • /home/demisto/.config/containers/registries.conf

      If the file does not exist, indicate that there is no such file.

  2. Include the output of the following commands as the demisto user.

    Note

    To change to the demisto OS user, run the following command:

    sudo su - -s /bin/bash demisto

    • podman info

    • podman images

    • podman --log-level=debug ps

    • podman --log-level=debug run --rm -t demisto/python3:3.10.4.29342 echo "podman is working"