Change container storage directory - Administrator Guide - 8 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Product
Cortex XSOAR
Version
8
Creation date
2024-09-18
Last date published
2024-11-28
Category
Administrator Guide
Solution
Cloud
Retire_Doc
Retiring
Link_to_new_Doc
/r/Cortex-XSOAR/8/Cortex-XSOAR-Cloud-Documentation

By default, Podman uses the $HOME/.local/share/containers/storage directory. To use a different directory for container storage, edit the Podman config file located at /home/demisto/.config/containers/storage.conf. If the Podman config file does not exist, you need to create it and change the ownership.

The new storage directory needs to be owned by the demisto user, otherwise they will be denied access to it.

Warning

Do not use NAS storage or a temporary (tmpfs) directory for the graphroot setting. The graphroot needs to be a local, non-temporary directory for Podman to work. For more information, see https://en.wikipedia.org/wiki/Network-attached_storage.

Tip

We recommend reserving 150 GB for container storage, either in the /home partition or a different storage directory that you have set using the graphroot key.

  1. If the Podman config file does not exist:

    1. Create the Podman config file.

      sudo mkdir -p /home/demisto/.config/containers

      cp /etc/containers/storage.conf /home/demisto/.config/containers

    2. Change the ownership of the Podman config file.

      sudo chown -R demisto:demisto /home/demisto

  2. To set a different directory for container storage, change the key: graphroot in the storage.conf file. For example:

    graphroot = "/var/lib/containers/xsoar-storage"

  3. Some additional changes are required in the storage.conf file. Comment out the runroot setting by adding a # (hash) before it. For example:

    #runroot = "/run/containers/storage"

    Note

    Alternatively, the runroot setting may be set to some temporary directory that is accessible by user demisto. If you choose to set the runroot, it must be a directory that is mounted as tmpfs (temporary filesystem), unlike the graphroot.

  4. Under [storage.options.overlay], uncomment the following line (remove the # from the start):

    mount_program = "/usr/bin/fuse-overlayfs"

  5. If the server or engine has already been installed, apply your changes to any existing containers:

    sudo -u demisto podman system migrate

  6. Verify the change (once the server or engine is installed):

    sudo -u demisto podman info | grep graph