Install Docker Distribution for Red Hat on Cortex XSOAR

Install Docker Distribution for Red Hat on Cortex XSOAR. CentOS v7 and RHEL v7. Podman.
Red Hat maintains its own package of Docker, which is the version used in OpenShift Container Platform environments, and is available in the RHEL Extras repository. This procedure is relevant for CentOS v7 and RHEL v7 and below.
CentOS v7 provides a similar
docker
distribution package as part of the CentOS Extras repository.
For more information about the different packages available to install on Red Hat, see the Red Hat Knowledge Base Article (requires a Red Hat subscription to access).
If running CentOS v8 and higher or RHEL v8 and higher Cortex XSOAR installs Podman packages and configures the operating system to enable Podman in rootless mode.
  1. Run the following commands.
    systemctl enable docker.service
    systemctl restart docker.service
  2. Change ownership of the Docker daemon socket so members of the
    dockerroot
    user group have access.
    1. Edit or create the file
      /etc/docker/daemon.json
      .
    2. Enable OS group
      dockerroot
      access to Docker by adding the following entry to the
      /etc/docker/daemon.json: "group": "dockerroot"
      file. For example:
      { "group": "dockerroot" }
    3. Restart the Docker service by running the following command.
      systemctl restart docker.service
    4. Install Cortex XSOAR.
    5. After Cortex XSOAR is installed, run the following command to add the
      demisto
      os user to the
      dockerroot
      os group (Red Hat uses dockerroot group instead of docker).
      usermod -aG dockerroot demisto
    6. Restart the Cortex XSOAR server.
  3. Set the required SELinux permissions.
    Cortex XSOAR uses the
    /var/lib/demisto/temp
    directory (with subdirs) to copy files and receive files from running Docker containers. By default, when SELinux is in
    enforcing
    mode directories under
    /var/lib/
    it cannot be accessed by docker containers.
    1. To allow containers access to the
      /var/lib/demisto/temp
      directory, you need to set the correct SELinux policy type, by typing the following command.
      chcon -Rt svirt_sandbox_file_t /var/lib/demisto/temp
    2. (
      Optional
      ) Verify that the directory has the
      container_file_t
      SELinux type attached by running the following command.
      ls -d -Z /var/lib/demisto/temp
    3. Configure label confinement to allow Python and PowerShell containers to access other script folders.
      In Cortex XSOAR
      Settings
      Troubleshooting
      Server Configuration
      , set the following parameters:
      • For Python containers, set
        python.pass.extra.keys
        to
        --security-opt=label=level:s0:c100,c200
      • For PowerShell containers, set
        powershell.pass.extra.keys
        to
        --security-opt=label=level:s0:c100,c200
    4. In the Cortex XSOAR CLI, run the
      /reset_containers
      command.

Recommended For You