Podman

Podman is a containerization tool designed for deploying and managing containerized applications, serving as a Docker alternative. ThirdEye can be deployed on the Podman container infrastructure.

Podman Features:

  • Security Focus: Runs containers in isolated environments without requiring a daemon
  • Rootless Operation: Supports running containers without root privileges (though some operations like low-port binding may require sudo)
  • Docker Compatibility: Uses command structures similar to Docker, for example, podman run instead of docker run.

Example: Replace docker with podman:

docker pull harbor.logicvein.com/lvi/lvi-netld-core:2025.08.0-202509290840

Adapter Login

When deploying ThirdEye with Podman, cap_net_admin and cap_net_raw capabilities are not available by default. To use adapter login, cap_net_admin and cap_net_raw capabilities must be added.

In a SE Linux enabled system (e.g. RedHat), Docker / Podman can be run using following command. This will set the SE Linux context for the directory for just this container:

sudo podman run --name <CONTAINER-NAME> --env LICENSE_SERIAL=<SERIALNUM> --env JAVA_OPTIONS="-DNAT_RETURN_ADDRESS=<HOST-IP>" --ulimit nofile=8192:8192 --ulimit nproc=128294:128294 --pids-limit=-1 --memory=8g --cpus=4.0 --sysctl net.ipv4.ping_group_range="0 9999" --volume <DATA-DIR>:/data:Z --publish 20:20 --publish 21:21 --publish 67:67/udp --publish 69:69/udp --publish 162:162/udp --publish 162:162/tcp --publish 443:443 --publish 512:512/udp --publish 2222:2222 --publish 50000-50031:50000-50031 --cap-add=NET_RAW --cap-add=NET_ADMIN harbor.logicvein.com/lvi/lvi-netld-core:2025.08.0-202509290840

Or you can manually set SE Linux context using following command:

sudo semanage fcontext -a -t container_file_t "/home/lvi/data2(/.*)?"
sudo restorecon -Rv /home/lvi/data2/

This will set SE Linux context for this directory to allow any container to access this folder.

Example:

drwxr-xr-x. 2 lvi lvi unconfined_u:object_r:container_file_t:s0 6 Mar 26 19:37 /home/lvi/data2/

Note:

In the command above there are three components that need user-supplied values:

  • <SERIALNUM>: This is the license serial number that must match the serial number of the applied license. See License Creation below.
  • <DATA-DIR>: This is the local directory in which data will be stored. This is the equivalent of the “data” disk that is normally attached to an OVA-style appliance instance.
  • <HOST-IP>: This is the ip address to be used for both FTP and TFTP NAT reflection.

This directory must exist, it is not created automatically.

Ubuntu Linux

  1. Install Ubuntu Linux from ubuntu-24.04.1-live-server-amd64.iso.

Note:

  • Do not select the “docker” package during installation (we will install it next).
  • Instead, select the OpenSSH install option during install for remote access.
  1. Login and update:

sudo apt upgrade

  1. Reboot:

sudo shutdown -r now

  1. Install Docker using the following steps 1 and 2 in the following install guide:

https://docs.docker.com/engine/install/ubuntu/#install-using-the-repository.

  1. Add your user to the “docker” group:

sudo usermod -aG docker $USER

  1. Configure Docker to start at boot time:

sudo systemctl enable docker

  1. Reboot again:

sudo shutdown -r now

  1. Login as non-root user to verify that you can run Docker commands without using the sudo command.

(This should execute without error):

docker ps

  1. Create a data directory as a non-root user. For example, login as user “lvi”, and execute the following command:

mkdir data

(This should create the directory /home/lvi/data.)

Note:

There is no need to change permissions with chmod at this time.

  1. Start Docker using the previous command syntax as a non-root user, without using the sudo command.

Example:

sudo podman run --name <CONTAINER-NAME> --ulimit nofile=8192:8192 --ulimit nproc=128294:128294 --pids-limit=-1 --env LICENSE_SERIAL=<SERIAL-NUMBER> --memory=4g --cpus=4.0 --sysctl net.ipv4.ping_group_range="0 9999" --volume <DATA-DIRECTORY>:/data:Z --publish 20:20 --publish 21:21 --publish 67:67/udp --publish 69:69/udp --publish 162:162/udp --publish 443:443 --publish 512:512/udp --publish 2222:2222 --publish 512:512/udp --publish 50000-50031:50000-50031 --cap-add=NET_RAW --cap-add=NET_ADMIN harbor.logicvein.com/lvi_dev/lvi-netld-core:<REVISION>

Note:

To execute the docker container in the background add the option --detach.