DEVOPS PLAYBOOK · PODMAN · LEGACY SYSTEMS

Deployment Playbook: Podman 1.6.4

Phase 1: Pre-Deployment (The "Must-Haves")

Before running the script, perform these 3 steps. They prevent 90% of the errors.

Check Podman Version:
podman version (Ensure it is 1.6.x).

Fix the Security Policy (Fixes "Registry Policy" Error):

Terminal

mkdir -p /etc/containers
echo '{"default": [{"type": "insecureAcceptAnything"}]}' > /etc/containers/policy.json

Mandatory Sudo:
In Podman 1.6.4, rootless mode is unstable. Tell the client: "To ensure kernel-level stability for Java threading, we must execute as a privileged user."

Phase 2: The "Error vs. Solution" Fast-Fix Table

If you see this Error message...	Why it happened...	The FAST Fix...
kernel does not support overlay fs or d_type support	The hard drive (XFS) is too old for the overlay driver.	Switch to VFS Driver: 1. `vi /etc/containers/storage.conf` 2. Set `driver = "vfs"` 3. `rm -rf /var/lib/containers/storage/*`
pthread_create failed (EPERM) or Insufficient memory for JRE	The Seccomp security filter is blocking Java threads.	Add Security Flag: Add `--security-opt seccomp=unconfined` to the `podman run` command.
Permission Denied (inside the logs)	SELinux is blocking the folder mounts.	Relax SELinux: 1. Run `setenforce 0` 2. Ensure volume mounts have the `:Z` flag.
Could not resolve host: mirrorlist.centos.org	CentOS 7 is End-of-Life. Official repos are dead.	Switch to Vault: Use the following `sed` commands to point `/etc/yum.repos.d/` to `vault.centos.org`: `sed -i 's/mirrorlist/#mirrorlist/g' /etc/yum.repos.d/CentOS-* sed -i 's\|#baseurl=http://mirror.centos.org\|baseurl=http://vault.centos.org\|g' /etc/yum.repos.d/CentOS-*`

Phase 3: Final Validation Commands

After the script finishes, run these to prove the "Health" of the deployment to the client:

Check if Container is Running:
podman ps
Check App Logs (The most important part):
podman logs --tail 50 ContainerName or ContainerID
(Look for the Spring Boot "Started" message. If you see it, you won!)
Check if Port is Listening:
netstat -tulnp | grep 8056
Check Folder Mounting:
podman exec skyidgetparam ls /app/configs

Phase 4: Expert "Closing Statements" for the Client

On Security: "We disabled Seccomp specifically for the Java runtime to allow modern high-performance threading on this legacy kernel."

On Storage: "We verified the XFS filesystem driver. If your production environment uses ftype=1, we can switch back to Overlay for better performance; otherwise, VFS ensures 100% reliability."

On sudo: "Podman 1.6.4 requires privileged execution to correctly manage SELinux labels (:Z) on host volumes."