Server Prerequisites - Linux with Podman and Sudoless Access



Overview

Podman is supported by vFunction for an organization running a Proof of Concept with vFunction. For organizations using vFunction for Modernization Projects or for Observability of Monolithic or Distributed Application, Podman is not supported by vFunction due to the stability of the system and requirements for maintaining the system. Please use Docker or a Clustered environment instead.


Resources

  • Linux VM running CentOS, Debian, Fedora, RedHat, Suse, Ubuntu images
  • 100gb in $HOME/.local/share/containers/storage/volumes/ for Podman Volume Storage. See the Chart below for storage size increases based on the number of Apps to be analyzed. To move these volumes to another location, modify the Podman Storage locations
  • 15gb in /var/tmp/ for temporary Podman Container Image storage. To move this storage to another location, modify the Temporary Directory environment variable
  • RAM optimized for the largest App to be analyzed. For Apps over 20k classes, select 64gb RAM. For 4-20k classes, select 32gb RAM. If under 4k, select 16gb RAM
  • CPU-optimized machine.The Domain Analysis that the vFunction Server runs is CPU intensive. For example, select a VM running Intel’s Sapphire Rapids processor or AMD’s Epyc Genoa processor. See the chart below for the number of CPUs required based on the number of Apps to be analyzed
Number of Apps vCPU Storage
1-2 4 100gb
3-7 8 200gb
8+ 16 500gb

Prerequisites

  • Podman version 4.6.1 or later installed and running to create Podman Containers for the vFunction Server
  • Runc version 1.1.9 or later installed for the Podman runtime
  • SELinux set to a value other than, “enforced”. The values could be disabled, enforcing, permissive
  • net.ipv4.ip_forwarding turned on so the vFunction Containers can communicate with one another
  • Sub User and Sub Group IDs configured to allow the Rootless User to run the Podman Containers using additional IDs. Modify the Sub User ID and Sub Group ID configuration files if needed
  • Run loginctl enable-linger INSTALLING_USER to ensure that systemd cleanup tasks do not impact the running Podman Containers after the installing user closes the shell session used to install the vFunction Server
  • Download vFunction Podman Server Installation TGZ
  • Allow Podman to use unprivileged Ports for the Nginx Container’s external access. By default, Podman can only use Ports 1024 and higher. Modifications to the sysctl settings will allow ports such as 80 and 443 to be used. Alternatively, explicitly add a Port Number above 1024 to the server-installation.yaml’s server.host address, e.g. http://vfunction.organization.com:1024 (optional)
  • SSL Certificate and SSL Chain concatenated into a Bundle and SSL Key for Nginx (optional)