The PodmanAgent handles alerts from Podman rootless containers. It uses the same Docker-compatible REST API that Podman exposes via its socket, which means noDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/nicolas344/Sentinel-SoftServe/llms.txt
Use this file to discover all available pages before exploring further.
podman binary is required inside the backend container — only the Docker Python SDK pointed at the right socket path. The four read-only tools (podman_inspect, podman_logs, podman_stats, podman_ps) mirror the Docker tool interface but are wired to the Podman socket.
Runtime Detection
The PodmanAgent activates exclusively when the alert labelcontainer_runtime=podman is set. It never acts as a fallback runtime and explicitly skips any alert with source_type=database.
"container_runtime": "podman" in the labels for this agent to be selected.
How the SDK Connection Works
Podman implements a Docker-compatible REST API. The PodmanAgent uses the standarddocker Python SDK pointed at the Podman socket via PODMAN_HOST. No Podman CLI is involved anywhere in the triage path.
Socket Discovery Order
IfPODMAN_HOST is not set, the tools probe the following paths in order until one responds successfully:
| Priority | Socket path | Use case |
|---|---|---|
| 1 | $PODMAN_HOST (if set) | Explicit override |
| 2 | unix:///run/user/1000/podman/podman.sock | Linux rootless, UID 1000 |
| 3 | unix:///run/user/501/podman/podman.sock | macOS Podman machine (UID 501) |
| 4 | unix:///tmp/podman.sock | Custom / CI environments |
Prerequisites
Enable the Podman socket (Linux)
Enable the systemd socket unit for your user
/run/user/$(id -u)/podman/podman.sock. For UID 1000 the path is /run/user/1000/podman/podman.sock.Environment Variables
| Variable | Default | Description |
|---|---|---|
PODMAN_HOST | unix:///run/podman/podman.sock | Socket URL used by the Docker SDK to reach Podman |
Tools
All four tools are read-only and share the same interface design as the Docker tools. They communicate exclusively with the Podman REST API — no shell commands are executed.podman_inspect
Returns container state,
exit_code, oom_killed, restart_count, memory limit (MB), CPU quota, image, and stop/start timestamps. Use this to confirm whether the container is truly down and what its resource limits were.podman_logs
Fetches the last N lines (default 80) from a Podman container — including stopped containers. Returns both
stdout and stderr with timestamps.podman_stats
Point-in-time CPU percentage, memory used (MB), memory limit (MB), and memory percentage. Only available for running containers — returns a descriptive message for stopped ones.
podman_ps
Lists all Podman containers (running and stopped) with name, short ID, status, and image tag. Use this to survey the host and find containers in error or restart loops.
Tool Parameters
| Tool | Parameter | Type | Default | Description |
|---|---|---|---|---|
podman_inspect | container_name | string | — | Container name or ID |
podman_logs | container_name | string | — | Container name or ID |
podman_logs | tail | integer | 80 | Number of lines to return |
podman_stats | container_name | string | — | Container name or ID |
podman_ps | (none) | — | — | Lists all containers |
Podman-Specific Failure Modes
The PodmanAgent’s system prompt instructs it to reason about Podman-specific behaviors that differ from Docker:- Rootless permission errors — containers run without root privileges; bind mounts and port bindings below 1024 require explicit configuration.
- No central daemon — each container is a direct child process of the user session. If the parent session (e.g. SSH) dies, containers may be affected depending on the
--keep-aliveconfiguration. - Pod infra container failures — a crash in the Podman pod’s infra container (
pause) can terminate all containers in that pod simultaneously. - Socket location — sockets live in
/run/user/<uid>/podman/not/var/run/docker.sock, which affects how monitoring tools connect.
Action Proposals
The Supervisor generates apodman restart <container> or podman logs <container> proposal using the same incident-type logic as the Docker runtime. Action execution uses the Docker SDK (not the podman binary) via _run_podman_command.
- Restart proposal
- Logs proposal
| Incident type | Proposed action |
|---|---|
app_crash | podman restart <container> |
oom | podman restart <container> |
restart_loop | podman restart <container> |
dependency_failure | podman restart <container> |
config_error | podman restart <container> |
{"restart", "logs"} and verifies the container name with ^[a-zA-Z0-9][a-zA-Z0-9_.-]{0,127}$.
Prometheus Metrics via podman-exporter
Thedocker-compose.yml includes a dedicated podman-exporter service that exposes Podman container metrics in the Prometheus format, scraped by the stack’s Prometheus instance:
PodmanContainerCrashed to fire based on real metric signals rather than only synthetic test alerts.
Simulating an Incident
Thedemo_podman.sh.example script in the repository root walks through the full simulation cycle. Here is a condensed version of the key steps:
Approve the restart in the dashboard
The PodmanAgent calls
podman_inspect test-app and podman_logs test-app, produces its analysis, and proposes podman restart test-app. Open the Sentinel dashboard at http://localhost:5173, review the analysis, and approve. The backend restarts the container via the Docker SDK pointed at the Podman socket.