I have been working with the rhcsa labs now and I have an issue with the containers portion. When trying to log in, I get a "error pinging docker registry registry.lab.example.com: Get https://registry.lab.example.com/v2: x509: certificate has expired or is not yet valid." What's strange is that this doesn't always happen. If I delete the labs and rebuild, they might come up and I can build containers. After a while though, it will error out on its own. I looked at the /etc/pki/ca-trust/source/anchors. All that is in there is a katello cert?? Is this something I can fix?
I did finally figure out a solution for this. I'm not sure if it is the right one but it works. When installing container-tools, use sudo or be root. But.... log all the way out of the session. If I didn't, it would give me this error. I tried exit, su user, su -....etc. None of it seemed to work. Once I logged off and back on as the user, it worked as it should. I saw this same issue pop up on the RHCSA exam as well. Luckily I had already figured it out ahead of time
Well, you have to be sudo (or root) to install a pacakge anyway, so... that's not the "fix".
To fix it, or more correctly a workaround without having to log all the way back out and then in, use --tls-verify=false as an option with podman pull
Require HTTPS and verify certificates when contacting registries (default: true). If explicitly set to true, then TLS verification will be used. If set to false, then TLS verification will not be used. If not specified, TLS verification will be used unless the target registry is listed as an insecure registry in registries.conf.
The option does not exist with podman run, so you'll have to to do a pull, then a run, separately.