cancel
Showing results for 
Search instead for 
Did you mean: 
dhoskins
Cadet
Cadet
  • 4,016 Views

rhcsa lab container issue, podman login and x509 erros

I have been working with the rhcsa labs now and I have an issue with the containers portion.  When trying to log in, I get a "error pinging docker registry registry.lab.example.com: Get https://registry.lab.example.com/v2: x509: certificate has expired or is not yet valid."  What's strange is that this doesn't always happen.  If I delete the labs and rebuild, they might come up and I can build containers.  After a while though, it will error out on its own.  I looked at the /etc/pki/ca-trust/source/anchors.  All that is in there is a katello cert??  Is this something I can fix?

Labels (3)
5 Replies
Deanna
Community Manager
Community Manager
  • 3,946 Views

Hi @dhoskins - were you able to find a solution here? I am curious if you could share what worked for you.

 

--
Deanna
dhoskins
Cadet
Cadet
  • 3,934 Views

I did finally figure out a solution for this.  I'm not sure if it is the right one but it works.  When installing container-tools, use sudo or be root.  But.... log all the way out of the session.  If I didn't, it would give me this error.  I tried exit, su user, su -....etc.  None of it seemed to work.  Once I logged off and back on as the user, it worked as it should.  I saw this same issue pop up on the RHCSA exam as well.  Luckily I had already figured it out ahead of time

 

 

 

Tracy_Baker
Starfighter Starfighter
Starfighter
  • 3,928 Views

@dhoskins 

Well, you have to be sudo (or root) to install a pacakge anyway, so... that's not the "fix".

To fix it, or more correctly a workaround without having to log all the way back out and then in, use --tls-verify=false as an option with podman pull

Require HTTPS and verify certificates when contacting registries (default: true). If explicitly set to true, then TLS verification will be used. If set to false, then TLS verification will not be used. If not specified, TLS verification will be used unless the target registry is listed as an insecure registry in registries.conf.

The option does not exist with podman run, so you'll have to to do a pull, then a run, separately.

Program Lead at Arizona's first Red Hat Academy, est. 2005
Estrella Mountain Community College
0 Kudos
  • 1,887 Views

Hi, just had this x509 error with podman login, turns out I was running it as root and it needs to be run as student.

shamX
Cadet
Cadet
  • 591 Views

set insecure = true in $HOME/.config/containers/registries.conf

 

[student@servera ~1$ vim $HOME/.config/containers/registries.conf

[student@servera ~$ podman login registry.lab.example.com

Username: admin

Password:

Login Succeeded!

student@servera ~1$ student@servera

[student@servera ~$ podman login registry.lab.example. com

admin

[student@servera ~]$

0 Kudos
Join the discussion
You must log in to join this conversation.