dhoskins
Cadet
Cadet
  • 270 Views

rhcsa lab container issue, podman login and x509 erros

I have been working with the rhcsa labs now and I have an issue with the containers portion.  When trying to log in, I get a "error pinging docker registry registry.lab.example.com: Get https://registry.lab.example.com/v2: x509: certificate has expired or is not yet valid."  What's strange is that this doesn't always happen.  If I delete the labs and rebuild, they might come up and I can build containers.  After a while though, it will error out on its own.  I looked at the /etc/pki/ca-trust/source/anchors.  All that is in there is a katello cert??  Is this something I can fix?

Labels (3)
3 Replies
Deanna
Community Manager
Community Manager
  • 200 Views

Re: rhcsa lab container issue, podman login and x509 erros

Hi @dhoskins - were you able to find a solution here? I am curious if you could share what worked for you.

 

--
Deanna
Reply
Loading...
dhoskins
Cadet
Cadet
  • 188 Views

Re: rhcsa lab container issue, podman login and x509 erros

I did finally figure out a solution for this.  I'm not sure if it is the right one but it works.  When installing container-tools, use sudo or be root.  But.... log all the way out of the session.  If I didn't, it would give me this error.  I tried exit, su user, su -....etc.  None of it seemed to work.  Once I logged off and back on as the user, it worked as it should.  I saw this same issue pop up on the RHCSA exam as well.  Luckily I had already figured it out ahead of time

 

 

 

Reply
Loading...
Tracy_Baker
Starfighter Starfighter
Starfighter
  • 182 Views

Re: rhcsa lab container issue, podman login and x509 erros

@dhoskins 

Well, you have to be sudo (or root) to install a pacakge anyway, so... that's not the "fix".

To fix it, or more correctly a workaround without having to log all the way back out and then in, use --tls-verify=false as an option with podman pull

Require HTTPS and verify certificates when contacting registries (default: true). If explicitly set to true, then TLS verification will be used. If set to false, then TLS verification will not be used. If not specified, TLS verification will be used unless the target registry is listed as an insecure registry in registries.conf.

The option does not exist with podman run, so you'll have to to do a pull, then a run, separately.

Program Lead at Arizona's first Red Hat Academy, est. 2005
Estrella Mountain Community College
0 Kudos
Reply
Loading...
Join the discussion
You must log in to join this conversation.