Skip to content

Instantly share code, notes, and snippets.

@dmi3mis

dmi3mis/podman-login-and-pull-fix

Last active April 14, 2021 22:32
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save dmi3mis/02bc5b6f2f09e95eba7395ff4c204461 to your computer and use it in GitHub Desktop.
Save dmi3mis/02bc5b6f2f09e95eba7395ff4c204461 to your computer and use it in GitHub Desktop.
Download ZIP
RH134-RHEL8.2-en-1-20200928 podman login fix
Raw
podman-login-and-pull-fix
[kiosk@foundation0 ~]$ ssh root@utility
[root@utility ~]# cd /etc/pki/CA/
[root@utility ~]# openssl genrsa -out /etc/pki/CA/private/registry.lab.example.com.key 2048
Generating RSA private key, 2048 bit long modulus (2 primes)
......................................+++++
......................................................+++++
e is 65537 (0x010001)
[root@utility ~]# openssl req -new -subj "/C=US/ST=North Carolina/L=Raleigh/O=Red Hat/CN=registry.lab.example.com" -key /etc/pki/CA/private/registry.lab.example.com.key -out /etc/pki/CA/csr/registry.lab.example.com.csr
[root@utility ~]# openssl x509 -req -in /etc/pki/CA/csr/registry.lab.example.com.csr -CA /etc/pki/CA/cacert.pem -CAkey /etc/pki/CA/private/cakey.pem -CAcreateserial -out /etc/pki/CA/certs/registry.lab.example.com.crt --days 3650 -sha256
Signature ok
subject=C = US, ST = North Carolina, L = Raleigh, O = Red Hat, CN = registry.lab.example.com
Getting CA Private Key
# now we have signed 10 year certificate
[root@utility ~]# openssl x509 -in /etc/pki/CA/certs/registry.lab.example.com.crt -text -noout |less
# let put it in right place for quay container
[root@utility ~]# cp /etc/pki/CA/certs/registry.lab.example.com.crt /etc/quay/ssl.cert
[root@utility ~]# cp /etc/pki/CA/private/registry.lab.example.com.key /etc/quay/ssl.key
[root@utility ~]# chown 1001:1001 /etc/quay/ssl.key
[root@utility ~]# chown 1001:1001 /etc/quay/ssl.cert
[root@utility ~]# podman stop quay
[root@utility ~]# podman start quay
# lets check that quay is working with new certificate
[root@utility ~]# curl -I -v --cacert /etc/pki/CA/example-ca.crt https://registry.lab.example.com 2>&1 |grep -A 15 "Server certificate"
* Server certificate:
* subject: C=US; ST=North Carolina; L=Raleigh; O=Red Hat; CN=registry.lab.example.com
* start date: Apr 14 21:47:38 2021 GMT
* expire date: Apr 12 21:47:38 2031 GMT
* common name: registry.lab.example.com (matched)
* issuer: C=US; ST=North Carolina; L=Raleigh; O=Example, Inc.; CN=example.com Certificate Authority
* SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
} [5 bytes data]
* Using Stream ID: 1 (easy handle 0x5586aea25740)
} [5 bytes data]
> HEAD / HTTP/2
> Host: registry.lab.example.com
> User-Agent: curl/7.61.1
[root@utility ~]# logout
Connection to utility closed.
[kiosk@foundation0 ~]$ ssh student@servera
[student@servera ~]$ sudo mkdir -p /etc/containers/certs.d/registry.lab.example.com
[student@servera ~]$ sudo scp root@utility:/etc/pki/CA/example-ca.crt /etc/containers/certs.d/registry.lab.example.com/ca.crt
root@utility's password:
example-ca.crt 100% 1395 1.4MB/s 00:00
[student@servera ~]$ podman login registry.lab.example.com
Username: admin
Password:
Login Succeeded!
[student@servera ~]$ podman pull registry.lab.example.com/rhel8/httpd-24:latest
Trying to pull registry.lab.example.com/rhel8/httpd-24:latest...
Getting image source signatures
Copying blob 77c58f19bd6e done
Copying blob 9d20433efa0c done
Copying blob 47db82df7f3f done
Copying blob 71391dc11a78 done
Copying config 7e93f25a94 done
Writing manifest to image destination
Storing signatures
7e93f25a946892c9c175b74a0915c96469e3b4845a6da9f214fd3ec19c3d7070
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment