Last active
April 14, 2021 22:32
-
-
Save dmi3mis/02bc5b6f2f09e95eba7395ff4c204461 to your computer and use it in GitHub Desktop.
RH134-RHEL8.2-en-1-20200928 podman login fix
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[kiosk@foundation0 ~]$ ssh root@utility | |
[root@utility ~]# cd /etc/pki/CA/ | |
[root@utility ~]# openssl genrsa -out /etc/pki/CA/private/registry.lab.example.com.key 2048 | |
Generating RSA private key, 2048 bit long modulus (2 primes) | |
......................................+++++ | |
......................................................+++++ | |
e is 65537 (0x010001) | |
[root@utility ~]# openssl req -new -subj "/C=US/ST=North Carolina/L=Raleigh/O=Red Hat/CN=registry.lab.example.com" -key /etc/pki/CA/private/registry.lab.example.com.key -out /etc/pki/CA/csr/registry.lab.example.com.csr | |
[root@utility ~]# openssl x509 -req -in /etc/pki/CA/csr/registry.lab.example.com.csr -CA /etc/pki/CA/cacert.pem -CAkey /etc/pki/CA/private/cakey.pem -CAcreateserial -out /etc/pki/CA/certs/registry.lab.example.com.crt --days 3650 -sha256 | |
Signature ok | |
subject=C = US, ST = North Carolina, L = Raleigh, O = Red Hat, CN = registry.lab.example.com | |
Getting CA Private Key | |
# now we have signed 10 year certificate | |
[root@utility ~]# openssl x509 -in /etc/pki/CA/certs/registry.lab.example.com.crt -text -noout |less | |
# let put it in right place for quay container | |
[root@utility ~]# cp /etc/pki/CA/certs/registry.lab.example.com.crt /etc/quay/ssl.cert | |
[root@utility ~]# cp /etc/pki/CA/private/registry.lab.example.com.key /etc/quay/ssl.key | |
[root@utility ~]# chown 1001:1001 /etc/quay/ssl.key | |
[root@utility ~]# chown 1001:1001 /etc/quay/ssl.cert | |
[root@utility ~]# podman stop quay | |
[root@utility ~]# podman start quay | |
# lets check that quay is working with new certificate | |
[root@utility ~]# curl -I -v --cacert /etc/pki/CA/example-ca.crt https://registry.lab.example.com 2>&1 |grep -A 15 "Server certificate" | |
* Server certificate: | |
* subject: C=US; ST=North Carolina; L=Raleigh; O=Red Hat; CN=registry.lab.example.com | |
* start date: Apr 14 21:47:38 2021 GMT | |
* expire date: Apr 12 21:47:38 2031 GMT | |
* common name: registry.lab.example.com (matched) | |
* issuer: C=US; ST=North Carolina; L=Raleigh; O=Example, Inc.; CN=example.com Certificate Authority | |
* SSL certificate verify ok. | |
* Using HTTP2, server supports multi-use | |
* Connection state changed (HTTP/2 confirmed) | |
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0 | |
} [5 bytes data] | |
* Using Stream ID: 1 (easy handle 0x5586aea25740) | |
} [5 bytes data] | |
> HEAD / HTTP/2 | |
> Host: registry.lab.example.com | |
> User-Agent: curl/7.61.1 | |
[root@utility ~]# logout | |
Connection to utility closed. | |
[kiosk@foundation0 ~]$ ssh student@servera | |
[student@servera ~]$ sudo mkdir -p /etc/containers/certs.d/registry.lab.example.com | |
[student@servera ~]$ sudo scp root@utility:/etc/pki/CA/example-ca.crt /etc/containers/certs.d/registry.lab.example.com/ca.crt | |
root@utility's password: | |
example-ca.crt 100% 1395 1.4MB/s 00:00 | |
[student@servera ~]$ podman login registry.lab.example.com | |
Username: admin | |
Password: | |
Login Succeeded! | |
[student@servera ~]$ podman pull registry.lab.example.com/rhel8/httpd-24:latest | |
Trying to pull registry.lab.example.com/rhel8/httpd-24:latest... | |
Getting image source signatures | |
Copying blob 77c58f19bd6e done | |
Copying blob 9d20433efa0c done | |
Copying blob 47db82df7f3f done | |
Copying blob 71391dc11a78 done | |
Copying config 7e93f25a94 done | |
Writing manifest to image destination | |
Storing signatures | |
7e93f25a946892c9c175b74a0915c96469e3b4845a6da9f214fd3ec19c3d7070 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment