containers
/
podman
mirror of https://github.com/containers/podman.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #13305 from nalind/troubleshooting 

[CI:DOCS] troubleshooting.md: tweak subuid paragraph, encryption
This commit is contained in:
OpenShift Merge Robot 2022-02-21 12:19:42 -05:00 committed by GitHub
parent cd00a99c66 f150f29211
commit ad47fa2d67
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
troubleshooting.md
View File

@ -87,7 +87,7 @@ error pulling image "fedora": unable to pull fedora: error getting default regis
### 4) http: server gave HTTP response to HTTPS client ### 4) http: server gave HTTP response to HTTPS client
When doing a Podman command such as `build`, `commit`, `pull`, or `push` to a registry, When doing a Podman command such as `build`, `commit`, `pull`, or `push` to a registry,
tls verification is turned on by default. If authentication is not used with TLS verification is turned on by default. If encryption is not used with
those commands, this error can occur. those commands, this error can occur.
#### Symptom #### Symptom
@ -100,13 +100,13 @@ Get https://localhost:5000/v2/: http: server gave HTTP response to HTTPS client
#### Solution #### Solution
By default tls verification is turned on when communicating to registries from By default TLS verification is turned on when communicating to registries from
Podman. If the registry does not require authentication the Podman commands Podman. If the registry does not require encryption the Podman commands
such as `build`, `commit`, `pull` and `push` will fail unless tls verification is turned such as `build`, `commit`, `pull` and `push` will fail unless TLS verification is turned
off using the `--tls-verify` option. **NOTE:** It is not at all recommended to off using the `--tls-verify` option. **NOTE:** It is not at all recommended to
communicate with a registry and not use tls verification. communicate with a registry and not use TLS verification.
* Turn off tls verification by passing false to the tls-verification option. * Turn off TLS verification by passing false to the tls-verify option.
* I.e. `podman push --tls-verify=false alpine docker://localhost:5000/myalpine:latest` * I.e. `podman push --tls-verify=false alpine docker://localhost:5000/myalpine:latest`
--- ---
@ -259,7 +259,8 @@ You should ensure that each user has a unique range of uids, because overlapping
would potentially allow one user to attack another user. In addition, make sure would potentially allow one user to attack another user. In addition, make sure
that the range of uids you allocate can cover all uids that the container that the range of uids you allocate can cover all uids that the container
requires. For example, if the container has a user with uid 10000, ensure you requires. For example, if the container has a user with uid 10000, ensure you
have at least 10001 subuids. have at least 10001 subuids, and if the container needs to be run as a user with
uid 1000000, ensure you have at least 1000001 subuids.
You could also use the usermod program to assign UIDs to a user. You could also use the usermod program to assign UIDs to a user.