search

containers / ansible-podman-collections

Repository for Ansible content that can include playbooks, roles, modules, and plugins for use with the Podman tool
GNU General Public License v3.0
264 stars 143 forks source link

`tls_verify: false` not working in `containers.podman.podman_container` module #810

Closed utsumi-fj closed 1 month ago

utsumi-fj commented 1 month ago

Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)

/kind bug

Description

It appears that the tls_verify: false parameter in the containers.podman.podman_container module is not functioning as intended. The following Ansible task with tls_verify: false fails with the error tls: failed to verify certificate: x509: certificate signed by unknown authority.

- name: Run container
  containers.podman.podman_container:
    name: container
    image: mirror.example.localdomain:8443/bitnami/wildfly:latest
    state: started
    tls_verify: false

The container registry mirror.example.localdomain:8443 is a Mirror Registry for Red Hat OpenShift installed following the official procedure.

Steps to reproduce the issue:

  1. Prepare a container registry whose CA certificate is not trusted (e.g. container registry installed with self-signed certificate).

  2. Push the container image used for reproduction to the container registry.

  3. Run the above Ansible task.

Describe the results you received:

Error Message:

fatal: [192.168.0.116]: FAILED! => {"changed": false, "msg": "Can't pull image mirror.example.localdomain:8443/bitnami/wildfly:latest", "stderr": "Trying to pull mirror.example.localdomain:8443/bitnami/wildfly:latest...\nError: initializing source docker://mirror.example.localdomain:8443/bitnami/wildfly:latest: pinging container registry mirror.example.localdomain:8443: Get \"https://mirror.example.localdomain:8443/v2/\": tls: failed to verify certificate: x509: certificate signed by unknown authority\n", "stderr_lines": ["Trying to pull mirror.example.localdomain:8443/bitnami/wildfly:latest...", "Error: initializing source docker://mirror.example.localdomain:8443/bitnami/wildfly:latest: pinging container registry mirror.example.localdomain:8443: Get \"https://mirror.example.localdomain:8443/v2/\": tls: failed to verify certificate: x509: certificate signed by unknown authority"], "stdout": "", "stdout_lines": []}

Describe the results you expected:

The above Ansible task succeeds.

Additional information you deem important (e.g. issue happens only occasionally):

Observations:

$ podman pull --tls-verify=false mirror.example.localdomain:8443/bitnami/wildfly:latest
Trying to pull mirror.example.localdomain:8443/bitnami/wildfly:latest...
Getting image source signatures
Copying blob c474834cc9f5 done   |
Copying config 894653a2ff done   |
Writing manifest to image destination
894653a2ffc11740c278ff859a1bf78ac79975287dc4a49a03c00a2a83a3a6fd
$ podman images
REPOSITORY                                       TAG         IMAGE ID      CREATED     SIZE
mirror.example.localdomain:8443/bitnami/wildfly  latest      894653a2ffc1  7 days ago  826 MB

Version of the containers.podman collection: Either git commit if installed from git: git show --summary Or version from ansible-galaxy if installed from galaxy: ansible-galaxy collection list | grep containers.podman

$ ansible-galaxy collection list | grep containers.podman
containers.podman 1.15.4

Output of ansible --version:

$ ansible --version
ansible [core 2.11.12]
  config file = /home/xxxxx/yyyyy/ansible.cfg
  configured module search path = ['/home/xxxxx/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/xxxxx/ansible/lib64/python3.9/site-packages/ansible
  ansible collection location = /home/xxxxx/.ansible/collections:/usr/share/ansible/collections
  executable location = /home/xxxxx/ansible/bin/ansible
  python version = 3.9.18 (main, Jan 24 2024, 00:00:00) [GCC 11.4.1 20231218 (Red Hat 11.4.1-3)]
  jinja version = 3.1.4
  libyaml = True

Output of podman version:

Client:       Podman Engine
Version:      4.9.4-dev
API Version:  4.9.4-dev
Go Version:   go1.21.7 (Red Hat 1.21.7-1.el9)
Built:        Tue Feb 20 18:41:16 2024
OS/Arch:      linux/amd64

Output of podman info --debug:

host:
  arch: amd64
  buildahVersion: 1.33.5
  cgroupControllers:
  - memory
  - pids
  cgroupManager: systemd
  cgroupVersion: v2
  conmon:
    package: conmon-2.1.10-1.el9.x86_64
    path: /usr/bin/conmon
    version: 'conmon version 2.1.10, commit: fb8c4bf50dbc044a338137871b096eea8041a1fa'
  cpuUtilization:
    idlePercent: 82.38
    systemPercent: 8.09
    userPercent: 9.53
  cpus: 4
  databaseBackend: sqlite
  distribution:
    distribution: rhel
    version: "9.4"
  eventLogger: journald
  freeLocks: 2047
  hostname: localhost.localdomain
  idMappings:
    gidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 100000
      size: 65536
    uidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 100000
      size: 65536
  kernel: 5.14.0-427.13.1.el9_4.x86_64
  linkmode: dynamic
  logDriver: journald
  memFree: 695746560
  memTotal: 3836358656
  networkBackend: netavark
  networkBackendInfo:
    backend: netavark
    dns:
      package: aardvark-dns-1.9.0-1.el9.x86_64
      path: /usr/libexec/podman/aardvark-dns
      version: aardvark-dns 1.9.0
    package: netavark-1.10.3-1.el9.x86_64
    path: /usr/libexec/podman/netavark
    version: netavark 1.10.3
  ociRuntime:
    name: crun
    package: crun-1.14.3-1.el9.x86_64
    path: /usr/bin/crun
    version: |-
      crun version 1.14.3
      commit: 1961d211ba98f532ea52d2e80f4c20359f241a98
      rundir: /run/user/1000/crun
      spec: 1.0.0
      +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +YAJL
  os: linux
  pasta:
    executable: ""
    package: ""
    version: ""
  remoteSocket:
    exists: false
    path: /run/user/1000/podman/podman.sock
  security:
    apparmorEnabled: false
    capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: true
    seccompEnabled: true
    seccompProfilePath: /usr/share/containers/seccomp.json
    selinuxEnabled: true
  serviceIsRemote: false
  slirp4netns:
    executable: /usr/bin/slirp4netns
    package: slirp4netns-1.2.3-1.el9.x86_64
    version: |-
      slirp4netns version 1.2.3
      commit: c22fde291bb35b354e6ca44d13be181c76a0a432
      libslirp: 4.4.0
      SLIRP_CONFIG_VERSION_MAX: 3
      libseccomp: 2.5.2
  swapFree: 4223922176
  swapTotal: 4240437248
  uptime: 24h 23m 48.00s (Approximately 1.00 days)
  variant: ""
plugins:
  authorization: null
  log:
  - k8s-file
  - none
  - passthrough
  - journald
  network:
  - bridge
  - macvlan
  - ipvlan
  volume:
  - local
registries:
  search:
  - registry.access.redhat.com
  - registry.redhat.io
  - docker.io
store:
  configFile: /home/xxxxx/.config/containers/storage.conf
  containerStore:
    number: 1
    paused: 0
    running: 0
    stopped: 1
  graphDriverName: overlay
  graphOptions: {}
  graphRoot: /home/xxxxx/.local/share/containers/storage
  graphRootAllocated: 10670309376
  graphRootUsed: 965476352
  graphStatus:
    Backing Filesystem: xfs
    Native Overlay Diff: "true"
    Supports d_type: "true"
    Supports shifting: "false"
    Supports volatile: "true"
    Using metacopy: "false"
  imageCopyTmpDir: /var/tmp
  imageStore:
    number: 1
  runRoot: /run/user/1000/containers
  transientStore: false
  volumePath: /home/xxxxx/.local/share/containers/storage/volumes
version:
  APIVersion: 4.9.4-dev
  Built: 1708422076
  BuiltTime: Tue Feb 20 18:41:16 2024
  GitCommit: ""
  GoVersion: go1.21.7 (Red Hat 1.21.7-1.el9)
  Os: linux
  OsArch: linux/amd64
  Version: 4.9.4-dev

Package info (e.g. output of rpm -q podman or apt list podman):

$ rpm -q podman
podman-4.9.4-0.1.el9.x86_64

Playbok you run with ansible (e.g. content of playbook.yaml):

- name: Run container
  containers.podman.podman_container:
    name: container
    image: mirror.example.localdomain:8443/bitnami/wildfly:latest
    state: started
    tls_verify: false

Command line and output of ansible run with high verbosity

$ ansible-playbook -i hosts.ini playbook.yaml -vvv
<192.168.0.116> ESTABLISH SSH CONNECTION FOR USER: xxxxx
<192.168.0.116> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o 'IdentityFile="/home/xxxxx/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="xxxxx"' -o ConnectTimeout=10 '-oProxyCommand=ssh -W %h:%p -q vyos@10.20.60.233 -i ~/.ssh/id_rsa' -o 'ControlPath="/home/xxxxx/.ansible/cp/6df4f0c4e0"' 192.168.0.116 '/bin/sh -c '"'"'echo ~xxxxx && sleep 0'"'"''
<192.168.0.116> (0, b'/home/xxxxx\n', b'')
<192.168.0.116> ESTABLISH SSH CONNECTION FOR USER: xxxxx
<192.168.0.116> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o 'IdentityFile="/home/xxxxx/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="xxxxx"' -o ConnectTimeout=10 '-oProxyCommand=ssh -W %h:%p -q vyos@10.20.60.233 -i ~/.ssh/id_rsa' -o 'ControlPath="/home/xxxxx/.ansible/cp/6df4f0c4e0"' 192.168.0.116 '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo /home/xxxxx/.ansible/tmp `"&& mkdir "` echo /home/xxxxx/.ansible/tmp/ansible-tmp-1722564257.574407-92202-254364342039821 `" && echo ansible-tmp-1722564257.574407-92202-254364342039821="` echo /home/xxxxx/.ansible/tmp/ansible-tmp-1722564257.574407-92202-254364342039821 `" ) && sleep 0'"'"''
<192.168.0.116> (0, b'ansible-tmp-1722564257.574407-92202-254364342039821=/home/xxxxx/.ansible/tmp/ansible-tmp-1722564257.574407-92202-254364342039821\n', b'')
Using module file /home/xxxxx/.ansible/collections/ansible_collections/containers/podman/plugins/modules/podman_container.py
<192.168.0.116> PUT /home/xxxxx/.ansible/tmp/ansible-local-921817u1up4bl/tmpovnjv659 TO /home/xxxxx/.ansible/tmp/ansible-tmp-1722564257.574407-92202-254364342039821/AnsiballZ_podman_container.py
<192.168.0.116> SSH: EXEC sftp -b - -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o 'IdentityFile="/home/xxxxx/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="xxxxx"' -o ConnectTimeout=10 '-oProxyCommand=ssh -W %h:%p -q vyos@10.20.60.233 -i ~/.ssh/id_rsa' -o 'ControlPath="/home/xxxxx/.ansible/cp/6df4f0c4e0"' '[192.168.0.116]'
<192.168.0.116> (0, b'sftp> put /home/xxxxx/.ansible/tmp/ansible-local-921817u1up4bl/tmpovnjv659 /home/xxxxx/.ansible/tmp/ansible-tmp-1722564257.574407-92202-254364342039821/AnsiballZ_podman_container.py\n', b'')
<192.168.0.116> ESTABLISH SSH CONNECTION FOR USER: xxxxx
<192.168.0.116> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o 'IdentityFile="/home/xxxxx/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="xxxxx"' -o ConnectTimeout=10 '-oProxyCommand=ssh -W %h:%p -q vyos@10.20.60.233 -i ~/.ssh/id_rsa' -o 'ControlPath="/home/xxxxx/.ansible/cp/6df4f0c4e0"' 192.168.0.116 '/bin/sh -c '"'"'chmod u+x /home/xxxxx/.ansible/tmp/ansible-tmp-1722564257.574407-92202-254364342039821/ /home/xxxxx/.ansible/tmp/ansible-tmp-1722564257.574407-92202-254364342039821/AnsiballZ_podman_container.py && sleep 0'"'"''
<192.168.0.116> (0, b'', b'')
<192.168.0.116> ESTABLISH SSH CONNECTION FOR USER: xxxxx
<192.168.0.116> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o 'IdentityFile="/home/xxxxx/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="xxxxx"' -o ConnectTimeout=10 '-oProxyCommand=ssh -W %h:%p -q vyos@10.20.60.233 -i ~/.ssh/id_rsa' -o 'ControlPath="/home/xxxxx/.ansible/cp/6df4f0c4e0"' -tt 192.168.0.116 '/bin/sh -c '"'"'/usr/bin/python /home/xxxxx/.ansible/tmp/ansible-tmp-1722564257.574407-92202-254364342039821/AnsiballZ_podman_container.py && sleep 0'"'"''
<192.168.0.116> (1, b'\r\n{"stdout": "", "stderr": "Trying to pull mirror.example.localdomain:8443/bitnami/wildfly:latest...\\nError: initializing source docker://mirror.example.localdomain:8443/bitnami/wildfly:latest: pinging container registry mirror.example.localdomain:8443: Get \\"https://mirror.example.localdomain:8443/v2/\\": tls: failed to verify certificate: x509: certificate signed by unknown authority\\n", "failed": true, "msg": "Can\'t pull image mirror.example.localdomain:8443/bitnami/wildfly:latest", "invocation": {"module_args": {"name": "container", "image": "mirror.example.localdomain:8443/bitnami/wildfly:latest", "state": "started", "tls_verify": false, "executable": "podman", "detach": true, "debug": false, "force_restart": false, "force_delete": true, "generate_systemd": {}, "image_strict": false, "recreate": false, "annotation": null, "arch": null, "attach": null, "authfile": null, "blkio_weight": null, "blkio_weight_device": null, "cap_add": null, "cap_drop": null, "cgroup_conf": null, "cgroup_parent": null, "cgroupns": null, "cgroups": null, "chrootdirs": null, "cidfile": null, "cmd_args": null, "conmon_pidfile": null, "command": null, "cpu_period": null, "cpu_quota": null, "cpu_rt_period": null, "cpu_rt_runtime": null, "cpu_shares": null, "cpus": null, "cpuset_cpus": null, "cpuset_mems": null, "decryption_key": null, "delete_depend": null, "delete_time": null, "delete_volumes": null, "detach_keys": null, "device": null, "device_cgroup_rule": null, "device_read_bps": null, "device_read_iops": null, "device_write_bps": null, "device_write_iops": null, "dns": null, "dns_option": null, "dns_search": null, "entrypoint": null, "env": null, "env_file": null, "env_host": null, "env_merge": null, "etc_hosts": null, "expose": null, "gidmap": null, "gpus": null, "group_add": null, "group_entry": null, "healthcheck": null, "healthcheck_interval": null, "healthcheck_retries": null, "healthcheck_start_period": null, "health_startup_cmd": null, "health_startup_interval": null, "health_startup_retries": null, "health_startup_success": null, "health_startup_timeout": null, "healthcheck_timeout": null, "healthcheck_failure_action": null, "hooks_dir": null, "hostname": null, "hostuser": null, "http_proxy": null, "image_volume": null, "init": null, "init_ctr": null, "init_path": null, "interactive": null, "ip": null, "ip6": null, "ipc": null, "kernel_memory": null, "label": null, "label_file": null, "log_driver": null, "log_level": null, "log_opt": null, "mac_address": null, "memory": null, "memory_reservation": null, "memory_swap": null, "memory_swappiness": null, "mount": null, "network": null, "network_aliases": null, "no_healthcheck": null, "no_hosts": null, "oom_kill_disable": null, "oom_score_adj": null, "os": null, "passwd": null, "passwd_entry": null, "personality": null, "pid": null, "pid_file": null, "pids_limit": null, "platform": null, "pod": null, "pod_id_file": null, "preserve_fd": null, "preserve_fds": null, "privileged": null, "publish": null, "publish_all": null, "pull": null, "quadlet_dir": null, "quadlet_filename": null, "quadlet_options": null, "rdt_class": null, "read_only": null, "read_only_tmpfs": null, "requires": null, "restart_policy": null, "restart_time": null, "retry": null, "retry_delay": null, "rm": null, "rmi": null, "rootfs": null, "seccomp_policy": null, "secrets": null, "sdnotify": null, "security_opt": null, "shm_size": null, "shm_size_systemd": null, "sig_proxy": null, "stop_signal": null, "stop_timeout": null, "stop_time": null, "subgidname": null, "subuidname": null, "sysctl": null, "systemd": null, "timeout": null, "timezone": null, "tmpfs": null, "tty": null, "uidmap": null, "ulimit": null, "umask": null, "unsetenv": null, "unsetenv_all": null, "user": null, "userns": null, "uts": null, "variant": null, "volume": null, "volumes_from": null, "workdir": null}}}\r\n', b'Shared connection to 192.168.0.116 closed.\r\n')
<192.168.0.116> Failed to connect to the host via ssh: Shared connection to 192.168.0.116 closed.
<192.168.0.116> ESTABLISH SSH CONNECTION FOR USER: xxxxx
<192.168.0.116> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o 'IdentityFile="/home/xxxxx/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="xxxxx"' -o ConnectTimeout=10 '-oProxyCommand=ssh -W %h:%p -q vyos@10.20.60.233 -i ~/.ssh/id_rsa' -o 'ControlPath="/home/xxxxx/.ansible/cp/6df4f0c4e0"' 192.168.0.116 '/bin/sh -c '"'"'rm -f -r /home/xxxxx/.ansible/tmp/ansible-tmp-1722564257.574407-92202-254364342039821/ > /dev/null 2>&1 && sleep 0'"'"''
<192.168.0.116> (0, b'', b'')
fatal: [192.168.0.116]: FAILED! => {
    "changed": false,
    "invocation": {
        "module_args": {
            "annotation": null,
            "arch": null,
            "attach": null,
            "authfile": null,
            "blkio_weight": null,
            "blkio_weight_device": null,
            "cap_add": null,
            "cap_drop": null,
            "cgroup_conf": null,
            "cgroup_parent": null,
            "cgroupns": null,
            "cgroups": null,
            "chrootdirs": null,
            "cidfile": null,
            "cmd_args": null,
            "command": null,
            "conmon_pidfile": null,
            "cpu_period": null,
            "cpu_quota": null,
            "cpu_rt_period": null,
            "cpu_rt_runtime": null,
            "cpu_shares": null,
            "cpus": null,
            "cpuset_cpus": null,
            "cpuset_mems": null,
            "debug": false,
            "decryption_key": null,
            "delete_depend": null,
            "delete_time": null,
            "delete_volumes": null,
            "detach": true,
            "detach_keys": null,
            "device": null,
            "device_cgroup_rule": null,
            "device_read_bps": null,
            "device_read_iops": null,
            "device_write_bps": null,
            "device_write_iops": null,
            "dns": null,
            "dns_option": null,
            "dns_search": null,
            "entrypoint": null,
            "env": null,
            "env_file": null,
            "env_host": null,
            "env_merge": null,
            "etc_hosts": null,
            "executable": "podman",
            "expose": null,
            "force_delete": true,
            "force_restart": false,
            "generate_systemd": {},
            "gidmap": null,
            "gpus": null,
            "group_add": null,
            "group_entry": null,
            "health_startup_cmd": null,
            "health_startup_interval": null,
            "health_startup_retries": null,
            "health_startup_success": null,
            "health_startup_timeout": null,
            "healthcheck": null,
            "healthcheck_failure_action": null,
            "healthcheck_interval": null,
            "healthcheck_retries": null,
            "healthcheck_start_period": null,
            "healthcheck_timeout": null,
            "hooks_dir": null,
            "hostname": null,
            "hostuser": null,
            "http_proxy": null,
            "image": "mirror.example.localdomain:8443/bitnami/wildfly:latest",
            "image_strict": false,
            "image_volume": null,
            "init": null,
            "init_ctr": null,
            "init_path": null,
            "interactive": null,
            "ip": null,
            "ip6": null,
            "ipc": null,
            "kernel_memory": null,
            "label": null,
            "label_file": null,
            "log_driver": null,
            "log_level": null,
            "log_opt": null,
            "mac_address": null,
            "memory": null,
            "memory_reservation": null,
            "memory_swap": null,
            "memory_swappiness": null,
            "mount": null,
            "name": "container",
            "network": null,
            "network_aliases": null,
            "no_healthcheck": null,
            "no_hosts": null,
            "oom_kill_disable": null,
            "oom_score_adj": null,
            "os": null,
            "passwd": null,
            "passwd_entry": null,
            "personality": null,
            "pid": null,
            "pid_file": null,
            "pids_limit": null,
            "platform": null,
            "pod": null,
            "pod_id_file": null,
            "preserve_fd": null,
            "preserve_fds": null,
            "privileged": null,
            "publish": null,
            "publish_all": null,
            "pull": null,
            "quadlet_dir": null,
            "quadlet_filename": null,
            "quadlet_options": null,
            "rdt_class": null,
            "read_only": null,
            "read_only_tmpfs": null,
            "recreate": false,
            "requires": null,
            "restart_policy": null,
            "restart_time": null,
            "retry": null,
            "retry_delay": null,
            "rm": null,
            "rmi": null,
            "rootfs": null,
            "sdnotify": null,
            "seccomp_policy": null,
            "secrets": null,
            "security_opt": null,
            "shm_size": null,
            "shm_size_systemd": null,
            "sig_proxy": null,
            "state": "started",
            "stop_signal": null,
            "stop_time": null,
            "stop_timeout": null,
            "subgidname": null,
            "subuidname": null,
            "sysctl": null,
            "systemd": null,
            "timeout": null,
            "timezone": null,
            "tls_verify": false,
            "tmpfs": null,
            "tty": null,
            "uidmap": null,
            "ulimit": null,
            "umask": null,
            "unsetenv": null,
            "unsetenv_all": null,
            "user": null,
            "userns": null,
            "uts": null,
            "variant": null,
            "volume": null,
            "volumes_from": null,
            "workdir": null
        }
    },
    "msg": "Can't pull image mirror.example.localdomain:8443/bitnami/wildfly:latest",
    "stderr": "Trying to pull mirror.example.localdomain:8443/bitnami/wildfly:latest...\nError: initializing source docker://mirror.example.localdomain:8443/bitnami/wildfly:latest: pinging container registry mirror.example.localdomain:8443: Get \"https://mirror.example.localdomain:8443/v2/\": tls: failed to verify certificate: x509: certificate signed by unknown authority\n",
    "stderr_lines": [
        "Trying to pull mirror.example.localdomain:8443/bitnami/wildfly:latest...",
        "Error: initializing source docker://mirror.example.localdomain:8443/bitnami/wildfly:latest: pinging container registry mirror.example.localdomain:8443: Get \"https://mirror.example.localdomain:8443/v2/\": tls: failed to verify certificate: x509: certificate signed by unknown authority"
    ],
    "stdout": "",
    "stdout_lines": []
}

Additional environment details (AWS, VirtualBox, physical, etc.):

RHEL 9.4 on VMware vSphere virtual machine

kubealex commented 1 month ago

I confirm the behaviour. It is due to a pre-flight check on the image where the podman image pull command ignores the tls_verify parameter.

Opened #815 to fix this.