Details
-
Bug
-
Resolution: Done
-
Major
-
None
-
None
-
None
Description
In the manual repomirror setup https://access.redhat.com/documentation/en-us/red_hat_quay/3.7/html-single/deploy_red_hat_quay_for_proof-of-concept_non-production_purposes/index#mirroring-worker the user is asked to start the repomirror container like this if Quay is deployed using a self-signed cert
$ sudo podman run -d --name mirroring-worker \ -v $QUAY/config:/conf/stack:Z \ -v /root/ca.crt:/etc/pki/ca-trust/source/anchors/ca.crt \ registry.redhat.io/quay/quay-rhel8:v3.7.10 repomirror
This will not work because the SELinux rules will deny reads of the repo mirror container in the /root directory of the host. The :Z flag needs to be appended to the volume mount like so:
$ sudo podman run -d --name mirroring-worker \ -v $QUAY/config:/conf/stack:Z \ -v /root/ca.crt:/etc/pki/ca-trust/source/anchors/ca.crt:Z \ registry.redhat.io/quay/quay-rhel8:v3.7.10 repomirror
