The prerequisites include configuring a local registry mirror for OpenShift images and ensuring a functional OpenShift cluster with administrative privileges. Optionally , if you are using a custom certificate authority (CA), a ConfigMap containing the CA certificate must be configured in the 'openshift-config' namespace under the 'updateservice-registry' key. For example: [archy@helper01 ~]$ oc -n openshift-config get configmap/custom-ca -o yaml apiVersion: v1 kind: ConfigMap metadata: namespace: openshift-config name: custom-ca spec: ca-bundle.crt: | -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- updateservice-registry: | -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- You can add additional trusted CAs by updating the 'image.config.openshift.io/cluster' resource: [archy@helper01 ~]$ oc patch image.config.openshift.io/cluster -p '{"spec":{"additionalTruste...
Following a server reboot, I encountered an issue where the rpcbind.service failed to start. Manually restarting the service resulted in subsequent login failures, as indicated by the following error: System is booting up. Unprivileged users are not permitted to log in yet. Please come back later. For technical details, see pam_nologin(8). Here's a record of how I approached debugging this issue. I'm sharing it in case my experience can help others learn and troubleshoot similar problems. The server is joined to FreeIPA and HBAC rules permit access, as confirmed by the following 'ipa hbactest' output: [root@admin03 ~]# ipa hbactest --user archy --host admin03.archyslife.lan --service sshd | grep -viIE 'not' -------------------- Access granted: True -------------------- Matched rules: allow-admin-users-admin-hosts Reviewing the /var/log/secure log showed a PAM account permission issue that was blocking user logins: Feb 17 18:23:26 admin03 ss...