I started looking at this and remembered that I had answered a similar question in an email to the L1CC administrator in March 2017. I was unable to find the thread where the administrator posted a note on the L1CC forum. So I decided to revisit my response, updating it since things have changed with the newer docker version.
You will see the following reason for the error by looking in /var/log/suseconnect.log in your container. One of the last lines in the error file is:
2019/01/22 23:34:20 Get https://18.104.22.168/connect/subscriptions/products?arch=s390x&identifier=SLES&version=12.2: x509: certificate signed by unknown authority
The reason is because the docker container is attempting secure communication to the repo server being hosted by the L1CC. The repo server is using a self signed certificate which is not trusted by the container.
To complicate matters, the repo server hosted by the L1CC is no longer hosting SLES12 repos. Even if we get the trust anchor added, the SLES12 container image will not find the repos it is looking for. Currently SLES12 SP1 through SLES12 SP3 is hosted on the repo server.
One more wrinkle is that docker containers can use DNS servers for name resolution but not a local hosts file on the docker host. The repo server, lxslsmt, is not being resolved from DNS but rather /etc/hosts on the docker host. How to work around this has changed for the better since I replied to the L1CC administrator in 2017.
So I will show how the trust anchor can be added to a SLES12 SP3 image and enable the container to resolve lxslsmt.
- Pull the SLES12 SP3 container image from the SUSE registry
docker pull registry.suse.com/suse/sles12sp3:latest
- Create /root/sles12sp3/Dockerfile on the docker host
# IMPORTANT: MUST HAVE --add-host lxslsmt:22.214.171.124 IN OPTIONS FOR DOCKER BUILD AND RUN COMMANDS
# WHEN USING THIS IMAGE
# Import the crt file of the L1CC SMT server
ADD http://lxslsmt/smt.crt /etc/pki/trust/anchors/smt.crt
RUN zypper --gpg-auto-import-keys ref -s
- Build an updated SLES12 SP3 container image that will be used for future container work
docker build --add-host lxslsmt:126.96.36.199 -t suse/sles12sp3:2.0.0 /root/sles12sp3/
- You will now see a suse/sles12sp3 docker image that you can use. Be sure to add
--add-host lxslsmt:188.8.131.52 to future docker run or docker build commands. If you forget this then zypper commands will fail!