5月 272019
 

新建仓库

在没有配置SSH密钥对之前,无法使用基于SSH的代码推拉操作。

You won’t be able to pull or push project code via SSH until you add an SSH key to your profile

为root用户准备SSH密钥(未设置私钥密码)

[root@client ~]# ssh-keygen -t ed25519 -C "harvey.mei@msn.com"
Generating public/private ed25519 key pair.
Enter file in which to save the key (/root/.ssh/id_ed25519): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_ed25519.
Your public key has been saved in /root/.ssh/id_ed25519.pub.
The key fingerprint is:
SHA256:zZYLuVxm+EDjPAHGjlgJjTGdkw0hrjMwOuLs6r0rrnU harvey.mei@msn.com
The key's randomart image is:
+--[ED25519 256]--+
| =*oOo |
| ..oO.o. |
|o .o + + |
|oo. . .+ B . |
|B S O |
|++ . @ . |
| o. E o o |
|.o.. |
|B+.+o |
+----[SHA256]-----+
[root@client ~]#

为私钥文件添加或者修改密码

ssh-keygen -p -o -f <keyname>

复制公钥内容到GitLab账户设置中

[root@client ~]# cat .ssh/id_ed25519.pub 
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHWIgmnrN7FGjKTdMxYE3y6py3SKp5cO0wnc2dlWNj5o harvey.mei@msn.com
[root@client ~]#
 

查看已导入的SSH公钥信息


测试用户root的SSH密钥有效性,按照提示将服务器端公钥存储在本地已知主机列表文件known_hosts文件中

[root@client ~]# ssh -i .ssh/id_ed25519 -T git@gitlab.licensebox.cn
The authenticity of host 'gitlab.licensebox.cn (47.75.246.214)' can't be established.
ECDSA key fingerprint is SHA256:s+kUB7fDvU43bDqTmukBOoSd/8o/gxzuQC/Kk1aYLio.
ECDSA key fingerprint is MD5:f4:2a:7f:58:6c:d8:d3:ee:90:3a:14:9f:f9:5b:d4:4c.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'gitlab.licensebox.cn,47.75.246.214' (ECDSA) to the list of known hosts.
Welcome to GitLab, @root!
[root@client ~]#

查看保留在本地的服务器端

[root@client ~]# cat .ssh/known_hosts

gitlab.licensebox.cn,47.75.246.214 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLPz49yrtFCwkwt+5/kCXekab8jtrEmf8OpPyfjqtoOuPMlHbhH/rnlNxcicFMF+0U9AD/RIigglJh5SFgSYQ3A=
[root@client ~]#

本地操作系统安装Git客户端程序

[root@client ~]# git
-bash: git: command not found
[root@client ~]# yum -y install git

将仓库Clone到本地磁盘(无需再次验证身份)

[root@client ~]# git clone git@gitlab.licensebox.cn:root/licensebox.git 
Cloning into 'licensebox'...
remote: Enumerating objects: 3, done.
remote: Counting objects: 100% (3/3), done.
remote: Total 3 (delta 0), reused 0 (delta 0)
Receiving objects: 100% (3/3), done.

查看本地Git目录及文件内容,确认成功Clone仓库至本地磁盘

[root@client ~]# ls
licensebox
[root@client ~]# ls licensebox/
README.md
[root@client ~]# cat licensebox/README.md 
# licensebox

LicenseBox Project[root@client ~]#
5月 242019
 

企业级开源镜像仓库服务

https://github.com/goharbor/harbor

特性

Cloud native registry: With support for both container images and Helm charts, Harbor serves as registry for cloud native environments like container runtimes and orchestration platforms.
Role based access control: Users and repositories are organized via 'projects' and a user can have different permission for images under a project.
Policy based image replication: Images can be replicated (synchronized) between multiple registry instances based on policies with multiple filters (repository, tag and label). Harbor will auto-retry to replicate if it encounters any errors. Great for load balancing, high availability, multi-datacenter, hybrid and multi-cloud scenarios.
Vulnerability Scanning: Harbor scans images regularly and warns users of vulnerabilities.
LDAP/AD support: Harbor integrates with existing enterprise LDAP/AD for user authentication and management, and supports importing LDAP groups into Harbor and assigning proper project roles to them.
Image deletion & garbage collection: Images can be deleted and their space can be recycled.
Notary: Image authenticity can be ensured.
Graphical user portal: User can easily browse, search repositories and manage projects.
Auditing: All the operations to the repositories are tracked.
RESTful API: RESTful APIs for most administrative operations, easy to integrate with external systems.
Easy deployment: Provide both an online and offline installer.

安装配置环境要求
软件
On a Linux host: docker 17.03.0-ce+ and docker-compose 1.18.0+ .
硬件
最小2核4G
端口开放

下载离线安装包

https://storage.googleapis.com/harbor-releases/release-1.8.0/harbor-offline-installer-v1.8.0.tgz

[root@iZj6cehstgjoj3qav88fidZ ~]# curl -O https://storage.googleapis.com/harbor-releases/release-1.8.0/harbor-offline-installer-v1.8.0.tgz
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 527M 100 527M 0 0 12.3M 0 0:00:42 0:00:42 --:--:-- 12.2M
[root@iZj6cehstgjoj3qav88fidZ ~]#

安装docker最新版

安装仓库源

[root@iZj6cehstgjoj3qav88fidZ ~]# yum install -y yum-utils device-mapper-persistent-data lvm2

[root@iZj6cehstgjoj3qav88fidZ ~]# yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
Loaded plugins: fastestmirror
adding repo from: https://download.docker.com/linux/centos/docker-ce.repo
grabbing file https://download.docker.com/linux/centos/docker-ce.repo to /etc/yum.repos.d/docker-ce.repo
repo saved to /etc/yum.repos.d/docker-ce.repo
[root@iZj6cehstgjoj3qav88fidZ ~]#

[root@iZj6cehstgjoj3qav88fidZ ~]# yum install docker-ce docker-ce-cli containerd.io

启动服务

[root@iZj6cehstgjoj3qav88fidZ ~]# systemctl enable docker
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.
[root@iZj6cehstgjoj3qav88fidZ ~]# systemctl start docker
[root@iZj6cehstgjoj3qav88fidZ ~]#

安装docker-compose最新版

下载

[root@iZj6cehstgjoj3qav88fidZ ~]# sudo curl -L "https://github.com/docker/compose/releases/download/1.24.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 617 0 617 0 0 567 0 --:--:-- 0:00:01 --:--:-- 567
100 15.4M 100 15.4M 0 0 2972k 0 0:00:05 0:00:05 --:--:-- 4764k
[root@iZj6cehstgjoj3qav88fidZ ~]#

修改权限

[root@iZj6cehstgjoj3qav88fidZ ~]# chmod +x /usr/local/bin/docker-compose
[root@iZj6cehstgjoj3qav88fidZ ~]# ll /usr/local/bin/docker-compose
-rwxr-xr-x 1 root root 16154160 May 27 18:00 /usr/local/bin/docker-compose
[root@iZj6cehstgjoj3qav88fidZ ~]#

安装OpenSSL及自签证书

https://github.com/goharbor/harbor/blob/master/docs/configure_https.md
安装OpenSSL

[root@iZj6cehstgjoj3qav88fidZ ~]# yum -y install openssl

生成CA证书和密钥

[root@iZj6cehstgjoj3qav88fidZ ~]# openssl genrsa -out ca.key 4096
Generating RSA private key, 4096 bit long modulus
..........................++
................++
e is 65537 (0x10001)
[root@iZj6cehstgjoj3qav88fidZ ~]#

[root@iZj6cehstgjoj3qav88fidZ ~]# openssl req -x509 -new -nodes -sha512 -days 3650 \
> -subj "/C=TW/ST=Taipei/L=Taipei/O=example/OU=Personal/CN=yourdomain.com" \
> -key ca.key \
> -out ca.crt
[root@iZj6cehstgjoj3qav88fidZ ~]#

生成服务器证书和密钥
1)

[root@iZj6cehstgjoj3qav88fidZ ~]# openssl genrsa -out hub.licensebox.cn.key 4096 
Generating RSA private key, 4096 bit long modulus
.......................................................................................................++
..................................................................................................++
e is 65537 (0x10001)
[root@iZj6cehstgjoj3qav88fidZ ~]#

2)

[root@iZj6cehstgjoj3qav88fidZ ~]# openssl req -sha512 -new \
> -subj "/C=TW/ST=Taipei/L=Taipei/O=example/OU=Personal/CN=hub.licensebox.cn" \
> -key hub.licensebox.cn.key \
> -out hub.licensebox.cn.csr
[root@iZj6cehstgjoj3qav88fidZ ~]# ls
ca.crt ca.key harbor-offline-installer-v1.8.0.tgz hub.licensebox.cn.csr hub.licensebox.cn.key
[root@iZj6cehstgjoj3qav88fidZ ~]#

3)

[root@iZj6cehstgjoj3qav88fidZ ~]# openssl x509 -req -sha512 -days 3650 \
> -CA ca.crt -CAkey ca.key -CAcreateserial \
> -in hub.licensebox.cn.csr \
> -out hub.licensebox.cn.crt
Signature ok
subject=/C=TW/ST=Taipei/L=Taipei/O=example/OU=Personal/CN=hub.licensebox.cn
Getting CA Private Key
[root@iZj6cehstgjoj3qav88fidZ ~]# ls
ca.crt ca.key ca.srl harbor-offline-installer-v1.8.0.tgz hub.licensebox.cn.crt hub.licensebox.cn.csr hub.licensebox.cn.key
[root@iZj6cehstgjoj3qav88fidZ ~]#

转换证书格式(crt–>cert)

[root@iZj6cehstgjoj3qav88fidZ ~]# openssl x509 -inform PEM -in hub.licensebox.cn.crt -out hub.licensebox.cn.cert
[root@iZj6cehstgjoj3qav88fidZ ~]# ls
ca.crt ca.key ca.srl harbor-offline-installer-v1.8.0.tgz hub.licensebox.cn.cert hub.licensebox.cn.crt hub.licensebox.cn.csr hub.licensebox.cn.key
[root@iZj6cehstgjoj3qav88fidZ ~]#

部署证书文件到Docker相关配置目录下

[root@iZj6cehstgjoj3qav88fidZ ~]# mkdir -p /etc/docker/certs.d/licensebox.cn/
[root@iZj6cehstgjoj3qav88fidZ ~]# cp ca.crt /etc/docker/certs.d/licensebox.cn/
[root@iZj6cehstgjoj3qav88fidZ ~]# cp hub.licensebox.cn.cert /etc/docker/certs.d/licensebox.cn/
[root@iZj6cehstgjoj3qav88fidZ ~]# cp hub.licensebox.cn.key /etc/docker/certs.d/licensebox.cn/

解压安装包并修改配置文件

[root@iZj6cehstgjoj3qav88fidZ ~]# tar xzf harbor-offline-installer-v1.8.0.tgz 
[root@iZj6cehstgjoj3qav88fidZ ~]# ls
ca.crt ca.key ca.srl harbor harbor-offline-installer-v1.8.0.tgz hub.licensebox.cn.cert hub.licensebox.cn.crt hub.licensebox.cn.csr hub.licensebox.cn.key
[root@iZj6cehstgjoj3qav88fidZ ~]# cd harbor
[root@iZj6cehstgjoj3qav88fidZ harbor]# ls
harbor.v1.8.0.tar.gz harbor.yml install.sh LICENSE prepare
[root@iZj6cehstgjoj3qav88fidZ harbor]#

修改配置文件

修改主机名

hostname: reg.mydomain.com
Hostname: hub.licensebox.cn

启用443端口和配置证书

# https related config
# https:
# # https port for harbor, default is 443
# port: 443
# # The path of cert and key files for nginx
# certificate: /your/certificate/path
# private_key: /your/private/key/path

# https related config
https:
# # https port for harbor, default is 443
port: 443
# # The path of cert and key files for nginx
certificate: /root/hub.licensebox.cn.crt
private_key: /root/hub.licensebox.cn.key

初始密码修改

harbor_admin_password: Harbor12345
harbor_admin_password: Harbor20190527

修改数据库初始密码(未修改)(生产环境适用)

# Harbor DB configuration
database:
# The password for the root user of Harbor DB. Change this before any production use.
password: root123

生成配置文件

[root@iZj6cehstgjoj3qav88fidZ harbor]# ./prepare 
prepare base dir is set to /root/harbor
Unable to find image 'goharbor/prepare:v1.8.0' locally
v1.8.0: Pulling from goharbor/prepare
4e360eca2e60: Pull complete 
cd3c4c42d48b: Pull complete 
647e8efbf475: Pull complete 
79272af3d010: Pull complete 
1aec5eb71578: Pull complete 
1a29af1ecc2c: Pull complete 
e382cb5c1ecb: Pull complete 
Digest: sha256:c590164ae2c54e360642b1174c8ad90306b05ca0582f02f35889346c113e555d
Status: Downloaded newer image for goharbor/prepare:v1.8.0
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
Generated and saved secret to file: /secret/keys/secretkey
Generated certificate, key file: /secret/core/private_key.pem, cert file: /secret/registry/root.crt
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir
[root@iZj6cehstgjoj3qav88fidZ harbor]#

执行安装

[root@iZj6cehstgjoj3qav88fidZ harbor]# ./install.sh

[Step 0]: checking installation environment ...

Note: docker version: 18.09.6

Note: docker-compose version: 1.24.0

[Step 1]: loading Harbor images ...
1d4a1da12c02: Loading layer [==================================================>] 50.51MB/50.51MB
8eb1a006f3b0: Loading layer [==================================================>] 3.584kB/3.584kB
41b6f75847f4: Loading layer [==================================================>] 3.072kB/3.072kB
ec9bd6e4d4e8: Loading layer [==================================================>] 2.56kB/2.56kB
6d852bb664c2: Loading layer [==================================================>] 3.072kB/3.072kB
0e4ed2b5a5b8: Loading layer [==================================================>] 3.584kB/3.584kB
8dfb2b644f30: Loading layer [==================================================>] 12.29kB/12.29kB
Loaded image: goharbor/harbor-log:v1.8.0
d8c53538042b: Loading layer [==================================================>] 63.34MB/63.34MB
1b5fb7ee22e0: Loading layer [==================================================>] 47.96MB/47.96MB
a8bdca5e9d71: Loading layer [==================================================>] 6.656kB/6.656kB
f7cec940b52c: Loading layer [==================================================>] 2.048kB/2.048kB
301a4a2af7db: Loading layer [==================================================>] 7.68kB/7.68kB
e588e1e3a775: Loading layer [==================================================>] 2.56kB/2.56kB
539f28a5d0ea: Loading layer [==================================================>] 2.56kB/2.56kB
8b4a72241226: Loading layer [==================================================>] 2.56kB/2.56kB
Loaded image: goharbor/harbor-db:v1.8.0
c88db349fb2f: Loading layer [==================================================>] 8.972MB/8.972MB
1f2d4d72bba2: Loading layer [==================================================>] 35.77MB/35.77MB
dddbcf598df5: Loading layer [==================================================>] 2.048kB/2.048kB
0ced476c2d9c: Loading layer [==================================================>] 3.072kB/3.072kB
af24eb0bf40b: Loading layer [==================================================>] 35.77MB/35.77MB
Loaded image: goharbor/chartmuseum-photon:v0.8.1-v1.8.0
Loaded image: goharbor/prepare:v1.8.0
257ebcc1c9c4: Loading layer [==================================================>] 8.967MB/8.967MB
7579d3c94fca: Loading layer [==================================================>] 38.68MB/38.68MB
323611f7dd17: Loading layer [==================================================>] 38.68MB/38.68MB
Loaded image: goharbor/harbor-jobservice:v1.8.0
587a5757a7f6: Loading layer [==================================================>] 3.548MB/3.548MB
Loaded image: goharbor/nginx-photon:v1.8.0
a61ab2060e6e: Loading layer [==================================================>] 8.967MB/8.967MB
25359ae00f57: Loading layer [==================================================>] 5.143MB/5.143MB
610a1668f8bf: Loading layer [==================================================>] 15.13MB/15.13MB
db2252abd9e0: Loading layer [==================================================>] 26.47MB/26.47MB
4f406312560b: Loading layer [==================================================>] 22.02kB/22.02kB
1cee0947e5a7: Loading layer [==================================================>] 3.072kB/3.072kB
48db2b9b0752: Loading layer [==================================================>] 46.74MB/46.74MB
Loaded image: goharbor/notary-server-photon:v0.6.1-v1.8.0
aaf447150765: Loading layer [==================================================>] 113MB/113MB
6835441e1a1d: Loading layer [==================================================>] 10.94MB/10.94MB
9f4739e3a532: Loading layer [==================================================>] 2.048kB/2.048kB
928f489135f0: Loading layer [==================================================>] 48.13kB/48.13kB
1495a1a09ada: Loading layer [==================================================>] 3.072kB/3.072kB
1a5f5b141717: Loading layer [==================================================>] 10.99MB/10.99MB
Loaded image: goharbor/clair-photon:v2.0.8-v1.8.0
66006ea937c6: Loading layer [==================================================>] 337.8MB/337.8MB
d272ba122880: Loading layer [==================================================>] 106.5kB/106.5kB
Loaded image: goharbor/harbor-migrator:v1.8.0
05bc5efb1724: Loading layer [==================================================>] 8.967MB/8.967MB
af3a6f89469a: Loading layer [==================================================>] 46.85MB/46.85MB
452d238b3e48: Loading layer [==================================================>] 5.632kB/5.632kB
36e1cb2d6ffa: Loading layer [==================================================>] 27.14kB/27.14kB
5385ffb8451e: Loading layer [==================================================>] 46.85MB/46.85MB
Loaded image: goharbor/harbor-core:v1.8.0
268091c30a67: Loading layer [==================================================>] 71.66MB/71.66MB
4433bcd802e7: Loading layer [==================================================>] 3.072kB/3.072kB
420b26399278: Loading layer [==================================================>] 59.9kB/59.9kB
8864c4b9ac3d: Loading layer [==================================================>] 61.95kB/61.95kB
Loaded image: goharbor/redis-photon:v1.8.0
63645c97bf5d: Loading layer [==================================================>] 8.968MB/8.968MB
ccb295818ad9: Loading layer [==================================================>] 3.072kB/3.072kB
1ec2d1eefa8f: Loading layer [==================================================>] 2.56kB/2.56kB
b88acf0f9f5f: Loading layer [==================================================>] 20.1MB/20.1MB
0e7375de12e6: Loading layer [==================================================>] 20.1MB/20.1MB
Loaded image: goharbor/registry-photon:v2.7.1-patch-2819-v1.8.0
444b0c8bfeee: Loading layer [==================================================>] 3.548MB/3.548MB
ed0415346760: Loading layer [==================================================>] 6.568MB/6.568MB
572bd51089e0: Loading layer [==================================================>] 160.8kB/160.8kB
1410c2919a92: Loading layer [==================================================>] 215kB/215kB
8ecdca210598: Loading layer [==================================================>] 3.584kB/3.584kB
Loaded image: goharbor/harbor-portal:v1.8.0
7fb66591fb58: Loading layer [==================================================>] 8.968MB/8.968MB
42ec4a6394bf: Loading layer [==================================================>] 3.072kB/3.072kB
be6c2180cb57: Loading layer [==================================================>] 20.1MB/20.1MB
d956d9e974c5: Loading layer [==================================================>] 3.072kB/3.072kB
e2e0b4f17ad8: Loading layer [==================================================>] 7.465MB/7.465MB
7e29d670afe9: Loading layer [==================================================>] 27.56MB/27.56MB
Loaded image: goharbor/harbor-registryctl:v1.8.0
453732ea69d4: Loading layer [==================================================>] 13.72MB/13.72MB
c985f3824f33: Loading layer [==================================================>] 26.47MB/26.47MB
76eaa2763221: Loading layer [==================================================>] 22.02kB/22.02kB
0ef55a752948: Loading layer [==================================================>] 3.072kB/3.072kB
c5749b90723d: Loading layer [==================================================>] 45.33MB/45.33MB
Loaded image: goharbor/notary-signer-photon:v0.6.1-v1.8.0


[Step 2]: preparing environment ...
prepare base dir is set to /root/harbor
Clearing the configuration file: /config/log/logrotate.conf
Clearing the configuration file: /config/cert/server.key
Clearing the configuration file: /config/cert/server.crt
Clearing the configuration file: /config/db/env
Clearing the configuration file: /config/registryctl/env
Clearing the configuration file: /config/registryctl/config.yml
Clearing the configuration file: /config/registry/config.yml
Clearing the configuration file: /config/jobservice/env
Clearing the configuration file: /config/jobservice/config.yml
Clearing the configuration file: /config/nginx/nginx.conf
Clearing the configuration file: /config/core/app.conf
Clearing the configuration file: /config/core/env
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
loaded secret from file: /secret/keys/secretkey
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir

[Step 3]: starting Harbor ...
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating registryctl ... done
Creating harbor-db ... done
Creating redis ... done
Creating registry ... done
Creating harbor-core ... done
Creating harbor-jobservice ... done
Creating harbor-portal ... done
Creating nginx ... done

✔ ----Harbor has been installed and started successfully.----

Now you should be able to visit the admin portal at https://hub.licensebox.cn. 
For more details, please visit https://github.com/goharbor/harbor .

[root@iZj6cehstgjoj3qav88fidZ harbor]#

登录(SSL证书信任错误)

登录

首页

5月 242019
 

配置要求:最低4GB可用内存

查看当前系统版本

[root@iZj6cehstgjoj3qav88fidZ ~]# cat /etc/redhat-release 
CentOS Linux release 7.4.1708 (Core) 
[root@iZj6cehstgjoj3qav88fidZ ~]#

安装GitLab服务YUM仓库

企业版

curl https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee/script.rpm.sh | sudo bash

社区版

curl https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.rpm.sh | sudo bash

查看仓库配置文件

企业版

[root@iZj6cehstgjoj3qav88fidZ ~]# ls /etc/yum.repos.d/
CentOS-Base.repo epel.repo gitlab_gitlab-ee.repo
[root@iZj6cehstgjoj3qav88fidZ ~]#

社区版

[root@iZj6cehstgjoj3qav88fidZ ~]# ls /etc/yum.repos.d/
CentOS-Base.repo epel.repo gitlab_gitlab-ce.repo gitlab_gitlab-ee.repo
[root@iZj6cehstgjoj3qav88fidZ ~]# cat /etc/yum.repos.d/gitlab_gitlab-ce.repo 
[gitlab_gitlab-ce]
name=gitlab_gitlab-ce
baseurl=https://packages.gitlab.com/gitlab/gitlab-ce/el/7/$basearch
repo_gpgcheck=1
gpgcheck=1
enabled=1
gpgkey=https://packages.gitlab.com/gitlab/gitlab-ce/gpgkey
https://packages.gitlab.com/gitlab/gitlab-ce/gpgkey/gitlab-gitlab-ce-3D645A26AB9FBD22.pub.gpg
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
metadata_expire=300

[gitlab_gitlab-ce-source]
name=gitlab_gitlab-ce-source
baseurl=https://packages.gitlab.com/gitlab/gitlab-ce/el/7/SRPMS
repo_gpgcheck=1
gpgcheck=1
enabled=1
gpgkey=https://packages.gitlab.com/gitlab/gitlab-ce/gpgkey
https://packages.gitlab.com/gitlab/gitlab-ce/gpgkey/gitlab-gitlab-ce-3D645A26AB9FBD22.pub.gpg
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
metadata_expire=300
[root@iZj6cehstgjoj3qav88fidZ ~]#

执行安装时,变量中设置有效的域名解析并指定为https协议时,将自动请求Let’s Encrypt证书并安装,首次安装建议使用http协议,之后自行安装TLS证书

启用TLS证书安装

sudo EXTERNAL_URL="https://gitlab.licensebox.cn" yum install -y gitlab-ce

禁用TLS证书安装

sudo EXTERNAL_URL="http://gitlab.licensebox.cn" yum install -y gitlab-ce

提示安装成功

Thank you for installing GitLab!
GitLab should be available at http://gitlab.licensebox.cn

查看端口监听及服务进程

使用浏览器访问Gitlab首页,按照提示设置初始密码

使用设置的初始密码进行首次登录

查看GitLab默认首页

社区版的版本升级更新操作

备份数据(默认备份路径/var/opt/gitlab/backups)

sudo gitlab-rake gitlab:backup:create STRATEGY=copy

执行更新

sudo yum install -y gitlab-ce
2月 142019
 


HARVEY MIEI (2018/06/04)
https://developers.ripple.com/checks.html
https://developers.ripple.com/checkcreate.html
https://developers.ripple.com/checkcash.html
https://developers.ripple.com/checkcancel.html

Checks
支票
The Checks feature in the XRP Ledger allows users to create deferred payments that can be canceled or cashed by the intended recipients. Like personal paper checks, XRP Ledger Checks start with the sender of the funds creating a Check that specifies an amount and receiver. The receiver cashes the check to pull the funds from the sender’s account into the receiver’s account. No money moves until the receiver cashes the Check. Because funds are not put on hold when the Check is created, cashing a Check can fail if the sender doesn’t have enough funds when the receiver tries to cash it, just like traditional checks. If there’s a failure cashing the check, the sender can retry until the check expires.
XRP总账网络的Checks支票特性允许用户创建可以被预期接收方取消或兑现的延期付款。与纸质支票一样,XRP总账网络支票由资金发送方创建一张指定额度和接受方的支票。接受方提取支票内的资金,该资金从发送方账户进入接收方账户。在接收方兑现支票之前不会发生任何资金转移。在签发支票时,资金并不会有任何变化。与传统支票一样,发送方账户资金不足会导致接收方支票兑现失败,但在支票过期以前,接收方可以重复兑现操作。

XRP Ledger Checks have expiration times after which they may no longer be cashed. If the receiver doesn’t successfully cash the Check before it expires, the Check object remains in the XRP Ledger until someone cancels it. Anyone may cancel the Check after it expires. Only the sender and receiver can cancel the Check before it expires or is cashed. The Check object is removed from the Ledger when the sender successfully cashes the check or someone cancels it.
XRP总账网络支票在长时间未兑现后则可能会过期。如果接收方在支票过期前未成功兑现,该支票对象将保留在XRP总账网络中直到被人取消。任何人都可以在支票过期后取消支票,只有发送方和接收方可以在支票过期前或兑现前取消支票。支票对象将在接收方成功兑现或有人取消时从总账中移除。

Checks are similar to Escrow and Payment Channels, but there are some important differences between those features and Checks:
You can send issued currency with Checks. With Payment Channels and Escrow, you can only send XRP.
Checks do not tie up any funds. The XRP involved in Payment Channels and Escrow cannot be spent until it is redeemed with a claim provided by the sender (Payment Channels), or released by an expiration or crypto-condition (Escrow).
You can send XRP to yourself through Escrow. You cannot use Checks or Payment Channels to send XRP (or, in the case of Checks, issued currencies) to yourself.

支票与托管和Payment Channels付款渠道相似,但他们之间有一些重要的不同:
用户可以使用支票发送已发行货币,但支付渠道和托管只能发送XRP。
支票不捆绑任何资金。涉及支付渠道和和托管的XRP只有在发送方进行清偿或者托管到期或加密条件释放。
可以以托管方式发送XRP给自己,但不能以支票或付款渠道发送XRP给自己。

Why Checks?

为什么使用支票

Traditional paper checks allow people to transfer balances without immediately exchanging physical currency. XRP Ledger Checks allow people to exchange funds asynchronously using a process that is familiar to and accepted by the banking industry.

传统纸质支票允许用户无需立即兑换实际货币的情况下进行转账付款。XRP总账网络支票允许用户使用近似传统银行支票业务的方式异步处理资金。

XRP Ledger Checks also solve a problem that is unique to the XRP Ledger: they allow users to reject unwanted payments or accept only a portion of a payment. This is useful for institutions that need to be careful about accepting payments for compliance reasons.

XRP总账网络支票也解决了XRP总账网络的唯一问题。允许用户拒绝不想接受的付款或仅接受一部分付款。这对于因合规原因需要小心接受付款的机构很有用。

Checks potentially enable many other use cases. Ripple encourages the community to find new and creative applications for Checks.

Ripple鼓励社区为支票寻找新的和创造性的应用场景。

Use Case: Payment Authorization
案例:付款授权

Problem: To comply with regulations like BSA, KYC, AML, and CFT, financial institutions must provide documentation about the source of funds they receive. Such regulations seek to prevent the illicit transfer of funds by requiring institutions to disclose the source and destination of all payments processed by the institution. Because of the nature of the XRP Ledger, anyone could potentially send XRP (and, under the right circumstances, issued currencies) to an institution’s account on the XRP Ledger. Dealing with such unwanted payments adds significant cost and time delays to these institutions’ compliance departments, including potential fines or penalties.
为遵守像BSA,KYC,AML和CFT这样的规定 ,金融机构必须提供关于他们收到资金来源的文件。 这些法规旨在要求机构披露所有付款的来源和目的地来防止非法转移资金。 由于XRP分类账的性质,任何人都可能将XRP(并且在适当的情况下,已发行货币)发送到XRP分类账的机构账户。 处理这些不必要的支付会给这些机构的合规部门带来巨大的成本和时间延迟,还有可能的罚款或处罚。

Solution: Institutions can enable Deposit Authorization on their XRP Ledger accounts by setting the asfDepositAuth flag in an AccountSet transaction. This makes the account unable to receive Payment transactions. Accounts with Deposit Authorization enabled can only receive funds through Escrow, Payment Channels, or Checks. Checks are the most straightforward, familiar, and flexible way to transfer funds if Deposit Authorization is enabled.

解决方案:机构可以通过其XRP总账网络相关账号发起AccountSet交易并设置asfDepositAuth标志开启付款授权。此后该账号将不能接收付款交易。启用付款授权的账户只能通过托管,付款渠道或者支票接收资金。如果启用付款授权,支票将是最直接,熟悉,灵活的转账方式。

Checks typically have the lifecycle described below.

Step 1: To create a Check, the sender submits a CheckCreate transaction and specifies the receiver (Destination), expiration time (Expiration), and maximum amount that may be debited from the sender’s account (SendMax).

创建支票,发送人提交CheckCreate交易并制定接收人,过期时间,以及可从发送人账户转移的资金额度上限。

Step 2: After the CheckCreate transaction is processed, a Check object is created on the XRP Ledger. This object contains the properties of the Check as defined by the transaction that created it. The object can only be modified by the sender (by canceling it with a CheckCancel transaction) or receiver (by canceling it or cashing it) before the expiration time passes. After the expiration time, anyone may cancel the Check.

当CheckCreate交易处理后,将在XRP总账网络中创建一个Check对象,该对象包含创建交易所定义的支票属性信息。该对象只能被发送人(发起CehckCancel交易取消)或接收人(取消或兑现)在其过期前进行修改。

Step 3: To cash the check, the receiver submits a CheckCash transaction. The receiver has two options for cashing the check:

要兑现支票,接收人提交CheckCash交易,接收人有两个选项兑现支票。

Amount — The receiver can use this option to specify an exact amount to cash. This may be useful for cases where the sender has padded the check to cover possible transfer fees and the receiver can only accept the exact amount on an invoice or other contract.

Amount(额度),

DeliverMin — The receiver can use this option to specify the minimum amount they are willing to receive from the Check. If the receiver uses this option, rippled attempts to deliver as much as possible and will deliver at least this amount. The transaction fails if the amount that can be credited to the receiver is not at least this amount.

DeliverMin(最小兑现)接收方使用该选项指定其期望从支票中兑现的最小额度。如果接收方使用该选项,则最少兑现指定额度。如果发送方账户的可用额度小于该值,则兑现交易失败。

If the sender has enough funds to cover the Check and the expiration time has not passed, the funds are debited from the sender’s account and credited to the receiver’s account, and the Check object is is destroyed.

如果发送方账户有足够金额足以兑现支票,且支票未过期。资金将从发送方账户转移至接收方账户,同时Check对象将被销毁。

Expiration Case

In the case of expirations, Checks have the lifecycle described below.

All Checks start the same way, so Steps 1 and 2 are the same.

Step 3a: If the Check expires before the receiver can cash it, the Check can no longer be cashed but remains in the ledger.

当接收方在兑现支票时支票已过期,则支票不能被兑现,但仍存在于总账网络中。

Step 4a: After a Check expires, anyone may cancel it by submitting a CheckCancel transaction. That transaction removes the Check from the ledger.

支票过期后,任何人都可以通过提交CheckCancel交易取消支票,支票将在总账网络中被移除。

Availability of Checks
支票可用性
Checks require rippled v0.90.0 or later.

2月 122019
 


https://developers.ripple.com/cross-currency-payments.html

Cross-Currency Payments
跨币种支付
In the XRP Ledger, you can send cross-currency payments that exchange one or more issued currencies, XRP, or both. Like direct XRP payments, these payments use the Payment transaction type. Cross-currency payments within the XRP Ledger are fully atomic, meaning that either the payment fully executes or no part of it executes.

在XRP总账网络中,支付发送与XRP或一种多种已发行货币的付款,与直接进行XRP付款一样,跨货币付款使用Payment交易类型。XRP总账网络中的跨货币付款完全是原子的,也就意味着支付只能完全执行成功而不可能部分执行成功。

By default, cross-currency payments deliver a fixed amount to their destination at a variable cost to their source. Cross-currency payments can also be partial payments, which deliver a variable amount to the destination within a fixed sending limit.

默认情况下,跨货币付款基于可变的交易成本并发送给目的用户的确定的固定额度。当然,跨货币付款也可以是部分付款,在固定付款限额内发送可变的付款金额。

Prerequisites

先决条件

By definition, a cross-currency payment involves at least two currencies, which means that at least one currency involved must be a non-XRP issued currency.

按照定义,跨货币交易至少包括两种货币,且至少包括一种非XRP的已发行货币。

    Typically, this means using one or more currencies issued by an XRP Ledger Gateway. Such currencies are backed by funds outside the XRP Ledger, and can be withdrawn through the gateway.

通常,用户持有的一种或多种XRP总账网络中发行的货币,该货币可以在XRP总账网络以外的网关服务商处进行提现操作。

    You could also use digital tokens that are only issued within the XRP Ledger and has no outside backing, as long as the parties transacting are willing to send or receive those tokens and treat them as something of value.

一种情况是,只要交易双方都愿意在XRP总账网络中发送和接收这些数字资产,并认可其价值(资产数字化),用户也可以不必转出至外部。

There must be at least one Path between the sender and receiver, and the total liquidity across all paths must be enough to facilitate the payment. For cross-currency payments, this usually means consuming Offers to convert from one currency to another.

在付款发送者和接收者之间必须有至少一条交易路径,且交易路径所带来的流动性应当足以促成交易。在跨货币付款中,这通常意味着消耗Offers(报价单)以实现一种货币转换为另一种货币。

Autobridging

自动桥接

Cross-currency payments that exchange two issued currencies automatically use XRP, when it decreases the cost of the payment, by connecting order books to deepen the pool of available liquidity. For example, a payment sending from USD to MXN automatically converts USD to XRP and then XRP to MXN if doing so is cheaper than converting USD to MXN directly.

跨货币支付自动使用XRP来作为两种已发行货币的中间媒介,以降低付款成本,同时使用order book增加已发行货币的流动性。举例来讲,如果使用XRP作为中间媒介转换的成本,比直接进行USD及MXN兑换更低的话,付款自USD兑换成MXN的过程就会首先将USD兑换为XRP,然后再将XRP兑换为MXN。