5月 272019
 

查看本地镜像

[root@client ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
[root@client ~]#

从官方镜像仓库下拉一个CentOS 7.6.1810版本的镜像

[root@client ~]# docker pull centos:7.6.1810
7.6.1810: Pulling from library/centos
ac9208207ada: Pull complete 
Digest: sha256:0baec775bbf3e01cc770d5823c285b291b44ca05bb7c31b8674db5dae1d2aea9
Status: Downloaded newer image for centos:7.6.1810
[root@client ~]#

从官方镜像仓库下拉一个Ubuntu 18.04版本的镜像

[root@client ~]# docker pull ubuntu:18.04
18.04: Pulling from library/ubuntu
6abc03819f3e: Pull complete 
05731e63f211: Pull complete 
0bd67c50d6be: Pull complete 
Digest: sha256:f08638ec7ddc90065187e7eabdfac3c96e5ff0f6b2f1762cf31a4f49b53000a5
Status: Downloaded newer image for ubuntu:18.04
[root@client ~]#

查看本地镜像信息

[root@client ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
ubuntu 18.04 7698f282e524 12 days ago 69.9MB
centos 7.6.1810 f1cb7c7d58b7 2 months ago 202MB
[root@client ~]#

对默认的libarary公共镜像仓库进行存取操作

在项目中标记镜像:
docker tag SOURCE_IMAGE[:TAG] hub.licensebox.cn/library/IMAGE[:TAG]

推送镜像到当前项目:
docker push hub.licensebox.cn/library/IMAGE[:TAG]

查看已经重新打标记的镜像

[root@client ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
ubuntu 18.04 7698f282e524 12 days ago 69.9MB
centos 7.6.1810 f1cb7c7d58b7 2 months ago 202MB
hub.licensebox.cn/library/centos 7.6.1810 f1cb7c7d58b7 2 months ago 202MB
[root@client ~]#

登录镜像仓库未配置证书时的错误提示(自签证书)

[root@client ~]# docker login hub.licensebox.cn
Username: admin
Password: 
Error response from daemon: Get https://hub.licensebox.cn/v2/: x509: certificate signed by unknown authority
[root@client ~]#

建立证书配置目录(注意:必须提供server.cert文件,server.key文件和ca.crt文件)

[root@client ~]# mkdir -p /etc/docker/certs.d/hub.licensebox.cn/
[root@client ~]# mv ca.crt hub.licensebox.cn.key hub.licensebox.cn.cert /etc/docker/certs.d/hub.licensebox.cn/
[root@client ~]# ls /etc/docker/certs.d/hub.licensebox.cn/
ca.crt hub.licensebox.cn.cert hub.licensebox.cn.key
[root@client ~]#

登录自建仓库

[root@client certs.d]# docker login hub.licensebox.cn
Username: admin
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded
[root@client certs.d]#

上传

上传完成

[root@client ~]# docker push hub.licensebox.cn/library/centos:7.6.1810
The push refers to repository [hub.licensebox.cn/library/centos]
89169d87dbe2: Pushed 
7.6.1810: digest: sha256:747b2de199b6197a26eb1a24d69740d25483995842b2d2f75824095e9d1d19eb size: 529
[root@client ~]#

在VMware Harbor中查看已推送至镜像仓库的镜像

查看审计日志

删除本地镜像

[root@client ~]# docker image rm hub.licensebox.cn/library/centos:7.6.1810
Untagged: hub.licensebox.cn/library/centos:7.6.1810
Untagged: hub.licensebox.cn/library/centos@sha256:747b2de199b6197a26eb1a24d69740d25483995842b2d2f75824095e9d1d19eb
[root@client ~]# docker image rm centos:7.6.1810
Untagged: centos:7.6.1810
Untagged: centos@sha256:0baec775bbf3e01cc770d5823c285b291b44ca05bb7c31b8674db5dae1d2aea9
Deleted: sha256:f1cb7c7d58b73eac859c395882eec49d50651244e342cd6c68a5c7809785f427
Deleted: sha256:89169d87dbe2b72ba42bfbb3579c957322baca28e03a1e558076542a1c1b2b4a
[root@client ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
ubuntu 18.04 7698f282e524 12 days ago 69.9MB
[root@client ~]#

尝试拉取之前推送的镜像

[root@client ~]# docker pull hub.licensebox.cn/library/centos:7.6.1810
7.6.1810: Pulling from library/centos
ac9208207ada: Pull complete 
Digest: sha256:747b2de199b6197a26eb1a24d69740d25483995842b2d2f75824095e9d1d19eb
Status: Downloaded newer image for hub.licensebox.cn/library/centos:7.6.1810
[root@client ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
ubuntu 18.04 7698f282e524 12 days ago 69.9MB
hub.licensebox.cn/library/centos 7.6.1810 f1cb7c7d58b7 2 months ago 202MB
[root@client ~]#

查看日志

登出镜像仓库

[root@client ~]# docker logout hub.licensebox.cn
Removing login credentials for hub.licensebox.cn
[root@client ~]#

作为公开仓库,即使不登录仍然可以访问(拉取)仓库中的镜像

日志显示匿名用户anonymous对仓库进行了拉取镜像的操作

5月 272019
 

对于内部项目使用的GitLab服务关闭用户注册功能

取消勾选Sign-up enable选项并提交保存

退出登录后再次访问首页,显示只有Sign in功能,注册入口已关闭

新建用户tom及jerry,在无邮件服务器配置的情况下,重置用户密码(Gitlab.2019)

新建用户tom

新建用户jerry

初始化用户tom的密码

提示用户tom密码初始化成功

初始化用户jerry的密码

 

提示用户jerry密码初始化成功

使用用户tom登录GitLab服务

按照系统提示修改密码

 

提示密码修改成功并重新登录

在GitLab上使用tom用户新建项目1st并赋予Jerry用户访问权限

创建项目(Private)

项目创建成功

在项目设置的成员设置中添加用户jerry并指定为Developer角色权限

查看当前项目的成员信息,显示已成功添加jerry用户

在客户机上添加tom和jerry两个用户并安装git客户端

[root@client ~]# useradd tom
[root@client ~]# useradd jerry
[root@client ~]# yum -y install git

切换为tom用户并新建SSH密钥并查看公钥信息

[root@client ~]# su - tom
[tom@client ~]$ ssh-keygen -t ed25519 -C "tom@licensebox.cn"
Generating public/private ed25519 key pair.
Enter file in which to save the key (/home/tom/.ssh/id_ed25519): 
Created directory '/home/tom/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/tom/.ssh/id_ed25519.
Your public key has been saved in /home/tom/.ssh/id_ed25519.pub.
The key fingerprint is:
SHA256:UVeM2yOmysAcgcl708kGa3kbenZXDWHw2l6NmvwiyOA tom@licensebox.cn
The key's randomart image is:
+--[ED25519 256]--+
| . o . o=+. |
| + o . ..oo |
| . B.. o.o |
| . B B. +o+.o|
| = *So o.oo.o|
| * + o..+ . |
| . B + .+ . |
| E = . .. |
| . .. |
+----[SHA256]-----+
[tom@client ~]$ cat .ssh/id_ed25519.pub 
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOSSfWAFWITPSj+qXuXTIYhqRg6Stw96birC/7gzTiOg tom@licensebox.cn
[tom@client ~]$

将公钥信息复制粘贴至GitLab用户tom的SSH密钥配置信息中

添加公钥信息

添加成功

用户tom本地客户机使用git命令访问仓库并新建文件和添加注释并上传

[tom@client ~]$ git config --global user.name "Tom"
[tom@client ~]$ git config --global user.email "tom@licensebox.cn"
[tom@client ~]$ git clone git@gitlab.licensebox.cn:tom/1st.git
Cloning into '1st'...
The authenticity of host 'gitlab.licensebox.cn (47.75.246.214)' can't be established.
ECDSA key fingerprint is SHA256:O/ea5Lg0EzQZc+901DKkDlmv5IxBvShOQ6wknzCJRS4.
ECDSA key fingerprint is MD5:04:5a:fd:80:b9:1d:81:ed:2e:df:a8:f7:1b:02:33:7f.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'gitlab.licensebox.cn,47.75.246.214' (ECDSA) to the list of known hosts.
warning: You appear to have cloned an empty repository.
[tom@client ~]$ cd 1st/
[tom@client 1st]$ touch README.md
[tom@client 1st]$ echo "Hello World" > README.md 
[tom@client 1st]$ git add README.md
[tom@client 1st]$ git commit -m "add README"
[master (root-commit) de77d4d] add README
1 file changed, 1 insertion(+)
create mode 100644 README.md
[tom@client 1st]$ git push -u origin master
Counting objects: 3, done.
Writing objects: 100% (3/3), 223 bytes | 0 bytes/s, done.
Total 3 (delta 0), reused 0 (delta 0)
To git@gitlab.licensebox.cn:tom/1st.git
* [new branch] master -> master
Branch master set up to track remote branch master from origin.
[tom@client 1st]$

在GitLab页面确认已上传的项目文件

用户jerry使用本地客户机生成密钥对并将公钥信息添加至GitLab上用户jerry的SSH密钥配置信息中

[jerry@client ~]$ ssh-keygen -t ed25519 -C "jerry@licensebox.cn" 
Generating public/private ed25519 key pair.
Enter file in which to save the key (/home/jerry/.ssh/id_ed25519): 
Created directory '/home/jerry/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/jerry/.ssh/id_ed25519.
Your public key has been saved in /home/jerry/.ssh/id_ed25519.pub.
The key fingerprint is:
SHA256:6uVleGBOpisnPjeJR2bEy5VmV9CMX08kkLOmHQ4m3eQ jerry@licensebox.cn
The key's randomart image is:
+--[ED25519 256]--+
| .=.o...|
| . B ...|
| . o * + o |
| o * = E .|
| o =S+ * . |
| *B o. o |
| =o.+ + |
| =.*+ + |
| ..Bo.. |
+----[SHA256]-----+
[jerry@client ~]$ cat .ssh/id_ed25519.pub 
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMmxHQCKvwn38NIyLuhc9EOwymQePQkwnA1EbIt9Mhpz jerry@licensebox.cn
[jerry@client ~]$

使用jerry用户在客户机上进行git clone操作并查看从服务器上拉取的仓库文件及内容

[jerry@client ~]$ git config --global user.name "Jerry"
[jerry@client ~]$ git config --global user.email "jerry@licensebox.cn"
[jerry@client ~]$ git clone git@gitlab.licensebox.cn:tom/1st.git
Cloning into '1st'...
The authenticity of host 'gitlab.licensebox.cn (47.75.246.214)' can't be established.
ECDSA key fingerprint is SHA256:O/ea5Lg0EzQZc+901DKkDlmv5IxBvShOQ6wknzCJRS4.
ECDSA key fingerprint is MD5:04:5a:fd:80:b9:1d:81:ed:2e:df:a8:f7:1b:02:33:7f.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'gitlab.licensebox.cn,47.75.246.214' (ECDSA) to the list of known hosts.
remote: Enumerating objects: 3, done.
remote: Counting objects: 100% (3/3), done.
remote: Total 3 (delta 0), reused 0 (delta 0)
Receiving objects: 100% (3/3), done.
[jerry@client ~]$ ls 1st/
README.md
[jerry@client ~]$ cat 1st/README.md 
Hello World
[jerry@client ~]$ 
5月 272019
 

新建仓库

在没有配置SSH密钥对之前,无法使用基于SSH的代码推拉操作。

You won’t be able to pull or push project code via SSH until you add an SSH key to your profile

为root用户准备SSH密钥(未设置私钥密码)

[root@client ~]# ssh-keygen -t ed25519 -C "harvey.mei@msn.com"
Generating public/private ed25519 key pair.
Enter file in which to save the key (/root/.ssh/id_ed25519): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_ed25519.
Your public key has been saved in /root/.ssh/id_ed25519.pub.
The key fingerprint is:
SHA256:zZYLuVxm+EDjPAHGjlgJjTGdkw0hrjMwOuLs6r0rrnU harvey.mei@msn.com
The key's randomart image is:
+--[ED25519 256]--+
| =*oOo |
| ..oO.o. |
|o .o + + |
|oo. . .+ B . |
|B S O |
|++ . @ . |
| o. E o o |
|.o.. |
|B+.+o |
+----[SHA256]-----+
[root@client ~]#

为私钥文件添加或者修改密码

ssh-keygen -p -o -f <keyname>

复制公钥内容到GitLab账户设置中

[root@client ~]# cat .ssh/id_ed25519.pub 
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHWIgmnrN7FGjKTdMxYE3y6py3SKp5cO0wnc2dlWNj5o harvey.mei@msn.com
[root@client ~]#
 

查看已导入的SSH公钥信息


测试用户root的SSH密钥有效性,按照提示将服务器端公钥存储在本地已知主机列表文件known_hosts文件中

[root@client ~]# ssh -i .ssh/id_ed25519 -T git@gitlab.licensebox.cn
The authenticity of host 'gitlab.licensebox.cn (47.75.246.214)' can't be established.
ECDSA key fingerprint is SHA256:s+kUB7fDvU43bDqTmukBOoSd/8o/gxzuQC/Kk1aYLio.
ECDSA key fingerprint is MD5:f4:2a:7f:58:6c:d8:d3:ee:90:3a:14:9f:f9:5b:d4:4c.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'gitlab.licensebox.cn,47.75.246.214' (ECDSA) to the list of known hosts.
Welcome to GitLab, @root!
[root@client ~]#

查看保留在本地的服务器端

[root@client ~]# cat .ssh/known_hosts

gitlab.licensebox.cn,47.75.246.214 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLPz49yrtFCwkwt+5/kCXekab8jtrEmf8OpPyfjqtoOuPMlHbhH/rnlNxcicFMF+0U9AD/RIigglJh5SFgSYQ3A=
[root@client ~]#

本地操作系统安装Git客户端程序

[root@client ~]# git
-bash: git: command not found
[root@client ~]# yum -y install git

将仓库Clone到本地磁盘(无需再次验证身份)

[root@client ~]# git clone git@gitlab.licensebox.cn:root/licensebox.git 
Cloning into 'licensebox'...
remote: Enumerating objects: 3, done.
remote: Counting objects: 100% (3/3), done.
remote: Total 3 (delta 0), reused 0 (delta 0)
Receiving objects: 100% (3/3), done.

查看本地Git目录及文件内容,确认成功Clone仓库至本地磁盘

[root@client ~]# ls
licensebox
[root@client ~]# ls licensebox/
README.md
[root@client ~]# cat licensebox/README.md 
# licensebox

LicenseBox Project[root@client ~]#