基于GitLab的Git基本命令行客户端操作

 未分类  No Responses »
5 月 272019
 

对于内部项目使用的GitLab服务关闭用户注册功能

取消勾选Sign-up enable选项并提交保存

退出登录后再次访问首页,显示只有Sign in功能,注册入口已关闭

新建用户tom及jerry,在无邮件服务器配置的情况下,重置用户密码(Gitlab.2019)

新建用户tom

新建用户jerry

初始化用户tom的密码

提示用户tom密码初始化成功

初始化用户jerry的密码

 

提示用户jerry密码初始化成功

使用用户tom登录GitLab服务

按照系统提示修改密码

 

提示密码修改成功并重新登录

在GitLab上使用tom用户新建项目1st并赋予Jerry用户访问权限

创建项目(Private)

项目创建成功

在项目设置的成员设置中添加用户jerry并指定为Developer角色权限

查看当前项目的成员信息,显示已成功添加jerry用户

在客户机上添加tom和jerry两个用户并安装git客户端

[root@client ~]# useradd tom
[root@client ~]# useradd jerry
[root@client ~]# yum -y install git

切换为tom用户并新建SSH密钥并查看公钥信息

[root@client ~]# su - tom
[tom@client ~]$ ssh-keygen -t ed25519 -C "tom@licensebox.cn"
Generating public/private ed25519 key pair.
Enter file in which to save the key (/home/tom/.ssh/id_ed25519): 
Created directory '/home/tom/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/tom/.ssh/id_ed25519.
Your public key has been saved in /home/tom/.ssh/id_ed25519.pub.
The key fingerprint is:
SHA256:UVeM2yOmysAcgcl708kGa3kbenZXDWHw2l6NmvwiyOA tom@licensebox.cn
The key's randomart image is:
+--[ED25519 256]--+
| . o . o=+. |
| + o . ..oo |
| . B.. o.o |
| . B B. +o+.o|
| = *So o.oo.o|
| * + o..+ . |
| . B + .+ . |
| E = . .. |
| . .. |
+----[SHA256]-----+
[tom@client ~]$ cat .ssh/id_ed25519.pub 
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOSSfWAFWITPSj+qXuXTIYhqRg6Stw96birC/7gzTiOg tom@licensebox.cn
[tom@client ~]$

将公钥信息复制粘贴至GitLab用户tom的SSH密钥配置信息中

添加公钥信息

添加成功

用户tom本地客户机使用git命令访问仓库并新建文件和添加注释并上传

[tom@client ~]$ git config --global user.name "Tom"
[tom@client ~]$ git config --global user.email "tom@licensebox.cn"
[tom@client ~]$ git clone git@gitlab.licensebox.cn:tom/1st.git
Cloning into '1st'...
The authenticity of host 'gitlab.licensebox.cn (47.75.246.214)' can't be established.
ECDSA key fingerprint is SHA256:O/ea5Lg0EzQZc+901DKkDlmv5IxBvShOQ6wknzCJRS4.
ECDSA key fingerprint is MD5:04:5a:fd:80:b9:1d:81:ed:2e:df:a8:f7:1b:02:33:7f.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'gitlab.licensebox.cn,47.75.246.214' (ECDSA) to the list of known hosts.
warning: You appear to have cloned an empty repository.
[tom@client ~]$ cd 1st/
[tom@client 1st]$ touch README.md
[tom@client 1st]$ echo "Hello World" > README.md 
[tom@client 1st]$ git add README.md
[tom@client 1st]$ git commit -m "add README"
[master (root-commit) de77d4d] add README
1 file changed, 1 insertion(+)
create mode 100644 README.md
[tom@client 1st]$ git push -u origin master
Counting objects: 3, done.
Writing objects: 100% (3/3), 223 bytes | 0 bytes/s, done.
Total 3 (delta 0), reused 0 (delta 0)
To git@gitlab.licensebox.cn:tom/1st.git
* [new branch] master -> master
Branch master set up to track remote branch master from origin.
[tom@client 1st]$

在GitLab页面确认已上传的项目文件

用户jerry使用本地客户机生成密钥对并将公钥信息添加至GitLab上用户jerry的SSH密钥配置信息中

[jerry@client ~]$ ssh-keygen -t ed25519 -C "jerry@licensebox.cn" 
Generating public/private ed25519 key pair.
Enter file in which to save the key (/home/jerry/.ssh/id_ed25519): 
Created directory '/home/jerry/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/jerry/.ssh/id_ed25519.
Your public key has been saved in /home/jerry/.ssh/id_ed25519.pub.
The key fingerprint is:
SHA256:6uVleGBOpisnPjeJR2bEy5VmV9CMX08kkLOmHQ4m3eQ jerry@licensebox.cn
The key's randomart image is:
+--[ED25519 256]--+
| .=.o...|
| . B ...|
| . o * + o |
| o * = E .|
| o =S+ * . |
| *B o. o |
| =o.+ + |
| =.*+ + |
| ..Bo.. |
+----[SHA256]-----+
[jerry@client ~]$ cat .ssh/id_ed25519.pub 
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMmxHQCKvwn38NIyLuhc9EOwymQePQkwnA1EbIt9Mhpz jerry@licensebox.cn
[jerry@client ~]$

使用jerry用户在客户机上进行git clone操作并查看从服务器上拉取的仓库文件及内容

[jerry@client ~]$ git config --global user.name "Jerry"
[jerry@client ~]$ git config --global user.email "jerry@licensebox.cn"
[jerry@client ~]$ git clone git@gitlab.licensebox.cn:tom/1st.git
Cloning into '1st'...
The authenticity of host 'gitlab.licensebox.cn (47.75.246.214)' can't be established.
ECDSA key fingerprint is SHA256:O/ea5Lg0EzQZc+901DKkDlmv5IxBvShOQ6wknzCJRS4.
ECDSA key fingerprint is MD5:04:5a:fd:80:b9:1d:81:ed:2e:df:a8:f7:1b:02:33:7f.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'gitlab.licensebox.cn,47.75.246.214' (ECDSA) to the list of known hosts.
remote: Enumerating objects: 3, done.
remote: Counting objects: 100% (3/3), done.
remote: Total 3 (delta 0), reused 0 (delta 0)
Receiving objects: 100% (3/3), done.
[jerry@client ~]$ ls 1st/
README.md
[jerry@client ~]$ cat 1st/README.md 
Hello World
[jerry@client ~]$

GitLab项目仓库及SSH密钥配置与连接

 未分类  No Responses »
5 月 272019
 

新建仓库

在没有配置SSH密钥对之前,无法使用基于SSH的代码推拉操作。

You won’t be able to pull or push project code via SSH until you add an SSH key to your profile

为root用户准备SSH密钥(未设置私钥密码)

[root@client ~]# ssh-keygen -t ed25519 -C "harvey.mei@msn.com"
Generating public/private ed25519 key pair.
Enter file in which to save the key (/root/.ssh/id_ed25519): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_ed25519.
Your public key has been saved in /root/.ssh/id_ed25519.pub.
The key fingerprint is:
SHA256:zZYLuVxm+EDjPAHGjlgJjTGdkw0hrjMwOuLs6r0rrnU harvey.mei@msn.com
The key's randomart image is:
+--[ED25519 256]--+
| =*oOo |
| ..oO.o. |
|o .o + + |
|oo. . .+ B . |
|B S O |
|++ . @ . |
| o. E o o |
|.o.. |
|B+.+o |
+----[SHA256]-----+
[root@client ~]#

为私钥文件添加或者修改密码

ssh-keygen -p -o -f <keyname>

复制公钥内容到GitLab账户设置中

[root@client ~]# cat .ssh/id_ed25519.pub 
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHWIgmnrN7FGjKTdMxYE3y6py3SKp5cO0wnc2dlWNj5o harvey.mei@msn.com
[root@client ~]#
 

查看已导入的SSH公钥信息


测试用户root的SSH密钥有效性,按照提示将服务器端公钥存储在本地已知主机列表文件known_hosts文件中

[root@client ~]# ssh -i .ssh/id_ed25519 -T git@gitlab.licensebox.cn
The authenticity of host 'gitlab.licensebox.cn (47.75.246.214)' can't be established.
ECDSA key fingerprint is SHA256:s+kUB7fDvU43bDqTmukBOoSd/8o/gxzuQC/Kk1aYLio.
ECDSA key fingerprint is MD5:f4:2a:7f:58:6c:d8:d3:ee:90:3a:14:9f:f9:5b:d4:4c.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'gitlab.licensebox.cn,47.75.246.214' (ECDSA) to the list of known hosts.
Welcome to GitLab, @root!
[root@client ~]#

查看保留在本地的服务器端

[root@client ~]# cat .ssh/known_hosts

gitlab.licensebox.cn,47.75.246.214 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLPz49yrtFCwkwt+5/kCXekab8jtrEmf8OpPyfjqtoOuPMlHbhH/rnlNxcicFMF+0U9AD/RIigglJh5SFgSYQ3A=
[root@client ~]#

本地操作系统安装Git客户端程序

[root@client ~]# git
-bash: git: command not found
[root@client ~]# yum -y install git

将仓库Clone到本地磁盘(无需再次验证身份)

[root@client ~]# git clone git@gitlab.licensebox.cn:root/licensebox.git 
Cloning into 'licensebox'...
remote: Enumerating objects: 3, done.
remote: Counting objects: 100% (3/3), done.
remote: Total 3 (delta 0), reused 0 (delta 0)
Receiving objects: 100% (3/3), done.

查看本地Git目录及文件内容,确认成功Clone仓库至本地磁盘

[root@client ~]# ls
licensebox
[root@client ~]# ls licensebox/
README.md
[root@client ~]# cat licensebox/README.md 
# licensebox

LicenseBox Project[root@client ~]#

VMware Harbor构建企业级镜像仓库

 未分类  No Responses »
5 月 242019
 

企业级开源镜像仓库服务

https://github.com/goharbor/harbor

特性

Cloud native registry: With support for both container images and Helm charts, Harbor serves as registry for cloud native environments like container runtimes and orchestration platforms.
云端适用的镜像仓库服务
Role based access control: Users and repositories are organized via 'projects' and a user can have different permission for images under a project.
基于角色的访问控制
Policy based image replication: Images can be replicated (synchronized) between multiple registry instances based on policies with multiple filters (repository, tag and label). Harbor will auto-retry to replicate if it encounters any errors. Great for load balancing, high availability, multi-datacenter, hybrid and multi-cloud scenarios.
基于策略的镜像复制技术
Vulnerability Scanning: Harbor scans images regularly and warns users of vulnerabilities.
镜像漏洞扫描
LDAP/AD support: Harbor integrates with existing enterprise LDAP/AD for user authentication and management, and supports importing LDAP groups into Harbor and assigning proper project roles to them.
LDAP和AD集成支持
Image deletion & garbage collection: Images can be deleted and their space can be recycled.
镜像删除和垃圾回收机制
Notary: Image authenticity can be ensured.
镜像可信公证机制
Graphical user portal: User can easily browse, search repositories and manage projects.
图形化用户门户
Auditing: All the operations to the repositories are tracked.
操作可审计
RESTful API: RESTful APIs for most administrative operations, easy to integrate with external systems.
具有RESTful接口
Easy deployment: Provide both an online and offline installer.
易于部署

安装配置环境要求
软件
On a Linux host: docker 17.03.0-ce+ and docker-compose 1.18.0+ .
硬件:最小2核4G
端口开放:TCP80/443/4443

下载离线安装包

https://storage.googleapis.com/harbor-releases/release-1.8.0/harbor-offline-installer-v1.8.0.tgz

[root@iZj6cehstgjoj3qav88fidZ ~]# curl -O https://storage.googleapis.com/harbor-releases/release-1.8.0/harbor-offline-installer-v1.8.0.tgz
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 527M 100 527M 0 0 12.3M 0 0:00:42 0:00:42 --:--:-- 12.2M
[root@iZj6cehstgjoj3qav88fidZ ~]#

安装docker最新版

安装仓库源

[root@iZj6cehstgjoj3qav88fidZ ~]# yum install -y yum-utils device-mapper-persistent-data lvm2

[root@iZj6cehstgjoj3qav88fidZ ~]# yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
Loaded plugins: fastestmirror
adding repo from: https://download.docker.com/linux/centos/docker-ce.repo
grabbing file https://download.docker.com/linux/centos/docker-ce.repo to /etc/yum.repos.d/docker-ce.repo
repo saved to /etc/yum.repos.d/docker-ce.repo
[root@iZj6cehstgjoj3qav88fidZ ~]#

[root@iZj6cehstgjoj3qav88fidZ ~]# yum install docker-ce docker-ce-cli containerd.io

启动服务

[root@iZj6cehstgjoj3qav88fidZ ~]# systemctl enable docker
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.
[root@iZj6cehstgjoj3qav88fidZ ~]# systemctl start docker
[root@iZj6cehstgjoj3qav88fidZ ~]#

安装docker-compose最新版

下载

[root@iZj6cehstgjoj3qav88fidZ ~]# sudo curl -L "https://github.com/docker/compose/releases/download/1.24.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 617 0 617 0 0 567 0 --:--:-- 0:00:01 --:--:-- 567
100 15.4M 100 15.4M 0 0 2972k 0 0:00:05 0:00:05 --:--:-- 4764k
[root@iZj6cehstgjoj3qav88fidZ ~]#

修改权限

[root@iZj6cehstgjoj3qav88fidZ ~]# chmod +x /usr/local/bin/docker-compose
[root@iZj6cehstgjoj3qav88fidZ ~]# ll /usr/local/bin/docker-compose
-rwxr-xr-x 1 root root 16154160 May 27 18:00 /usr/local/bin/docker-compose
[root@iZj6cehstgjoj3qav88fidZ ~]#

安装OpenSSL及自签证书

https://github.com/goharbor/harbor/blob/master/docs/configure_https.md
安装OpenSSL

[root@iZj6cehstgjoj3qav88fidZ ~]# yum -y install openssl

生成CA证书和密钥

[root@iZj6cehstgjoj3qav88fidZ ~]# openssl genrsa -out ca.key 4096
Generating RSA private key, 4096 bit long modulus
..........................++
................++
e is 65537 (0x10001)
[root@iZj6cehstgjoj3qav88fidZ ~]#

[root@iZj6cehstgjoj3qav88fidZ ~]# openssl req -x509 -new -nodes -sha512 -days 3650 \
> -subj "/C=TW/ST=Taipei/L=Taipei/O=example/OU=Personal/CN=yourdomain.com" \
> -key ca.key \
> -out ca.crt
[root@iZj6cehstgjoj3qav88fidZ ~]#

生成服务器证书和密钥
1)生成密钥

[root@iZj6cehstgjoj3qav88fidZ ~]# openssl genrsa -out hub.licensebox.cn.key 4096 
Generating RSA private key, 4096 bit long modulus
.......................................................................................................++
..................................................................................................++
e is 65537 (0x10001)
[root@iZj6cehstgjoj3qav88fidZ ~]#

2)生成CSR

[root@iZj6cehstgjoj3qav88fidZ ~]# openssl req -sha512 -new \
> -subj "/C=TW/ST=Taipei/L=Taipei/O=example/OU=Personal/CN=hub.licensebox.cn" \
> -key hub.licensebox.cn.key \
> -out hub.licensebox.cn.csr
[root@iZj6cehstgjoj3qav88fidZ ~]# ls
ca.crt ca.key harbor-offline-installer-v1.8.0.tgz hub.licensebox.cn.csr hub.licensebox.cn.key
[root@iZj6cehstgjoj3qav88fidZ ~]#

3)生成证书

[root@iZj6cehstgjoj3qav88fidZ ~]# openssl x509 -req -sha512 -days 3650 \
> -CA ca.crt -CAkey ca.key -CAcreateserial \
> -in hub.licensebox.cn.csr \
> -out hub.licensebox.cn.crt
Signature ok
subject=/C=TW/ST=Taipei/L=Taipei/O=example/OU=Personal/CN=hub.licensebox.cn
Getting CA Private Key
[root@iZj6cehstgjoj3qav88fidZ ~]# ls
ca.crt ca.key ca.srl harbor-offline-installer-v1.8.0.tgz hub.licensebox.cn.crt hub.licensebox.cn.csr hub.licensebox.cn.key
[root@iZj6cehstgjoj3qav88fidZ ~]#

转换证书格式(crt–>cert)

[root@iZj6cehstgjoj3qav88fidZ ~]# openssl x509 -inform PEM -in hub.licensebox.cn.crt -out hub.licensebox.cn.cert
[root@iZj6cehstgjoj3qav88fidZ ~]# ls
ca.crt ca.key ca.srl harbor-offline-installer-v1.8.0.tgz hub.licensebox.cn.cert hub.licensebox.cn.crt hub.licensebox.cn.csr hub.licensebox.cn.key
[root@iZj6cehstgjoj3qav88fidZ ~]#

部署证书文件到本机Docker相关配置目录下

[root@iZj6cehstgjoj3qav88fidZ ~]# mkdir -p /etc/docker/certs.d/hub.licensebox.cn/
[root@iZj6cehstgjoj3qav88fidZ ~]# cp ca.crt /etc/docker/certs.d/hub.licensebox.cn/
[root@iZj6cehstgjoj3qav88fidZ ~]# cp hub.licensebox.cn.cert /etc/docker/certs.d/hub.licensebox.cn/
[root@iZj6cehstgjoj3qav88fidZ ~]# cp hub.licensebox.cn.key /etc/docker/certs.d/hub.licensebox.cn/

解压安装包并修改配置文件

[root@iZj6cehstgjoj3qav88fidZ ~]# tar xzf harbor-offline-installer-v1.8.0.tgz 
[root@iZj6cehstgjoj3qav88fidZ ~]# ls
ca.crt ca.key ca.srl harbor harbor-offline-installer-v1.8.0.tgz hub.licensebox.cn.cert hub.licensebox.cn.crt hub.licensebox.cn.csr hub.licensebox.cn.key
[root@iZj6cehstgjoj3qav88fidZ ~]# cd harbor
[root@iZj6cehstgjoj3qav88fidZ harbor]# ls
harbor.v1.8.0.tar.gz harbor.yml install.sh LICENSE prepare
[root@iZj6cehstgjoj3qav88fidZ harbor]#

修改配置文件

修改主机名

hostname: reg.mydomain.com
Hostname: hub.licensebox.cn

启用443端口和配置证书

# https related config
# https:
# # https port for harbor, default is 443
# port: 443
# # The path of cert and key files for nginx
# certificate: /your/certificate/path
# private_key: /your/private/key/path

# https related config
https:
# # https port for harbor, default is 443
port: 443
# # The path of cert and key files for nginx
certificate: /root/hub.licensebox.cn.crt
private_key: /root/hub.licensebox.cn.key

初始密码修改

harbor_admin_password: Harbor12345
harbor_admin_password: Harbor20190527

修改数据库初始密码(未修改)(生产环境应当修改)

# Harbor DB configuration
database:
# The password for the root user of Harbor DB. Change this before any production use.
password: root123

生成配置文件

[root@iZj6cehstgjoj3qav88fidZ harbor]# ./prepare 
prepare base dir is set to /root/harbor
Unable to find image 'goharbor/prepare:v1.8.0' locally
v1.8.0: Pulling from goharbor/prepare
4e360eca2e60: Pull complete 
cd3c4c42d48b: Pull complete 
647e8efbf475: Pull complete 
79272af3d010: Pull complete 
1aec5eb71578: Pull complete 
1a29af1ecc2c: Pull complete 
e382cb5c1ecb: Pull complete 
Digest: sha256:c590164ae2c54e360642b1174c8ad90306b05ca0582f02f35889346c113e555d
Status: Downloaded newer image for goharbor/prepare:v1.8.0
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
Generated and saved secret to file: /secret/keys/secretkey
Generated certificate, key file: /secret/core/private_key.pem, cert file: /secret/registry/root.crt
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir
[root@iZj6cehstgjoj3qav88fidZ harbor]#

执行安装脚本

[root@iZj6cehstgjoj3qav88fidZ harbor]# ./install.sh

[Step 0]: checking installation environment ...

Note: docker version: 18.09.6

Note: docker-compose version: 1.24.0

[Step 1]: loading Harbor images ...
1d4a1da12c02: Loading layer [==================================================>] 50.51MB/50.51MB
8eb1a006f3b0: Loading layer [==================================================>] 3.584kB/3.584kB
41b6f75847f4: Loading layer [==================================================>] 3.072kB/3.072kB
ec9bd6e4d4e8: Loading layer [==================================================>] 2.56kB/2.56kB
6d852bb664c2: Loading layer [==================================================>] 3.072kB/3.072kB
0e4ed2b5a5b8: Loading layer [==================================================>] 3.584kB/3.584kB
8dfb2b644f30: Loading layer [==================================================>] 12.29kB/12.29kB
Loaded image: goharbor/harbor-log:v1.8.0
d8c53538042b: Loading layer [==================================================>] 63.34MB/63.34MB
1b5fb7ee22e0: Loading layer [==================================================>] 47.96MB/47.96MB
a8bdca5e9d71: Loading layer [==================================================>] 6.656kB/6.656kB
f7cec940b52c: Loading layer [==================================================>] 2.048kB/2.048kB
301a4a2af7db: Loading layer [==================================================>] 7.68kB/7.68kB
e588e1e3a775: Loading layer [==================================================>] 2.56kB/2.56kB
539f28a5d0ea: Loading layer [==================================================>] 2.56kB/2.56kB
8b4a72241226: Loading layer [==================================================>] 2.56kB/2.56kB
Loaded image: goharbor/harbor-db:v1.8.0
c88db349fb2f: Loading layer [==================================================>] 8.972MB/8.972MB
1f2d4d72bba2: Loading layer [==================================================>] 35.77MB/35.77MB
dddbcf598df5: Loading layer [==================================================>] 2.048kB/2.048kB
0ced476c2d9c: Loading layer [==================================================>] 3.072kB/3.072kB
af24eb0bf40b: Loading layer [==================================================>] 35.77MB/35.77MB
Loaded image: goharbor/chartmuseum-photon:v0.8.1-v1.8.0
Loaded image: goharbor/prepare:v1.8.0
257ebcc1c9c4: Loading layer [==================================================>] 8.967MB/8.967MB
7579d3c94fca: Loading layer [==================================================>] 38.68MB/38.68MB
323611f7dd17: Loading layer [==================================================>] 38.68MB/38.68MB
Loaded image: goharbor/harbor-jobservice:v1.8.0
587a5757a7f6: Loading layer [==================================================>] 3.548MB/3.548MB
Loaded image: goharbor/nginx-photon:v1.8.0
a61ab2060e6e: Loading layer [==================================================>] 8.967MB/8.967MB
25359ae00f57: Loading layer [==================================================>] 5.143MB/5.143MB
610a1668f8bf: Loading layer [==================================================>] 15.13MB/15.13MB
db2252abd9e0: Loading layer [==================================================>] 26.47MB/26.47MB
4f406312560b: Loading layer [==================================================>] 22.02kB/22.02kB
1cee0947e5a7: Loading layer [==================================================>] 3.072kB/3.072kB
48db2b9b0752: Loading layer [==================================================>] 46.74MB/46.74MB
Loaded image: goharbor/notary-server-photon:v0.6.1-v1.8.0
aaf447150765: Loading layer [==================================================>] 113MB/113MB
6835441e1a1d: Loading layer [==================================================>] 10.94MB/10.94MB
9f4739e3a532: Loading layer [==================================================>] 2.048kB/2.048kB
928f489135f0: Loading layer [==================================================>] 48.13kB/48.13kB
1495a1a09ada: Loading layer [==================================================>] 3.072kB/3.072kB
1a5f5b141717: Loading layer [==================================================>] 10.99MB/10.99MB
Loaded image: goharbor/clair-photon:v2.0.8-v1.8.0
66006ea937c6: Loading layer [==================================================>] 337.8MB/337.8MB
d272ba122880: Loading layer [==================================================>] 106.5kB/106.5kB
Loaded image: goharbor/harbor-migrator:v1.8.0
05bc5efb1724: Loading layer [==================================================>] 8.967MB/8.967MB
af3a6f89469a: Loading layer [==================================================>] 46.85MB/46.85MB
452d238b3e48: Loading layer [==================================================>] 5.632kB/5.632kB
36e1cb2d6ffa: Loading layer [==================================================>] 27.14kB/27.14kB
5385ffb8451e: Loading layer [==================================================>] 46.85MB/46.85MB
Loaded image: goharbor/harbor-core:v1.8.0
268091c30a67: Loading layer [==================================================>] 71.66MB/71.66MB
4433bcd802e7: Loading layer [==================================================>] 3.072kB/3.072kB
420b26399278: Loading layer [==================================================>] 59.9kB/59.9kB
8864c4b9ac3d: Loading layer [==================================================>] 61.95kB/61.95kB
Loaded image: goharbor/redis-photon:v1.8.0
63645c97bf5d: Loading layer [==================================================>] 8.968MB/8.968MB
ccb295818ad9: Loading layer [==================================================>] 3.072kB/3.072kB
1ec2d1eefa8f: Loading layer [==================================================>] 2.56kB/2.56kB
b88acf0f9f5f: Loading layer [==================================================>] 20.1MB/20.1MB
0e7375de12e6: Loading layer [==================================================>] 20.1MB/20.1MB
Loaded image: goharbor/registry-photon:v2.7.1-patch-2819-v1.8.0
444b0c8bfeee: Loading layer [==================================================>] 3.548MB/3.548MB
ed0415346760: Loading layer [==================================================>] 6.568MB/6.568MB
572bd51089e0: Loading layer [==================================================>] 160.8kB/160.8kB
1410c2919a92: Loading layer [==================================================>] 215kB/215kB
8ecdca210598: Loading layer [==================================================>] 3.584kB/3.584kB
Loaded image: goharbor/harbor-portal:v1.8.0
7fb66591fb58: Loading layer [==================================================>] 8.968MB/8.968MB
42ec4a6394bf: Loading layer [==================================================>] 3.072kB/3.072kB
be6c2180cb57: Loading layer [==================================================>] 20.1MB/20.1MB
d956d9e974c5: Loading layer [==================================================>] 3.072kB/3.072kB
e2e0b4f17ad8: Loading layer [==================================================>] 7.465MB/7.465MB
7e29d670afe9: Loading layer [==================================================>] 27.56MB/27.56MB
Loaded image: goharbor/harbor-registryctl:v1.8.0
453732ea69d4: Loading layer [==================================================>] 13.72MB/13.72MB
c985f3824f33: Loading layer [==================================================>] 26.47MB/26.47MB
76eaa2763221: Loading layer [==================================================>] 22.02kB/22.02kB
0ef55a752948: Loading layer [==================================================>] 3.072kB/3.072kB
c5749b90723d: Loading layer [==================================================>] 45.33MB/45.33MB
Loaded image: goharbor/notary-signer-photon:v0.6.1-v1.8.0


[Step 2]: preparing environment ...
prepare base dir is set to /root/harbor
Clearing the configuration file: /config/log/logrotate.conf
Clearing the configuration file: /config/cert/server.key
Clearing the configuration file: /config/cert/server.crt
Clearing the configuration file: /config/db/env
Clearing the configuration file: /config/registryctl/env
Clearing the configuration file: /config/registryctl/config.yml
Clearing the configuration file: /config/registry/config.yml
Clearing the configuration file: /config/jobservice/env
Clearing the configuration file: /config/jobservice/config.yml
Clearing the configuration file: /config/nginx/nginx.conf
Clearing the configuration file: /config/core/app.conf
Clearing the configuration file: /config/core/env
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
loaded secret from file: /secret/keys/secretkey
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir

[Step 3]: starting Harbor ...
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating registryctl ... done
Creating harbor-db ... done
Creating redis ... done
Creating registry ... done
Creating harbor-core ... done
Creating harbor-jobservice ... done
Creating harbor-portal ... done
Creating nginx ... done

✔ ----Harbor has been installed and started successfully.----

Now you should be able to visit the admin portal at https://hub.licensebox.cn. 
For more details, please visit https://github.com/goharbor/harbor .

[root@iZj6cehstgjoj3qav88fidZ harbor]#

提示安装完成并已启动服务后登录Web门户(SSL证书信任错误)

登录界面

首页,默认已生成一个library名称的项目镜像仓库

Harbor服务的本地数据存储路径

GitLab本地Git代码仓库的安装与配置

 未分类  No Responses »
5 月 242019
 

配置要求:最低4GB可用内存

查看当前系统版本

[root@iZj6cehstgjoj3qav88fidZ ~]# cat /etc/redhat-release 
CentOS Linux release 7.4.1708 (Core) 
[root@iZj6cehstgjoj3qav88fidZ ~]#

安装GitLab服务YUM仓库

企业版

curl https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee/script.rpm.sh | sudo bash

社区版

curl https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.rpm.sh | sudo bash

查看仓库配置文件

企业版

[root@iZj6cehstgjoj3qav88fidZ ~]# ls /etc/yum.repos.d/
CentOS-Base.repo epel.repo gitlab_gitlab-ee.repo
[root@iZj6cehstgjoj3qav88fidZ ~]#

社区版

[root@iZj6cehstgjoj3qav88fidZ ~]# ls /etc/yum.repos.d/
CentOS-Base.repo epel.repo gitlab_gitlab-ce.repo gitlab_gitlab-ee.repo
[root@iZj6cehstgjoj3qav88fidZ ~]# cat /etc/yum.repos.d/gitlab_gitlab-ce.repo 
[gitlab_gitlab-ce]
name=gitlab_gitlab-ce
baseurl=https://packages.gitlab.com/gitlab/gitlab-ce/el/7/$basearch
repo_gpgcheck=1
gpgcheck=1
enabled=1
gpgkey=https://packages.gitlab.com/gitlab/gitlab-ce/gpgkey
https://packages.gitlab.com/gitlab/gitlab-ce/gpgkey/gitlab-gitlab-ce-3D645A26AB9FBD22.pub.gpg
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
metadata_expire=300

[gitlab_gitlab-ce-source]
name=gitlab_gitlab-ce-source
baseurl=https://packages.gitlab.com/gitlab/gitlab-ce/el/7/SRPMS
repo_gpgcheck=1
gpgcheck=1
enabled=1
gpgkey=https://packages.gitlab.com/gitlab/gitlab-ce/gpgkey
https://packages.gitlab.com/gitlab/gitlab-ce/gpgkey/gitlab-gitlab-ce-3D645A26AB9FBD22.pub.gpg
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
metadata_expire=300
[root@iZj6cehstgjoj3qav88fidZ ~]#

执行安装时,变量中设置有效的域名解析并指定为https协议时,将自动请求Let’s Encrypt证书并安装,首次安装建议使用http协议,之后自行安装TLS证书

启用TLS证书安装

sudo EXTERNAL_URL="https://gitlab.licensebox.cn" yum install -y gitlab-ce

禁用TLS证书安装

sudo EXTERNAL_URL="http://gitlab.licensebox.cn" yum install -y gitlab-ce

提示安装成功

Thank you for installing GitLab!
GitLab should be available at http://gitlab.licensebox.cn

查看端口监听及服务进程

使用浏览器访问Gitlab首页,按照提示设置初始密码

使用设置的初始密码进行首次登录

查看GitLab默认首页

社区版的版本升级更新操作

备份数据(默认备份路径/var/opt/gitlab/backups)

sudo gitlab-rake gitlab:backup:create STRATEGY=copy

执行更新

sudo yum install -y gitlab-ce

Jenkins自动化构建部署工具的安装配置

 未分类  No Responses »
5 月 242019
 

官方Yum仓库地址

https://pkg.jenkins.io/redhat-stable/

安装Jenkin LTS版本的Yum仓库源

[root@iZj6cehstgjoj3qav88fidZ ~]# wget -O /etc/yum.repos.d/jenkins.repo https://pkg.jenkins.io/redhat-stable/jenkins.repo
--2019-06-12 18:27:21-- https://pkg.jenkins.io/redhat-stable/jenkins.repo
Resolving pkg.jenkins.io (pkg.jenkins.io)... 52.202.51.185
Connecting to pkg.jenkins.io (pkg.jenkins.io)|52.202.51.185|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 85
Saving to: ‘/etc/yum.repos.d/jenkins.repo’

100%[=======================================================================================================================================================>] 85 --.-K/s in 0s

2019-06-12 18:27:22 (19.3 MB/s) - ‘/etc/yum.repos.d/jenkins.repo’ saved [85/85]

[root@iZj6cehstgjoj3qav88fidZ ~]# rpm --import https://pkg.jenkins.io/redhat-stable/jenkins.io.key
[root@iZj6cehstgjoj3qav88fidZ ~]#

安装OpenJDK环境并查看版本信息
[root@iZj6cehstgjoj3qav88fidZ ~]# yum install java-1.8.0-openjdk
[root@iZj6cehstgjoj3qav88fidZ ~]# java -version
openjdk version "1.8.0_212"
OpenJDK Runtime Environment (build 1.8.0_212-b04)
OpenJDK 64-Bit Server VM (build 25.212-b04, mixed mode)
[root@iZj6cehstgjoj3qav88fidZ ~]#

使用Yum源安装Jenkins服务

[root@iZj6cehstgjoj3qav88fidZ ~]# yum install jenkins

查看安装路径

[root@iZj6cehstgjoj3qav88fidZ ~]# rpm -lq jenkins
/etc/init.d/jenkins
/etc/logrotate.d/jenkins
/etc/sysconfig/jenkins
/usr/lib/jenkins
/usr/lib/jenkins/jenkins.war
/usr/sbin/rcjenkins
/var/cache/jenkins
/var/lib/jenkins
/var/log/jenkins
[root@iZj6cehstgjoj3qav88fidZ ~]#

查看Jenkins服务注册信息

[root@iZj6cehstgjoj3qav88fidZ ~]# chkconfig --list jenkins

Note: This output shows SysV services only and does not include native
systemd services. SysV configuration data might be overridden by native
systemd configuration.

If you want to list systemd services use 'systemctl list-unit-files'.
To see services enabled on particular target use
'systemctl list-dependencies [target]'.

jenkins 0:off 1:off 2:on 3:on 4:on 5:on 6:off
[root@iZj6cehstgjoj3qav88fidZ ~]#

启动服务

[root@iZj6cehstgjoj3qav88fidZ ~]# service jenkins start
Starting jenkins (via systemctl): [ OK ]
[root@iZj6cehstgjoj3qav88fidZ ~]#

查看监听

使用浏览器访问

查看初始密码

[root@iZj6cehstgjoj3qav88fidZ ~]# cat /var/lib/jenkins/secrets/initialAdminPassword
5228940ac30a481d97a4efbabe4147a3
[root@iZj6cehstgjoj3qav88fidZ ~]#

安装推荐的插件

插件安装过程

创建第一个管理员用户

实例配置

安装完成

控制台首页

Ripple复杂交易类型02支票

 未分类  No Responses »
2 月 142019
 


HARVEY MIEI (2018/06/04)
https://developers.ripple.com/checks.html
https://developers.ripple.com/checkcreate.html
https://developers.ripple.com/checkcash.html
https://developers.ripple.com/checkcancel.html

Checks
支票
The Checks feature in the XRP Ledger allows users to create deferred payments that can be canceled or cashed by the intended recipients. Like personal paper checks, XRP Ledger Checks start with the sender of the funds creating a Check that specifies an amount and receiver. The receiver cashes the check to pull the funds from the sender’s account into the receiver’s account. No money moves until the receiver cashes the Check. Because funds are not put on hold when the Check is created, cashing a Check can fail if the sender doesn’t have enough funds when the receiver tries to cash it, just like traditional checks. If there’s a failure cashing the check, the sender can retry until the check expires.
XRP总账网络的Checks支票特性允许用户创建可以被预期接收方取消或兑现的延期付款。与纸质支票一样,XRP总账网络支票由资金发送方创建一张指定额度和接受方的支票。接受方提取支票内的资金,该资金从发送方账户进入接收方账户。在接收方兑现支票之前不会发生任何资金转移。在签发支票时,资金并不会有任何变化。与传统支票一样,发送方账户资金不足会导致接收方支票兑现失败,但在支票过期以前,接收方可以重复兑现操作。

XRP Ledger Checks have expiration times after which they may no longer be cashed. If the receiver doesn’t successfully cash the Check before it expires, the Check object remains in the XRP Ledger until someone cancels it. Anyone may cancel the Check after it expires. Only the sender and receiver can cancel the Check before it expires or is cashed. The Check object is removed from the Ledger when the sender successfully cashes the check or someone cancels it.
XRP总账网络支票在长时间未兑现后则可能会过期。如果接收方在支票过期前未成功兑现,该支票对象将保留在XRP总账网络中直到被人取消。任何人都可以在支票过期后取消支票,只有发送方和接收方可以在支票过期前或兑现前取消支票。支票对象将在接收方成功兑现或有人取消时从总账中移除。

Checks are similar to Escrow and Payment Channels, but there are some important differences between those features and Checks:
You can send issued currency with Checks. With Payment Channels and Escrow, you can only send XRP.
Checks do not tie up any funds. The XRP involved in Payment Channels and Escrow cannot be spent until it is redeemed with a claim provided by the sender (Payment Channels), or released by an expiration or crypto-condition (Escrow).
You can send XRP to yourself through Escrow. You cannot use Checks or Payment Channels to send XRP (or, in the case of Checks, issued currencies) to yourself.

支票与托管和Payment Channels付款渠道相似,但他们之间有一些重要的不同:
用户可以使用支票发送已发行货币,但支付渠道和托管只能发送XRP。
支票不捆绑任何资金。涉及支付渠道和和托管的XRP只有在发送方进行清偿或者托管到期或加密条件释放。
可以以托管方式发送XRP给自己,但不能以支票或付款渠道发送XRP给自己。

Why Checks?

为什么使用支票

Traditional paper checks allow people to transfer balances without immediately exchanging physical currency. XRP Ledger Checks allow people to exchange funds asynchronously using a process that is familiar to and accepted by the banking industry.

传统纸质支票允许用户无需立即兑换实际货币的情况下进行转账付款。XRP总账网络支票允许用户使用近似传统银行支票业务的方式异步处理资金。

XRP Ledger Checks also solve a problem that is unique to the XRP Ledger: they allow users to reject unwanted payments or accept only a portion of a payment. This is useful for institutions that need to be careful about accepting payments for compliance reasons.

XRP总账网络支票也解决了XRP总账网络的唯一问题。允许用户拒绝不想接受的付款或仅接受一部分付款。这对于因合规原因需要小心接受付款的机构很有用。

Checks potentially enable many other use cases. Ripple encourages the community to find new and creative applications for Checks.

Ripple鼓励社区为支票寻找新的和创造性的应用场景。

Use Case: Payment Authorization
案例:付款授权

Problem: To comply with regulations like BSA, KYC, AML, and CFT, financial institutions must provide documentation about the source of funds they receive. Such regulations seek to prevent the illicit transfer of funds by requiring institutions to disclose the source and destination of all payments processed by the institution. Because of the nature of the XRP Ledger, anyone could potentially send XRP (and, under the right circumstances, issued currencies) to an institution’s account on the XRP Ledger. Dealing with such unwanted payments adds significant cost and time delays to these institutions’ compliance departments, including potential fines or penalties.
为遵守像BSA,KYC,AML和CFT这样的规定 ,金融机构必须提供关于他们收到资金来源的文件。 这些法规旨在要求机构披露所有付款的来源和目的地来防止非法转移资金。 由于XRP分类账的性质,任何人都可能将XRP(并且在适当的情况下,已发行货币)发送到XRP分类账的机构账户。 处理这些不必要的支付会给这些机构的合规部门带来巨大的成本和时间延迟,还有可能的罚款或处罚。

Solution: Institutions can enable Deposit Authorization on their XRP Ledger accounts by setting the asfDepositAuth flag in an AccountSet transaction. This makes the account unable to receive Payment transactions. Accounts with Deposit Authorization enabled can only receive funds through Escrow, Payment Channels, or Checks. Checks are the most straightforward, familiar, and flexible way to transfer funds if Deposit Authorization is enabled.

解决方案:机构可以通过其XRP总账网络相关账号发起AccountSet交易并设置asfDepositAuth标志开启付款授权。此后该账号将不能接收付款交易。启用付款授权的账户只能通过托管,付款渠道或者支票接收资金。如果启用付款授权,支票将是最直接,熟悉,灵活的转账方式。

Checks typically have the lifecycle described below.

Step 1: To create a Check, the sender submits a CheckCreate transaction and specifies the receiver (Destination), expiration time (Expiration), and maximum amount that may be debited from the sender’s account (SendMax).

创建支票,发送人提交CheckCreate交易并制定接收人,过期时间,以及可从发送人账户转移的资金额度上限。

Step 2: After the CheckCreate transaction is processed, a Check object is created on the XRP Ledger. This object contains the properties of the Check as defined by the transaction that created it. The object can only be modified by the sender (by canceling it with a CheckCancel transaction) or receiver (by canceling it or cashing it) before the expiration time passes. After the expiration time, anyone may cancel the Check.

当CheckCreate交易处理后,将在XRP总账网络中创建一个Check对象,该对象包含创建交易所定义的支票属性信息。该对象只能被发送人(发起CehckCancel交易取消)或接收人(取消或兑现)在其过期前进行修改。

Step 3: To cash the check, the receiver submits a CheckCash transaction. The receiver has two options for cashing the check:

要兑现支票,接收人提交CheckCash交易,接收人有两个选项兑现支票。

Amount — The receiver can use this option to specify an exact amount to cash. This may be useful for cases where the sender has padded the check to cover possible transfer fees and the receiver can only accept the exact amount on an invoice or other contract.

Amount(额度),

DeliverMin — The receiver can use this option to specify the minimum amount they are willing to receive from the Check. If the receiver uses this option, rippled attempts to deliver as much as possible and will deliver at least this amount. The transaction fails if the amount that can be credited to the receiver is not at least this amount.

DeliverMin(最小兑现)接收方使用该选项指定其期望从支票中兑现的最小额度。如果接收方使用该选项,则最少兑现指定额度。如果发送方账户的可用额度小于该值,则兑现交易失败。

If the sender has enough funds to cover the Check and the expiration time has not passed, the funds are debited from the sender’s account and credited to the receiver’s account, and the Check object is is destroyed.

如果发送方账户有足够金额足以兑现支票,且支票未过期。资金将从发送方账户转移至接收方账户,同时Check对象将被销毁。

Expiration Case

In the case of expirations, Checks have the lifecycle described below.

All Checks start the same way, so Steps 1 and 2 are the same.

Step 3a: If the Check expires before the receiver can cash it, the Check can no longer be cashed but remains in the ledger.

当接收方在兑现支票时支票已过期,则支票不能被兑现,但仍存在于总账网络中。

Step 4a: After a Check expires, anyone may cancel it by submitting a CheckCancel transaction. That transaction removes the Check from the ledger.

支票过期后,任何人都可以通过提交CheckCancel交易取消支票,支票将在总账网络中被移除。

Availability of Checks
支票可用性
Checks require rippled v0.90.0 or later.

Ripple复杂交易类型01跨币种支付

 未分类  No Responses »
2 月 122019
 


https://developers.ripple.com/cross-currency-payments.html

Cross-Currency Payments
跨币种支付
In the XRP Ledger, you can send cross-currency payments that exchange one or more issued currencies, XRP, or both. Like direct XRP payments, these payments use the Payment transaction type. Cross-currency payments within the XRP Ledger are fully atomic, meaning that either the payment fully executes or no part of it executes.

在XRP总账网络中,支付发送与XRP或一种多种已发行货币的付款,与直接进行XRP付款一样,跨货币付款使用Payment交易类型。XRP总账网络中的跨货币付款完全是原子的,也就意味着支付只能完全执行成功而不可能部分执行成功。

By default, cross-currency payments deliver a fixed amount to their destination at a variable cost to their source. Cross-currency payments can also be partial payments, which deliver a variable amount to the destination within a fixed sending limit.

默认情况下,跨货币付款基于可变的交易成本并发送给目的用户的确定的固定额度。当然,跨货币付款也可以是部分付款,在固定付款限额内发送可变的付款金额。

Prerequisites

先决条件

By definition, a cross-currency payment involves at least two currencies, which means that at least one currency involved must be a non-XRP issued currency.

按照定义,跨货币交易至少包括两种货币,且至少包括一种非XRP的已发行货币。

    Typically, this means using one or more currencies issued by an XRP Ledger Gateway. Such currencies are backed by funds outside the XRP Ledger, and can be withdrawn through the gateway.

通常,用户持有的一种或多种XRP总账网络中发行的货币,该货币可以在XRP总账网络以外的网关服务商处进行提现操作。

    You could also use digital tokens that are only issued within the XRP Ledger and has no outside backing, as long as the parties transacting are willing to send or receive those tokens and treat them as something of value.

一种情况是,只要交易双方都愿意在XRP总账网络中发送和接收这些数字资产,并认可其价值(资产数字化),用户也可以不必转出至外部。

There must be at least one Path between the sender and receiver, and the total liquidity across all paths must be enough to facilitate the payment. For cross-currency payments, this usually means consuming Offers to convert from one currency to another.

在付款发送者和接收者之间必须有至少一条交易路径,且交易路径所带来的流动性应当足以促成交易。在跨货币付款中,这通常意味着消耗Offers(报价单)以实现一种货币转换为另一种货币。

Autobridging

自动桥接

Cross-currency payments that exchange two issued currencies automatically use XRP, when it decreases the cost of the payment, by connecting order books to deepen the pool of available liquidity. For example, a payment sending from USD to MXN automatically converts USD to XRP and then XRP to MXN if doing so is cheaper than converting USD to MXN directly.

跨货币支付自动使用XRP来作为两种已发行货币的中间媒介,以降低付款成本,同时使用order book增加已发行货币的流动性。举例来讲,如果使用XRP作为中间媒介转换的成本,比直接进行USD及MXN兑换更低的话,付款自USD兑换成MXN的过程就会首先将USD兑换为XRP,然后再将XRP兑换为MXN。

Ripple关于RocksDB和NuDB的选择

 未分类  No Responses »
2 月 102019
 

https://developers.ripple.com/capacity-planning.html
https://developers.ripple.com/history-sharding.html
https://github.com/ripple/rippled/blob/master/cfg/rippled-example.cfg

Node Size参数

The node_size parameter determines the size of database caches. Larger database caches decrease disk I/O requirements at a cost of higher memory requirements. Ripple recommends you always use the largest database cache your available memory can support. See the following table for recommended settings.

配置文件中的node_size参数决定了可用数据库缓存的大小。较大数据库缓存以更多内存开销为代价来降低磁盘IO要求。Ripple建议使用尽可能高的内存配置以提供更多数据库缓存。

Recommendation
Available RAM for rippled node_size value Notes
< 8GB tiny Not recommended
8GB low
16GB medium
32GB huge Recommended for production servers

Node DB Type
节点数据库类型
The type field in the node_db section of the rippled.cfg file sets the type of key-value store that rippled uses to persist the XRP Ledger in the ledger store. You can set the value to either rocksdb or nudb.
配置文件rippled.cfg中node_db区段的type字段,指定了用于rippled总账数据存储的持久化键值存储类型。用户可以设置该值为rocksdb或nudb。

rippled offers a history sharding feature that allows you to store a randomized range of ledgers in a separate shard store. You may want to configure the shard store to use a different type of key-value store than the ledger store. For more information about how to use this feature, see History Sharding.

rippled提供的历史分片特性允许用户在一个独立的分片存储中存储随机范围内的总账数据。用户可能希望配置分片存储使用一个不同类型的键值存储来存储总账数据。更多信息,应参阅“历史分片”部分。

RocksDB vs NuDB
比较
RocksDB requires approximately one-third less disk storage than NuDB and provides a corresponding improvement in I/O latency. However, this comes at a cost of increased memory utilization as storage size grows. NuDB, on the other hand, has nearly constant performance and memory footprint regardless of storage.
RocksDB比NuDB少占用越三分之一的磁盘存储,且相应改善了I/O延迟。但是,随着存储容量的增加,内存开销也变大。相反,NuDB具有几乎恒定的性能和内存占用,而无关存储容量变化。

rippled servers that operate as validators should keep only a few days’ worth of data or less. Ripple recommends using RocksDB for validators. For all other uses, Ripple recommends using NuDB for the ledger store.
作为Validitors的rippled服务器,应仅保留几天或者更少的数据。Ripple建议Validators使用RocksDB,除此之外的场景,Ripple建议使用NuDB用于总账数据存储。

RocksDB has performance-related configuration options you can modify to achieve maximum transaction processing throughput. (NuDB does not have performance-related configuration options.) Here is an example of the recommended configuration for a rippled server using RocksDB:
RocksDB具有性能相关的配置选项,用户可以修改这些参数以达到最大交易处理吞吐量。(NuDB不具有性能相关的配置选项。)以下为有关RocksDB的一个推荐配置示例。

[node_db]

type=rocksdb
open_files=512
file_size_mb=64
file_size_mult=2
filter_bits=12
cache_mb=512
path={path_to_ledger_store}

XRP Ledger Network Data Integrity
XRP总账网络的数据完整性
The history of all ledgers is shared by servers agreeing to keep particular ranges of historical ledgers. This makes it possible for servers to confirm that they have all the data they agreed to maintain, and produce proof trees or ledger deltas. Since rippled servers that are configured with history sharding randomly select the shards that they store, the entire history of all closed ledgers is stored in a normal distribution curve, increasing the probability that the XRP Ledger Network evenly maintains the history.

Shard Store Configuration
分片存储配置
To configure your rippled to store shards of ledger history, add a shard_db section to your rippled.cfg file.
要配置rippled启用历史总账分片存储功能,需要在rppled.cfg中添加shard_db配置段。

Shard Configuration Example
分片配置示例
The following snippet from an example rippled.cfg file shows the configuration fields for adding sharding to a rippled server:

[shard_db]

type=NuDB
path=/var/lib/rippled/db/shards/nudb
max_size_gb=50

Tip:Ripple recommends using NuDB for the shard store (type=NuDB). NuDB uses fewer file handles per shard than RocksDB. RocksDB uses memory that scales with the size of data it stores, which may require excessive memory overhead.

提示:Ripple建议将NuDB用于分片存储(type=NuDB)。NuDB比RocksDB在每个分片上使用更少的文件句柄。RocksDB使用的内存随着数据存储的增长而增长,会导致更多的内存开销。

Tip:While both validator and tracking (or stock) rippled servers can be configured to use history shard stores, Ripple recommends adding history sharding only for non-validator rippled servers to reduce overhead for validators. If you run a validator and want to manage ledger history using sharding, run a separate rippled server with sharding enabled.
提示:虽然Validator和Stock Server都可以配置为开启历史分片存储,但Ripple建议仅在非Validator服务器上开启,以减轻Validator负载和开销。如果用户当前已运行Validator并希望使用分片管理历史总账数据,建议额外运行一个独立的开启分片的rippled服务器。

For more information, reference the [shard_db] example in the rippled.cfg configuration example.
更多信息,请参照rippled.cfg配置文件中的[shard_db] 区段示例。

Sizing the Shard Store
调整分片存储
Determining a suitable size for the shard store involves careful consideration. You should consider the following when deciding what size your shard store should be:

Although redundant, it is possible to hold full ledger history in the ledger store and the history shard store.
An effective configuration might limit the ledger store only to recent history.
The ledger store history size should at minimum be twice the ledgers per shard, due to the fact that the current shard may be chosen to be stored and it would be wasteful to reacquire that data.
The time to acquire, number of file handles, and memory cache usage is directly affected by sizing.
Each shard contains 2^14 ledgers (16384).
A shard occupies approximately 200 MB to 4 GB based on the age of the shard. Older shards are smaller because there was less activity in the XRP Ledger at the time.

 Older Entries  Newer Entries