美文网首页
Harbor仓库出现x509: certificate has

Harbor仓库出现x509: certificate has

作者: iamChel | 来源:发表于2020-08-28 10:52 被阅读0次

jenkins构建时出现如下报错(无法推送镜像)

1598580544(1).jpg

解决办法

1.看下jenkins服务器跟Harbor仓库服务器系统时间是否一致,不一致设置成一致即可

#查看Harbor服务器时间
date
#在jenkins服务器上用一下命令修改时间
date -s 08/27/2020
date -s 19:19:00

2.SSL证书过期,重新生成即可

服务器说明

-jenkins服务器:172.20.100.207
-Harbor服务器:172.20.101.156

SSL证书过期解决步骤

在Harbor服务器上配置

1.在Harbor重新生成所需的所有文件

#查看证书是否过期(一年期限,过期了)
root@harbor:/data/harbor/certs# openssl x509 -in /data/harbor/certs/ca.crt -noout -dates
notBefore=Aug 21 01:26:07 2019 GMT
notAfter=Aug 21 01:26:07 2020 GMT
root@harbor:~#cd /data/harbor/certs/
#创建你自己的CA证书
root@harbor:/data/harbor/certs# openssl req -newkey rsa:4096 -nodes -sha256 -keyout ca.key -x509 -days 3650 -out ca.crt -subj "/C=CN/L=gd/O=gz/CN=172.20.101.156"
#创建证书签名请求
root@harbor:/data/harbor/certs# openssl req -newkey rsa:4096 -nodes -sha256 -keyout 172.20.101.156.key -out 172.20.101.156.csr -subj "/C=CN/L=gd/O=gz/CN=172.20.101.156"
#FQDN方式生成注册表主机的证书
root@harbor:/data/harbor/certs# echo subjectAltName = IP:172.20.101.156 > extfile.cnf
root@harbor:/data/harbor/certs# openssl x509 -req -days 3650 -in 172.20.101.156.csr -CA ca.crt -CAkey ca.key -CAcreateserial -extfile extfile.cnf -out 172.20.101.156.crt
#将服务端的 crt 转换成客户端用的 cert
root@harbor:/data/harbor/certs# openssl x509 -inform PEM -in 172.20.101.156.crt -out 172.20.101.156.cert
#查看生成的所有文件
root@harbor:/data/harbor/certs# ls
172.20.101.156.cert  172.20.101.156.crt  172.20.101.156.csr  172.20.101.156.key  ca.crt  ca.key  ca.srl  extfile.cnf

2.拷贝所需文件到/etc/docker/certs.d/172.20.101.156/下

root@harbor:/data/harbor/certs#cp /data/harbor/certs/172.20.101.156.cert /etc/docker/certs.d/172.20.101.156/
root@harbor:/data/harbor/certs#cp /data/harbor/certs/172.20.101.156.key /etc/docker/certs.d/172.20.101.156/
root@harbor:/data/harbor/certs#cp /data/harbor/certs/ca.crt /etc/docker/certs.d/172.20.101.156/
root@harbor:/data/harbor/certs# ls /etc/docker/certs.d/172.20.101.156/
172.20.101.156.cert  172.20.101.156.key  ca.crt
#重新查看证书过期日期(这次是十年)
root@harbor:/data/harbor/certs# openssl x509 -in /data/harbor/certs/ca.crt -noout -dates
notBefore=Aug 28 01:26:07 2020 GMT
notAfter=Aug 26 01:26:07 2030 GMT

3.查看配置文件docker-compose.yml的证书等文件路径是否正确

root@harbor:/data/harbor/certs# cd /data/harbor/harbor/
root@harbor:/data/harbor/harbor# ls
common  data  docker-compose.yml  harbor.yml  install.sh  LICENSE  logs  prepare
root@harbor:/data/harbor/harbor# vim docker-compose.yml
1598583407(1).jpg

4.重启docker-compose

root@harbor:/data/harbor/certs# cd /data/harbor/harbor/
root@harbor:/data/harbor/harbor# ./prepare
prepare base dir is set to /data/harbor/harbor
Clearing the configuration file: /config/registryctl/env
Clearing the configuration file: /config/registryctl/config.yml
Clearing the configuration file: /config/cert/server.key
Clearing the configuration file: /config/cert/server.crt
Clearing the configuration file: /config/core/env
Clearing the configuration file: /config/core/app.conf
Clearing the configuration file: /config/db/env
Clearing the configuration file: /config/jobservice/env
Clearing the configuration file: /config/jobservice/config.yml
Clearing the configuration file: /config/nginx/nginx.conf
Clearing the configuration file: /config/log/logrotate.conf
Clearing the configuration file: /config/registry/root.crt
Clearing the configuration file: /config/registry/config.yml
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
loaded secret from file: /secret/keys/secretkey
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir
root@harbor:/data/harbor/harbor# docker-compose down -v
Stopping nginx             ... done
Stopping harbor-jobservice ... done
Stopping harbor-portal     ... done
Stopping harbor-core       ... done
Stopping registry          ... done
Stopping registryctl       ... done
Stopping redis             ... done
Stopping harbor-db         ... done
Stopping harbor-log        ... done
Removing nginx             ... done
Removing harbor-jobservice ... done
Removing harbor-portal     ... done
Removing harbor-core       ... done
Removing registry          ... done
Removing registryctl       ... done
Removing redis             ... done
Removing harbor-db         ... done
Removing harbor-log        ... done
Removing network harbor_harbor
root@harbor:/data/harbor/harbor# docker-compose up -d
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating redis         ... done
Creating harbor-db   ... done
Creating registry    ... done
Creating registryctl ... done
Creating harbor-core ... done
Creating harbor-portal     ... done
Creating harbor-jobservice ... done
Creating nginx             ... done

在jenkins上配置

1.拷贝所需文件到/etc/docker/certs.d/172.20.101.156/下

[root@rancherserver2 ~]# rsync -av ops@172.20.101.156:/etc/docker/certs.d/ /etc/docker/certs.d/
[root@rancherserver2 ~]# ls /etc/docker/certs.d/172.20.101.156/
172.20.101.156.cert  172.20.101.156.key  ca.crt
[root@rancherserver2 ~]# systemctl restart docker

效果

1598585136(1).jpg

其他要登录到harbor的服务器操作跟在jenkins服务器一样

相关文章

网友评论

      本文标题:Harbor仓库出现x509: certificate has

      本文链接:https://www.haomeiwen.com/subject/ppnksktx.html

      延伸阅读

      深度阅读

      • 您也可以注册成为美文阅读网的作者,发表您的原创作品、分享您的心情!

      栏目导航

      热点阅读

      关于我们|服务条款|联系我们|Harbor仓库出现x509: certificate has |投稿指南|网站地图|RSS订阅|排版工具|手机版

      提供经典美文摘抄,优美散文欣赏,现代诗歌精选,短篇小说,心情随笔,表白情书范文,故事会在线阅读欣赏

      Copyright © 2014-2023 Haomeiwen.com All Rights Reserved. 好美文阅读网 版权所有

      备案信息:桂公网安备 45052102000051号 · 桂ICP备13007215号-3

      本站所收录作品、热点评论等信息部分来源互联网,目的只是为了系统归纳学习和传递资讯

      所有作品版权归原创作者所有,与本站立场无关,如不慎侵犯了你的权益,请联系我们告知,我们将做删除处理!