添加Puppet官方源

rpm -Uvh https://yum.puppetlabs.com/puppetlabs-release-el-7.noarch.rpm

安装Puppet

yum -y install puppet puppet-server facter

安装配置GitLab依赖软件

yum -y install curl policycoreutils openssh-server openssh-clients

systemctl enable sshd

systemctl start sshd

yum install postfix

systemctl enable postfix

systemctl start postfix

firewall-cmd --permanent --add-service=http

systemctl reload firewalld

添加GitLab清华源

#vi /etc/yum.repos.d/gitlab-ce.repo

[gitlab-ce]

name=gitlab-ce

baseurl=http://mirrors.tuna.tsinghua.edu.cn/gitlab-ce/yum/el7

repo_gpgcheck=0

gpgcheck=0

enabled=1

gpgkey=https://packages.gitlab.com/gpg.key

安装GitLab

yum -y install gitlab-ce

修改/etc/gitlab/gitlab.rb文件

external_url "https://gitlab.example.com:2443"

生成ssl证书

openssl genrsa -des3 -out gitlab.example.com.key 1024

SUBJECT="/C=CN/ST=China/L=Shanghai/O=example.com/OU=example.com/CN=gitlab.example.com"

openssl req -new -subj $SUBJECT -key gitlab.example.com.key -out gitlab.example.com.csr

openssl rsa -in gitlab.example.com.key -out gitlab.example.com.key

openssl x509 -req -days 3650 -in gitlab.example.com.csr -signkey gitlab.example.com.key -out gitlab.example.com.crt

将证书移动到/etc/gitlab/ssl目录下

mkdir -p /etc/gitlab/ssl

mv gitlab.example.com.key gitlab.example.com.crt /etc/gitlab/ssl/

如果8080端口被别的程序占用,还需要将unicorn端口修改成别的为占用端口

unicorn['port'] = 8081

配置启动GitLab

gitlab-ctl reconfigure

效果图:

第一次登陆需要修改管理员密码,管理员帐号名为root

安装Bind Chroot DNS服务器

yum -y install bind-chroot bind

拷贝bind相关文件,准备bind chroot 环境

cp -R /usr/share/doc/bind-*/sample/var/named/* /var/named/chroot/var/named

在bind chroot的目录中创建相关文件

touch /var/named/chroot/var/named/data/cache_dump.db

touch /var/named/chroot/var/named/data/named_stats.txt

touch /var/named/chroot/var/named/data/named_mem_stats.txt

touch /var/named/chroot/var/named/data/named.run

mkdir /var/named/chroot/var/named/dynamic

touch /var/named/chroot/var/named/dynamic/managed-keys.bind

将Bind锁定文件设置为可写,并将selinux标签改成named_cache_t

chmod -R 777 /var/named/chroot/var/named/data

chmod -R 777 /var/named/chroot/var/named/dynamic

chcon -R -t named_cache_t /var/named/chroot/var/named/data

chcon -R -t named_cache_t /var/named/chroot/var/named/dynamic

将/etc/named.conf拷贝到bind chroot目录

cp -p /etc/named.conf /var/named/chroot/etc/named.conf

在/etc/named.conf中对bind进行配置

# vi /var/named/chroot/etc/named.conf

完全配置如下:

//

// named.conf

//

// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS

// server as a caching only nameserver (as a localhost DNS resolver only).

//

// See /usr/share/doc/bind*/sample/ for example named configuration files.

//

options {

	listen-on port 53 { any; };

	listen-on-v6 port 53 { ::1; };

	directory 	"/var/named";

	dump-file 	"/var/named/data/cache_dump.db";

	statistics-file "/var/named/data/named_stats.txt";

	memstatistics-file "/var/named/data/named_mem_stats.txt";

	allow-query     { any; };

	/*

	 - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.

	 - If you are building a RECURSIVE (caching) DNS server, you need to enable

	   recursion.

	 - If your recursive DNS server has a public IP address, you MUST enable access

	   control to limit queries to your legitimate users. Failing to do so will

	   cause your server to become part of large scale DNS amplification

	   attacks. Implementing BCP38 within your network would greatly

	   reduce such attack surface

	*/

	recursion yes;

	dnssec-enable yes;

	dnssec-validation yes;

        dnssec-lookaside auto;

	/* Path to ISC DLV key */

	bindkeys-file "/etc/named.iscdlv.key";

	managed-keys-directory "/var/named/dynamic";

	pid-file "/run/named/named.pid";

	session-keyfile "/run/named/session.key";

};

logging {

        channel default_debug {

                file "data/named.run";

                severity dynamic;

        };

};

zone "." IN {

	type hint;

	file "named.ca";

};

zone "example.com" {

    type master;

    file "example.com.zone";

};

zone "10.10.10.in-addr.arpa" IN {

    type master;

    file "10.10.10.zone";

};

include "/etc/named.rfc1912.zones";

include "/etc/named.root.key";

为 example.com域名创建转发域与反向域文件

a)创建转发域

# vi /var/named/chroot/var/named/example.com.zone

;

;       Addresses and other host information.

;

$TTL 86400

@       IN      SOA     example.com. hostmaster.example.com. (

                               2014101901      ; Serial

                               43200      ; Refresh

                               3600       ; Retry

                               3600000    ; Expire

                               2592000 )  ; Minimum

;       Define the nameservers and the mail servers

               IN      NS      ns1.example.com.

               IN      A       10.10.10.20

               IN      MX      10 mx.example.com.

centos7          IN      A       10.10.10.20

mx               IN      A       10.10.10.20

ns1              IN      A       10.10.10.20

gitlab           IN      A       10.10.10.20

b)创建反向域

# vi /var/named/chroot/var/named/10.10.10.zone

;

;       Addresses and other host information.

;

$TTL 86400

@       IN      SOA     example.com. hostmaster.example.com. (

                               2014101901      ; Serial

                               43200      ; Refresh

                               3600       ; Retry

                               3600000    ; Expire

                               2592000 )  ; Minimum

10.10.10.in-addr.arpa. IN      NS      centos7.example.com.

20.10.10.10.in-addr.arpa. IN PTR mx.example.com.

20.10.10.10.in-addr.arpa. IN PTR ns1.example.com.

20.10.10.10.in-addr.arpa. IN PTR gitlab.example.com.

停止并禁用named服务,启动bind-chroot服务并设置为自启动

/usr/libexec/setup-named-chroot.sh /var/named/chroot on

systemctl stop named

systemctl disable named

systemctl start named-chroot

systemctl enable named-chroot

CentOS7安装Puppet+GitLab+Bind的更多相关文章

  1. Centos7安装配置gitlab

    Centos7安装配置gitlab 这篇文字我会介绍在Centos7上安装gitlab,配置gitlab的smtp,并且创建项目demo. sudo yum install openssh-serve ...

  2. centos7安装部署gitlab服务器

    [gitlab需要内存至少4GB]   我这里使用的是centos 7 64bit,我试过centos 6也是可以的! 1. 安装依赖软件 yum -y install policycoreutils ...

  3. linux centos7安装部署gitlab服务器

    refer:https://www.globo.tech/learning-center/install-gitlab-centos-7/#:~:text=How%20to%20Install%20G ...

  4. centos7 安装部署gitlab

    Gitlab官网地址:https://about.gitlab.com/downloads/ Linux系统环境: Centos7 gitlab服务安装之前需要安装一些依赖包:yum install ...

  5. CentOS7安装私有gitlab

    1.安装依赖包 yum install -y curl policycoreutils openssh-server openssh-clients postfix systemctl start p ...

  6. centos7安装配置gitlab详细教程

    一. 安装并配置必要的依赖关系在CentOS系统上安装所需的依赖:ssh,防火墙,postfix(用于邮件通知) ,wget,以下这些命令也会打开系统防火墙中的HTTP和SSH端口访问. 1.安装ss ...

  7. centos7安装puppet详细教程(简单易懂,小白也可以看懂的教程)

    简介: Puppet是一种linux.unix平台的集中配置管理系统,使用ruby语言,可配置文件.用户.cron任务.软件包.系统服务等.Puppet把这些系统实体称之为资源,它的设计目标是简化对这 ...

  8. Centos7 安装gitLab

    我这里使用的是centos 7 64bit,我试过centos 6也是可以的! 1. 安装依赖软件 yum -y install policycoreutils openssh-server open ...

  9. CentOs7安装gitlab(转!)

    沧浪之水清兮,可以濯吾缨; 沧浪之水浊兮,可以濯吾足.                                                                         ...

随机推荐

  1. 【BZOJ 2154】Crash的数字表格 (莫比乌斯+分块)

    2154: Crash的数字表格 Description 今天的数学课上,Crash小朋友学习了最小公倍数(Least Common Multiple).对于两个正整数a和b,LCM(a, b)表示能 ...

  2. SPRING IN ACTION 第4版笔记-第一章-004-用类来管理DI

    一. 1. package chapter01.sia.knights.config; import org.springframework.context.annotation.Bean; impo ...

  3. C/C++ ceil和floor函数

    ceil 是“天花板" floor 是 “地板”  一个靠上取值,另一个靠下取值,如同天花板,地板. double ceil ( double x ); float ceil ( float ...

  4. 在linux系统下怎么安装两个nginx

    在linux下安装nginx的时候,一般在./configure的阶段会要求通过prefix设置安装路径.因此,在./configure的时候指定不同的prefix就可以安装多个nginx啦. 值得注 ...

  5. 在Azure中使用Load Runner测试TCP最大并发连接数

    对于Azure中的每一台虚机,它所能支持的TCP最大并发连接数是50万(参考微软官网: http://azure.microsoft.com/en-us/documentation/articles/ ...

  6. 水题:HDU 5119 Happy Matt Friends

    Matt has N friends. They are playing a game together.Each of Matt's friends has a magic number. In t ...

  7. JAVA环境变量正确设置,却无法在cmd中javac

    今晚试着重新设置JAVA的环境变量,按着度娘告知的操作方法: 1.打开我的电脑--属性--高级--环境变量 2.新建系统变量JAVA_HOME 和CLASSPATH 变量名:JAVA_HOME 变量值 ...

  8. MTK Android Driver知识大全

    一.Display 1.lcm 相关概念1.1) MIPI接口:一共有三种接口:DBI(也做CPU或MCU接口).DPI(也叫RGB接口).DSI.在使用DSI接口时,目前75/77都只支持到2条da ...

  9. opencv Installation in Linux and hello world

    http://opencv.org/quickstart.html Installation in Linux These steps have been tested for Ubuntu 10.0 ...

  10. SSH架构

    说说项目架构整个变化过程吧 拿用户注册来举例: 数据库里面有一张User表 需要把注册信息存储到User表中 1.   最开始是两层架构 就是cliect   +  jsp    +   DB 就是在 ...