添加Puppet官方源

rpm -Uvh https://yum.puppetlabs.com/puppetlabs-release-el-7.noarch.rpm

安装Puppet

yum -y install puppet puppet-server facter

安装配置GitLab依赖软件

yum -y install curl policycoreutils openssh-server openssh-clients

systemctl enable sshd

systemctl start sshd

yum install postfix

systemctl enable postfix

systemctl start postfix

firewall-cmd --permanent --add-service=http

systemctl reload firewalld

添加GitLab清华源

#vi /etc/yum.repos.d/gitlab-ce.repo

[gitlab-ce]

name=gitlab-ce

baseurl=http://mirrors.tuna.tsinghua.edu.cn/gitlab-ce/yum/el7

repo_gpgcheck=0

gpgcheck=0

enabled=1

gpgkey=https://packages.gitlab.com/gpg.key

安装GitLab

yum -y install gitlab-ce

修改/etc/gitlab/gitlab.rb文件

external_url "https://gitlab.example.com:2443"

生成ssl证书

openssl genrsa -des3 -out gitlab.example.com.key 1024

SUBJECT="/C=CN/ST=China/L=Shanghai/O=example.com/OU=example.com/CN=gitlab.example.com"

openssl req -new -subj $SUBJECT -key gitlab.example.com.key -out gitlab.example.com.csr

openssl rsa -in gitlab.example.com.key -out gitlab.example.com.key

openssl x509 -req -days 3650 -in gitlab.example.com.csr -signkey gitlab.example.com.key -out gitlab.example.com.crt

将证书移动到/etc/gitlab/ssl目录下

mkdir -p /etc/gitlab/ssl

mv gitlab.example.com.key gitlab.example.com.crt /etc/gitlab/ssl/

如果8080端口被别的程序占用,还需要将unicorn端口修改成别的为占用端口

unicorn['port'] = 8081

配置启动GitLab

gitlab-ctl reconfigure

效果图:

第一次登陆需要修改管理员密码,管理员帐号名为root

安装Bind Chroot DNS服务器

yum -y install bind-chroot bind

拷贝bind相关文件,准备bind chroot 环境

cp -R /usr/share/doc/bind-*/sample/var/named/* /var/named/chroot/var/named

在bind chroot的目录中创建相关文件

touch /var/named/chroot/var/named/data/cache_dump.db

touch /var/named/chroot/var/named/data/named_stats.txt

touch /var/named/chroot/var/named/data/named_mem_stats.txt

touch /var/named/chroot/var/named/data/named.run

mkdir /var/named/chroot/var/named/dynamic

touch /var/named/chroot/var/named/dynamic/managed-keys.bind

将Bind锁定文件设置为可写,并将selinux标签改成named_cache_t

chmod -R 777 /var/named/chroot/var/named/data

chmod -R 777 /var/named/chroot/var/named/dynamic

chcon -R -t named_cache_t /var/named/chroot/var/named/data

chcon -R -t named_cache_t /var/named/chroot/var/named/dynamic

将/etc/named.conf拷贝到bind chroot目录

cp -p /etc/named.conf /var/named/chroot/etc/named.conf

在/etc/named.conf中对bind进行配置

# vi /var/named/chroot/etc/named.conf

完全配置如下:

//

// named.conf

//

// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS

// server as a caching only nameserver (as a localhost DNS resolver only).

//

// See /usr/share/doc/bind*/sample/ for example named configuration files.

//

options {

	listen-on port 53 { any; };

	listen-on-v6 port 53 { ::1; };

	directory 	"/var/named";

	dump-file 	"/var/named/data/cache_dump.db";

	statistics-file "/var/named/data/named_stats.txt";

	memstatistics-file "/var/named/data/named_mem_stats.txt";

	allow-query     { any; };

	/*

	 - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.

	 - If you are building a RECURSIVE (caching) DNS server, you need to enable

	   recursion.

	 - If your recursive DNS server has a public IP address, you MUST enable access

	   control to limit queries to your legitimate users. Failing to do so will

	   cause your server to become part of large scale DNS amplification

	   attacks. Implementing BCP38 within your network would greatly

	   reduce such attack surface

	*/

	recursion yes;

	dnssec-enable yes;

	dnssec-validation yes;

        dnssec-lookaside auto;

	/* Path to ISC DLV key */

	bindkeys-file "/etc/named.iscdlv.key";

	managed-keys-directory "/var/named/dynamic";

	pid-file "/run/named/named.pid";

	session-keyfile "/run/named/session.key";

};

logging {

        channel default_debug {

                file "data/named.run";

                severity dynamic;

        };

};

zone "." IN {

	type hint;

	file "named.ca";

};

zone "example.com" {

    type master;

    file "example.com.zone";

};

zone "10.10.10.in-addr.arpa" IN {

    type master;

    file "10.10.10.zone";

};

include "/etc/named.rfc1912.zones";

include "/etc/named.root.key";

为 example.com域名创建转发域与反向域文件

a)创建转发域

# vi /var/named/chroot/var/named/example.com.zone

;

;       Addresses and other host information.

;

$TTL 86400

@       IN      SOA     example.com. hostmaster.example.com. (

                               2014101901      ; Serial

                               43200      ; Refresh

                               3600       ; Retry

                               3600000    ; Expire

                               2592000 )  ; Minimum

;       Define the nameservers and the mail servers

               IN      NS      ns1.example.com.

               IN      A       10.10.10.20

               IN      MX      10 mx.example.com.

centos7          IN      A       10.10.10.20

mx               IN      A       10.10.10.20

ns1              IN      A       10.10.10.20

gitlab           IN      A       10.10.10.20

b)创建反向域

# vi /var/named/chroot/var/named/10.10.10.zone

;

;       Addresses and other host information.

;

$TTL 86400

@       IN      SOA     example.com. hostmaster.example.com. (

                               2014101901      ; Serial

                               43200      ; Refresh

                               3600       ; Retry

                               3600000    ; Expire

                               2592000 )  ; Minimum

10.10.10.in-addr.arpa. IN      NS      centos7.example.com.

20.10.10.10.in-addr.arpa. IN PTR mx.example.com.

20.10.10.10.in-addr.arpa. IN PTR ns1.example.com.

20.10.10.10.in-addr.arpa. IN PTR gitlab.example.com.

停止并禁用named服务,启动bind-chroot服务并设置为自启动

/usr/libexec/setup-named-chroot.sh /var/named/chroot on

systemctl stop named

systemctl disable named

systemctl start named-chroot

systemctl enable named-chroot

CentOS7安装Puppet+GitLab+Bind的更多相关文章

  1. Centos7安装配置gitlab

    Centos7安装配置gitlab 这篇文字我会介绍在Centos7上安装gitlab,配置gitlab的smtp,并且创建项目demo. sudo yum install openssh-serve ...

  2. centos7安装部署gitlab服务器

    [gitlab需要内存至少4GB]   我这里使用的是centos 7 64bit,我试过centos 6也是可以的! 1. 安装依赖软件 yum -y install policycoreutils ...

  3. linux centos7安装部署gitlab服务器

    refer:https://www.globo.tech/learning-center/install-gitlab-centos-7/#:~:text=How%20to%20Install%20G ...

  4. centos7 安装部署gitlab

    Gitlab官网地址:https://about.gitlab.com/downloads/ Linux系统环境: Centos7 gitlab服务安装之前需要安装一些依赖包:yum install ...

  5. CentOS7安装私有gitlab

    1.安装依赖包 yum install -y curl policycoreutils openssh-server openssh-clients postfix systemctl start p ...

  6. centos7安装配置gitlab详细教程

    一. 安装并配置必要的依赖关系在CentOS系统上安装所需的依赖:ssh,防火墙,postfix(用于邮件通知) ,wget,以下这些命令也会打开系统防火墙中的HTTP和SSH端口访问. 1.安装ss ...

  7. centos7安装puppet详细教程(简单易懂,小白也可以看懂的教程)

    简介: Puppet是一种linux.unix平台的集中配置管理系统,使用ruby语言,可配置文件.用户.cron任务.软件包.系统服务等.Puppet把这些系统实体称之为资源,它的设计目标是简化对这 ...

  8. Centos7 安装gitLab

    我这里使用的是centos 7 64bit,我试过centos 6也是可以的! 1. 安装依赖软件 yum -y install policycoreutils openssh-server open ...

  9. CentOs7安装gitlab(转!)

    沧浪之水清兮,可以濯吾缨; 沧浪之水浊兮,可以濯吾足.                                                                         ...

随机推荐

  1. Spring 定时任务 quartz的配置

    环境:我用的是spring3.2,其中引入了quartz-1.5.2.jar 先写一个任务类: package com.hlcg.common.task; public class TestJob { ...

  2. 转:十八、java中this的用法

    http://blog.csdn.net/liujun13579/article/details/7732443 我知道很多朋友都和我一样:在JAVA程序中似乎经常见到“this”,自己也偶尔用到它, ...

  3. 三星 PMU NXE2000,x-powers的AXP228,NXE2000

    核心板PMIC X4418CV2并没有用三星推荐的PMU NXE2000,而是自主研发,采用x-powers的AXP228,这是因为AXP228更符合用户的习惯,更适合做产品,他们有如下区别: PMU ...

  4. Oracle坑之-空字符串与NULL

    空字符串与NULL 首先有如下代码 SELECT * FROM Pdc_DataDomain DD INNER JOIN Pdc_DD_Table DDT ON DD.DataDomainID = D ...

  5. 【Android 复习】:Android之ViewFlipper(二)

    通过手势移动屏幕 上面是通过屏幕上的按钮来在屏幕间切换的,这看起来多少有点不符合Android的风格,如果要是能通过手势的左右滑动来实现屏幕的切换就比较优雅了. 通过android.view.Gest ...

  6. [C#]网络编程系列专题二:HTTP协议详解

    转自:http://www.cnblogs.com/zhili/archive/2012/08/18/2634475.html 我们在用Asp.net技术开发Web应用程序后,当用户在浏览器输入一个网 ...

  7. Away3D基础之摄像机

    转自:http://blog.csdn.net/cceevv/article/details/8571860 原英文地址:http://www.flashmagazine.com/Tutorials/ ...

  8. 关于Session

    转自:http://blog.csdn.net/wang379275614/article/details/9627755 Session理解:   Session:在计算机中,尤其是在网络应用中,称 ...

  9. (转载)php获取form表单中name相同的表单项

    (转载)http://hi.baidu.com/ruhyxowwzhbqszq/item/5fd9c8b9b594db47ba0e12a9 比如下面的表单: /*form.php*/ <form ...

  10. (转载)C++ const成员初始化问题

    (转载)http://www.189works.com/article-45135-1.html Const成员如其它任何成员一样,简单考虑其出现在三个位置:全局作用域.普通函数内部.类里面. 下面请 ...