添加Puppet官方源

rpm -Uvh https://yum.puppetlabs.com/puppetlabs-release-el-7.noarch.rpm

安装Puppet

yum -y install puppet puppet-server facter

安装配置GitLab依赖软件

yum -y install curl policycoreutils openssh-server openssh-clients

systemctl enable sshd

systemctl start sshd

yum install postfix

systemctl enable postfix

systemctl start postfix

firewall-cmd --permanent --add-service=http

systemctl reload firewalld

添加GitLab清华源

#vi /etc/yum.repos.d/gitlab-ce.repo

[gitlab-ce]

name=gitlab-ce

baseurl=http://mirrors.tuna.tsinghua.edu.cn/gitlab-ce/yum/el7

repo_gpgcheck=0

gpgcheck=0

enabled=1

gpgkey=https://packages.gitlab.com/gpg.key

安装GitLab

yum -y install gitlab-ce

修改/etc/gitlab/gitlab.rb文件

external_url "https://gitlab.example.com:2443"

生成ssl证书

openssl genrsa -des3 -out gitlab.example.com.key 1024

SUBJECT="/C=CN/ST=China/L=Shanghai/O=example.com/OU=example.com/CN=gitlab.example.com"

openssl req -new -subj $SUBJECT -key gitlab.example.com.key -out gitlab.example.com.csr

openssl rsa -in gitlab.example.com.key -out gitlab.example.com.key

openssl x509 -req -days 3650 -in gitlab.example.com.csr -signkey gitlab.example.com.key -out gitlab.example.com.crt

将证书移动到/etc/gitlab/ssl目录下

mkdir -p /etc/gitlab/ssl

mv gitlab.example.com.key gitlab.example.com.crt /etc/gitlab/ssl/

如果8080端口被别的程序占用,还需要将unicorn端口修改成别的为占用端口

unicorn['port'] = 8081

配置启动GitLab

gitlab-ctl reconfigure

效果图:

第一次登陆需要修改管理员密码,管理员帐号名为root

安装Bind Chroot DNS服务器

yum -y install bind-chroot bind

拷贝bind相关文件,准备bind chroot 环境

cp -R /usr/share/doc/bind-*/sample/var/named/* /var/named/chroot/var/named

在bind chroot的目录中创建相关文件

touch /var/named/chroot/var/named/data/cache_dump.db

touch /var/named/chroot/var/named/data/named_stats.txt

touch /var/named/chroot/var/named/data/named_mem_stats.txt

touch /var/named/chroot/var/named/data/named.run

mkdir /var/named/chroot/var/named/dynamic

touch /var/named/chroot/var/named/dynamic/managed-keys.bind

将Bind锁定文件设置为可写,并将selinux标签改成named_cache_t

chmod -R 777 /var/named/chroot/var/named/data

chmod -R 777 /var/named/chroot/var/named/dynamic

chcon -R -t named_cache_t /var/named/chroot/var/named/data

chcon -R -t named_cache_t /var/named/chroot/var/named/dynamic

将/etc/named.conf拷贝到bind chroot目录

cp -p /etc/named.conf /var/named/chroot/etc/named.conf

在/etc/named.conf中对bind进行配置

# vi /var/named/chroot/etc/named.conf

完全配置如下:

//

// named.conf

//

// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS

// server as a caching only nameserver (as a localhost DNS resolver only).

//

// See /usr/share/doc/bind*/sample/ for example named configuration files.

//

options {

	listen-on port 53 { any; };

	listen-on-v6 port 53 { ::1; };

	directory 	"/var/named";

	dump-file 	"/var/named/data/cache_dump.db";

	statistics-file "/var/named/data/named_stats.txt";

	memstatistics-file "/var/named/data/named_mem_stats.txt";

	allow-query     { any; };

	/*

	 - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.

	 - If you are building a RECURSIVE (caching) DNS server, you need to enable

	   recursion.

	 - If your recursive DNS server has a public IP address, you MUST enable access

	   control to limit queries to your legitimate users. Failing to do so will

	   cause your server to become part of large scale DNS amplification

	   attacks. Implementing BCP38 within your network would greatly

	   reduce such attack surface

	*/

	recursion yes;

	dnssec-enable yes;

	dnssec-validation yes;

        dnssec-lookaside auto;

	/* Path to ISC DLV key */

	bindkeys-file "/etc/named.iscdlv.key";

	managed-keys-directory "/var/named/dynamic";

	pid-file "/run/named/named.pid";

	session-keyfile "/run/named/session.key";

};

logging {

        channel default_debug {

                file "data/named.run";

                severity dynamic;

        };

};

zone "." IN {

	type hint;

	file "named.ca";

};

zone "example.com" {

    type master;

    file "example.com.zone";

};

zone "10.10.10.in-addr.arpa" IN {

    type master;

    file "10.10.10.zone";

};

include "/etc/named.rfc1912.zones";

include "/etc/named.root.key";

为 example.com域名创建转发域与反向域文件

a)创建转发域

# vi /var/named/chroot/var/named/example.com.zone

;

;       Addresses and other host information.

;

$TTL 86400

@       IN      SOA     example.com. hostmaster.example.com. (

                               2014101901      ; Serial

                               43200      ; Refresh

                               3600       ; Retry

                               3600000    ; Expire

                               2592000 )  ; Minimum

;       Define the nameservers and the mail servers

               IN      NS      ns1.example.com.

               IN      A       10.10.10.20

               IN      MX      10 mx.example.com.

centos7          IN      A       10.10.10.20

mx               IN      A       10.10.10.20

ns1              IN      A       10.10.10.20

gitlab           IN      A       10.10.10.20

b)创建反向域

# vi /var/named/chroot/var/named/10.10.10.zone

;

;       Addresses and other host information.

;

$TTL 86400

@       IN      SOA     example.com. hostmaster.example.com. (

                               2014101901      ; Serial

                               43200      ; Refresh

                               3600       ; Retry

                               3600000    ; Expire

                               2592000 )  ; Minimum

10.10.10.in-addr.arpa. IN      NS      centos7.example.com.

20.10.10.10.in-addr.arpa. IN PTR mx.example.com.

20.10.10.10.in-addr.arpa. IN PTR ns1.example.com.

20.10.10.10.in-addr.arpa. IN PTR gitlab.example.com.

停止并禁用named服务,启动bind-chroot服务并设置为自启动

/usr/libexec/setup-named-chroot.sh /var/named/chroot on

systemctl stop named

systemctl disable named

systemctl start named-chroot

systemctl enable named-chroot

CentOS7安装Puppet+GitLab+Bind的更多相关文章

  1. Centos7安装配置gitlab

    Centos7安装配置gitlab 这篇文字我会介绍在Centos7上安装gitlab,配置gitlab的smtp,并且创建项目demo. sudo yum install openssh-serve ...

  2. centos7安装部署gitlab服务器

    [gitlab需要内存至少4GB]   我这里使用的是centos 7 64bit,我试过centos 6也是可以的! 1. 安装依赖软件 yum -y install policycoreutils ...

  3. linux centos7安装部署gitlab服务器

    refer:https://www.globo.tech/learning-center/install-gitlab-centos-7/#:~:text=How%20to%20Install%20G ...

  4. centos7 安装部署gitlab

    Gitlab官网地址:https://about.gitlab.com/downloads/ Linux系统环境: Centos7 gitlab服务安装之前需要安装一些依赖包:yum install ...

  5. CentOS7安装私有gitlab

    1.安装依赖包 yum install -y curl policycoreutils openssh-server openssh-clients postfix systemctl start p ...

  6. centos7安装配置gitlab详细教程

    一. 安装并配置必要的依赖关系在CentOS系统上安装所需的依赖:ssh,防火墙,postfix(用于邮件通知) ,wget,以下这些命令也会打开系统防火墙中的HTTP和SSH端口访问. 1.安装ss ...

  7. centos7安装puppet详细教程(简单易懂,小白也可以看懂的教程)

    简介: Puppet是一种linux.unix平台的集中配置管理系统,使用ruby语言,可配置文件.用户.cron任务.软件包.系统服务等.Puppet把这些系统实体称之为资源,它的设计目标是简化对这 ...

  8. Centos7 安装gitLab

    我这里使用的是centos 7 64bit,我试过centos 6也是可以的! 1. 安装依赖软件 yum -y install policycoreutils openssh-server open ...

  9. CentOs7安装gitlab(转!)

    沧浪之水清兮,可以濯吾缨; 沧浪之水浊兮,可以濯吾足.                                                                         ...

随机推荐

  1. HttpResponseCache 网络缓存使用

    Caches HTTP and HTTPS responses to the filesystem so they may be reused, saving time and bandwidth. ...

  2. java.lang.String内部结构的变化

    原文:http://java-performance.info/changes-to-string-java-1-7-0_06/ 作者:Mikhail Vorontsov IMPORTANT: Jav ...

  3. 应用程序域 z

    应用程序域(AppDomain)已经不是一个新名词了,只要熟悉.net的都知道它的存在,不过我们还是先一起来重新认识下应用程序域吧,究竟它是何方神圣. 应用程序域 众所周知,进程是代码执行和资源分配的 ...

  4. ASP.NET返回Json数据

    Schedule.ashx: <%@ WebHandler Language="C#" Class="Schedule" %> using Syst ...

  5. Ubuntu 使用apt-get时提示错误:无法获得锁 /var/lib/dpkg/lock

    推荐博客:http://blog.sina.com.cn/s/blog_5c1450a8010188ju.html Ubuntu 使用apt-get时提示错误:无法获得锁 /var/lib/dpkg/ ...

  6. 分布式基础通信协议:paxos,totem和gossip

    转:http://blog.csdn.net/cloudresearch/article/details/23127985 背景: 在分布式中,最难解决的一个问题就是多个节点间数据同步问题.为了解决这 ...

  7. HDOJ/HDU 1982 Kaitou Kid - The Phantom Thief (1)(字符串处理)

    Problem Description Do you know Kaitou Kid? In the legend, Kaitou Kid is a master of disguise, and c ...

  8. [洛谷U990]传递游戏(90分)

    [题目描述 Description] n个人在做传递物品的游戏,编号为1-n. 游戏规则是这样的:开始时物品可以在任意一人手上,他可把物品传递给其他人中的任意一位:下一个人可以传递给未接过物品的任意一 ...

  9. vss搭建于操作

    1.下载的vvs2005,下载后先安装在服务器上,反正就是下一步下一步就对了 安装完成后,打开miscrosoft visual sourcesafe,---create  connection da ...

  10. 常用的Git命令

    我的常用的Git命令 Git仓库配置常用 1. clone 克隆一份远程的Git版本库 git clone git://github.com/someone/some_project.git some ...