添加Puppet官方源

rpm -Uvh https://yum.puppetlabs.com/puppetlabs-release-el-7.noarch.rpm

安装Puppet

yum -y install puppet puppet-server facter

安装配置GitLab依赖软件

yum -y install curl policycoreutils openssh-server openssh-clients

systemctl enable sshd

systemctl start sshd

yum install postfix

systemctl enable postfix

systemctl start postfix

firewall-cmd --permanent --add-service=http

systemctl reload firewalld

添加GitLab清华源

#vi /etc/yum.repos.d/gitlab-ce.repo

[gitlab-ce]

name=gitlab-ce

baseurl=http://mirrors.tuna.tsinghua.edu.cn/gitlab-ce/yum/el7

repo_gpgcheck=0

gpgcheck=0

enabled=1

gpgkey=https://packages.gitlab.com/gpg.key

安装GitLab

yum -y install gitlab-ce

修改/etc/gitlab/gitlab.rb文件

external_url "https://gitlab.example.com:2443"

生成ssl证书

openssl genrsa -des3 -out gitlab.example.com.key 1024

SUBJECT="/C=CN/ST=China/L=Shanghai/O=example.com/OU=example.com/CN=gitlab.example.com"

openssl req -new -subj $SUBJECT -key gitlab.example.com.key -out gitlab.example.com.csr

openssl rsa -in gitlab.example.com.key -out gitlab.example.com.key

openssl x509 -req -days 3650 -in gitlab.example.com.csr -signkey gitlab.example.com.key -out gitlab.example.com.crt

将证书移动到/etc/gitlab/ssl目录下

mkdir -p /etc/gitlab/ssl

mv gitlab.example.com.key gitlab.example.com.crt /etc/gitlab/ssl/

如果8080端口被别的程序占用,还需要将unicorn端口修改成别的为占用端口

unicorn['port'] = 8081

配置启动GitLab

gitlab-ctl reconfigure

效果图:

第一次登陆需要修改管理员密码,管理员帐号名为root

安装Bind Chroot DNS服务器

yum -y install bind-chroot bind

拷贝bind相关文件,准备bind chroot 环境

cp -R /usr/share/doc/bind-*/sample/var/named/* /var/named/chroot/var/named

在bind chroot的目录中创建相关文件

touch /var/named/chroot/var/named/data/cache_dump.db

touch /var/named/chroot/var/named/data/named_stats.txt

touch /var/named/chroot/var/named/data/named_mem_stats.txt

touch /var/named/chroot/var/named/data/named.run

mkdir /var/named/chroot/var/named/dynamic

touch /var/named/chroot/var/named/dynamic/managed-keys.bind

将Bind锁定文件设置为可写,并将selinux标签改成named_cache_t

chmod -R 777 /var/named/chroot/var/named/data

chmod -R 777 /var/named/chroot/var/named/dynamic

chcon -R -t named_cache_t /var/named/chroot/var/named/data

chcon -R -t named_cache_t /var/named/chroot/var/named/dynamic

将/etc/named.conf拷贝到bind chroot目录

cp -p /etc/named.conf /var/named/chroot/etc/named.conf

在/etc/named.conf中对bind进行配置

# vi /var/named/chroot/etc/named.conf

完全配置如下:

//

// named.conf

//

// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS

// server as a caching only nameserver (as a localhost DNS resolver only).

//

// See /usr/share/doc/bind*/sample/ for example named configuration files.

//

options {

	listen-on port 53 { any; };

	listen-on-v6 port 53 { ::1; };

	directory 	"/var/named";

	dump-file 	"/var/named/data/cache_dump.db";

	statistics-file "/var/named/data/named_stats.txt";

	memstatistics-file "/var/named/data/named_mem_stats.txt";

	allow-query     { any; };

	/*

	 - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.

	 - If you are building a RECURSIVE (caching) DNS server, you need to enable

	   recursion.

	 - If your recursive DNS server has a public IP address, you MUST enable access

	   control to limit queries to your legitimate users. Failing to do so will

	   cause your server to become part of large scale DNS amplification

	   attacks. Implementing BCP38 within your network would greatly

	   reduce such attack surface

	*/

	recursion yes;

	dnssec-enable yes;

	dnssec-validation yes;

        dnssec-lookaside auto;

	/* Path to ISC DLV key */

	bindkeys-file "/etc/named.iscdlv.key";

	managed-keys-directory "/var/named/dynamic";

	pid-file "/run/named/named.pid";

	session-keyfile "/run/named/session.key";

};

logging {

        channel default_debug {

                file "data/named.run";

                severity dynamic;

        };

};

zone "." IN {

	type hint;

	file "named.ca";

};

zone "example.com" {

    type master;

    file "example.com.zone";

};

zone "10.10.10.in-addr.arpa" IN {

    type master;

    file "10.10.10.zone";

};

include "/etc/named.rfc1912.zones";

include "/etc/named.root.key";

为 example.com域名创建转发域与反向域文件

a)创建转发域

# vi /var/named/chroot/var/named/example.com.zone

;

;       Addresses and other host information.

;

$TTL 86400

@       IN      SOA     example.com. hostmaster.example.com. (

                               2014101901      ; Serial

                               43200      ; Refresh

                               3600       ; Retry

                               3600000    ; Expire

                               2592000 )  ; Minimum

;       Define the nameservers and the mail servers

               IN      NS      ns1.example.com.

               IN      A       10.10.10.20

               IN      MX      10 mx.example.com.

centos7          IN      A       10.10.10.20

mx               IN      A       10.10.10.20

ns1              IN      A       10.10.10.20

gitlab           IN      A       10.10.10.20

b)创建反向域

# vi /var/named/chroot/var/named/10.10.10.zone

;

;       Addresses and other host information.

;

$TTL 86400

@       IN      SOA     example.com. hostmaster.example.com. (

                               2014101901      ; Serial

                               43200      ; Refresh

                               3600       ; Retry

                               3600000    ; Expire

                               2592000 )  ; Minimum

10.10.10.in-addr.arpa. IN      NS      centos7.example.com.

20.10.10.10.in-addr.arpa. IN PTR mx.example.com.

20.10.10.10.in-addr.arpa. IN PTR ns1.example.com.

20.10.10.10.in-addr.arpa. IN PTR gitlab.example.com.

停止并禁用named服务,启动bind-chroot服务并设置为自启动

/usr/libexec/setup-named-chroot.sh /var/named/chroot on

systemctl stop named

systemctl disable named

systemctl start named-chroot

systemctl enable named-chroot

CentOS7安装Puppet+GitLab+Bind的更多相关文章

  1. Centos7安装配置gitlab

    Centos7安装配置gitlab 这篇文字我会介绍在Centos7上安装gitlab,配置gitlab的smtp,并且创建项目demo. sudo yum install openssh-serve ...

  2. centos7安装部署gitlab服务器

    [gitlab需要内存至少4GB]   我这里使用的是centos 7 64bit,我试过centos 6也是可以的! 1. 安装依赖软件 yum -y install policycoreutils ...

  3. linux centos7安装部署gitlab服务器

    refer:https://www.globo.tech/learning-center/install-gitlab-centos-7/#:~:text=How%20to%20Install%20G ...

  4. centos7 安装部署gitlab

    Gitlab官网地址:https://about.gitlab.com/downloads/ Linux系统环境: Centos7 gitlab服务安装之前需要安装一些依赖包:yum install ...

  5. CentOS7安装私有gitlab

    1.安装依赖包 yum install -y curl policycoreutils openssh-server openssh-clients postfix systemctl start p ...

  6. centos7安装配置gitlab详细教程

    一. 安装并配置必要的依赖关系在CentOS系统上安装所需的依赖:ssh,防火墙,postfix(用于邮件通知) ,wget,以下这些命令也会打开系统防火墙中的HTTP和SSH端口访问. 1.安装ss ...

  7. centos7安装puppet详细教程(简单易懂,小白也可以看懂的教程)

    简介: Puppet是一种linux.unix平台的集中配置管理系统,使用ruby语言,可配置文件.用户.cron任务.软件包.系统服务等.Puppet把这些系统实体称之为资源,它的设计目标是简化对这 ...

  8. Centos7 安装gitLab

    我这里使用的是centos 7 64bit,我试过centos 6也是可以的! 1. 安装依赖软件 yum -y install policycoreutils openssh-server open ...

  9. CentOs7安装gitlab(转!)

    沧浪之水清兮,可以濯吾缨; 沧浪之水浊兮,可以濯吾足.                                                                         ...

随机推荐

  1. [wikioi]过河卒

    棋盘型动态规划.(PPT:http://wenku.baidu.com/view/56badad850e2524de5187ea3.html)该类动态规划有一个共性,那就是在一个矩阵中(一般是二维矩阵 ...

  2. [转贴]JAVA:RESTLET开发实例(三)基于spring的REST服务

    前面两篇文章,我们介绍了基于JAX-RS的REST服务以及Application的Rest服务.这里将介绍restlet如何整合spring框架进行开发.Spring 是一个开源框架,是为了解决企业应 ...

  3. 转载:MyEclipse中防止代码格式化时出现换行的情况的设置

     转载出处:http://www.cnblogs.com/yjhrem/articles/2310013.html 编辑完成代码,用MyEclipse的代码格式化后,本来不长的代码也被自动转成了多行. ...

  4. 【HDOJ】3068 最长回文

    马拉车算法O(n)可解. /* 3068 */ #include <iostream> #include <string> #include <map> #incl ...

  5. poj2154

    利用bzoj2705的结论我们很容易优化这道等价类计数的问题 sum(n^gcd(i,n))/n mod p (1<=i<=n) =sum(phi(n/L)*n^L)/n mod p (n ...

  6. BZOJ_1003_[ZJOI2006]_物流运输_(动态规划+最短路)

    描述 http://www.lydsy.com/JudgeOnline/problem.php?id=1003 m个码头,从1运货到m,n天每天运,其中有一些码头在特定的天里不能使用.运货的代价:在两 ...

  7. (转载)AS3领航系列教程 之 AS3程序的入口

    (转载)http://blog.csdn.net/wibrst/article/details/1861828 要实践本教程, 您需要安装以下软件:    Flash CS3 AS3程序的入口 众所周 ...

  8. format 对整形的应用

    对于整型数,会在整型值的前面以0补之 Format('this is %.7d'[1234]);             输出是:this is 0001234]

  9. Delphi TcxTreeList 怎么设置分组

    Delphi 的TcxTreeList控件设置按种类分组,操作如下: 1. 在TcxTreeList控件中双击,打开 Bands 属性,在这里面建需要分的组,在Captions->Text 输入 ...

  10. Linq左右連接

    1.左连接: var LeftJoin = from emp in ListOfEmployeesjoin dept in ListOfDepartmenton emp.DeptID equals d ...