分类 电脑 下的文章

debian 11 网络远程自动安装测试 - pxe - preseed.cfg

如机房的机子,一般是远程管理,不方便实地用光盘或U盘安装系统,如 debian 11 是提供了完整的网络安装 netboot 文件及自动配置安装参数 preseed.cfg 的说明。

环境:用 VirtualBox 来创建两个虚拟机,A机为pxe服务所在的机子,B机当客户机。A机安装debian 11,分配两张网卡,一张公网,另一张是内网(enp0s8)

步骤:

  1. apt install dnsmasq # 在A机安装dnsmasq,为B机自动自动分配IP及网络引导启动、安装系统
  2. /etc/dnsmasq.conf # 配置文件内容。大概是设置好tftp的路径 /srv/tftp ,及为B机(传统BIOS启动)设置启动文件为 os-images/bullseye/netboot/pxelinux.0

    interface=enp0s8
    domain=debian.local
    dhcp-range=192.168.3.3,192.168.3.253,255.255.255.0,1h
    enable-tftp
    tftp-root=/srv/tftp
    # dhcp-optsfile=/etc/dnsmasq.opt
    #dhcp-match=ipxe,175
    # dhcp-boot=net:ipxe,default.ipxe
    # pxe-service=x86PC,"ipxe bios", ipxe/undionly.kpxe
    # pxe-service=tag:x86-64_efi,"ipxe efi", ipxe/ipxe.efi
    
    dhcp-match=set:bios-x86,option:client-arch,0
    # dhcp-boot=tag:bios-x86,ipxe/undionly.kpxe
    dhcp-boot=tag:bios-x86,os-images/bullseye/netboot/pxelinux.0
    
    # boot config for UEFI systems
    # dhcp-match=set:efi-x86_64,option:client-arch,7
    # dhcp-match=set:efi-x86_64,option:client-arch,9
    # dhcp-boot=tag:efi-x86_64,ipxe/ipxe.efi
    
    # dhcp-match=set:ipxe,175
    # dhcp-boot=tag:ipxe,http://192.168.3.1/boot2.php
    # dhcp-userclass=set:ENH,iPXE
    # dhcp-boot=tag:ENH,default.ipxe
  3. /srv/tftp/os-images/bullseye/netboot/pxelinux.cfg/01-08-00-27-49-b4-6c # 以B机的网卡mac地址为名创建一个pxelinux的启动配置文件内容。大概是将debian的自动应答文件preseed.cfg作为启动参数加载

    DEFAULT linux
     SAY Now booting the kernel from SYSLINUX...
    LABEL linux
     KERNEL debian-installer/amd64/linux
     APPEND auto=true hostname=auto2 domain=local preseed/url=tftp://192.168.3.1/os-images/bullseye/preseed.cfg initrd=debian-installer/amd64/initrd.gz
  4. os-images/bullseye/preseed.cfg # 文件内容。目的是自动回答安装过程中的问题,无人值守就可以完成系统安装

    #### Contents of the preconfiguration file (for bullseye). refer: https://www.debian.org/releases/bullseye/example-preseed.txt
    d-i debian-installer/locale string en_US
    d-i keyboard-configuration/xkb-keymap select us
    d-i netcfg/choose_interface select auto
    d-i netcfg/get_hostname string unassigned-hostname
    d-i netcfg/get_domain string unassigned-domain
    d-i netcfg/hostname string auto1
    d-i netcfg/wireless_wep string
    d-i mirror/country string manual
    d-i mirror/http/hostname string ftp.cn.debian.org
    d-i mirror/http/directory string /debian
    d-i mirror/http/proxy string
    d-i passwd/root-password password r00tme
    d-i passwd/root-password-again password r00tme
    d-i passwd/user-fullname string Debian User
    d-i passwd/username string debian
    d-i passwd/user-password password insecure
    d-i passwd/user-password-again password insecure
    d-i clock-setup/utc boolean true
    d-i time/zone string US/Eastern
    d-i clock-setup/ntp boolean true
    d-i partman-auto/method string lvm
    d-i partman-auto-lvm/guided_size string max
    d-i partman-lvm/device_remove_lvm boolean true
    d-i partman-md/device_remove_md boolean true
    d-i partman-lvm/confirm boolean true
    d-i partman-lvm/confirm_nooverwrite boolean true
    d-i partman-auto/choose_recipe select atomic
    d-i partman-partitioning/confirm_write_new_label boolean true
    d-i partman/choose_partition select finish
    d-i partman/confirm boolean true
    d-i partman/confirm_nooverwrite boolean true
    d-i partman-md/confirm boolean true
    d-i partman-partitioning/confirm_write_new_label boolean true
    d-i partman/choose_partition select finish
    d-i partman/confirm boolean true
    d-i partman/confirm_nooverwrite boolean true
    d-i apt-setup/cdrom/set-first boolean false
    tasksel tasksel/first multiselect standard, ssh-server
    popularity-contest popularity-contest/participate boolean true
    d-i grub-installer/only_debian boolean true
    d-i grub-installer/with_other_os boolean true
    d-i grub-installer/bootdev  string default
    d-i finish-install/reboot_in_progress note
  5. /etc/nftables.conf # 如果A机要为B机充当网关,转发上网,还需要配置一下。发现一个现象是B机有时上不了外网,要重启一下nftables服务

    #!/usr/sbin/nft -f
    
    flush ruleset
    
    table inet filter {
        chain input {
                type filter hook input priority 0;
        }
        chain forward {
                type filter hook forward priority 0;
        }
        chain output {
                type filter hook output priority 0;
        }
    }
    
    #######
    table inet nat {
        chain input {
                type nat hook input priority 0; policy accept;
                ip protocol icmp accept
        }
    
        chain prerouting {
                type nat hook prerouting priority 0; policy accept;
        }
    
        chain postrouting {
                type nat hook postrouting priority 100; policy accept;
    #               ip saddr 192.168.3.0/24 oifname "enp0s3" masquerade
                oifname "enp0s3" masquerade
        }
    
        chain output {
                type nat hook output priority 0; policy accept;
        }
    }

参考:

更新 magento2 产品索引时,elastic search 报错 - status 429

问题:magento2.4的站点,执行 bin/magento indexer:reindex 后,elastic search 报错。内容如下:

Catalog Search index process error during indexation process:
{"error":{"root_cause":[{"type":"cluster_block_exception","reason":"index [magento2_mazia_243_product_1_v45] blocked by: [TOO_MANY_REQUESTS/12/disk usage exceeded flood-stage watermark, index has read-only-allow-delete block];"}],"type":"cluster_block_exception","reason":"index [magento2_mazia_243_product_1_v45] blocked by: [TOO_MANY_REQUESTS/12/disk usage exceeded flood-stage watermark, index has read-only-allow-delete block];"},"status":429}

尝试:按网上说的,调整elastic search设置后就可以了:

curl -XPUT -H "Content-Type: application/json" http://localhost:9200/_cluster/settings -d '{ "transient": { "cluster.routing.allocation.disk.threshold_enabled": false } }'

curl -XPUT -H "Content-Type: application/json" http://localhost:9200/_all/_settings -d '{"index.blocks.read_only_allow_delete": null}'

参考:https://stackoverflow.com/questions/63689953/magento-2-4-reindex-issue-with-elasticsearch

发自139.com的邮件,不能在电信内网的邮局中收到 - iredmail

环境:电信的线路,在内网的一台机子上安装了 iredmail 邮局
问题:邮局与腾讯的收发邮件,正常。但发自139.com的邮件,不能收到
现象:邮局中的日志有如下字样:

Aug  5 21:57:29 mail postfix/smtpd[22485]: connect from n169-113.mail.139.com[120.232.169.113]
Aug  5 21:57:29 mail postfix/smtpd[22485]: Anonymous TLS connection established from n169-113.mail.139.com[120.232.169.113]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Aug  5 21:57:29 mail postfix/smtpd[22485]: 4LznGd6ykCz9w4l: client=n169-113.mail.139.com[120.232.169.113]
Aug  5 21:59:27 mail postfix/anvil[21946]: statistics: max connection rate 1/60s for (smtpd:120.232.169.113) at Aug  5 21:49:27
Aug  5 21:59:27 mail postfix/anvil[21946]: statistics: max connection count 1 for (smtpd:120.232.169.113) at Aug  5 21:49:27
Aug  5 21:59:27 mail postfix/anvil[21946]: statistics: max cache size 1 at Aug  5 21:49:27
Aug  5 22:00:45 mail clamd[1737]: SelfCheck: Database status OK.
Aug  5 22:02:30 mail postfix/smtpd[22485]: timeout after DATA (0 bytes) from n169-113.mail.139.com[120.232.169.113]
Aug  5 22:02:30 mail postfix/smtpd[22485]: disconnect from n169-113.mail.139.com[120.232.169.113]

尝试:看起来,自建邮局能与139.com邮局的IP互访,但为什么自建邮局不能成功收信呢?

依照网上的帖子,这可能是因为内网的机子拨号后,以太网的默认的mtu 1500值显得大,需要调小以适合传送。

[root@mail ~]# ping -M do -s 1430 n169-113.mail.139.com
PING n169-113.mail.139.com (120.232.169.113) 1430(1458) bytes of data.
ping: local error: Message too long, mtu=1400
ping: local error: Message too long, mtu=1400
ping: local error: Message too long, mtu=1400

果然,将mtu调小到1400后,自建的邮局就可以成功从139.com收到邮件了。

参考:

postfix 多实例多配置运行 - postmulti - 各实例用各自的发信出口IP

需求:配置有多个IP地址的机子,想让postfix用不同的IP地址发出邮件。

尝试:可以使用 postmulti 配置多个不同的postfix实例:每个实例使用自己的main.cf配置文件,在各实例的main.cf里绑定指定的IP地址。

参考:

cPanel - WHM - The SMTP restriction - 限制用户使用外部smtp发信

问题:cPanel用户无法通过php使用外部smtp服务器发信。

尝试:执行如 openssl s_client -connect smtp.gmail.com:465 的命令,显示cPanel/WHM本机的ssl证书,并不是gmail的。

解决:登录到WHM,禁用 The SMTP restriction 功能即可。

This feature prevents users from bypassing the mail server to send mail, a common practice used by spammers.
It will allow only the MTA, mailman, and root to connect to remote SMTP servers.

This control is also adjustable in Tweak Settings.

The SMTP restriction is enabled.

参考:https://docs.cpanel.net/whm/security-center/smtp-restrictions/