分类 电脑 下的文章

ubuntu 22.04 - jammy - autoinstall - pxe 自动安装

上一篇,测试了 debian 11 的pxe自动安装:https://liujia.anqun.org/index.php/archives/3994/ 。 这里想试试 ubuntu 22.04的。

  1. /srv/tftp/os-images/bullseye/netboot/pxelinux.cfg/01-08-00-27-49-b4-6c # 偷懒,直接使用 debian 11 netboot 中的 pxelinux 文件。仅对pxelinux的配置文件内容做改动。其中 vmlinuz 和 initrd 是从 ubuntu-22.04.1-live-server-amd64.iso 提取到的。http://192.168.3.1/jammy/ 中有 user-data 和 meta-data 配置文件

    DEFAULT linux
     SAY Now booting the kernel from SYSLINUX...
    LABEL linux
    #  KERNEL debian-installer/amd64/linux
    #  APPEND auto=true hostname=auto2 domain=local preseed/url=tftp://192.168.3.1/os-images/bullseye/preseed.cfg initrd=debian-installer/amd64/initrd.gz
    
    KERNEL http://192.168.3.1/jammy/vmlinuz
    INITRD http://192.168.3.1/jammy/initrd
    APPEND ip=dhcp autoinstall ds=nocloud-net;s=http://192.168.3.1/jammy/ url=http://192.168.3.1/jammy/ubuntu-22.04.1-live-server-amd64.iso
  2. http://192.168.3.1/jammy/user-data # 自动安装的应答文件内容,这里仅设置用户及安装openssh-server

    #cloud-config
    autoinstall:
     identity:
    hostname: jammy2
    password: $6$5lpwCLsKLEzMkSJc$keOAhA6aO/5RocGThmhVA7LSNuW911Rx5HHXFEa75oGK20cEdAAgn14H5f5nGeq6QgcSyLPrWcg1.JvjXbhrN/
    username: ubuntu
     locale: zh_CN.UTF-8
     ssh:
    install-server: yes
     late-commands:
     - 'echo "ubuntu ALL=(ALL) NOPASSWD:ALL" > /target/etc/sudoers.d/ubuntu-nopw'
     - chmod 440 /target/etc/sudoers.d/ubuntu-nopw
     version: 1

遇到的问题,安装ubuntu 22.04的虚拟机分配了4GB内存,还不够用,用6GB内存后才顺利安装完成。

参考:

debian 11 网络远程自动安装测试 - pxe - preseed.cfg

如机房的机子,一般是远程管理,不方便实地用光盘或U盘安装系统,如 debian 11 是提供了完整的网络安装 netboot 文件及自动配置安装参数 preseed.cfg 的说明。

环境:用 VirtualBox 来创建两个虚拟机,A机为pxe服务所在的机子,B机当客户机。A机安装debian 11,分配两张网卡,一张公网,另一张是内网(enp0s8)

步骤:

  1. apt install dnsmasq # 在A机安装dnsmasq,为B机自动自动分配IP及网络引导启动、安装系统
  2. /etc/dnsmasq.conf # 配置文件内容。大概是设置好tftp的路径 /srv/tftp ,及为B机(传统BIOS启动)设置启动文件为 os-images/bullseye/netboot/pxelinux.0

    interface=enp0s8
    domain=debian.local
    dhcp-range=192.168.3.3,192.168.3.253,255.255.255.0,1h
    enable-tftp
    tftp-root=/srv/tftp
    # dhcp-optsfile=/etc/dnsmasq.opt
    #dhcp-match=ipxe,175
    # dhcp-boot=net:ipxe,default.ipxe
    # pxe-service=x86PC,"ipxe bios", ipxe/undionly.kpxe
    # pxe-service=tag:x86-64_efi,"ipxe efi", ipxe/ipxe.efi
    
    dhcp-match=set:bios-x86,option:client-arch,0
    # dhcp-boot=tag:bios-x86,ipxe/undionly.kpxe
    dhcp-boot=tag:bios-x86,os-images/bullseye/netboot/pxelinux.0
    
    # boot config for UEFI systems
    # dhcp-match=set:efi-x86_64,option:client-arch,7
    # dhcp-match=set:efi-x86_64,option:client-arch,9
    # dhcp-boot=tag:efi-x86_64,ipxe/ipxe.efi
    
    # dhcp-match=set:ipxe,175
    # dhcp-boot=tag:ipxe,http://192.168.3.1/boot2.php
    # dhcp-userclass=set:ENH,iPXE
    # dhcp-boot=tag:ENH,default.ipxe
  3. /srv/tftp/os-images/bullseye/netboot/pxelinux.cfg/01-08-00-27-49-b4-6c # 以B机的网卡mac地址为名创建一个pxelinux的启动配置文件内容。大概是将debian的自动应答文件preseed.cfg作为启动参数加载

    DEFAULT linux
     SAY Now booting the kernel from SYSLINUX...
    LABEL linux
     KERNEL debian-installer/amd64/linux
     APPEND auto=true hostname=auto2 domain=local preseed/url=tftp://192.168.3.1/os-images/bullseye/preseed.cfg initrd=debian-installer/amd64/initrd.gz
  4. os-images/bullseye/preseed.cfg # 文件内容。目的是自动回答安装过程中的问题,无人值守就可以完成系统安装

    #### Contents of the preconfiguration file (for bullseye). refer: https://www.debian.org/releases/bullseye/example-preseed.txt
    d-i debian-installer/locale string en_US
    d-i keyboard-configuration/xkb-keymap select us
    d-i netcfg/choose_interface select auto
    d-i netcfg/get_hostname string unassigned-hostname
    d-i netcfg/get_domain string unassigned-domain
    d-i netcfg/hostname string auto1
    d-i netcfg/wireless_wep string
    d-i mirror/country string manual
    d-i mirror/http/hostname string ftp.cn.debian.org
    d-i mirror/http/directory string /debian
    d-i mirror/http/proxy string
    d-i passwd/root-password password r00tme
    d-i passwd/root-password-again password r00tme
    d-i passwd/user-fullname string Debian User
    d-i passwd/username string debian
    d-i passwd/user-password password insecure
    d-i passwd/user-password-again password insecure
    d-i clock-setup/utc boolean true
    d-i time/zone string US/Eastern
    d-i clock-setup/ntp boolean true
    d-i partman-auto/method string lvm
    d-i partman-auto-lvm/guided_size string max
    d-i partman-lvm/device_remove_lvm boolean true
    d-i partman-md/device_remove_md boolean true
    d-i partman-lvm/confirm boolean true
    d-i partman-lvm/confirm_nooverwrite boolean true
    d-i partman-auto/choose_recipe select atomic
    d-i partman-partitioning/confirm_write_new_label boolean true
    d-i partman/choose_partition select finish
    d-i partman/confirm boolean true
    d-i partman/confirm_nooverwrite boolean true
    d-i partman-md/confirm boolean true
    d-i partman-partitioning/confirm_write_new_label boolean true
    d-i partman/choose_partition select finish
    d-i partman/confirm boolean true
    d-i partman/confirm_nooverwrite boolean true
    d-i apt-setup/cdrom/set-first boolean false
    tasksel tasksel/first multiselect standard, ssh-server
    popularity-contest popularity-contest/participate boolean true
    d-i grub-installer/only_debian boolean true
    d-i grub-installer/with_other_os boolean true
    d-i grub-installer/bootdev  string default
    d-i finish-install/reboot_in_progress note
  5. /etc/nftables.conf # 如果A机要为B机充当网关,转发上网,还需要配置一下。发现一个现象是B机有时上不了外网,要重启一下nftables服务

    #!/usr/sbin/nft -f
    
    flush ruleset
    
    table inet filter {
        chain input {
                type filter hook input priority 0;
        }
        chain forward {
                type filter hook forward priority 0;
        }
        chain output {
                type filter hook output priority 0;
        }
    }
    
    #######
    table inet nat {
        chain input {
                type nat hook input priority 0; policy accept;
                ip protocol icmp accept
        }
    
        chain prerouting {
                type nat hook prerouting priority 0; policy accept;
        }
    
        chain postrouting {
                type nat hook postrouting priority 100; policy accept;
    #               ip saddr 192.168.3.0/24 oifname "enp0s3" masquerade
                oifname "enp0s3" masquerade
        }
    
        chain output {
                type nat hook output priority 0; policy accept;
        }
    }

参考:

更新 magento2 产品索引时,elastic search 报错 - status 429

问题:magento2.4的站点,执行 bin/magento indexer:reindex 后,elastic search 报错。内容如下:

Catalog Search index process error during indexation process:
{"error":{"root_cause":[{"type":"cluster_block_exception","reason":"index [magento2_mazia_243_product_1_v45] blocked by: [TOO_MANY_REQUESTS/12/disk usage exceeded flood-stage watermark, index has read-only-allow-delete block];"}],"type":"cluster_block_exception","reason":"index [magento2_mazia_243_product_1_v45] blocked by: [TOO_MANY_REQUESTS/12/disk usage exceeded flood-stage watermark, index has read-only-allow-delete block];"},"status":429}

尝试:按网上说的,调整elastic search设置后就可以了:

curl -XPUT -H "Content-Type: application/json" http://localhost:9200/_cluster/settings -d '{ "transient": { "cluster.routing.allocation.disk.threshold_enabled": false } }'

curl -XPUT -H "Content-Type: application/json" http://localhost:9200/_all/_settings -d '{"index.blocks.read_only_allow_delete": null}'

参考:https://stackoverflow.com/questions/63689953/magento-2-4-reindex-issue-with-elasticsearch

发自139.com的邮件,不能在电信内网的邮局中收到 - iredmail

环境:电信的线路,在内网的一台机子上安装了 iredmail 邮局
问题:邮局与腾讯的收发邮件,正常。但发自139.com的邮件,不能收到
现象:邮局中的日志有如下字样:

Aug  5 21:57:29 mail postfix/smtpd[22485]: connect from n169-113.mail.139.com[120.232.169.113]
Aug  5 21:57:29 mail postfix/smtpd[22485]: Anonymous TLS connection established from n169-113.mail.139.com[120.232.169.113]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Aug  5 21:57:29 mail postfix/smtpd[22485]: 4LznGd6ykCz9w4l: client=n169-113.mail.139.com[120.232.169.113]
Aug  5 21:59:27 mail postfix/anvil[21946]: statistics: max connection rate 1/60s for (smtpd:120.232.169.113) at Aug  5 21:49:27
Aug  5 21:59:27 mail postfix/anvil[21946]: statistics: max connection count 1 for (smtpd:120.232.169.113) at Aug  5 21:49:27
Aug  5 21:59:27 mail postfix/anvil[21946]: statistics: max cache size 1 at Aug  5 21:49:27
Aug  5 22:00:45 mail clamd[1737]: SelfCheck: Database status OK.
Aug  5 22:02:30 mail postfix/smtpd[22485]: timeout after DATA (0 bytes) from n169-113.mail.139.com[120.232.169.113]
Aug  5 22:02:30 mail postfix/smtpd[22485]: disconnect from n169-113.mail.139.com[120.232.169.113]

尝试:看起来,自建邮局能与139.com邮局的IP互访,但为什么自建邮局不能成功收信呢?

依照网上的帖子,这可能是因为内网的机子拨号后,以太网的默认的mtu 1500值显得大,需要调小以适合传送。

[root@mail ~]# ping -M do -s 1430 n169-113.mail.139.com
PING n169-113.mail.139.com (120.232.169.113) 1430(1458) bytes of data.
ping: local error: Message too long, mtu=1400
ping: local error: Message too long, mtu=1400
ping: local error: Message too long, mtu=1400

果然,将mtu调小到1400后,自建的邮局就可以成功从139.com收到邮件了。

参考:

postfix 多实例多配置运行 - postmulti - 各实例用各自的发信出口IP

需求:配置有多个IP地址的机子,想让postfix用不同的IP地址发出邮件。

尝试:可以使用 postmulti 配置多个不同的postfix实例:每个实例使用自己的main.cf配置文件,在各实例的main.cf里绑定指定的IP地址。

参考: