上一篇，测试了 debian 11 的pxe自动安装：https://liujia.anqun.org/index.php/archives/3994/ 。 这里想试试 ubuntu 22.04的。

1. /srv/tftp/os-images/bullseye/netboot/pxelinux.cfg/01-08-00-27-49-b4-6c # 偷懒，直接使用 debian 11 netboot 中的 pxelinux 文件。仅对pxelinux的配置文件内容做改动。其中 vmlinuz 和 initrd 是从 ubuntu-22.04.1-live-server-amd64.iso 提取到的。http://192.168.3.1/jammy/ 中有 user-data 和 meta-data 配置文件

   DEFAULT linux
    SAY Now booting the kernel from SYSLINUX...
   LABEL linux
   #  KERNEL debian-installer/amd64/linux
   #  APPEND auto=true hostname=auto2 domain=local preseed/url=tftp://192.168.3.1/os-images/bullseye/preseed.cfg initrd=debian-installer/amd64/initrd.gz
   
   KERNEL http://192.168.3.1/jammy/vmlinuz
   INITRD http://192.168.3.1/jammy/initrd
   APPEND ip=dhcp autoinstall ds=nocloud-net;s=http://192.168.3.1/jammy/ url=http://192.168.3.1/jammy/ubuntu-22.04.1-live-server-amd64.iso

2. http://192.168.3.1/jammy/user-data # 自动安装的应答文件内容，这里仅设置用户及安装openssh-server

   #cloud-config
   autoinstall:
    identity:
   hostname: jammy2
   password: $6$5lpwCLsKLEzMkSJc$keOAhA6aO/5RocGThmhVA7LSNuW911Rx5HHXFEa75oGK20cEdAAgn14H5f5nGeq6QgcSyLPrWcg1.JvjXbhrN/
   username: ubuntu
    locale: zh_CN.UTF-8
    ssh:
   install-server: yes
    late-commands:
    - 'echo "ubuntu ALL=(ALL) NOPASSWD:ALL" > /target/etc/sudoers.d/ubuntu-nopw'
    - chmod 440 /target/etc/sudoers.d/ubuntu-nopw
    version: 1

遇到的问题，安装ubuntu 22.04的虚拟机分配了4GB内存，还不够用，用6GB内存后才顺利安装完成。

参考：

• https://ubuntu.com/server/docs/install/autoinstall-quickstart
• https://ubuntu.com/server/docs/install/netboot-amd64
• https://www.molnar-peter.hu/en/ubuntu-jammy-netinstall-pxe.html

如机房的机子，一般是远程管理，不方便实地用光盘或U盘安装系统，如 debian 11 是提供了完整的网络安装 netboot 文件及自动配置安装参数 preseed.cfg 的说明。

环境：用 VirtualBox 来创建两个虚拟机，A机为pxe服务所在的机子，B机当客户机。A机安装debian 11，分配两张网卡，一张公网，另一张是内网（enp0s8）

步骤：

1. apt install dnsmasq # 在A机安装dnsmasq，为B机自动自动分配IP及网络引导启动、安装系统

2. /etc/dnsmasq.conf # 配置文件内容。大概是设置好tftp的路径 /srv/tftp ，及为B机（传统BIOS启动）设置启动文件为 os-images/bullseye/netboot/pxelinux.0

   interface=enp0s8
   domain=debian.local
   dhcp-range=192.168.3.3,192.168.3.253,255.255.255.0,1h
   enable-tftp
   tftp-root=/srv/tftp
   # dhcp-optsfile=/etc/dnsmasq.opt
   #dhcp-match=ipxe,175
   # dhcp-boot=net:ipxe,default.ipxe
   # pxe-service=x86PC,"ipxe bios", ipxe/undionly.kpxe
   # pxe-service=tag:x86-64_efi,"ipxe efi", ipxe/ipxe.efi
   
   dhcp-match=set:bios-x86,option:client-arch,0
   # dhcp-boot=tag:bios-x86,ipxe/undionly.kpxe
   dhcp-boot=tag:bios-x86,os-images/bullseye/netboot/pxelinux.0
   
   # boot config for UEFI systems
   # dhcp-match=set:efi-x86_64,option:client-arch,7
   # dhcp-match=set:efi-x86_64,option:client-arch,9
   # dhcp-boot=tag:efi-x86_64,ipxe/ipxe.efi
   
   # dhcp-match=set:ipxe,175
   # dhcp-boot=tag:ipxe,http://192.168.3.1/boot2.php
   # dhcp-userclass=set:ENH,iPXE
   # dhcp-boot=tag:ENH,default.ipxe

3. /srv/tftp/os-images/bullseye/netboot/pxelinux.cfg/01-08-00-27-49-b4-6c # 以B机的网卡mac地址为名创建一个pxelinux的启动配置文件内容。大概是将debian的自动应答文件preseed.cfg作为启动参数加载

   DEFAULT linux
    SAY Now booting the kernel from SYSLINUX...
   LABEL linux
    KERNEL debian-installer/amd64/linux
    APPEND auto=true hostname=auto2 domain=local preseed/url=tftp://192.168.3.1/os-images/bullseye/preseed.cfg initrd=debian-installer/amd64/initrd.gz

4. os-images/bullseye/preseed.cfg # 文件内容。目的是自动回答安装过程中的问题，无人值守就可以完成系统安装

   #### Contents of the preconfiguration file (for bullseye). refer: https://www.debian.org/releases/bullseye/example-preseed.txt
   d-i debian-installer/locale string en_US
   d-i keyboard-configuration/xkb-keymap select us
   d-i netcfg/choose_interface select auto
   d-i netcfg/get_hostname string unassigned-hostname
   d-i netcfg/get_domain string unassigned-domain
   d-i netcfg/hostname string auto1
   d-i netcfg/wireless_wep string
   d-i mirror/country string manual
   d-i mirror/http/hostname string ftp.cn.debian.org
   d-i mirror/http/directory string /debian
   d-i mirror/http/proxy string
   d-i passwd/root-password password r00tme
   d-i passwd/root-password-again password r00tme
   d-i passwd/user-fullname string Debian User
   d-i passwd/username string debian
   d-i passwd/user-password password insecure
   d-i passwd/user-password-again password insecure
   d-i clock-setup/utc boolean true
   d-i time/zone string US/Eastern
   d-i clock-setup/ntp boolean true
   d-i partman-auto/method string lvm
   d-i partman-auto-lvm/guided_size string max
   d-i partman-lvm/device_remove_lvm boolean true
   d-i partman-md/device_remove_md boolean true
   d-i partman-lvm/confirm boolean true
   d-i partman-lvm/confirm_nooverwrite boolean true
   d-i partman-auto/choose_recipe select atomic
   d-i partman-partitioning/confirm_write_new_label boolean true
   d-i partman/choose_partition select finish
   d-i partman/confirm boolean true
   d-i partman/confirm_nooverwrite boolean true
   d-i partman-md/confirm boolean true
   d-i partman-partitioning/confirm_write_new_label boolean true
   d-i partman/choose_partition select finish
   d-i partman/confirm boolean true
   d-i partman/confirm_nooverwrite boolean true
   d-i apt-setup/cdrom/set-first boolean false
   tasksel tasksel/first multiselect standard, ssh-server
   popularity-contest popularity-contest/participate boolean true
   d-i grub-installer/only_debian boolean true
   d-i grub-installer/with_other_os boolean true
   d-i grub-installer/bootdev  string default
   d-i finish-install/reboot_in_progress note

5. /etc/nftables.conf # 如果A机要为B机充当网关，转发上网，还需要配置一下。发现一个现象是B机有时上不了外网，要重启一下nftables服务

   #!/usr/sbin/nft -f
   
   flush ruleset
   
   table inet filter {
       chain input {
               type filter hook input priority 0;
       }
       chain forward {
               type filter hook forward priority 0;
       }
       chain output {
               type filter hook output priority 0;
       }
   }
   
   #######
   table inet nat {
       chain input {
               type nat hook input priority 0; policy accept;
               ip protocol icmp accept
       }
   
       chain prerouting {
               type nat hook prerouting priority 0; policy accept;
       }
   
       chain postrouting {
               type nat hook postrouting priority 100; policy accept;
   #               ip saddr 192.168.3.0/24 oifname "enp0s3" masquerade
               oifname "enp0s3" masquerade
       }
   
       chain output {
               type nat hook output priority 0; policy accept;
       }
   }

参考：

• https://wiki.debian.org/PXEBootInstall
• https://linuxhint.com/pxe_boot_ubuntu_server/
• https://www.molnar-peter.hu/en/ubuntu-jammy-netinstall-pxe.html
• https://serverfault.com/questions/1098581/how-to-use-d-i-and-preseeding-on-22-04
• https://github-wiki-see.page/m/cesetxeberria/pxeserver/wiki/Set-up-a-debian-pxe-server-with-ipxe-using-standard-debian-files
• https://thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html
• https://gist.github.com/annttu/a5b9a57bf03bfc1361ea806fa1bdd116
• https://lists.debian.org/debian-user/2016/02/msg00295.html
• https://ipxe.org/appnote/debian_preseed
• https://github.com/coreos/tectonic-installer/issues/932
• https://ipxe.org/err/2e0080
• https://www.debian.org/releases/stable/i386/apbs02.en.html#preseed-loading
• https://forums.fogproject.org/topic/10944/using-fog-to-pxe-boot-into-your-favorite-installer-images/27?lang=zh-CN

问题：magento2.4的站点，执行 bin/magento indexer:reindex 后，elastic search 报错。内容如下：

Catalog Search index process error during indexation process:
{"error":{"root_cause":[{"type":"cluster_block_exception","reason":"index [magento2_mazia_243_product_1_v45] blocked by: [TOO_MANY_REQUESTS/12/disk usage exceeded flood-stage watermark, index has read-only-allow-delete block];"}],"type":"cluster_block_exception","reason":"index [magento2_mazia_243_product_1_v45] blocked by: [TOO_MANY_REQUESTS/12/disk usage exceeded flood-stage watermark, index has read-only-allow-delete block];"},"status":429}

尝试：按网上说的，调整elastic search设置后就可以了：

curl -XPUT -H "Content-Type: application/json" http://localhost:9200/_cluster/settings -d '{ "transient": { "cluster.routing.allocation.disk.threshold_enabled": false } }'

curl -XPUT -H "Content-Type: application/json" http://localhost:9200/_all/_settings -d '{"index.blocks.read_only_allow_delete": null}'

参考：https://stackoverflow.com/questions/63689953/magento-2-4-reindex-issue-with-elasticsearch

环境：电信的线路，在内网的一台机子上安装了 iredmail 邮局
问题：邮局与腾讯的收发邮件，正常。但发自139.com的邮件，不能收到
现象：邮局中的日志有如下字样：

Aug  5 21:57:29 mail postfix/smtpd[22485]: connect from n169-113.mail.139.com[120.232.169.113]
Aug  5 21:57:29 mail postfix/smtpd[22485]: Anonymous TLS connection established from n169-113.mail.139.com[120.232.169.113]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Aug  5 21:57:29 mail postfix/smtpd[22485]: 4LznGd6ykCz9w4l: client=n169-113.mail.139.com[120.232.169.113]
Aug  5 21:59:27 mail postfix/anvil[21946]: statistics: max connection rate 1/60s for (smtpd:120.232.169.113) at Aug  5 21:49:27
Aug  5 21:59:27 mail postfix/anvil[21946]: statistics: max connection count 1 for (smtpd:120.232.169.113) at Aug  5 21:49:27
Aug  5 21:59:27 mail postfix/anvil[21946]: statistics: max cache size 1 at Aug  5 21:49:27
Aug  5 22:00:45 mail clamd[1737]: SelfCheck: Database status OK.
Aug  5 22:02:30 mail postfix/smtpd[22485]: timeout after DATA (0 bytes) from n169-113.mail.139.com[120.232.169.113]
Aug  5 22:02:30 mail postfix/smtpd[22485]: disconnect from n169-113.mail.139.com[120.232.169.113]

尝试：看起来，自建邮局能与139.com邮局的IP互访，但为什么自建邮局不能成功收信呢？

依照网上的帖子，这可能是因为内网的机子拨号后，以太网的默认的mtu 1500值显得大，需要调小以适合传送。

[root@mail ~]# ping -M do -s 1430 n169-113.mail.139.com
PING n169-113.mail.139.com (120.232.169.113) 1430(1458) bytes of data.
ping: local error: Message too long, mtu=1400
ping: local error: Message too long, mtu=1400
ping: local error: Message too long, mtu=1400

果然，将mtu调小到1400后，自建的邮局就可以成功从139.com收到邮件了。

参考：

• https://forum.howtoforge.com/threads/postfix-timeout-after-data-from-some-emails.39635/
• https://www.cyberciti.biz/faq/centos-rhel-redhat-fedora-debian-linux-mtu-size/

需求：配置有多个IP地址的机子，想让postfix用不同的IP地址发出邮件。

尝试：可以使用 postmulti 配置多个不同的postfix实例：每个实例使用自己的main.cf配置文件，在各实例的main.cf里绑定指定的IP地址。

参考：

• https://www.linuxbabe.com/mail-server/postfix-multiple-instances-ip-rotation-on-a-single-vps
• https://www.postfix.org/MULTI_INSTANCE_README.html