在 Ubuntu 22.04.1 上（AMD 3970x 处理器，64GB 内存（memtest86 通过），根文件系统有几 TB 可用空间，没有 SMART 错误），我按照这里的标准说明安装了社区版 mongodb 。在 systemd 中启动 mongod 时，它失败了，并显示以下journalctl -xe消息：

Apr 01 22:55:52 ganymede systemd[1]: Started MongoDB Database Server.
░░ Subject: A start job for unit mongod.service has finished successfully
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░ 
░░ A start job for unit mongod.service has finished successfully.
░░ 
░░ The job identifier is 9623.
Apr 01 22:55:52 ganymede sudo[427395]: pam_unix(sudo:session): session closed for user root
Apr 01 22:55:52 ganymede mongod[427399]: {"t":{"$date":"2025-04-02T05:55:52.613Z"},"s":"I",  "c":"CONTROL",  "id":7484500, "ctx":"main","msg":"Environment variable MONGODB_CONFIG_OVERRIDE_NOFORK == 1, overriding \"processManagem>
Apr 01 22:55:52 ganymede systemd[1]: mongod.service: Main process exited, code=exited, status=14/n/a
░░ Subject: Unit process exited
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░ 
░░ An ExecStart= process belonging to unit mongod.service has exited.
░░ 
░░ The process' exit code is 'exited' and its exit status is 14.
Apr 01 22:55:52 ganymede systemd[1]: mongod.service: Failed with result 'exit-code'.
░░ Subject: Unit failed
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░ 
░░ The unit mongod.service has entered the 'failed' state with result 'exit-code'.

同一次启动尝试的更多具体错误消息出现在 /var/log/mongodb/mongod.log-

{"t":{"$date":"2025-04-01T22:55:52.617-07:00"},"s":"I",  "c":"CONTROL",  "id":20698,   "ctx":"main","msg":"***** SERVER RESTARTED *****"}
{"t":{"$date":"2025-04-01T22:55:52.620-07:00"},"s":"I",  "c":"CONTROL",  "id":23285,   "ctx":"main","msg":"Automatically disabling TLS 1.0, to force-enable TLS 1.0 specify --sslDisabledProtocols 'none'"}
{"t":{"$date":"2025-04-01T22:55:52.620-07:00"},"s":"I",  "c":"CONTROL",  "id":5945603, "ctx":"main","msg":"Multi threading initialized"}
{"t":{"$date":"2025-04-01T22:55:52.621-07:00"},"s":"I",  "c":"NETWORK",  "id":4648601, "ctx":"main","msg":"Implicit TCP FastOpen unavailable. If TCP FastOpen is required, set at least one of the related parameters","attr":{"relatedParameters":["tcpFastOpenServer","tcpFastOpenClient","tcpFastOpenQueueSize"]}}
{"t":{"$date":"2025-04-01T22:55:52.621-07:00"},"s":"I",  "c":"NETWORK",  "id":4915701, "ctx":"main","msg":"Initialized wire specification","attr":{"spec":{"incomingExternalClient":{"minWireVersion":0,"maxWireVersion":25},"incomingInternalClient":{"minWireVersion":0,"maxWireVersion":25},"outgoing":{"minWireVersion":6,"maxWireVersion":25},"isInternalClient":true}}}
{"t":{"$date":"2025-04-01T22:55:52.632-07:00"},"s":"F",  "c":"ASSERT",   "id":23095,   "ctx":"main","msg":"Fatal assertion","attr":{"msgid":40475,"error":"FailedToParse: failed to parse time zone file for time zone identifier \"Asia/Riyadh87\": The version used in this timezone identifier is unsupported","file":"src/mongo/db/query/datetime/date_time_support.cpp","line":219}}
{"t":{"$date":"2025-04-01T22:55:52.632-07:00"},"s":"F",  "c":"ASSERT",   "id":23096,   "ctx":"main","msg":"\n\n***aborting after fassert() failure\n\n"}

这似乎表明 tzdata 包存在问题，因此我通过几种方式进行了检查-

• dpkg --verify tzdata # 没有错误或输出
• 检查apt日志，zgrep -i tzdata /var/log/apt/*.gz昨天（2025 年 3 月 31 日）有更新
• 检查利雅得 tzdata 文件，find /usr/share/zoneinfo|grep "Riyadh"|xargs -n 1 zdump -v没有错误消息，尽管其中有几条记录包含“NULL”，但不清楚这是否表示存在问题。

因此，我卸载了该版本（apt remove mongodb-org-server mongodb-org-shell mongodb-org-tools mongodb-org-mongos mongodb-org-database mongodb-org-database-tools-extra mongodb-mongosh mongodb-database-tools）

然后，我从社区版存档页面下载了 .deb 文件，安装了之前的版本，先后安装了 8.0.5、8.0.4、8.0.3、8.0.1 和 8.0.0。我一个个地安装、启动，检查是否失败——全部失败——/var/log/mongodb/mongod.log 中都出现了相同的错误：“FailedToParse: 无法解析时区标识符为“Asia/Riyadh87”的时区文件”。

这可能是“我的问题”，但 tzdata 中格式不受支持的时区文件不太可能进入 Ubuntu 的仓库，而不影响任何其他服务，也不会立即得到修补。不过，我之前在 Ubuntu 22.04 上遇到过 tzdata 问题，并能够通过 解决apt reinstall。

我更喜欢在裸机上运行服务，因此我付出了很多努力，如果有人能提供一些建议，我将不胜感激。现在，我会在 Docker 上启动 mongodb，然后咬紧牙关。

更新 - 安装 mongodb-server-org 会添加一个默认的 /etc/mongod.conf，其中包含 -

processManagement:
  timeZoneInfo: /usr/local/share/tzdb

我尝试过使用这些行和不使用这些行开始，没有区别，mongod 仍然扫描 Ubuntu 的内置 tzdb 并断言失败。

因此我下载了 tzdb并将其解压到 /usr/local/share/mytzdb，将 mongod.conf 指向该位置，然后启动 mongod - 没有结果，以同样的方式失败。

也许有一个环境变量被覆盖了？目前我在 Docker 下运行，没有问题。

哦，今天早上 Ubuntu 更新刷新了 tzdb，哈哈。不过 mongod 没修复。

我有两台通过 WireGuard 连接的服务器：一台本地服务器（server1，WireGuard IP 10.0.0.2）和一台云服务器（server0，WireGuard IP 10.0.0.1）。我的目标是将其用作server0网关来访问服务，server1而无需暴露本地服务器的公共 IP。例如，server1应该可以通过 SSH 访问server0:2222。

设置详细信息：

1. WireGuard 配置：

   • 隧道已正常运行（已通过 验证）。ssh -p 2222 [email protected]serve0r
   • server0并server1使用 iptables 转发流量。

2. IPTables 规则：

   • DNAT/MASQUERADE 规则：

# For TCP 
iptables -t nat -A PREROUTING -p tcp --dport 2222 -j DNAT --to-destination 10.0.0.2:2222 
iptables -t nat -A POSTROUTING -o wg0 -p tcp -d 10.0.0.2 --dport 2222 -j MASQUERADE

# For UDP (if needed) 
iptables -t nat -A PREROUTING -p udp --dport 2222 -j DNAT --to-destination 10.0.0.2:2222 
iptables -t nat -A POSTROUTING -o wg0 -p udp -d 10.0.0.2 --dport 2222 -j MASQUERADE 

2. • 当前 NAT 表：

Chain PREROUTING (policy ACCEPT)
target     prot opt source    destination         
DNAT       tcp  --  anywhere anywhere tcp dpt:2222 to:10.0.0.2:2222
DNAT       udp  --  anywhere anywhere udp dpt:2222 to:10.0.0.2:2222

Chain POSTROUTING (policy ACCEPT)
target        prot opt source      destination         
MASQUERADE    all  --  anywhere    anywhere            
MASQUERADE    all  --  anywhere    anywhere            
MASQUERADE    tcp  --  anywhere    10.0.0.2 tcp dpt:2222
MASQUERADE    udp  --  anywhere    10.0.0.2 udp dpt:2222

3. SSH 配置：

   • server1监听0.0.0.0:2222（已在 中确认sshd_config）。

4. 内核转发：

   • net.ipv4.ip_forward=1已启用并应用。

问题：

ssh -p 2222 user@<server0-public-ip>通过进行外部连接会导致连接被拒绝。但是，直接从 进行连接则server0可以10.0.0.2:2222。

故障排除完成：

1. 验证 WireGuard 连接（成功）。
2. 检查iptables -t nat规则（看起来正确）。
3. 已确认 SSH 正在监听server1。

疑似问题：

1. IPTables 过滤表：FORWARD即使在 NAT 规则之后，该链也可能阻止流量。
2. MASQUERADE 规则：冗余或配置错误的POSTROUTING规则。

问题：

1. 是否缺少允许接口之间（iptables例如到）流量的过滤规则（例如链）？FORWARDeth0wg0
2. 这些规则是否MASQUERADE正确处理返回流量的源 NAT？

任何见解都将不胜感激！

我们的一台服务器有时会与我们安装的存储设备失去连接，并且重新连接会失败。

内核日志指出：

CIFS: Attempting to mount //XXXX
No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3), from CIFS (SMB1). To use the less secure SMB1 dialect to access old server which do not support SMB3 (or SMB2.1) specify vers=1.0 on mount.

CIFS VFS: CIFS mount error: iocharset utf8 not found

iocharset /etc/fstab=utf8 已定义，因此需要它是有意义的。

我们遵循了以下答案：

https://askubuntu.com/questions/519796/unable-to-mount-cifs-with-iocharset-utf8

安装缺少的软件包后，我们可以再次连接到共享。

apt-install linux-modules-extra-$(uname -r)。

虽然上述方法暂时解决了这个问题，但几周后重新连接再次失败。也许这是服务器在其他软件包更新后第一次重新启动，我还没有能够正确地连接各个点。

从长远来看，我该如何修复字符集问题，而不需要每隔几周手动更新软件包？

输出LANG=C apt search linux-image |grep installed

linux-image-5.4.0-196-generic/focal-updates,focal-security,now 5.4.0-196.216 amd64 [installed,automatic]
linux-image-5.4.0-200-generic/focal-updates,focal-security,now 5.4.0-200.220 amd64 [installed,automatic]
linux-image-5.4.0-204-generic/focal-updates,focal-security,now 5.4.0-204.224 amd64 [installed,automatic]
linux-image-5.4.0-208-generic/focal-updates,focal-security,now 5.4.0-208.228 amd64 [installed,automatic]
linux-image-virtual/focal-updates,focal-security,now 5.4.0.208.204 amd64 [installed]

我有一台运行 ubuntu 的服务器，我有一张配置了 mtu 9000 的 10G 卡，而 NFS 服务器也有一张 10G 卡，并通过专用链路直接连接到服务器（中间没有交换机）。ubuntu 服务器具有以下设置

enp66s0f0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 9000
        inet 192.168.1.2  netmask 255.255.255.252  broadcast 192.168.1.3
        inet6 fe80::d65d:64ff:fe09:b66  prefixlen 64  scopeid 0x20<link>
        ether d4:5d:64:09:0b:66  txqueuelen 1000  (Ethernet)
        RX packets 3065123981  bytes 3717515096214 (3.7 TB)
        RX errors 1963997  dropped 0  overruns 1887746  frame 76251
        TX packets 2720860289  bytes 4802586105745 (4.8 TB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device interrupt 99  memory 0x20080800000-20080ffffff 

并且 nfs 服务器具有以下配置，

bnxt2: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 9000     options=4e527bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,
LRO,WOL_MAGIC,VLAN_HWFILTER,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6,HWSTATS,MEXTPG>
        ether 84:16:0c:aa:6b:32
        inet 192.168.1.1 netmask 0xfffffffc broadcast 192.168.1.3
        media: Ethernet autoselect (10GBase-CR1 <full-duplex>)
        status: active
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>

当我使用 dd 命令复制一些数据时，我得到来自 bmon 的以下信息，但无法获得 10G 连接，或者我不确定是否获得 10G 连接。请看一下并解释我是否以优化的方式利用了 10G。

尝试启动 generic/ubuntu18(20|22) 镜像并通过 ansible.builtin.user 模块在那里添加用户。一切正常，但用户并没有真正添加。为什么会这样？

Ansible：2.16.3

流浪者：2.4.3

主机操作系统：Ubuntu 24.04

  config.vm.define "ubuntu18" do |ubuntu18|
    ubuntu18.vm.box = "generic/ubuntu1804"

    ubuntu18.vm.boot_timeout = 600
    ubuntu18.vm.hostname = "ubuntu18"

    ubuntu18.vm.network :private_network, ip: "192.168.56.15"

    PLAYBOOKS = [
         "ansible/nix-local-users.yml",
    ]
    PLAYBOOKS.each do |playbook|
        ubuntu18.vm.provision "ansible" do |ansible|
          ansible.playbook = playbook
          ansible.verbose = "vvv"
          ansible.extra_vars = {
              target_host: "ubuntu18"
          }
        end
    end
  end

剧本如下：

---
- hosts: "{{ target_host }}"
  connection: local
  become: yes
  become_user: root
  become_method: sudo
  tasks:
    - name: Create a local nix users
      ansible.builtin.user:
        name: "{{ item.login }}"
        password: "*"
        state: present
#        password: "{{ item.password | password_hash('sha512') }}"
        create_home: yes
      with_items:
        - { login: 'LocalUser1', password: '1Passw0rd@' }
        - { login: 'LocalUser2', password: '2Passw0rd@' }
        - { login: 'LocalUser3', password: '3Passw0rd@' }

运行“vagrant up ubuntu18”时我得到了这个输出。

Bringing machine 'ubuntu18' up with 'virtualbox' provider...
==> ubuntu18: Importing base box 'generic/ubuntu1804'...
==> ubuntu18: Matching MAC address for NAT networking...
==> ubuntu18: Setting the name of the VM: test_ubuntu18_1737979065436_47140
==> ubuntu18: Fixed port collision for 22 => 2222. Now on port 2200.
==> ubuntu18: Clearing any previously set network interfaces...
==> ubuntu18: Preparing network interfaces based on configuration...
    ubuntu18: Adapter 1: nat
    ubuntu18: Adapter 2: hostonly
==> ubuntu18: Forwarding ports...
    ubuntu18: 22 (guest) => 2200 (host) (adapter 1)
==> ubuntu18: Running 'pre-boot' VM customizations...
==> ubuntu18: Booting VM...
==> ubuntu18: Waiting for machine to boot. This may take a few minutes...
    ubuntu18: SSH address: 127.0.0.1:2200
    ubuntu18: SSH username: vagrant
    ubuntu18: SSH auth method: private key
    ubuntu18: 
    ubuntu18: Vagrant insecure key detected. Vagrant will automatically replace
    ubuntu18: this with a newly generated keypair for better security.
    ubuntu18: 
    ubuntu18: Inserting generated public key within guest...
    ubuntu18: Removing insecure key from the guest if it's present...
    ubuntu18: Key inserted! Disconnecting and reconnecting using new SSH key...
==> ubuntu18: Machine booted and ready!
==> ubuntu18: Checking for guest additions in VM...
    ubuntu18: The guest additions on this VM do not match the installed version of
    ubuntu18: VirtualBox! In most cases this is fine, but in rare cases it can
    ubuntu18: prevent things such as shared folders from working properly. If you see
    ubuntu18: shared folder errors, please make sure the guest additions within the
    ubuntu18: virtual machine match the version of VirtualBox you have installed on
    ubuntu18: your host and reload your VM.
    ubuntu18: 
    ubuntu18: Guest Additions Version: 5.2.42
    ubuntu18: VirtualBox Version: 7.0
==> ubuntu18: Setting hostname...
==> ubuntu18: Configuring and enabling network interfaces...
==> ubuntu18: Running provisioner: ansible...
    ubuntu18: Running ansible-playbook...
PYTHONUNBUFFERED=1 ANSIBLE_FORCE_COLOR=true ANSIBLE_HOST_KEY_CHECKING=false ANSIBLE_SSH_ARGS='-o UserKnownHostsFile=/dev/null -o IdentitiesOnly=yes -o ControlMaster=auto -o ControlPersist=60s' ansible-playbook --connection=ssh --timeout=30 --limit="ubuntu18" --inventory-file=/test/.vagrant/provisioners/ansible/inventory --extra-vars=\{\"target_host\":\"ubuntu18\"\} -vvv ansible/nix-local-users.yml
ansible-playbook [core 2.17.7]
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/home/study/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3/dist-packages/ansible
  ansible collection location = /home/study/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/bin/ansible-playbook
  python version = 3.12.3 (main, Jan 17 2025, 18:03:48) [GCC 13.3.0] (/usr/bin/python3)
  jinja version = 3.1.2
  libyaml = True
Using /etc/ansible/ansible.cfg as config file
host_list declined parsing /test/.vagrant/provisioners/ansible/inventory/vagrant_ansible_inventory as it did not pass its verify_file() method
script declined parsing /test/.vagrant/provisioners/ansible/inventory/vagrant_ansible_inventory as it did not pass its verify_file() method
auto declined parsing /test/.vagrant/provisioners/ansible/inventory/vagrant_ansible_inventory as it did not pass its verify_file() method
Parsed /test/.vagrant/provisioners/ansible/inventory/vagrant_ansible_inventory inventory source with ini plugin
Skipping callback 'default', as we already have a stdout callback.
Skipping callback 'minimal', as we already have a stdout callback.
Skipping callback 'oneline', as we already have a stdout callback.

PLAYBOOK: nix-local-users.yml **************************************************
1 plays in ansible/nix-local-users.yml

PLAY [ubuntu18] ****************************************************************

TASK [Gathering Facts] *********************************************************
task path: /test/ansible/nix-local-users.yml:2
<127.0.0.1> ESTABLISH LOCAL CONNECTION FOR USER: study
<127.0.0.1> EXEC /bin/sh -c 'echo ~study && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/study/.ansible/tmp `"&& mkdir "` echo /home/study/.ansible/tmp/ansible-tmp-1737979102.1509817-523943-230847070365236 `" && echo ansible-tmp-1737979102.1509817-523943-230847070365236="` echo /home/study/.ansible/tmp/ansible-tmp-1737979102.1509817-523943-230847070365236 `" ) && sleep 0'
<ubuntu18> Attempting python interpreter discovery
<127.0.0.1> EXEC /bin/sh -c 'echo PLATFORM; uname; echo FOUND; command -v '"'"'python3.12'"'"'; command -v '"'"'python3.11'"'"'; command -v '"'"'python3.10'"'"'; command -v '"'"'python3.9'"'"'; command -v '"'"'python3.8'"'"'; command -v '"'"'python3.7'"'"'; command -v '"'"'/usr/bin/python3'"'"'; command -v '"'"'python3'"'"'; echo ENDFOUND && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '/usr/bin/python3.12 && sleep 0'
<ubuntu18> Python interpreter discovery fallback (unsupported Linux distribution: ubuntu)
Using module file /usr/lib/python3/dist-packages/ansible/modules/setup.py
<127.0.0.1> PUT /home/study/.ansible/tmp/ansible-local-5239273kodvnsp/tmpxuv0pdbw TO /home/study/.ansible/tmp/ansible-tmp-1737979102.1509817-523943-230847070365236/AnsiballZ_setup.py
<127.0.0.1> EXEC /bin/sh -c 'chmod u+x /home/study/.ansible/tmp/ansible-tmp-1737979102.1509817-523943-230847070365236/ /home/study/.ansible/tmp/ansible-tmp-1737979102.1509817-523943-230847070365236/AnsiballZ_setup.py && sleep 0'
<127.0.0.1> EXEC /bin/sh -c 'sudo -H -S -n  -u root /bin/sh -c '"'"'echo BECOME-SUCCESS-cgihllizftbsohvxjezexndfhosuwwji ; /usr/bin/python3.12 /home/study/.ansible/tmp/ansible-tmp-1737979102.1509817-523943-230847070365236/AnsiballZ_setup.py'"'"' && sleep 0'
<127.0.0.1> EXEC /bin/sh -c 'rm -f -r /home/study/.ansible/tmp/ansible-tmp-1737979102.1509817-523943-230847070365236/ > /dev/null 2>&1 && sleep 0'
[WARNING]: Platform linux on host ubuntu18 is using the discovered Python
interpreter at /usr/bin/python3.12, but future installation of another Python
interpreter could change the meaning of that path. See
https://docs.ansible.com/ansible-
core/2.17/reference_appendices/interpreter_discovery.html for more information.
ok: [ubuntu18]

TASK [Create a local nix users] ************************************************
task path: /test/ansible/nix-local-users.yml:10
<127.0.0.1> ESTABLISH LOCAL CONNECTION FOR USER: study
<127.0.0.1> EXEC /bin/sh -c 'echo ~study && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/study/.ansible/tmp `"&& mkdir "` echo /home/study/.ansible/tmp/ansible-tmp-1737979102.789001-524110-46585659397742 `" && echo ansible-tmp-1737979102.789001-524110-46585659397742="` echo /home/study/.ansible/tmp/ansible-tmp-1737979102.789001-524110-46585659397742 `" ) && sleep 0'
Using module file /usr/lib/python3/dist-packages/ansible/modules/user.py
<127.0.0.1> PUT /home/study/.ansible/tmp/ansible-local-5239273kodvnsp/tmpv012owpg TO /home/study/.ansible/tmp/ansible-tmp-1737979102.789001-524110-46585659397742/AnsiballZ_user.py
<127.0.0.1> EXEC /bin/sh -c 'chmod u+x /home/study/.ansible/tmp/ansible-tmp-1737979102.789001-524110-46585659397742/ /home/study/.ansible/tmp/ansible-tmp-1737979102.789001-524110-46585659397742/AnsiballZ_user.py && sleep 0'
<127.0.0.1> EXEC /bin/sh -c 'sudo -H -S -n  -u root /bin/sh -c '"'"'echo BECOME-SUCCESS-mleatpfjsqwveasahcifudyghhrkuzwq ; /usr/bin/python3.12 /home/study/.ansible/tmp/ansible-tmp-1737979102.789001-524110-46585659397742/AnsiballZ_user.py'"'"' && sleep 0'
<127.0.0.1> EXEC /bin/sh -c 'rm -f -r /home/study/.ansible/tmp/ansible-tmp-1737979102.789001-524110-46585659397742/ > /dev/null 2>&1 && sleep 0'
ok: [ubuntu18] => (item={'login': 'LocalUser1', 'password': '1Passw0rd@'}) => {
    "ansible_loop_var": "item",
    "append": false,
    "changed": false,
    "comment": "",
    "group": 1002,
    "home": "/home/LocalUser1",
    "invocation": {
        "module_args": {
            "append": false,
            "authorization": null,
            "comment": null,
            "create_home": true,
            "expires": null,
            "force": false,
            "generate_ssh_key": null,
            "group": null,
            "groups": null,
            "hidden": null,
            "home": null,
            "local": null,
            "login_class": null,
            "move_home": false,
            "name": "LocalUser1",
            "non_unique": false,
            "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
            "password_expire_max": null,
            "password_expire_min": null,
            "password_expire_warn": null,
            "password_lock": null,
            "profile": null,
            "remove": false,
            "role": null,
            "seuser": null,
            "shell": null,
            "skeleton": null,
            "ssh_key_bits": 0,
            "ssh_key_comment": "ansible-generated on Dev",
            "ssh_key_file": null,
            "ssh_key_passphrase": null,
            "ssh_key_type": "rsa",
            "state": "present",
            "system": false,
            "uid": null,
            "umask": null,
            "update_password": "always"
        }
    },
    "item": {
        "login": "LocalUser1",
        "password": "1Passw0rd@"
    },
    "move_home": false,
    "name": "LocalUser1",
    "password": "NOT_LOGGING_PASSWORD",
    "shell": "/bin/sh",
    "state": "present",
    "uid": 1002
}
<127.0.0.1> EXEC /bin/sh -c 'echo ~study && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/study/.ansible/tmp `"&& mkdir "` echo /home/study/.ansible/tmp/ansible-tmp-1737979102.9724927-524110-48708649402064 `" && echo ansible-tmp-1737979102.9724927-524110-48708649402064="` echo /home/study/.ansible/tmp/ansible-tmp-1737979102.9724927-524110-48708649402064 `" ) && sleep 0'
Using module file /usr/lib/python3/dist-packages/ansible/modules/user.py
<127.0.0.1> PUT /home/study/.ansible/tmp/ansible-local-5239273kodvnsp/tmp4tqlyxfh TO /home/study/.ansible/tmp/ansible-tmp-1737979102.9724927-524110-48708649402064/AnsiballZ_user.py
<127.0.0.1> EXEC /bin/sh -c 'chmod u+x /home/study/.ansible/tmp/ansible-tmp-1737979102.9724927-524110-48708649402064/ /home/study/.ansible/tmp/ansible-tmp-1737979102.9724927-524110-48708649402064/AnsiballZ_user.py && sleep 0'
<127.0.0.1> EXEC /bin/sh -c 'sudo -H -S -n  -u root /bin/sh -c '"'"'echo BECOME-SUCCESS-bcaxqjzbaqhsvieolltmbltywjjyhyke ; /usr/bin/python3.12 /home/study/.ansible/tmp/ansible-tmp-1737979102.9724927-524110-48708649402064/AnsiballZ_user.py'"'"' && sleep 0'
<127.0.0.1> EXEC /bin/sh -c 'rm -f -r /home/study/.ansible/tmp/ansible-tmp-1737979102.9724927-524110-48708649402064/ > /dev/null 2>&1 && sleep 0'
ok: [ubuntu18] => (item={'login': 'LocalUser2', 'password': '2Passw0rd@'}) => {
    "ansible_loop_var": "item",
    "append": false,
    "changed": false,
    "comment": "",
    "group": 1003,
    "home": "/home/LocalUser2",
    "invocation": {
        "module_args": {
            "append": false,
            "authorization": null,
            "comment": null,
            "create_home": true,
            "expires": null,
            "force": false,
            "generate_ssh_key": null,
            "group": null,
            "groups": null,
            "hidden": null,
            "home": null,
            "local": null,
            "login_class": null,
            "move_home": false,
            "name": "LocalUser2",
            "non_unique": false,
            "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
            "password_expire_max": null,
            "password_expire_min": null,
            "password_expire_warn": null,
            "password_lock": null,
            "profile": null,
            "remove": false,
            "role": null,
            "seuser": null,
            "shell": null,
            "skeleton": null,
            "ssh_key_bits": 0,
            "ssh_key_comment": "ansible-generated on Dev",
            "ssh_key_file": null,
            "ssh_key_passphrase": null,
            "ssh_key_type": "rsa",
            "state": "present",
            "system": false,
            "uid": null,
            "umask": null,
            "update_password": "always"
        }
    },
    "item": {
        "login": "LocalUser2",
        "password": "2Passw0rd@"
    },
    "move_home": false,
    "name": "LocalUser2",
    "password": "NOT_LOGGING_PASSWORD",
    "shell": "/bin/sh",
    "state": "present",
    "uid": 1003
}
<127.0.0.1> EXEC /bin/sh -c 'echo ~study && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/study/.ansible/tmp `"&& mkdir "` echo /home/study/.ansible/tmp/ansible-tmp-1737979103.0961325-524110-27042937232436 `" && echo ansible-tmp-1737979103.0961325-524110-27042937232436="` echo /home/study/.ansible/tmp/ansible-tmp-1737979103.0961325-524110-27042937232436 `" ) && sleep 0'
Using module file /usr/lib/python3/dist-packages/ansible/modules/user.py
<127.0.0.1> PUT /home/study/.ansible/tmp/ansible-local-5239273kodvnsp/tmpk4vulkhv TO /home/study/.ansible/tmp/ansible-tmp-1737979103.0961325-524110-27042937232436/AnsiballZ_user.py
<127.0.0.1> EXEC /bin/sh -c 'chmod u+x /home/study/.ansible/tmp/ansible-tmp-1737979103.0961325-524110-27042937232436/ /home/study/.ansible/tmp/ansible-tmp-1737979103.0961325-524110-27042937232436/AnsiballZ_user.py && sleep 0'
<127.0.0.1> EXEC /bin/sh -c 'sudo -H -S -n  -u root /bin/sh -c '"'"'echo BECOME-SUCCESS-xyazghqxggmfaljuxketsxytgkcbtwuk ; /usr/bin/python3.12 /home/study/.ansible/tmp/ansible-tmp-1737979103.0961325-524110-27042937232436/AnsiballZ_user.py'"'"' && sleep 0'
<127.0.0.1> EXEC /bin/sh -c 'rm -f -r /home/study/.ansible/tmp/ansible-tmp-1737979103.0961325-524110-27042937232436/ > /dev/null 2>&1 && sleep 0'
ok: [ubuntu18] => (item={'login': 'LocalUser3', 'password': '3Passw0rd@'}) => {
    "ansible_loop_var": "item",
    "append": false,
    "changed": false,
    "comment": "",
    "group": 1004,
    "home": "/home/LocalUser3",
    "invocation": {
        "module_args": {
            "append": false,
            "authorization": null,
            "comment": null,
            "create_home": true,
            "expires": null,
            "force": false,
            "generate_ssh_key": null,
            "group": null,
            "groups": null,
            "hidden": null,
            "home": null,
            "local": null,
            "login_class": null,
            "move_home": false,
            "name": "LocalUser3",
            "non_unique": false,
            "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
            "password_expire_max": null,
            "password_expire_min": null,
            "password_expire_warn": null,
            "password_lock": null,
            "profile": null,
            "remove": false,
            "role": null,
            "seuser": null,
            "shell": null,
            "skeleton": null,
            "ssh_key_bits": 0,
            "ssh_key_comment": "ansible-generated on Dev",
            "ssh_key_file": null,
            "ssh_key_passphrase": null,
            "ssh_key_type": "rsa",
            "state": "present",
            "system": false,
            "uid": null,
            "umask": null,
            "update_password": "always"
        }
    },
    "item": {
        "login": "LocalUser3",
        "password": "3Passw0rd@"
    },
    "move_home": false,
    "name": "LocalUser3",
    "password": "NOT_LOGGING_PASSWORD",
    "shell": "/bin/sh",
    "state": "present",
    "uid": 1004
}

PLAY RECAP *********************************************************************
ubuntu18                   : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

为什么这里的 ok=2？有 3 个用户，而不是 2 个。当我通过 ssh 访问机器时，我在 /etc/passwd、/etc/shadow 中看不到用户，也看不到新的主目录。

在我的 Ubuntu 24.04 上，我创建了一个实验性的 Docker 文件，用于安装ejabberd：

FROM ubuntu:24.04

RUN apt update
RUN apt -y install apt-utils
RUN apt -y install locales
RUN apt -y install nano

# Set the locale
RUN locale-gen en_US.UTF-8
ENV LANG=en_US.UTF-8
ENV LANGUAGE=en_US:en
ENV LC_ALL=en_US.UTF-8

RUN apt -y install openssl

RUN apt -y install ejabberd

构建并运行

sudo docker build -t u24jabber .
sudo docker run -it --rm --name jabber -p 5280:5280 -p 5222:5222 -p 5269:5269 u24jabber

然后在docker容器内运行

ejabberdctl status

并收到以下错误：

Failed RPC connection to the node ejabberd@localhost: nodedown

我的第一个猜测是ejabberd没有运行，我尝试过

ejabberdctl start

在docker容器里面，但是没有帮助。

我也尝试添加

CMD ["ejabberdctl", "foreground"]

到Docker 文件，但没有成功并且telnet 172.17.0.2 5280没有连接。

ejabberd在默认配置下运行的最小 Dockerfile 是什么？

最近我尝试使用 postfix SNI 为多个域设置多个 SSL。（Dovecot 保持不变）。现在我收到 TLS 错误（var/etc/mail.log）：

Jan 22 22:06:17 2099047-cg00264 postfix/smtpd[138223]: connect from unknown[46.39.58.24]
Jan 22 22:06:17 2099047-cg00264 postfix/smtpd[138223]: warning: table hash:/etc/postfix/vmail_ssl.map.db: key history.tor: malformed BASE64 value: /FakeSSL/history.tor/history.t
Jan 22 22:06:17 2099047-cg00264 postfix/smtpd[138223]: warning: tls_server_sni_maps: history.tor map lookup problem
Jan 22 22:06:17 2099047-cg00264 postfix/smtpd[138223]: SSL_accept error from unknown[46.39.58.24]: -1
Jan 22 22:06:17 2099047-cg00264 postfix/smtpd[138223]: warning: TLS library problem: error:0A0000EA:SSL routines::callback failed:../ssl/statem/extensions.c:1000:
Jan 22 22:06:17 2099047-cg00264 postfix/smtpd[138223]: lost connection after STARTTLS from unknown[46.39.58.24]
Jan 22 22:06:17 2099047-cg00264 postfix/smtpd[138223]: disconnect from unknown[46.39.58.24] ehlo=1 starttls=0/1 commands=1/2

我的 postfix main.conf：

# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 3.6 on
# fresh installs.
compatibility_level = 3.6


smtpd_use_tls = yes
# TLS parameters
smtpd_tls_cert_file=/OtherSSL/mishkin.ml/mishkin.ml.chain.pem
smtpd_tls_key_file=/OtherSSL/mishkin.ml/mishkin.ml.priv.key
smtpd_tls_security_level=may

#smtp_tls_CApath=/OtherSSL/CA
smtp_tls_security_level=may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

smtpd_tls_auth_only = yes
smtpd_tls_wrappermode = no
smtpd_tls_mandatory_ciphers = high

tls_server_sni_maps = hash:/etc/postfix/vmail_ssl.map
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = mishkin.ml
mydomain = mishkin.ml
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = $myhostname, mishkin.ml, 2099047-cg00264.twc1.net, localhost.twc1.net, localhost, history.tor
virtual_alias_domains = mishkin.ml, history.tor
virtual_alias_maps = hash:/etc/postfix/virtual
relayhost = 
mynetworks = 90.156.226.142/32
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all

vmail_ssl.映射：

mishkin.ml /OtherSSL/mishkin.ml/mishkin.ml.chain.pem /OtherSSL/mishkin.ml/mishkin.ml.priv.key
history.tor /FakeSSL/history.tor/history.tor.chain.pem /FakeSSL/history.tor/history.tor.priv.key

SSL 是使用https://github.com/Vinalti/Self-Signed-Certificates-Generator创建的

1. 尝试将两个 smtpd_tls 文件替换为 smtpd_tls_chain_files 参数
2. 将 Postfix 移至 25 端口（是的，从 587 移至 25）
3. 遵循其他 SNI 设置说明
4. 尝试通过 openssl 获取证书，而不是那个脚本

我有 ubuntu 24.04，并且我正在使用 IPv6 提供某些服务，但我不需要它来进行 ssh 访问，这就是为什么我试图在 ssh 服务上禁用它，但是，将地址系列指定为“inet”不再像在 ubuntu 22.04 中那样有效，我是否遗漏了什么？此外，我尝试在 /etc/ssh/sshd_config.d/ 中为此创建一个完全独立的配置文件，但没有成功。

在 ubuntu 22.04 中，我需要添加的只是在 sshd_config 中添加两行（每次都有效）：AddressFamily inet

监听地址 0.0.0.0

<Location /server-status>
        SetHandler server-status
        Require local
</Location>

# Keep track of extended status information for each request
ExtendedStatus On

这是我的 /etc/apache2/mods-enabled/status.conf

显然，当我尝试从家里的电脑访问它时，它会失败，但如果我添加“全部允许”并删除“需要本地”，然后转到/server-status，它会显示 Wordpress 404 页面，这很奇怪。

我不完全确定我需要做哪些更改才能使其显示真正的 mod_status 页面而不是 Wordpress 404 页面。

如果您需要任何额外的信息，请告诉我。

我有一个由第三方设置的裸机 Ubuntu 服务器。它运行专有服务。没有关于正在运行什么以及如何运行的适当文档。

我必须将此服务器重新用于另一项服务，即运行新服务的带有 Docker 容器的 Ubuntu 服务器。

我需要运行之前在裸机服务器上运行的专有服务。我还需要在容器中运行它，以便于部署和管理。

我不确定如何将 Ubuntu 服务器移动到容器。

我知道这不是“Docker 方式”来实现这一点。

我发现的一种方法是从头开始创建一个映像并传输除以下文件夹之外的文件系统：/proc、/sys、/dev、/tmp、/mnt、/media、/run、/boot 和 /swapfile

FROM scratch
ADD folders-to-transfer.tar.gz /
CMD ["/bin/bash"]

这是正确的方法吗？

其他人建议使用虚拟机，但这听起来有点小题大做。