Merge remote-tracking branch 'LCTT/master'

2025-03-24 02:20:09 +08:00 · 2018-12-14 16:26:11 +08:00 · 2018-12-14 16:26:11 +08:00 · 776467064d
commit 776467064d
parent 7c1e277b43 a47e4052f5
6 changed files with 625 additions and 32 deletions
--- a/translated/tech/20181204
+++ b/translated/tech/20181204
@ -1,34 +1,35 @@
 [#]: collector: (lujun9972)
 [#]: translator: (heguangzhi)
-[#]: reviewer: ( )
-[#]: publisher: ( )
+[#]: reviewer: (wxy)
+[#]: publisher: (wxy)
 [#]: subject: (Have a cow at the Linux command line)
 [#]: via: (https://opensource.com/article/18/12/linux-toy-cowsay)
 [#]: author: (Jason Baker https://opensource.com/users/jason-baker)
-[#]: url: ( )
+[#]: url: (https://linux.cn/article-10346-1.html)


-在Linux命令行上拥有一头奶牛
+在 Linux 命令行上拥有一头奶牛
 ======

-使用 cowsay 实用程序将牛的声音带到你的终端输出。
+> 使用 cowsay 实用程序将牛的话语带到你的终端输出。

 ![](https://opensource.com/sites/default/files/styles/image-full-size/public/uploads/linux-toy-cowsay.png?itok=RA4NDbrY)

 欢迎来到 Linux 命令行玩具第四天。如果这是你第一次访问这个系列，你可能会问自己，什么是命令行玩具。我们也在考虑这一点，但是一般来说，这可能是一个游戏，或者任何简单的娱乐，可以帮助你在终端玩得开心。

-你们中的一些人以前会看过我们日历上的各种选项，但是我们希望每个人都至少有一个新的选项。因为几乎所有我提到这个系列的人都已经问过我了，今天的选项是必须的。
+你们中的一些人会见过我们之前的选中的各种玩具，但是我们希望至少有一个对每个人来说都是新的。因为几乎所有我告诉他这个系列的人都已经问过它了，所以今天的选中的玩具是必须提及的。

-你不认为我们会在不提及 cowsay 的情况下完成这个系列，是吗？ 
+你也不会认为我们会在不提及 `cowsay` 的情况下完成这个系列，对吧？ 

-Cowsey 是一个神奇的实用程序，它将文本作为ASCII艺术牛的口语文本输出。
+`cowsay` 是一个神奇的实用程序，它将文本作为 ASCII 艺术牛的讲话文本输出。

-你可能会发现 cowsey 打包在你的默认存储库中，甚至可能已经安装了。对我来说，在 Fedora,像这样安装:
+你可能会发现 `cowsey` 打包在你的默认存储库中，甚至可能已经安装了。对我来说，在 Fedora，像这样安装:

 ```
 $ sudo dnf install -y cowsay
 ```
-然后，用 cowsey 调用它，然后是你的消息。也许你想到昨天我们谈到的 [幸运][1] [应用][1]。 
+
+然后，用 `cowsey` 调用它，然后是你的消息。也许你想到昨天我们谈到的 [fortune 应用][1] 连接起来。 

 ```
 $ fortune | cowsay
@ -43,7 +44,7 @@ $ fortune | cowsay
                 ||     ||
 ```

-就这样！**CowSay** 几乎没有变化，称为 cow 文件，通常可以在 **/usr/share/cowsay** ，要查看系统上可用的 cow 文件选项，请在 cowsay 之后使用 **-l** 。然后，用 **-f** 试试其中之一。 
+就这样！`cowsay` 还有点小变体，称为 cow 文件，通常可以在 `/usr/share/cowsay` 找到 ，要查看系统上可用的 cow 文件，请在 `cowsay` 之后使用 `-l` 。然后，用 `-f` 试试其中之一。 

 ```
 $ cowsay -f dragon "Run for cover, I feel a sneeze coming on."
@ -68,10 +69,10 @@ $ cowsay -f dragon "Run for cover, I feel a sneeze coming on."
                ///-._ _ _ _ _ _ _}^ - - - - ~                     ~-- ,.-~
                                                                   /.-~
 ```
-我对 **cowsay** 的真正不满是，我今天没有足够的时间来为牛的挤奶。牛排太高了，我可能会开个玩笑。 

-更严重的是，我已经完全忘记了 **cowsay** 直到我在学习可翻译的剧本时再次遇到它。如果你碰巧安装了 **cowyay**，当你运行脚本时，你会从一系列奶牛身上获得产出。例如，运行本脚本:
+我对 `cowsay` 的真正不满是，我今天没有足够的时间来为牛的挤奶 —— 一语双关。牛排价格太高了，我只是开个玩笑。 

+更严重的是，我已经完全忘记了 `cowsay` 直到我在学习 Ansible 的剧本时再次遇到它。如果你碰巧安装了 `cowyay`，当你运行Ansible 的剧本时，你会从一队奶牛那里获得输出。例如，运行这个剧本：

 ```
 - hosts:
@ -79,7 +80,8 @@ $ cowsay -f dragon "Run for cover, I feel a sneeze coming on."
   tasks:
     - action: ping
 ```
-可能会给你以下信息:
+
+可能会给你以下信息：

 ```
 $ ansible-playbook playbook.yml
@ -123,14 +125,14 @@ ok: [localhost]

 localhost                  : ok=2    changed=0    unreachable=0    failed=0  
 ```
-**Cowsay** 在GPLV3许可证下可用，您可以在 GitHub 上找到 Perl [源代码][2]。我也见过其他语言的版本，所以看看其他变体；例如，这是 [R语言][3] 。用你选择的语言实现你自己的版本可能是一项有趣的编程学习任务。 

-Now that **cowsay** is out of the way, we can move on to greener pastures.
-既然 **cowsay** 不碍事了，我们可以去更绿色的牧场了。
+`cowsay`  在 GPLv3 许可证下可用，您可以在 GitHub 上找到 它的 Perl [源代码][2]。我也见过其他语言的版本，所以可以看看其他变体；例如，这是 [R 语言版][3]。用你选择的语言实现你自己的版本可能是一项有趣的编程学习任务。 

-你有最喜欢的命令行玩具吗，你认为我应该对它进行分析？这个系列的日历大部分都填好了，但我还有一些地方。在下面的评论中让我知道，梦幻篮球来看看。如果有空间，梦幻篮球会尝试把它包括进去。如果没有，但是我收到了一些好的意见书，梦幻篮球在结尾做了一个荣誉提名的总结。
+既然讲完了 `cowsay`，我们可以去更绿色的牧场了。

-看看昨天的玩具，[如何给你的Linux终端带来好运][1]，明天再来看看另一个！
+你有希望我来介绍的喜欢的命令行玩具吗？这个系列的排期大部分都填好了，但我还有一些空位方。在下面的评论中让我知道，我会来看看。如果有空间，我会尝试把它包括进去。如果没有，但是我收到了一些好的意见，我在结尾提及。
+
+看看昨天的玩具，[如何给你的 Linux 终端带来好运][1]，明天再来看看另一个！

 --------------------------------------------------------------------------------

@ -139,7 +141,7 @@ via: https://opensource.com/article/18/12/linux-toy-cowsay
 作者：[Jason Baker][a]
 选题：[lujun9972][b]
 译者：[heguangzhi](https://github.com/heguangzhi)
-校对：[校对者ID](https://github.com/校对者ID)
+校对：[wxy](https://github.com/wxy)

 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出

--- a/sources/talk/20180623
+++ b/sources/talk/20180623
@ -1,3 +1,6 @@
+Translating by wwhio
+
+
 The IBM 029 Card Punch
 ======
 Lines of code longer than 80 characters drive me crazy. I appreciate that this is pedantic. I’ve seen people on the internet make good arguments for why the 80-character limit ought to be respected even on our modern Retina-display screens, but those arguments hardly justify the visceral hatred I feel for even that one protruding 81st character.
--- a/sources/tech/20181210
+++ b/sources/tech/20181210
@ -1,11 +1,12 @@
 [#]: collector: (lujun9972)
-[#]: translator: ( )
+[#]: translator: (LazyWolfLin)
 [#]: reviewer: ( )
 [#]: publisher: ( )
 [#]: url: ( )
 [#]: subject: (How to Update Ubuntu [Terminal & GUI Methods] It's FOSS)
 [#]: via: (https://itsfoss.com/update-ubuntu/)
 [#]: author: (Abhishek Prakash https://itsfoss.com/author/abhishek/)
+Translating by LazyWolfLin

 How to Update Ubuntu [Terminal & GUI Methods] It's FOSS
 ======
--- a/sources/tech/20181212
+++ b/sources/tech/20181212
@ -0,0 +1,133 @@
+[#]: collector: (lujun9972)
+[#]: translator: ( )
+[#]: reviewer: ( )
+[#]: publisher: ( )
+[#]: url: ( )
+[#]: subject: (Aliases: DIY Shell Commands)
+[#]: via: (https://www.linux.com/blog/learn/2018/12/aliases-diy-shell-commands)
+[#]: author: (Paul Brown https://www.linux.com/users/bro66)
+
+Aliases: DIY Shell Commands
+======
+
+![](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/jodi-mucha-540841-unsplash.jpg?itok=n1d1VDUV)
+
+Aliases, in the context of the Linux shell, are **commands you build yourself** by packing them with combinations of other instructions that are too long or too hard to remember.
+
+You create an alias by using the word `alias`, then the name of the command you want to create, an equal sign (`=`), and then the Bash command(s) you want your alias to run. For example, `ls` in its base form does not colorize its output, making it difficult to distinguish between directories, files, and links. You can build a new command that shows colors by making an alias like this:
+
+```
+alias lc='ls --color=auto'
+```
+
+where `lc` is the name you have picked for your new command. When creating aliases, be sure to check that the name you picked isn't already in use, or you may override an existing command. In this case, `lc` stands for "list (with) color". Notice there is no space in front of or behind the `=`. Finally, you have the regular Bash command(s) you want to run when `lc` is executed. In this case, the `ls` command with the `--color` option.
+
+After defining your alias, every time you type `lc`, the contents of the current directory will be shown in color.
+
+But, you may think, "my `ls` command already lists files in different colors!" That is because most Linux distros come with some aliases already set up for you.
+
+### Aliases you (probably) already have
+
+Indeed, you can use the `alias` instruction without any options to see what aliases you already have. These will vary by distro, but some typical preset aliases are:
+
+  * `alias ls='ls --color=auto'`: You already saw this one above. The `auto` modifier of the `--color` option tells `ls` to use color when standard output is connected to a terminal. That is, the output of `ls` is going to show up in a terminal window or a text screen, instead of, say, being piped to a file. Other alternatives for `--color` are `always` and `never`.
+  * `alias cp='cp -i'`: The `-i` option stands for _interactive_. Sometimes, when you use `cp` you may inadvertently overwrite an existing file. By using the `-i`, `cp` will ask you before clobbering anything.
+  * `alias free='free -m'`: Using `-m` with `free`you can see how much free memory you have and how much your applications are using in megabytes instead of the default bytes. This makes the output of `free` easier to read for a human.
+
+
+
+There may be more (or less, or even none), but regardless of what your distribution comes with, you can always use the base form (vs. the aliased form) of a command with the `\` modifier. For example:
+
+```
+\free
+```
+
+will execute `free` without the `-m` option, and
+
+```
+\ls
+```
+
+will execute `ls` without the `--color=auto` option.
+
+If you want to get rid or modify the preset aliases forever, note that they live in the global _.bashrc_ file which hangs out in [our old haunt, the _/etc/skel_ directory][1].
+
+### Aliases for muscle memory
+
+Distro designers try their best to predict which aliases are going to be useful for you. But every user is different and comes from a different background. If you are new to GNU+Linux, it may be because you are coming from another system, and the basic commands vary from shell to shell. If you come from a Windows/MS-DOS background, you may want to define an alias like
+
+```
+alias dir='ls'
+```
+
+to list files or directories.
+
+Likewise,
+
+```
+alias copy='cp'
+alias move='mv'
+```
+
+may also come in handy, at least until you get used to Linux's new lexicon.
+
+The other problem occurs when mistakes become ingrained in your muscle memory, so you always mistype some words the same way. I, for instance, have great difficulty typing _admnis-_... _adminsi-_... _A-D-M-I-N-I-S-T-R-A-T-I-ON_ ( _phew!_ ) at speed. That is why some users create aliases like
+
+```
+alias sl='ls'
+```
+
+and
+
+```
+alias gerp='echo "You did it *again*!"; grep'
+```
+
+Although we haven't formally introduced `grep` yet, in its most basic form, it looks for a string of characters in a file or a set of files. It's one of those commands that you will tend to use A LOT once you get to grips with it, as those ingrained mistyping habits that force you to type the instruction twice every time get annoying really quickly.
+
+Another thing to note in the `gerp` example is that it is not a single instruction, but two. The first one (`echo "You did it *again*!"`) prints out a message reminding you that you misspelled the grep command, then there is a semicolon (`;`) that separates one instruction from the other. Finally, you've got the second command (`grep`) that does the actual grepping.
+
+Using `gerp` on my system to search for the lines containing the word " _alias_ " in _/etc/skel/.bashrc_ , the output looks like this:
+
+```
+$ gerp -R alias /etc/skel/.bashrc
+You did it *again*!
+ alias ls='ls --color=auto'
+ alias grep='grep --colour=auto'
+ alias egrep='egrep --colour=auto'
+ alias fgrep='fgrep --colour=auto'
+alias cp="cp -i"
+alias df='df -h'
+alias free='free -m'
+alias np='nano -w PKGBUILD'
+alias more=less
+shopt -s expand_aliases
+```
+
+Running commands sequentially as part of an alias, or, even better, chaining commands so that one command can use the results coughed up by another, is getting us perilously close to Bash scripting. This has been in the making of this series for quite some time, and we'll start covering it in the very next article.
+
+For the time being, if you want to get rid of an alias you temporarily set up in a running terminal, use the `unalias` command:
+
+```
+unalias gerp
+```
+
+If you want to make your aliases permanent, you can drop them into the _.bashrc_ file you have in your home directory. This is the same thing we did with custom environment variables in [last week's article][2].
+
+See you next time!
+
+--------------------------------------------------------------------------------
+
+via: https://www.linux.com/blog/learn/2018/12/aliases-diy-shell-commands
+
+作者：[Paul Brown][a]
+选题：[lujun9972][b]
+译者：[译者ID](https://github.com/译者ID)
+校对：[校对者ID](https://github.com/校对者ID)
+
+本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
+
+[a]: https://www.linux.com/users/bro66
+[b]: https://github.com/lujun9972
+[1]: https://www.linux.com/learn/intro-to-linux/2018/7/users-groups-and-other-linux-beasts
+[2]: https://www.linux.com/blog/learn/2018/12/bash-variables-environmental-and-otherwise
--- a/sources/tech/20181212
+++ b/sources/tech/20181212
@ -0,0 +1,454 @@
+[#]: collector: (lujun9972)
+[#]: translator: ( )
+[#]: reviewer: ( )
+[#]: publisher: ( )
+[#]: url: ( )
+[#]: subject: (How to Build a Netboot Server, Part 2)
+[#]: via: (https://fedoramagazine.org/how-to-build-a-netboot-server-part-2/)
+[#]: author: (Gregory Bartholomew https://fedoramagazine.org/author/glb/)
+
+How to Build a Netboot Server, Part 2
+======
+
+![](https://fedoramagazine.org/wp-content/uploads/2018/12/netboot2-816x345.jpg)
+
+The article [How to Build a Netboot Server, Part 1][1] showed you how to create a netboot image with a “liveuser” account whose home directory lives in volatile memory. Most users probably want to preserve files and settings across reboots, though. So this second part of the netboot series shows how to reconfigure the netboot image from part one so that [Active Directory][2] user accounts can log in and their home directories can be automatically mounted from a NFS server.
+
+Part 3 of this series will show how to make an interactive and centrally-configurable iPXE boot menu for the netboot clients.
+
+### Setup NFS4 Home Directories with KRB5 Authentication
+
+Follow the directions from the previous post “[Share NFS Home Directories Securely with Kerberos][3],” then return here.
+
+### Remove the Liveuser Account
+
+Remove the “liveuser” account created in part one of this series:
+
+```
+$ sudo -i
+# sed -i '/automaticlogin/Id' /fc28/etc/gdm/custom.conf
+# rm -f /fc28/etc/sudoers.d/liveuser
+# for i in passwd shadow group gshadow; do sed -i '/^liveuser:/d' /fc28/etc/$i; done
+```
+
+### Configure NTP, KRB5 and SSSD
+
+Next, we will need to duplicate the NTP, KRB5, and SSSD configuration that we set up on the server in the client image so that the same accounts will be available:
+
+```
+# MY_HOSTNAME=$(</etc/hostname)
+# MY_DOMAIN=${MY_HOSTNAME#*.}
+# dnf -y --installroot=/fc28 install ntp krb5-workstation sssd
+# cp /etc/ntp.conf /fc28/etc
+# chroot /fc28 systemctl enable ntpd.service
+# cp /etc/krb5.conf.d/${MY_DOMAIN%%.*} /fc28/etc/krb5.conf.d
+# cp /etc/sssd/sssd.conf /fc28/etc/sssd
+```
+
+Reconfigure sssd to provide authentication services, in addition to the identification service already configured:
+
+```
+# sed -i '/services =/s/$/, pam/' /fc28/etc/sssd/sssd.conf
+```
+
+Also, ensure none of the clients attempt to update the computer account password:
+
+```
+# sed -i '/id_provider/a \ \ ad_maximum_machine_account_password_age = 0' /fc28/etc/sssd/sssd.conf
+```
+
+Also, copy the nfsnobody definitions:
+
+```
+# for i in passwd shadow group gshadow; do grep "^nfsnobody:" /etc/$i >> /fc28/etc/$i; done
+```
+
+### Join Active Directory
+
+Next, you’ll perform a chroot to join the client image to Active Directory. Begin by deleting any pre-existing computer account with the same name your netboot image will use:
+
+```
+# MY_USERNAME=jsmith
+# MY_CLIENT_HOSTNAME=$(</fc28/etc/hostname)
+# adcli delete-computer "${MY_CLIENT_HOSTNAME%%.*}" -U "$MY_USERNAME"
+```
+
+Also delete the krb5.keytab file from the netboot image if it exists:
+
+```
+# rm -f /fc28/etc/krb5.keytab
+```
+
+Perform a chroot into the netboot image:
+
+```
+# for i in dev dev/pts dev/shm proc sys run; do mount -o bind /$i /fc28/$i; done
+# chroot /fc28 /usr/bin/bash --login
+```
+
+Perform the join:
+
+```
+# MY_USERNAME=jsmith
+# MY_HOSTNAME=$(</etc/hostname)
+# MY_DOMAIN=${MY_HOSTNAME#*.}
+# MY_REALM=${MY_DOMAIN^^}
+# MY_OU="cn=computers,dc=${MY_DOMAIN//./,dc=}"
+# adcli join $MY_DOMAIN --login-user="$MY_USERNAME" --computer-name="${MY_HOSTNAME%%.*}" --host-fqdn="$MY_HOSTNAME" --user-principal="host/$MY_HOSTNAME@$MY_REALM" --domain-ou="$MY_OU"
+```
+
+Now log out of the chroot and clear the root user’s command history:
+
+```
+# logout
+# for i in run sys proc dev/shm dev/pts dev; do umount /fc28/$i; done
+# > /fc28/root/.bash_history
+```
+
+### Install and Configure PAM Mount
+
+We want our clients to automatically mount the user’s home directory when they log in. To accomplish this, we’ll use the “pam_mount” module. Install and configure pam_mount:
+
+```
+# dnf install -y --installroot=/fc28 pam_mount
+# cat << END > /fc28/etc/security/pam_mount.conf.xml
+<?xml version="1.0" encoding="utf-8" ?>
+<!DOCTYPE pam_mount SYSTEM "pam_mount.conf.xml.dtd">
+<pam_mount>
+<debug enable="0" />
+<volume uid="1400000000-1499999999" fstype="nfs4" server="$MY_HOSTNAME" path="/home/%(USER)" mountpoint="/home/%(USER)" options="sec=krb5" />
+<mkmountpoint enable="1" remove="0" />
+<msg-authpw>Password:</msg-authpw>
+</pam_mount>
+END
+```
+
+Reconfigure PAM to use pam_mount:
+
+```
+# dnf install -y patch
+# cp -r /fc28/usr/share/authselect/default/sssd /fc28/etc/authselect/custom
+# echo 'initgroups: files' >> /fc28/etc/authselect/custom/sssd/nsswitch.conf
+# patch /fc28/etc/authselect/custom/sssd/system-auth << END
+@@ -12 +12,2 @@
+-auth sufficient pam_sss.so forward_pass
+auth requisite pam_mount.so {include if "with-pammount"}
+auth sufficient pam_sss.so {if "with-pammount":use_first_pass|forward_pass}
+@@ -35,2 +36,3 @@
+ session required pam_unix.so
+session optional pam_mount.so {include if "with-pammount"}
+ session optional pam_sss.so
+END
+# patch /fc28/etc/authselect/custom/sssd/password-auth << END
+@@ -9 +9,2 @@
+-auth sufficient pam_sss.so forward_pass
+auth requisite pam_mount.so {include if "with-pammount"}
+auth sufficient pam_sss.so {if "with-pammount":use_first_pass|forward_pass}
+@@ -32,2 +33,3 @@
+ session required pam_unix.so
+session optional pam_mount.so {include if "with-pammount"}
+ session optional pam_sss.so
+END
+# chroot /fc28 authselect select custom/sssd with-pammount --force
+```
+
+Also ensure the NFS server’s hostname is always resolvable from the client:
+
+```
+# MY_IP=$(host -t A $MY_HOSTNAME | awk '{print $4}')
+# echo "$MY_IP $MY_HOSTNAME ${MY_HOSTNAME%%.*}" >> /fc28/etc/hosts
+```
+
+Optionally, allow all users to run sudo:
+
+```
+# echo '%users ALL=(ALL) NOPASSWD: ALL' > /fc28/etc/sudoers.d/users
+```
+
+### Convert the NFS Root to an iSCSI Backing-Store
+
+Current versions of nfs-utils may have difficulty establishing a second connection from the client back to the NFS server for home directories when an nfsroot connection is already established. The client hangs when attempting to access the home directory. So, we will work around the problem by using a different protocol (iSCSI) for sharing our netboot image.
+
+First chroot into the image to reconfigure its initramfs for booting from an iSCSI root:
+
+```
+# for i in dev dev/pts dev/shm proc sys run; do mount -o bind /$i /fc28/$i; done
+# chroot /fc28 /usr/bin/bash --login
+# dnf install -y iscsi-initiator-utils
+# sed -i 's/nfs/iscsi/' /etc/dracut.conf.d/netboot.conf
+# echo 'omit_drivers+=" qedi "' > /etc/dracut.conf.d/omit-qedi.conf
+# echo 'blacklist qedi' > /etc/modprobe.d/blacklist-qedi.conf
+# KERNEL=$(ls -c /lib/modules | head -n 1)
+# INITRD=$(find /boot -name 'init*' | grep -m 1 $KERNEL)
+# dracut -f $INITRD $KERNEL
+# logout
+# for i in run sys proc dev/shm dev/pts dev; do umount /fc28/$i; done
+# > /fc28/root/.bash_history
+```
+
+The qedi driver broke iscsi during testing, so it’s been disabled here.
+
+Next, create a fc28.img [sparse file][4]. This file serves as the iSCSI target’s backing store:
+
+```
+# FC28_SIZE=$(du -ms /fc28 | cut -f 1)
+# dd if=/dev/zero of=/fc28.img bs=1MiB count=0 seek=$(($FC28_SIZE*2))
+```
+
+(If you have one available, a separate partition or disk drive can be used instead of creating a file.)
+
+Next, format the image with a filesystem, mount it, and copy the netboot image into it:
+
+```
+# mkfs -t xfs -L NETROOT /fc28.img
+# TEMP_MNT=$(mktemp -d)
+# mount /fc28.img $TEMP_MNT
+# cp -a /fc28/* $TEMP_MNT
+# umount $TEMP_MNT
+```
+
+During testing using SquashFS, the client would occasionally stutter. It seems that SquashFS does not perform well when doing random I/O from a multiprocessor client. (See also [The curious case of stalled squashfs reads][5].) If you want to improve throughput performance with filesystem compression, [ZFS][6] is probably a better option.
+
+If you need extremely high throughput from the iSCSI server (say, for hundreds of clients), it might be possible to [load balance][7] a [Ceph][8] cluster. For more information, see [Load Balancing Ceph Object Gateway Servers with HAProxy and Keepalived][9].
+
+### Install and Configure iSCSI
+
+Install the scsi-target-utils package which will provide the iSCSI daemon for serving our image out to our clients:
+
+```
+# dnf install -y scsi-target-utils
+```
+
+Configure the iSCSI daemon to serve the fc28.img file:
+
+```
+# MY_REVERSE_HOSTNAME=$(echo $MY_HOSTNAME | tr '.' "\n" | tac | tr "\n" '.' | cut -b -${#MY_HOSTNAME})
+# cat << END > /etc/tgt/conf.d/fc28.conf
+<target iqn.$MY_REVERSE_HOSTNAME:fc28>
+ backing-store /fc28.img
+ readonly 1
+</target>
+END
+```
+
+The leading iqn. is expected by /usr/lib/dracut/modules.d/40network/net-lib.sh.
+
+Add an exception to the firewall and enable and start the service:
+
+```
+# firewall-cmd --add-service=iscsi-target
+# firewall-cmd --runtime-to-permanent
+# systemctl enable tgtd.service
+# systemctl start tgtd.service
+```
+
+You should now be able to see the image being shared with the tgtadm command:
+
+```
+# tgtadm --mode target --op show
+```
+
+The above command should output something similar to the following:
+
+```
+Target 1: iqn.edu.example.server-01:fc28
+ System information:
+ Driver: iscsi
+ State: ready
+ I_T nexus information:
+ LUN information:
+ LUN: 0
+ Type: controller
+ SCSI ID: IET 00010000
+ SCSI SN: beaf10
+ Size: 0 MB, Block size: 1
+ Online: Yes
+ Removable media: No
+ Prevent removal: No
+ Readonly: No
+ SWP: No
+ Thin-provisioning: No
+ Backing store type: null
+ Backing store path: None
+ Backing store flags:
+  LUN: 1
+ Type: disk
+ SCSI ID: IET 00010001
+ SCSI SN: beaf11
+ Size: 10488 MB, Block size: 512
+ Online: Yes
+ Removable media: No
+ Prevent removal: No
+ Readonly: Yes
+ SWP: No
+ Thin-provisioning: No
+ Backing store type: rdwr
+ Backing store path: /fc28.img
+ Backing store flags:
+ Account information:
+ ACL information:
+ ALL
+```
+
+We can now remove the NFS share that we created in part one of this series:
+
+```
+# rm -f /etc/exports.d/fc28.exports
+# exportfs -rv
+# umount /export/fc28
+# rmdir /export/fc28
+# sed -i '/^\/fc28 /d' /etc/fstab
+```
+
+You can also delete the /fc28 filesystem, but you may want to keep it for performing future updates.
+
+### Update the ESP to use the iSCSI Kernel
+
+Ipdate the ESP to contain the iSCSI-enabled initramfs:
+
+```
+$ rm -vf $HOME/esp/linux/*.fc28.*
+$ MY_KRNL=$(ls -c /fc28/lib/modules | head -n 1)
+$ cp $(find /fc28/lib/modules -maxdepth 2 -name 'vmlinuz' | grep -m 1 $MY_KRNL) $HOME/esp/linux/vmlinuz-$MY_KRNL
+$ cp $(find /fc28/boot -name 'init*' | grep -m 1 $MY_KRNL) $HOME/esp/linux/initramfs-$MY_KRNL.img
+```
+
+Update the boot.cfg file to pass the new root and netroot parameters:
+
+```
+$ MY_NAME=server-01.example.edu
+$ MY_EMAN=$(echo $MY_NAME | tr '.' "\n" | tac | tr "\n" '.' | cut -b -${#MY_NAME})
+$ MY_ADDR=$(host -t A $MY_NAME | awk '{print $4}')
+$ sed -i "s! root=[^ ]*! root=/dev/disk/by-path/ip-$MY_ADDR:3260-iscsi-iqn.$MY_EMAN:fc28-lun-1 netroot=iscsi:$MY_ADDR::::iqn.$MY_EMAN:fc28!" $HOME/esp/linux/boot.cfg
+```
+
+Now you just need to copy the updated files from your $HOME/esp/linux directory out to the ESPs of all your client systems. You should see results similar to what is shown in the below screenshot:
+
+![][10]
+
+### Upgrading the Image
+
+First, make a copy of the current image:
+
+```
+# cp -a /fc28 /fc29
+```
+
+Chroot into the new copy of the image:
+
+```
+# for i in dev dev/pts dev/shm proc sys run; do mount -o bind /$i /fc29/$i; done
+# chroot /fc29 /usr/bin/bash --login
+```
+
+Allow updating the kernel:
+
+```
+# sed -i 's/^exclude=kernel-\*$/#exclude=kernel-*/' /etc/dnf/dnf.conf
+```
+
+Perform the upgrade:
+
+```
+# dnf distro-sync -y --releasever=29
+```
+
+Prevent the kernel from being updated:
+
+```
+# sed -i 's/^#exclude=kernel-\*$/exclude=kernel-*/' /etc/dnf/dnf.conf
+```
+
+The above command is optional, but saves you from having to copy a new kernel out to the clients if you add or update a few packages in the image at some future time.
+
+Clean up dnf’s package cache:
+
+```
+# dnf clean all
+```
+
+Exit the chroot and clear root’s command history:
+
+```
+# logout
+# for i in run sys proc dev/shm dev/pts dev; do umount /fc29/$i; done
+# > /fc29/root/.bash_history
+```
+
+Create the iSCSI image:
+
+```
+# FC29_SIZE=$(du -ms /fc29 | cut -f 1)
+# dd if=/dev/zero of=/fc29.img bs=1MiB count=0 seek=$(($FC29_SIZE*2))
+# mkfs -t xfs -L NETROOT /fc29.img
+# TEMP_MNT=$(mktemp -d)
+# mount /fc29.img $TEMP_MNT
+# cp -a /fc29/* $TEMP_MNT
+# umount $TEMP_MNT
+```
+
+Define a new iSCSI target that points to our new image and export it:
+
+```
+# MY_HOSTNAME=$(</etc/hostname)
+# MY_REVERSE_HOSTNAME=$(echo $MY_HOSTNAME | tr '.' "\n" | tac | tr "\n" '.' | cut -b -${#MY_HOSTNAME})
+# cat << END > /etc/tgt/conf.d/fc29.conf
+<target iqn.$MY_REVERSE_HOSTNAME:fc29>
+ backing-store /fc29.img
+ readonly 1
+</target>
+END
+# tgt-admin --update ALL
+```
+
+Add the new kernel and initramfs to the ESP:
+
+```
+$ MY_KRNL=$(ls -c /fc29/lib/modules | head -n 1)
+$ cp $(find /fc29/lib/modules -maxdepth 2 -name 'vmlinuz' | grep -m 1 $MY_KRNL) $HOME/esp/linux/vmlinuz-$MY_KRNL
+$ cp $(find /fc29/boot -name 'init*' | grep -m 1 $MY_KRNL) $HOME/esp/linux/initramfs-$MY_KRNL.img
+```
+
+Update the boot.cfg in the ESP:
+
+```
+$ MY_DNS1=192.0.2.91
+$ MY_DNS2=192.0.2.92
+$ MY_NAME=server-01.example.edu
+$ MY_EMAN=$(echo $MY_NAME | tr '.' "\n" | tac | tr "\n" '.' | cut -b -${#MY_NAME})
+$ MY_ADDR=$(host -t A $MY_NAME | awk '{print $4}')
+$ cat << END > $HOME/esp/linux/boot.cfg
+#!ipxe
+
+kernel --name kernel.efi \${prefix}/vmlinuz-$MY_KRNL initrd=initrd.img ro ip=dhcp rd.peerdns=0 nameserver=$MY_DNS1 nameserver=$MY_DNS2 root=/dev/disk/by-path/ip-$MY_ADDR:3260-iscsi-iqn.$MY_EMAN:fc29-lun-1 netroot=iscsi:$MY_ADDR::::iqn.$MY_EMAN:fc29 console=tty0 console=ttyS0,115200n8 audit=0 selinux=0 quiet
+initrd --name initrd.img \${prefix}/initramfs-$MY_KRNL.img
+boot || exit
+END
+```
+
+Finally, copy the files from your $HOME/esp/linux directory out to the ESPs of all your client systems and enjoy!
+
+
+--------------------------------------------------------------------------------
+
+via: https://fedoramagazine.org/how-to-build-a-netboot-server-part-2/
+
+作者：[Gregory Bartholomew][a]
+选题：[lujun9972][b]
+译者：[译者ID](https://github.com/译者ID)
+校对：[校对者ID](https://github.com/校对者ID)
+
+本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
+
+[a]: https://fedoramagazine.org/author/glb/
+[b]: https://github.com/lujun9972
+[1]: https://fedoramagazine.org/how-to-build-a-netboot-server-part-1/
+[2]: https://en.wikipedia.org/wiki/Active_Directory
+[3]: https://fedoramagazine.org/secure-nfs-home-directories-kerberos
+[4]: https://en.wikipedia.org/wiki/Sparse_file
+[5]: https://chrisdown.name/2018/04/17/kernel-adventures-the-curious-case-of-squashfs-stalls.html
+[6]: https://en.wikipedia.org/wiki/ZFS
+[7]: https://en.wikipedia.org/wiki/Load_balancing_(computing)
+[8]: http://docs.ceph.com/docs/mimic/rbd/iscsi-overview/
+[9]: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/load_balancer_administration/ceph_example
+[10]: https://fedoramagazine.org/wp-content/uploads/2018/12/netboot-screenshot-1024x819.png
--- a/translated/tech/20180828
+++ b/translated/tech/20180828
@ -6,15 +6,15 @@

 <https://www.youtube.com/embed/WVv5OAR4Nik?enablejsapi=1&autoplay=0&cc_load_policy=0&iv_load_policy=1&loop=0&modestbranding=1&rel=0&showinfo=0&fs=1&playsinline=0&autohide=2&theme=dark&color=red&controls=2&>

-在我们开始了解量子计算之前，必须先去了解“量子”这个术语，量子是已知的 [亚原子粒子][1] 中最小的物质。[量子][2] 这个词来自拉丁语 Quantus，意思是 “非常小”，在下面的短视频链接中有描述：
+在我们开始了解量子计算之前，必须先去了解“量子”这个术语，量子是已知的 [亚原子粒子][1] 中最小的物质。[量子][2] 这个词来自拉丁语 Quantus，意思是 “有多少”，在下面的短视频链接中有描述：

 <https://www.youtube.com/embed/-pUOxVsxu3o?enablejsapi=1&autoplay=0&cc_load_policy=0&iv_load_policy=1&loop=0&modestbranding=1&rel=0&showinfo=0&fs=1&playsinline=0&autohide=2&theme=dark&color=red&controls=2&>

-为了易于我们理解量子计算，我们将量子计算与<ruby>传统计算<rt>Classical Computing</rt></ruby>（也译做经典计算）进行比较。传统计算是指设计用于工作的、我们正在使用的传统计算机，正如你现在用于阅读本文的设备，就是我们所谓的传统计算设备。
+为了易于我们理解量子计算，我们将量子计算与<ruby>经典计算<rt>Classical Computing</rt></ruby>（也有译做传统计算）进行比较。经典计算是指设计用于工作的、正在使用的计算机，正如你现在用于阅读本文的设备，就是我们所谓的经典计算设备。

-### 传统计算
+### 经典计算

-传统计算是描述传统计算机如何工作的另一种方式。它们通过一个二进制系统工作，即信息使用 1 或 0 来存储。传统计算机不会理解除 1 或 0 之外的任何其它东西。
+经典计算是描述计算机如何工作的另一种方式。它们通过一个二进制系统工作，即信息使用 1 或 0 来存储。经典计算机不会理解除 1 或 0 之外的任何其它东西。

 直白来说，在计算机内部一个晶体管只能是开（1）或关（0）。我们输入的任何信息都被转换为无数个 1 和 0，所以计算机只能理解和存储 1 和 0。所有的东西都只能用无数个 1 和 0 的组合来表示。

@ -22,7 +22,7 @@

 ### 量子计算

-然而，量子计算不再像传统计算那样遵循 “开或关” 的模式。而是，借助量子的名为 [叠加和纠缠][3] 的两个现象，能同时处理信息的多个状态，因此能以更快的速率加速计算，并且在信息存储方面效率更高。
+然而，量子计算不再像经典计算那样遵循 “开或关” 的模式。而是，借助量子的名为 [叠加和纠缠][3] 的两个现象，能同时处理信息的多个状态，因此能以更快的速率加速计算，并且在信息存储方面效率更高。

 请注意，叠加和纠缠 [不是同一个现象][4]。

@ -30,9 +30,9 @@

 ![][5]

-就像在传统计算中，我们有<ruby>比特<rt>bit</rt></ruby>，在量子计算中，我们相应也有<ruby>量子比特<rt>qubits</rt></ruby>（或 Quantum bits）。想了解它们二者之间的巨大差异之处，请查看这个 [页面][6]，从那里的图片中可以得到答案。
+就像在经典计算中，我们有<ruby>比特<rt>bit</rt></ruby>，在量子计算中，我们相应也有<ruby>量子比特<rt>qubits</rt></ruby>（或 Quantum bits）。想了解它们二者之间的巨大差异之处，请查看这个 [页面][6]，从那里的图片中可以得到答案。

-量子计算机并不是来替代我们的传统计算机的。但是，有一些非常巨大的任务用我们的传统计算机是无法完成的，而那些正是量子计算机大显身手的好机会。下面链接的视频详细描述了上述情况，同时也描述了量子计算机的原理。
+量子计算机并不是来替代我们的经典计算机的。但是，有一些非常巨大的任务用我们的经典计算机是无法完成的，而那些正是量子计算机大显身手的好机会。下面链接的视频详细描述了上述情况，同时也描述了量子计算机的原理。

 <https://www.youtube.com/embed/JhHMJCUmq28?enablejsapi=1&autoplay=0&cc_load_policy=0&iv_load_policy=1&loop=0&modestbranding=1&rel=0&showinfo=0&fs=1&playsinline=0&autohide=2&theme=dark&color=red&controls=2&>

@ -44,7 +44,7 @@

 根据最新更新的（2018 年 7 月 31 日）研究论文，术语 “Noisy” 是指由于对量子比特未能完全控制所产生的不准确性。正是这种不准确性严重制约了量子设备短期内实现其目标。

-“中型” 指的是在接下来的几年中，量子计算机将要实现的规模大小，届时，量子比特的数目将可能从 50 到几百个不等。50 个量子比特是一个重大的量程碑，因为它将超越现有的最强大的 [超级计算机][8] 的 [暴力][7] 模拟能力。更多信息请阅读 [这里的][9] 论文。
+“中型” 指的是在接下来的几年中，量子计算机将要实现的量子规模大小，届时，量子比特的数目将可能从 50 到几百个不等。50 个量子比特是一个重大的量程碑，因为它将超越现有的最强大的 [超级计算机][8] 的 [暴力][7] 模拟能力。更多信息请阅读 [这里的][9] 论文。

 随着 Cirq 出现，许多事情将会发生变化。

@ -133,7 +133,7 @@ Cirq 的开发者在 GitHub 上已经放了学习 [教程][22]。如果你想认

 #### OpenFermion-Cirq

-[OpenFermion][24] 是一个开源库，它是为了在量子计算机上模拟获取和操纵表示费米系统（包含量子化学）。根据 [粒子物理学][26] 理论，按照 [费米— 狄拉克统计][27]，费米系统与 [费米子][25] 的产生相关。
+[OpenFermion][24] 是一个开源库，它是为了在量子计算机上模拟获取和操纵代表的费米系统（包含量子化学）。根据 [粒子物理学][26] 理论，按照 [费米— 狄拉克统计][27]，费米系统与 [费米子][25] 的产生相关。

 OpenFermion 被称为从事 [量子化学][29] 的化学家和研究人员的 [一个极好的实践工具][28]。量子化学主要专注于 [量子力学][30] 在物理模型和化学系统实验中的应用。量子化学也被称为 [分子量子力学][31]。

@ -143,7 +143,7 @@ Cirq 的出现使 OpenFermion 通过提供程序和工具去扩展功能成为

 2018 年 3 月 5 日，在洛杉矶举行的一年一度的 [美国物理学会会议][33] 上，Google 发布了 [Bristlecone][32]，这是他们的最新的量子处理器。这个 [基于门的超导系统][34] 为 Google 提供了一个测试平台，用以研究 [量子比特技术][37] 的 [系统错误率][35] 和 [扩展性][36] ，以及在量子 [仿真][38]、[优化][39]、和 [机器学习][40] 方面的应用。

-Google 希望在不久的将来，能够制造出它的 [云可访问][41] 的 72 个量子比特的 Bristlecone 量子处理器。Bristlecone 将越来越有能力完成一个传统超级计算机无法在合理时间内完成的任务。
+Google 希望在不久的将来，能够制造出它的 [云可访问][41] 的 72 个量子比特的 Bristlecone 量子处理器。Bristlecone 将越来越有能力完成一个经典超级计算机无法在合理时间内完成的任务。

 Cirq 将让研究人员直接在云上为 Bristlecone 写程序变得很容易，它提供了一个非常方便的、实时的、量子编程和测试的接口。

@ -164,7 +164,7 @@ Cirq 将允许我们去：

 ### 总结

-最后我们总结一下，我们首先通过与传统计算相比较，介绍了量子计算的概念，然后是一个非常重要的视频来介绍了自去年以来量子计算的最新发展。接着我们简单讨论了嘈杂中型量子，也就是为什么要特意构建 Cirq 的原因所在。
+最后我们总结一下，我们首先通过与经典计算相比较，介绍了量子计算的概念，然后是一个非常重要的视频来介绍了自去年以来量子计算的最新发展。接着我们简单讨论了嘈杂中型量子，也就是为什么要特意构建 Cirq 的原因所在。

 我们看了如何在一个 Ubuntu 系统上安装和测试 Cirq。我们也在一个更好用的 IDE 环境中做了安装测试，并使用一些资源去开始学习有关概念。