From 91159a43940a76235f38d3a7aaa4229340c45fea Mon Sep 17 00:00:00 2001
From: Afonne-CID <afonnepaulc@gmail.com>
Date: Tue, 21 Oct 2025 08:11:13 +0100
Subject: [PATCH] Drop xinetd/tftpd on CentOS 9

Drop xinetd/tftpd on CentOS 9 to fix TFTP setup failure

Closes-Bug: #2098533
Assisted-by: Claude 4.5 Sonnet
Change-Id: I5ed12279d446839587c512194d1230a27622eb00
Signed-off-by: Afonne-CID <afonnepaulc@gmail.com>
---
 bindep.txt                                    |  2 +-
 devstack/files/bindep.txt                     |  2 +-
 devstack/lib/ironic                           | 58 ++++++++++++++++---
 .../tools/ironic/templates/tftp-server.conf   | 14 +++++
 doc/source/install/configure-pxe.rst          | 14 +++--
 5 files changed, 75 insertions(+), 15 deletions(-)
 create mode 100644 devstack/tools/ironic/templates/tftp-server.conf

diff --git a/bindep.txt b/bindep.txt
index 268d293eea..dde161b773 100644
--- a/bindep.txt
+++ b/bindep.txt
@@ -3,7 +3,7 @@ ipmitool [default]
 ipxe [platform:dpkg default]
 ipxe-bootimgs [platform:rpm default]
 socat [default]
-xinetd [default]
+xinetd [default !platform:centos-9 !platform:rhel-9]
 tftpd-hpa [platform:dpkg default]
 tftp-server [platform:rpm default]
 # Starting with Debian Jessie (and thus in Ubuntu Xenial too),
diff --git a/devstack/files/bindep.txt b/devstack/files/bindep.txt
index 6a4838dd40..e4ecd85589 100644
--- a/devstack/files/bindep.txt
+++ b/devstack/files/bindep.txt
@@ -10,7 +10,7 @@ ipmitool [default]
 ipxe [platform:dpkg default]
 ipxe-bootimgs [platform:rpm default]
 socat [default]
-xinetd [default]
+xinetd [default !platform:centos-9 !platform:rhel-9]
 tftpd-hpa [platform:dpkg]
 tftp-server [platform:rpm]
 # Starting with Debian Jessie (and thus in Ubuntu Xenial too),
diff --git a/devstack/lib/ironic b/devstack/lib/ironic
index 3d45b13350..73a3d6fac3 100644
--- a/devstack/lib/ironic
+++ b/devstack/lib/ironic
@@ -940,6 +940,18 @@ function restart_libvirt {
     restart_service $libvirt_service_name
 }
 
+# Test if systemd TFTP configuration is needed (CentOS 9+, Fedora 35+)
+function needs_systemd_tftp {
+    if is_fedora; then
+        if grep -qiE "(CentOS|Red Hat).*release 9" /etc/redhat-release; then
+            return 0  # CentOS/RHEL 9+
+        elif grep -qiE "Fedora.*release (3[5-9]|[4-9][0-9])" /etc/redhat-release; then
+            return 0  # Fedora 35+
+        fi
+    fi
+    return 1
+}
+
 # Test if any Ironic services are enabled
 # is_ironic_enabled
 function is_ironic_enabled {
@@ -3749,12 +3761,7 @@ function configure_tftpd {
         # stop tftpd and setup serving via xinetd
         stop_service tftpd-hpa || true
         [ -f /etc/init/tftpd-hpa.conf ] && echo "manual" | sudo tee /etc/init/tftpd-hpa.override
-        sudo cp $IRONIC_TEMPLATES_DIR/tftpd-xinetd.template /etc/xinetd.d/tftp
-        sudo sed -e "s|%TFTPBOOT_DIR%|$IRONIC_TFTPBOOT_DIR|g" -i /etc/xinetd.d/tftp
-        sudo sed -e "s|%MAX_BLOCKSIZE%|$IRONIC_TFTP_BLOCKSIZE|g" -i /etc/xinetd.d/tftp
-        if [[ "$IRONIC_IP_VERSION" == '6' ]]; then
-            sudo sed -e "s|IPv4|IPv6|g" -i /etc/xinetd.d/tftp
-        fi
+
         # setup tftp file mapping to satisfy requests at the root (booting) and
         # /tftpboot/ sub-dir (as per deploy-ironic elements)
         # this section is only for ubuntu and fedora
@@ -3773,7 +3780,31 @@ function configure_tftpd {
         fi
 
         sudo chmod -R 0755 $IRONIC_TFTPBOOT_DIR
-        restart_service xinetd
+
+        if needs_systemd_tftp; then
+            # Configure TFTP using systemd socket activation (CentOS 9+, Fedora 35+)
+            sudo mkdir -p /etc/systemd/system/tftp.service.d
+            sudo cp $IRONIC_TEMPLATES_DIR/tftp-server.conf /etc/systemd/system/tftp.service.d/ironic.conf
+            sudo sed -e "s|%TFTPBOOT_DIR%|$IRONIC_TFTPBOOT_DIR|g" -i /etc/systemd/system/tftp.service.d/ironic.conf
+            sudo sed -e "s|%MAX_BLOCKSIZE%|$IRONIC_TFTP_BLOCKSIZE|g" -i /etc/systemd/system/tftp.service.d/ironic.conf
+            if [[ "$IRONIC_IP_VERSION" == '6' ]]; then
+                sudo sed -e "s|%IPV6_FLAG%|Environment=IPV6=1|g" -i /etc/systemd/system/tftp.service.d/ironic.conf
+            else
+                sudo sed -e "s|%IPV6_FLAG%||g" -i /etc/systemd/system/tftp.service.d/ironic.conf
+            fi
+            sudo systemctl daemon-reload
+            sudo systemctl enable tftp.socket
+            sudo systemctl start tftp.socket
+        else
+            # Configure TFTP using xinetd (Ubuntu, older Fedora/CentOS)
+            sudo cp $IRONIC_TEMPLATES_DIR/tftpd-xinetd.template /etc/xinetd.d/tftp
+            sudo sed -e "s|%TFTPBOOT_DIR%|$IRONIC_TFTPBOOT_DIR|g" -i /etc/xinetd.d/tftp
+            sudo sed -e "s|%MAX_BLOCKSIZE%|$IRONIC_TFTP_BLOCKSIZE|g" -i /etc/xinetd.d/tftp
+            if [[ "$IRONIC_IP_VERSION" == '6' ]]; then
+                sudo sed -e "s|IPv4|IPv6|g" -i /etc/xinetd.d/tftp
+            fi
+            restart_service xinetd
+        fi
     fi
 }
 
@@ -4212,8 +4243,17 @@ SUBSHELL
 
     sudo ovs-vsctl --if-exists del-br $IRONIC_VM_NETWORK_BRIDGE
 
-    sudo rm -rf /etc/xinetd.d/tftp /etc/init/tftpd-hpa.override
-    restart_service xinetd
+    if needs_systemd_tftp; then
+        # Cleanup systemd TFTP configuration
+        sudo systemctl stop tftp.socket || true
+        sudo systemctl disable tftp.socket || true
+        sudo rm -rf /etc/systemd/system/tftp.service.d/ironic.conf
+        sudo systemctl daemon-reload
+    else
+        # Cleanup xinetd TFTP configuration
+        sudo rm -rf /etc/xinetd.d/tftp /etc/init/tftpd-hpa.override
+        restart_service xinetd
+    fi
     sudo iptables -D INPUT -d $HOST_IP -p udp --dport 69 -j ACCEPT || true
     sudo iptables -D INPUT -d $HOST_IP -p tcp --dport $IRONIC_SERVICE_PORT -j ACCEPT || true
     sudo iptables -D INPUT -d $HOST_IP -p tcp --dport 80 -j ACCEPT || true
diff --git a/devstack/tools/ironic/templates/tftp-server.conf b/devstack/tools/ironic/templates/tftp-server.conf
new file mode 100644
index 0000000000..9b899f6b7c
--- /dev/null
+++ b/devstack/tools/ironic/templates/tftp-server.conf
@@ -0,0 +1,14 @@
+[Unit]
+Description=TFTP server for Ironic
+
+[Service]
+ExecStart=
+ExecStart=/usr/sbin/in.tftpd -v -v -v -v -v --blocksize %MAX_BLOCKSIZE% --map-file %TFTPBOOT_DIR%/map-file %TFTPBOOT_DIR%
+StandardInput=socket
+StandardOutput=journal
+StandardError=journal
+User=root
+Group=root
+%IPV6_FLAG%
+
+
diff --git a/doc/source/install/configure-pxe.rst b/doc/source/install/configure-pxe.rst
index e7ff97c170..cdb76c2060 100644
--- a/doc/source/install/configure-pxe.rst
+++ b/doc/source/install/configure-pxe.rst
@@ -123,8 +123,14 @@ In Debian or Ubuntu, xinetd can be used to run tftp server service.
 RHEL or CentOS
 ~~~~~~~~~~~~~~
 
-In RHEL or CentOS, xinetd is not available. So use a dedicated dnsmasq instance
-to run tftp server service.
+.. note::
+   Starting with CentOS 9 and RHEL 9, xinetd is not available. Use systemd
+   socket activation instead. See the `DevStack TFTP setup
+   <https://opendev.org/openstack/ironic/src/branch/master/devstack/tools/ironic/templates/tftp-server.conf>`_
+   for an example configuration.
+
+For CentOS 8 and earlier, or RHEL 8 and earlier, use a dedicated dnsmasq
+instance to run the TFTP server service.
 
 #. Make sure the tftp root directory exists and can be written to by the
    user the ``ironic-conductor`` is running as. For example::
@@ -136,13 +142,13 @@ to run tftp server service.
 
     sudo dnf install openstack-ironic-dnsmasq-tftp-server
 
-#. Using dndmasq to provide a tftp server setup to serve ``/tftpboot``.
+#. Using dnsmasq to provide a tftp server setup to serve ``/tftpboot``.
    Edit ``/etc/ironic/dnsmasq-tftp-server.conf`` as below::
 
     port=0
     bind-interfaces
     enable-tftp
-    tftp-root=/tftproot
+    tftp-root=/tftpboot
 
    and restart the ``openstack-ironic-dnsmasq-tftp-server`` service::