openstack/ironic
Code Issues Proposed changes

Merge "Drop xinetd/tftpd on CentOS 9"

Browse Source
This commit is contained in:
Zuul
2025-12-05 16:30:11 +00:00
committed by Gerrit Code Review
parent 9d572791e4 91159a4394
commit ba763f199e
5 changed files with 75 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
bindep.txt
View File

@@ -3,7 +3,7 @@ ipmitool [default]
ipxe [platform:dpkg default] ipxe [platform:dpkg default]
ipxe-bootimgs [platform:rpm default] ipxe-bootimgs [platform:rpm default]
socat [default] socat [default]
xinetd [default] xinetd [default !platform:centos-9 !platform:rhel-9]
tftpd-hpa [platform:dpkg default] tftpd-hpa [platform:dpkg default]
tftp-server [platform:rpm default] tftp-server [platform:rpm default]
# Starting with Debian Jessie (and thus in Ubuntu Xenial too), # Starting with Debian Jessie (and thus in Ubuntu Xenial too),

2
devstack/files/bindep.txt
View File

@@ -10,7 +10,7 @@ ipmitool [default]
ipxe [platform:dpkg default] ipxe [platform:dpkg default]
ipxe-bootimgs [platform:rpm default] ipxe-bootimgs [platform:rpm default]
socat [default] socat [default]
xinetd [default] xinetd [default !platform:centos-9 !platform:rhel-9]
tftpd-hpa [platform:dpkg] tftpd-hpa [platform:dpkg]
tftp-server [platform:rpm] tftp-server [platform:rpm]
# Starting with Debian Jessie (and thus in Ubuntu Xenial too), # Starting with Debian Jessie (and thus in Ubuntu Xenial too),

52
devstack/lib/ironic
View File

@@ -940,6 +940,18 @@ function restart_libvirt {
restart_service $libvirt_service_name restart_service $libvirt_service_name
} }
# Test if systemd TFTP configuration is needed (CentOS 9+, Fedora 35+)
function needs_systemd_tftp {
if is_fedora; then
if grep -qiE "(CentOS|Red Hat).*release 9" /etc/redhat-release; then
return 0 # CentOS/RHEL 9+
elif grep -qiE "Fedora.*release (3[5-9]|[4-9][0-9])" /etc/redhat-release; then
return 0 # Fedora 35+
fi
fi
return 1
}
# Test if any Ironic services are enabled # Test if any Ironic services are enabled
# is_ironic_enabled # is_ironic_enabled
function is_ironic_enabled { function is_ironic_enabled {
@@ -3749,12 +3761,7 @@ function configure_tftpd {
# stop tftpd and setup serving via xinetd # stop tftpd and setup serving via xinetd
stop_service tftpd-hpa || true stop_service tftpd-hpa || true
[ -f /etc/init/tftpd-hpa.conf ] && echo "manual" | sudo tee /etc/init/tftpd-hpa.override [ -f /etc/init/tftpd-hpa.conf ] && echo "manual" | sudo tee /etc/init/tftpd-hpa.override
sudo cp $IRONIC_TEMPLATES_DIR/tftpd-xinetd.template /etc/xinetd.d/tftp
sudo sed -e "s|%TFTPBOOT_DIR%|$IRONIC_TFTPBOOT_DIR|g" -i /etc/xinetd.d/tftp
sudo sed -e "s|%MAX_BLOCKSIZE%|$IRONIC_TFTP_BLOCKSIZE|g" -i /etc/xinetd.d/tftp
if [[ "$IRONIC_IP_VERSION" == '6' ]]; then
sudo sed -e "s|IPv4|IPv6|g" -i /etc/xinetd.d/tftp
fi
# setup tftp file mapping to satisfy requests at the root (booting) and # setup tftp file mapping to satisfy requests at the root (booting) and
# /tftpboot/ sub-dir (as per deploy-ironic elements) # /tftpboot/ sub-dir (as per deploy-ironic elements)
# this section is only for ubuntu and fedora # this section is only for ubuntu and fedora
@@ -3773,8 +3780,32 @@ function configure_tftpd {
fi fi
sudo chmod -R 0755 $IRONIC_TFTPBOOT_DIR sudo chmod -R 0755 $IRONIC_TFTPBOOT_DIR
if needs_systemd_tftp; then
# Configure TFTP using systemd socket activation (CentOS 9+, Fedora 35+)
sudo mkdir -p /etc/systemd/system/tftp.service.d
sudo cp $IRONIC_TEMPLATES_DIR/tftp-server.conf /etc/systemd/system/tftp.service.d/ironic.conf
sudo sed -e "s|%TFTPBOOT_DIR%|$IRONIC_TFTPBOOT_DIR|g" -i /etc/systemd/system/tftp.service.d/ironic.conf
sudo sed -e "s|%MAX_BLOCKSIZE%|$IRONIC_TFTP_BLOCKSIZE|g" -i /etc/systemd/system/tftp.service.d/ironic.conf
if [[ "$IRONIC_IP_VERSION" == '6' ]]; then
sudo sed -e "s|%IPV6_FLAG%|Environment=IPV6=1|g" -i /etc/systemd/system/tftp.service.d/ironic.conf
else
sudo sed -e "s|%IPV6_FLAG%||g" -i /etc/systemd/system/tftp.service.d/ironic.conf
fi
sudo systemctl daemon-reload
sudo systemctl enable tftp.socket
sudo systemctl start tftp.socket
else
# Configure TFTP using xinetd (Ubuntu, older Fedora/CentOS)
sudo cp $IRONIC_TEMPLATES_DIR/tftpd-xinetd.template /etc/xinetd.d/tftp
sudo sed -e "s|%TFTPBOOT_DIR%|$IRONIC_TFTPBOOT_DIR|g" -i /etc/xinetd.d/tftp
sudo sed -e "s|%MAX_BLOCKSIZE%|$IRONIC_TFTP_BLOCKSIZE|g" -i /etc/xinetd.d/tftp
if [[ "$IRONIC_IP_VERSION" == '6' ]]; then
sudo sed -e "s|IPv4|IPv6|g" -i /etc/xinetd.d/tftp
fi
restart_service xinetd restart_service xinetd
fi fi
fi
} }
function build_ipa_ramdisk { function build_ipa_ramdisk {
@@ -4212,8 +4243,17 @@ SUBSHELL
sudo ovs-vsctl --if-exists del-br $IRONIC_VM_NETWORK_BRIDGE sudo ovs-vsctl --if-exists del-br $IRONIC_VM_NETWORK_BRIDGE
if needs_systemd_tftp; then
# Cleanup systemd TFTP configuration
sudo systemctl stop tftp.socket || true
sudo systemctl disable tftp.socket || true
sudo rm -rf /etc/systemd/system/tftp.service.d/ironic.conf
sudo systemctl daemon-reload
else
# Cleanup xinetd TFTP configuration
sudo rm -rf /etc/xinetd.d/tftp /etc/init/tftpd-hpa.override sudo rm -rf /etc/xinetd.d/tftp /etc/init/tftpd-hpa.override
restart_service xinetd restart_service xinetd
fi
sudo iptables -D INPUT -d $HOST_IP -p udp --dport 69 -j ACCEPT || true sudo iptables -D INPUT -d $HOST_IP -p udp --dport 69 -j ACCEPT || true
sudo iptables -D INPUT -d $HOST_IP -p tcp --dport $IRONIC_SERVICE_PORT -j ACCEPT || true sudo iptables -D INPUT -d $HOST_IP -p tcp --dport $IRONIC_SERVICE_PORT -j ACCEPT || true
sudo iptables -D INPUT -d $HOST_IP -p tcp --dport 80 -j ACCEPT || true sudo iptables -D INPUT -d $HOST_IP -p tcp --dport 80 -j ACCEPT || true

14
devstack/tools/ironic/templates/tftp-server.conf Normal file
View File

@@ -0,0 +1,14 @@
[Unit]
Description=TFTP server for Ironic
[Service]
ExecStart=
ExecStart=/usr/sbin/in.tftpd -v -v -v -v -v --blocksize %MAX_BLOCKSIZE% --map-file %TFTPBOOT_DIR%/map-file %TFTPBOOT_DIR%
StandardInput=socket
StandardOutput=journal
StandardError=journal
User=root
Group=root
%IPV6_FLAG%

14
doc/source/install/configure-pxe.rst
View File

@@ -123,8 +123,14 @@ In Debian or Ubuntu, xinetd can be used to run tftp server service.
RHEL or CentOS RHEL or CentOS
~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~
In RHEL or CentOS, xinetd is not available. So use a dedicated dnsmasq instance .. note::
to run tftp server service. Starting with CentOS 9 and RHEL 9, xinetd is not available. Use systemd
socket activation instead. See the `DevStack TFTP setup
<https://opendev.org/openstack/ironic/src/branch/master/devstack/tools/ironic/templates/tftp-server.conf>`_
for an example configuration.
For CentOS 8 and earlier, or RHEL 8 and earlier, use a dedicated dnsmasq
instance to run the TFTP server service.
#. Make sure the tftp root directory exists and can be written to by the #. Make sure the tftp root directory exists and can be written to by the
user the ``ironic-conductor`` is running as. For example:: user the ``ironic-conductor`` is running as. For example::
@@ -136,13 +142,13 @@ to run tftp server service.
sudo dnf install openstack-ironic-dnsmasq-tftp-server sudo dnf install openstack-ironic-dnsmasq-tftp-server
#. Using dndmasq to provide a tftp server setup to serve ``/tftpboot``. #. Using dnsmasq to provide a tftp server setup to serve ``/tftpboot``.
Edit ``/etc/ironic/dnsmasq-tftp-server.conf`` as below:: Edit ``/etc/ironic/dnsmasq-tftp-server.conf`` as below::
port=0 port=0
bind-interfaces bind-interfaces
enable-tftp enable-tftp
tftp-root=/tftproot tftp-root=/tftpboot
and restart the ``openstack-ironic-dnsmasq-tftp-server`` service:: and restart the ``openstack-ironic-dnsmasq-tftp-server`` service::