From 7d69b51dbfdfa9cceb4091c84e865eab2e491fdb Mon Sep 17 00:00:00 2001 From: Derek Higgins Date: Tue, 19 Dec 2017 10:16:45 +0000 Subject: [PATCH] Set tftp to only listen to the provisioning network It doesn't need to be listening to all IP's. Change-Id: Ib51fe69b32533f5d8814cc0529cd79cf93fbac63 --- docker/services/ironic-pxe.yaml | 2 +- puppet/services/ironic-conductor.yaml | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/docker/services/ironic-pxe.yaml b/docker/services/ironic-pxe.yaml index 2b5f3316b9..e3983fc8ed 100644 --- a/docker/services/ironic-pxe.yaml +++ b/docker/services/ironic-pxe.yaml @@ -64,7 +64,6 @@ outputs: merge: true preserve_properties: true /var/lib/kolla/config_files/ironic_pxe_tftp.json: - command: /usr/sbin/in.tftpd --foreground --user root --address 0.0.0.0:69 --map-file /var/lib/ironic/tftpboot/map-file /var/lib/ironic/tftpboot config_files: - source: "/var/lib/kolla/config_files/src/*" dest: "/" @@ -79,6 +78,7 @@ outputs: ironic_pxe_tftp: start_order: 90 image: &ironic_pxe_image {get_param: DockerIronicPxeImage} + command: ['/bin/bash', '-c', 'BIND_HOST=$(hiera ironic::pxe::tftp_bind_host -c /etc/puppet/hiera.yaml); /usr/sbin/in.tftpd --foreground --user root --address $BIND_HOST:69 --map-file /var/lib/ironic/tftpboot/map-file /var/lib/ironic/tftpboot'] net: host privileged: false restart: always diff --git a/puppet/services/ironic-conductor.yaml b/puppet/services/ironic-conductor.yaml index 0de38f259c..1a555ed3b8 100644 --- a/puppet/services/ironic-conductor.yaml +++ b/puppet/services/ironic-conductor.yaml @@ -191,6 +191,7 @@ outputs: # internal_api_uri -> [IP] # internal_api_subnet - > IP/CIDR ironic::drivers::pxe::tftp_server: {get_param: [ServiceNetMap, IronicNetwork]} + ironic::pxe::tftp_bind_host: {get_param: [ServiceNetMap, IronicNetwork]} # NOTE(dtantsur): UEFI only works with iPXE currently for us ironic::drivers::pxe::uefi_pxe_config_template: '$pybasedir/drivers/modules/ipxe_config.template' ironic::drivers::pxe::uefi_pxe_bootfile_name: 'ipxe.efi'