Enhancement #2916
drop nethserver-tftp package and add tftp configuration in nethserver-dnsmasq
Status: | CLOSED | Start date: | ||
---|---|---|---|---|
Priority: | Normal | Due date: | ||
Assignee: | - | % Done: | 100% | |
Category: | nethserver-dnsmasq | |||
Target version: | v6.5 | |||
Resolution: | NEEDINFO: | No |
Description
tftp configuration is now provided by nethserver-tftp package, that add dnsmasq.conf template fragment and open UDP port 69.
The problem with current configuration is that database key tftp has "service" type, needed to open port. But there isn't a real tftp service, because dnsmasq daemon do tftp work. And this breaks runlevel-adjust.
The solution is to port tftp configuration into dnsmasq database key and dump nethserver-tftp package.
- Migrate fragments for config migration is required
- Add tftp in "disabled" status by default
- removing the old key (or at least changing type from system to configuation) is mandatory to fix runlevel-adjust already broken (*)
(*) runlevel-adjust is correctly executed, but end as it fails
Associated revisions
added tftp UDP port to default configuration
tftp configuration is now implemented in this package instead of nethserver-tftp #2916
dnsmasq.conf: fixed DB module name. Refs #2916
esmith::InterfacesDB obsoleted by esmith::NetworksDB.
dnsmasq.conf: removd tftp-secure option. Refs #2916
The tftp-secure option restrict TFTP access to files owned by the user
running dnsmasq (nobody here). This conflicts with the convention that
states "nobody" can't own any file or directory on the system.
Moreover FS access is formerly limited to /var/lib/tftproot by
tftp-root option.
Merge branch 'b2916'
Refs #2916
TFTP module merged into DHCP. Refs #2916
Dhcp UI module: fixed host name language labels. Refs #2916
dhcp page outdated warning. Refs #2916
History
#1 Updated by Stefano Fancello almost 7 years ago
- Status changed from NEW to TRIAGED
- % Done changed from 0 to 20
#2 Updated by Stefano Fancello almost 7 years ago
- Status changed from TRIAGED to ON_DEV
- Assignee set to Stefano Fancello
- % Done changed from 20 to 30
#3 Updated by Stefano Fancello almost 7 years ago
- Status changed from ON_DEV to MODIFIED
- % Done changed from 30 to 60
commit 9a5fa4c4e295a67d0e42d828bb218c9907b2b60e and f12e6cc81738e1ff19e5f42009a8fb80bf69f9a1 tftp branch
test case:- check that tftp db key has been removed
- check that dnsmasq db key has 69 UDP port configured open
- check tftp is working
create a test file# echo "test" > /var/lib/tftpboot/ foobar # chown nobody:nobody /var/lib/tftpboot/foobar
from another machine, install tftp and get file
Install tftp (on fedora)# yum install tftp
allow incoming udp connection from our tftp server, load tftp conntrack module should be sufficient# modprobe nf_conntrack_tftp
get file# tftp TFTP_SERVER_HOST tftp> get foobar
quit from tftp with quit command and check that there is a foobar file in current dir
- PXE boot server:
The following instructions will create a PXE server to boot a CentOS.yum install syslinux cp /usr/share/syslinux/{pxelinux.0,menu.c32,memdisk,mboot.c32,chain.c32} /var/lib/tftpboot/ config setprop dnsmasq dhcp-boot pxelinux.0 signal-event nethserver-dnsmasq-save mkdir /var/lib/tftpboot/pxelinux.cfg
Create the file /var/lib/tftpboot/pxelinux.cfg/default with the following content:default menu.c32 prompt 0 timeout 300 MENU TITLE PXE Menu LABEL CentOS kernel CentOS/vmlinuz append initrd=CentOS/initrd.img
Create a CentOS directory:mkdir -p /var/lib/tftpboot/CentOS
Copy inside the directory vmlinuz and initrd.img files.
These files can be found inside the ISO or browsing the yum os mirror.
try to boot a computer from network
#4 Updated by Stefano Fancello almost 7 years ago
- Status changed from MODIFIED to ON_QA
- % Done changed from 60 to 70
repo testing nethserver-dnsmasq-1.2.1-3.0gitb35fbb2b.ns6.noarch.rpm
#5 Updated by Stefano Fancello almost 7 years ago
- Assignee deleted (
Stefano Fancello)
#6 Updated by Giacomo Sanchietti almost 7 years ago
Before release, remember to update developer and administrator manual.
#7 Updated by Davide Principi almost 7 years ago
- Assignee set to Davide Principi
#8 Updated by Davide Principi almost 7 years ago
- Status changed from ON_QA to VERIFIED
- Assignee deleted (
Davide Principi) - % Done changed from 70 to 90
- UDPPorts has 69 appended, iptables says the port is open
- nethserver-tftp package has been substituted by the modified version
tftp
key has been deleted- In /var/log/messages:
Oct 22 16:37:49 localhost dnsmasq-tftp[2546]: TFTP root is /var/lib/tftpboot secure mode
- PXE boot works
#9 Updated by Davide Principi almost 7 years ago
NOTE: I suggest disabling TFTP access by default as PXE must be configured from console anyway
#10 Updated by Davide Principi almost 7 years ago
- Status changed from VERIFIED to CLOSED
- % Done changed from 90 to 100
In nethserver-updates:
nethserver-dnsmasq-1.3.0-1.ns6.noarch.rpm
Updated administrator manual