Enhancement #2916

drop nethserver-tftp package and add tftp configuration in nethserver-dnsmasq

Added by Stefano Fancello about 5 years ago. Updated almost 5 years ago.

Status:CLOSEDStart date:
Priority:NormalDue date:
Assignee:-% Done:

100%

Category:nethserver-dnsmasq
Target version:v6.5
Resolution: NEEDINFO:No

Description

tftp configuration is now provided by nethserver-tftp package, that add dnsmasq.conf template fragment and open UDP port 69.
The problem with current configuration is that database key tftp has "service" type, needed to open port. But there isn't a real tftp service, because dnsmasq daemon do tftp work. And this breaks runlevel-adjust.

The solution is to port tftp configuration into dnsmasq database key and dump nethserver-tftp package.

  • Migrate fragments for config migration is required
  • Add tftp in "disabled" status by default
  • removing the old key (or at least changing type from system to configuation) is mandatory to fix runlevel-adjust already broken (*)

(*) runlevel-adjust is correctly executed, but end as it fails

Associated revisions

Revision 9a5fa4c4
Added by Stefano Fancello about 5 years ago

added tftp UDP port to default configuration

Revision f12e6cc8
Added by Stefano Fancello about 5 years ago

tftp configuration is now implemented in this package instead of nethserver-tftp #2916

Revision 3dfcbe1b
Added by Davide Principi almost 5 years ago

dnsmasq.conf: fixed DB module name. Refs #2916

esmith::InterfacesDB obsoleted by esmith::NetworksDB.

Revision 767552fe
Added by Davide Principi almost 5 years ago

dnsmasq.conf: removd tftp-secure option. Refs #2916

The tftp-secure option restrict TFTP access to files owned by the user
running dnsmasq (nobody here). This conflicts with the convention that
states "nobody" can't own any file or directory on the system.

Moreover FS access is formerly limited to /var/lib/tftproot by
tftp-root option.

Revision e5466a6e
Added by Davide Principi almost 5 years ago

Merge branch 'b2916'

Refs #2916

Revision afdf68ce
Added by Davide Principi almost 5 years ago

TFTP module merged into DHCP. Refs #2916

Revision 47cdc3ad
Added by Davide Principi almost 5 years ago

Dhcp UI module: fixed host name language labels. Refs #2916

Revision 82b29e55
Added by Davide Principi almost 5 years ago

dhcp page outdated warning. Refs #2916

History

#1 Updated by Stefano Fancello about 5 years ago

  • Status changed from NEW to TRIAGED
  • % Done changed from 0 to 20

#2 Updated by Stefano Fancello about 5 years ago

  • Status changed from TRIAGED to ON_DEV
  • Assignee set to Stefano Fancello
  • % Done changed from 20 to 30

#3 Updated by Stefano Fancello about 5 years ago

  • Status changed from ON_DEV to MODIFIED
  • % Done changed from 30 to 60

commit 9a5fa4c4e295a67d0e42d828bb218c9907b2b60e and f12e6cc81738e1ff19e5f42009a8fb80bf69f9a1 tftp branch

test case:
  • check that tftp db key has been removed
  • check that dnsmasq db key has 69 UDP port configured open
  • check tftp is working
    create a test file
     # echo "test"  > /var/lib/tftpboot/ foobar
     # chown nobody:nobody /var/lib/tftpboot/foobar
    

    from another machine, install tftp and get file
    Install tftp (on fedora)
     # yum install tftp
    

    allow incoming udp connection from our tftp server, load tftp conntrack module should be sufficient
     # modprobe nf_conntrack_tftp
    

    get file
     # tftp TFTP_SERVER_HOST
     tftp> get foobar
    

    quit from tftp with quit command and check that there is a foobar file in current dir
  • PXE boot server:
    The following instructions will create a PXE server to boot a CentOS.
    yum install syslinux
    cp /usr/share/syslinux/{pxelinux.0,menu.c32,memdisk,mboot.c32,chain.c32} /var/lib/tftpboot/
    config setprop dnsmasq dhcp-boot pxelinux.0
    signal-event nethserver-dnsmasq-save
    mkdir /var/lib/tftpboot/pxelinux.cfg
    

    Create the file /var/lib/tftpboot/pxelinux.cfg/default with the following content:
    default menu.c32
    prompt 0
    timeout 300
    
    MENU TITLE PXE Menu
    
    LABEL CentOS
      kernel CentOS/vmlinuz
      append initrd=CentOS/initrd.img
    

    Create a CentOS directory:
    mkdir -p /var/lib/tftpboot/CentOS
    

    Copy inside the directory vmlinuz and initrd.img files.
    These files can be found inside the ISO or browsing the yum os mirror.

try to boot a computer from network

#4 Updated by Stefano Fancello about 5 years ago

  • Status changed from MODIFIED to ON_QA
  • % Done changed from 60 to 70

repo testing nethserver-dnsmasq-1.2.1-3.0gitb35fbb2b.ns6.noarch.rpm

#5 Updated by Stefano Fancello about 5 years ago

  • Assignee deleted (Stefano Fancello)

#6 Updated by Giacomo Sanchietti about 5 years ago

Before release, remember to update developer and administrator manual.

#7 Updated by Davide Principi almost 5 years ago

  • Assignee set to Davide Principi

#8 Updated by Davide Principi almost 5 years ago

  • Status changed from ON_QA to VERIFIED
  • Assignee deleted (Davide Principi)
  • % Done changed from 70 to 90
  • UDPPorts has 69 appended, iptables says the port is open
  • nethserver-tftp package has been substituted by the modified version
  • tftp key has been deleted
  • In /var/log/messages:
    Oct 22 16:37:49 localhost dnsmasq-tftp[2546]: TFTP root is /var/lib/tftpboot secure mode
    
  • PXE boot works

#9 Updated by Davide Principi almost 5 years ago

NOTE: I suggest disabling TFTP access by default as PXE must be configured from console anyway

#10 Updated by Davide Principi almost 5 years ago

  • Status changed from VERIFIED to CLOSED
  • % Done changed from 90 to 100

In nethserver-updates:
nethserver-dnsmasq-1.3.0-1.ns6.noarch.rpm

Updated administrator manual

Also available in: Atom PDF