openstack/bifrost
Code Issues Proposed changes

Revise TFTP settings and note configuration

Browse Source 
Revising the tftp settings to utilize tftp-hpa's secure mode and to
have explicit file paths.  Added note to give additional context
with regards to tftp-hpa's user privilege behavior.

Change-Id: I1f4c782de3851d1e86c22e972fb7c319b3ad07d0
This commit is contained in:
Julia Kreger 2015-09-08 15:37:06 -04:00
parent 7b751a492f
commit 7e914c73f3
2 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
playbooks/roles/bifrost-ironic-install/files/xinetd.tftp
View File

@ -4,9 +4,11 @@ service tftp
port = 69 port = 69
socket_type = dgram socket_type = dgram
wait = yes wait = yes
# Note(TheJulia): While the line below looks incorrect, tftp-hpa changes it it's
# effective user by default to the nobody user.
user = root user = root
server = /usr/sbin/in.tftpd server = /usr/sbin/in.tftpd
server_args = --map-file /tftpboot/map-file /tftpboot server_args = -v -v -v -v -s --map-file /tftpboot/map-file /tftpboot
disable = no disable = no
flags = IPv4 flags = IPv4
} }

4
playbooks/roles/bifrost-ironic-install/templates/dnsmasq.conf.j2
View File

@ -434,10 +434,10 @@ dhcp-range={{dhcp_pool_start}},{{dhcp_pool_end}},12h
# filenames, the first loads gPXE, and the second tells gPXE what to # filenames, the first loads gPXE, and the second tells gPXE what to
# load. The dhcp-match sets the gpxe tag for requests from gPXE. # load. The dhcp-match sets the gpxe tag for requests from gPXE.
dhcp-userclass=set:gpxe,"gPXE" dhcp-userclass=set:gpxe,"gPXE"
dhcp-boot=tag:gpxe,ipxe.pxe dhcp-boot=tag:gpxe,/ipxe.pxe
dhcp-match=set:ipxe,175 # iPXE sends a 175 option. dhcp-match=set:ipxe,175 # iPXE sends a 175 option.
dhcp-boot=tag:!ipxe,undionly.kpxe dhcp-boot=tag:!ipxe,/undionly.kpxe
{% if testing %} {% if testing %}
dhcp-boot=http://192.168.122.1:{{nginx_port}}/boot.ipxe dhcp-boot=http://192.168.122.1:{{nginx_port}}/boot.ipxe
{% else %} {% else %}