Drop external tftp service in favor to use dnsmasq's one

Dnsmasq has own internal TFTP service limited to read-only operations,
but it's enough for PXE boot. Xinetd has been removed from Fedora 34.

Co-Authored-By: Dmitry Tantsur <dtantsur@protonmail.com>
Change-Id: Id34867b98b51835a1e07ffc2f7c8d41e02d8452d

playbooks/roles/bifrost-ironic-install/defaults/main.yml

@@ -9,6 +9,7 @@ cleaning_disk_erase: false
 # cycle
 fast_track: true
 
+tftp_boot_folder: /tftpboot
 http_boot_folder: /httpboot
 ironic_tftp_master_path: /var/lib/ironic/master_images
 staging_drivers_include: false

playbooks/roles/bifrost-ironic-install/defaults/required_defaults_Debian_family.yml

@@ -19,9 +19,6 @@ required_packages:
   - libssl-dev
   - libxml2-dev
   - ipxe
-  - tftpd-hpa
-  - tftp-hpa
-  - xinetd
   - parted
   - ipmitool
   - psmisc

playbooks/roles/bifrost-ironic-install/defaults/required_defaults_Fedora.yml

@@ -37,7 +37,5 @@ required_packages:
   - shim-x64
   - socat
   - syslinux-nonlinux
-  - tftp-server
   - wget
-  - xinetd
   - dosfstools

playbooks/roles/bifrost-ironic-install/defaults/required_defaults_RedHat_family.yml

@@ -19,8 +19,6 @@ required_packages:
   - openssl-devel
   - libxml2-devel
   - ipxe-bootimgs
-  - tftp-server
-  - xinetd
   - parted
   - ipmitool
   - psmisc

playbooks/roles/bifrost-ironic-install/defaults/required_defaults_Suse_family.yml

@@ -24,8 +24,6 @@ required_packages:
   - libxml2-devel
   - ipxe-bootimgs
   - qemu-ipxe
-  - tftp
-  - xinetd
   - parted
   - ipmitool
   - psmisc

playbooks/roles/bifrost-ironic-install/defaults/required_defaults_Ubuntu.yml

@@ -12,9 +12,6 @@ required_packages:
   - libssl-dev
   - libxml2-dev
   - ipxe
-  - tftpd-hpa
-  - tftp-hpa
-  - xinetd
   - parted
   - ipmitool
   - iptables

playbooks/roles/bifrost-ironic-install/files/tftpboot-map-file

@@ -1,2 +0,0 @@
-r ^([^/]) /tftpboot/\1
-r ^(/tftpboot/) /tftpboot/\2

playbooks/roles/bifrost-ironic-install/files/xinetd.tftp

@@ -1,14 +0,0 @@
-service tftp
-{
-  protocol        = udp
-  port            = 69
-  socket_type     = dgram
-  wait            = yes
-  # Note(TheJulia): While the line below looks incorrect, tftp-hpa changes its
-  # effective user by default to the nobody user.
-  user            = root
-  server          = /usr/sbin/in.tftpd
-  server_args     = -v -v -v -v -s --map-file /tftpboot/map-file /tftpboot
-  disable         = no
-  flags           = IPv4
-}

playbooks/roles/bifrost-ironic-install/tasks/bootstrap.yml

@@ -427,8 +427,8 @@
         setype: tftpdir_t
         state: present
       loop:
-        - /tftpboot
-        - /tftpboot/pxelinux.cfg
+        - "{{ tftp_boot_folder }}"
+        - "{{ tftp_boot_folder }}/pxelinux.cfg"
 
     - name: "Add proper context on created data for http_boot"
       sefcontext:
@@ -444,7 +444,7 @@
       command: restorecon -iRv {{ item }}
       loop:
         - "{{ http_boot_folder }}"
-        - /tftpboot
+        - "{{ tftp_boot_folder }}"
   when: (ansible_os_family == 'RedHat' or ansible_os_family == 'Suse') and
          ansible_selinux.status == 'enabled' and ansible_selinux.mode == "enforcing"
 - name: "Configure remote logging"

playbooks/roles/bifrost-ironic-install/tasks/create_tftpboot.yml

@@ -18,27 +18,45 @@
 - name: "Set up PXE and iPXE folders"
   file: name={{ item }} owner=ironic group=ironic state=directory mode=0755
   loop:
-    - /tftpboot
-    - /tftpboot/pxelinux.cfg
+    - "{{ tftp_boot_folder }}"
+    - "{{ tftp_boot_folder }}/pxelinux.cfg"
     - "{{ http_boot_folder }}"
     - "{{ http_boot_folder }}/pxelinux.cfg"
 
-- name: "Place tftpd map-file"
-  copy:
-    src: tftpboot-map-file
-    dest: /tftpboot/map-file
-    owner: ironic
-    group: ironic
-    mode: 0644
-
 - name: "Disable service {{ tftp_service_name }}"
   service: name="{{ tftp_service_name }}" state=stopped enabled=no
+  ignore_errors: yes
 
 - name: "Place boot.ipxe helper script /etc/ironic"
   copy: src=boot.ipxe dest=/etc/ironic/boot.ipxe owner=ironic group=ironic mode=0744
 
-- name: "Place tftp config file"
-  copy: src=xinetd.tftp dest=/etc/xinetd.d/tftp
+# NOTE(dtantsur): the code to migrate from xinetd can be removed after Xena
+
+- name: "Find xinetd TFTP service configs"
+  find:
+    paths:
+    - /etc/xinetd.d
+    patterns:
+    - "tftp*"
+    follow: yes
+  register: xinetd_tftp_services
+
+- name: "Disable xinetd TFTP service"
+  lineinfile:
+    path: "{{ item }}"
+    line: '  disable         = yes'
+    regexp: '^\s*disable\s*='
+    insertafter: '^{$'
+  loop: "{{ xinetd_tftp_services.files | map(attribute='path') | list }}"
+  register: xinetd_tftp_disable
+  when: xinetd_tftp_services.matched > 0
+
+- name: "Restart xinetd"
+  service:
+    name: xinetd
+    state: restarted
+  when: xinetd_tftp_services.matched > 0
+        and xinetd_tftp_disable is changed
 
 - name: "Download ipxe files if asked"
   include: get_ipxe.yml
@@ -47,7 +65,7 @@
 - name: "Copy iPXE image into place"
   copy:
     src: "{{ ipxe_dir }}/undionly.kpxe"
-    dest: /tftpboot/
+    dest: "{{ tftp_boot_folder }}"
     owner: ironic
     group: ironic
     mode: 0644
@@ -66,7 +84,7 @@
 - name: "Copy full iPXE image into /tftpboot"
   copy:
     src: "{{ ipxe_dir }}/{{ ipxe_full_binary }}"
-    dest: /tftpboot/
+    dest: "{{ tftp_boot_folder }}"
     owner: ironic
     group: ironic
     mode: 0644
@@ -102,7 +120,7 @@
     - name: "Copy iPXE EFI image into /tftpboot"
       copy:
         src: "{{ ipxe_dir }}/{{ ipxe_efi_binary }}"
-        dest: /tftpboot/
+        dest: "{{ tftp_boot_folder }}"
         owner: ironic
         group: ironic
         mode: 0644

playbooks/roles/bifrost-ironic-install/tasks/start.yml

@@ -42,11 +42,8 @@
 - name: "Start ironic-api"
   service: name=ironic-api state=restarted
 
-- name: "Ensure services are running with current config"
-  service: name={{ item }} state=restarted enabled=yes
-  loop:
-    - xinetd
-    - nginx
+- name: "Ensure nginx is running with current config"
+  service: name=nginx state=restarted enabled=yes
 
 - name: "Start ironic-prometheus-exporter"
   include: prometheus_exporter_start.yml
@@ -63,12 +60,9 @@
     - dnsmasq
   when: include_dhcp_server | bool
 
-- name: "Send services a reload signal"
-  service: name={{ item }} state=reloaded
-  loop:
-    - xinetd
-    - nginx
+- name: "Send nginx a reload signal"
+  service: name=nginx state=reloaded
 
-- name: "Send services a force-reload signal"
+- name: "Send dnsmasq a force-reload signal"
   service: name=dnsmasq state=restarted
   when: include_dhcp_server | bool

playbooks/roles/bifrost-ironic-install/templates/dnsmasq.conf.j2

@@ -115,3 +115,6 @@ dhcp-boot=/undionly.kpxe
 log-queries
 log-dhcp
 {% endif %}
+
+enable-tftp
+tftp-root={{ tftp_boot_folder }}

releasenotes/notes/no-xinetd-199ba2496469142c.yaml

@@ -0,0 +1,13 @@
+---
+features:
+  - |
+    Supports customizing the TFTP directory via the new parameter
+    ``tftp_boot_folder``.
+upgrade:
+  - |
+    Switches TFTP handling from Xinetd to dnsmasq, which must be enabled for
+    TFTP boot to work.
+fixes:
+  - |
+    Fixes Fedora 34 support by switching from the removed Xinetd to
+    dnsmasq for TFTP boot.