From 81948f5b16babde3b77af4c8af5ee9dbb8d7fcc3 Mon Sep 17 00:00:00 2001
From: "yann.degat" <yann.degat@ovhcloud.com>
Date: Thu, 22 Jun 2023 12:44:47 +0000
Subject: [PATCH] Use better default bind address for ironic-tftp

ironic tftp service binds on 0.0.0.0. This may be
an issue in some setup. This patch propose a better
default, such as using the same listen address as
the dnsmasq service

Closes-Bug: #2024664

Change-Id: I0401bfc03cd31d72c5a2ae0a111889d5c29a8aa2
---
 ansible/group_vars/all.yml                         | 3 +++
 ansible/roles/ironic/defaults/main.yml             | 1 +
 ansible/roles/ironic/templates/ironic-tftp.json.j2 | 2 +-
 3 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml
index 3094c830fd..f3794fa197 100644
--- a/ansible/group_vars/all.yml
+++ b/ansible/group_vars/all.yml
@@ -252,6 +252,7 @@ bifrost_network_interface: "{{ network_interface }}"
 dns_interface: "{{ network_interface }}"
 dpdk_tunnel_interface: "{{ neutron_external_interface }}"
 ironic_http_interface: "{{ api_interface }}"
+ironic_tftp_interface: "{{ api_interface }}"
 
 # Configure the address family (AF) per network.
 # Valid options are [ ipv4, ipv6 ]
@@ -267,12 +268,14 @@ bifrost_network_address_family: "{{ network_address_family }}"
 dns_address_family: "{{ network_address_family }}"
 dpdk_tunnel_address_family: "{{ network_address_family }}"
 ironic_http_address_family: "{{ api_address_family }}"
+ironic_tftp_address_family: "{{ api_address_family  }}"
 
 migration_interface_address: "{{ 'migration' | kolla_address }}"
 tunnel_interface_address: "{{ 'tunnel' | kolla_address }}"
 octavia_network_interface_address: "{{ 'octavia_network' | kolla_address }}"
 dpdk_tunnel_interface_address: "{{ 'dpdk_tunnel' | kolla_address }}"
 ironic_http_interface_address: "{{ 'ironic_http' | kolla_address }}"
+ironic_tftp_interface_address: "{{ 'ironic_tftp' | kolla_address }}"
 
 # Valid options are [ openvswitch, ovn, linuxbridge, vmware_nsxv, vmware_nsxv3, vmware_nsxp, vmware_dvs ]
 # Do note linuxbridge is *EXPERIMENTAL* in Neutron since Zed and it requires extra tweaks to config to be usable.
diff --git a/ansible/roles/ironic/defaults/main.yml b/ansible/roles/ironic/defaults/main.yml
index d37b36b0fa..7f10606d40 100644
--- a/ansible/roles/ironic/defaults/main.yml
+++ b/ansible/roles/ironic/defaults/main.yml
@@ -282,6 +282,7 @@ ironic_dnsmasq_uefi_ipxe_boot_file: "snponly.efi"
 ironic_cleaning_network:
 ironic_console_serial_speed: "115200n8"
 ironic_http_url: "http://{{ ironic_http_interface_address | put_address_in_context('url') }}:{{ ironic_http_port }}"
+ironic_tftp_listen_address: "{{ ironic_tftp_interface_address }}"
 ironic_enable_rolling_upgrade: "yes"
 ironic_upgrade_skip_wait_check: false
 ironic_inspector_kernel_cmdline_extras: []
diff --git a/ansible/roles/ironic/templates/ironic-tftp.json.j2 b/ansible/roles/ironic/templates/ironic-tftp.json.j2
index 28b394e0cf..24b0545920 100644
--- a/ansible/roles/ironic/templates/ironic-tftp.json.j2
+++ b/ansible/roles/ironic/templates/ironic-tftp.json.j2
@@ -11,7 +11,7 @@
 {% set pxe_cfg = 'grub.cfg' if enable_ironic_pxe_uefi | bool else 'default' %}
 
 {
-    "command": "/usr/sbin/in.tftpd --verbose --foreground --user nobody --address 0.0.0.0:69 --map-file /map-file /var/lib/ironic/tftpboot",
+    "command": "/usr/sbin/in.tftpd --verbose --foreground --user nobody --address {{ ironic_tftp_listen_address }}:69 --map-file /map-file /var/lib/ironic/tftpboot",
     "config_files": [
 {% if not ironic_dnsmasq_serve_ipxe | bool and groups['ironic-inspector'] | length > 0 %}
 {% if not enable_ironic_pxe_uefi | bool %}