- Part 1 – running tftp server non root (xinetd)
- Part 2 – the tftp client requires firewalld changes as well
- Part 3 – replacing xinetd with systemd (this blog post)
Oooh, nice one systemd.
During my investigation in Part 1, I tried to eliminate xinetd as the reason for the misbehaviour.
I started up the tftp socket:
● tftp.socket - Tftp Server Activation Socket Loaded: loaded (/usr/lib/systemd/system/tftp.socket; disabled; vendor preset: disabled) Active: active (listening) since Tue 2019-03-12 17:03:11 UTC; 3h 16min ago Listen: [::]:69 (Datagram)
And the really cool thing about that is that it works just like xinetd. tftpd.service is still disabled, but this acts as a listener, and starts that service when a connection arrives.
No need to install something else.
You then have to supply modifications to the tftpd.service definition to change its parameters.
- I’ve blogged about doing that.
- It does NOT use the xinetd configuration file (which tftp-server package still installs.)
tftp.socket
Don’t forget to get rid of xinetd if you don’t need it; otherwise it may still be listening on port 69, and systemd won’t be doing much. If you do need xinetd, set ‘disable’ to yes in /etc/xinetd.d/tftp.
# yum erase xinetd # systemctl enable tftp.socket # systemctl start tftp.socket # systemctl status tftp.socket ● tftp.socket - Tftp Server Activation Socket Loaded: loaded (/usr/lib/systemd/system/tftp.socket; enabled; vendor preset: disabled) Active: active (listening) since Wed 2019-05-01 16:10:34 UTC; 32min ago Listen: [::]:69 (Datagram)
tftp.service
Via a drop-in file, I’ve reconfigured it to
- serve up a different location
- log more verbosely
- keep running for five minutes
- use a specific account (not ‘nobody’) to do the actual tftping.
# systemctl cat tftp.service # /usr/lib/systemd/system/tftp.service [Unit] Description=Tftp Server Requires=tftp.socket Documentation=man:in.tftpd [Service] ExecStart=/usr/sbin/in.tftpd -s /var/lib/tftpboot StandardInput=socket [Install] Also=tftp.socket # /etc/systemd/system/tftp.service.d/params.conf # managed by puppet profile::build::tftp [Service] ExecStart= ExecStart=/usr/sbin/in.tftpd -s /srv/tftp/pxe -vv -u tftp --ipv4 --timeout 300
Normally, it’s inactive and disabled:
● tftp.service - Tftp Server
Loaded: loaded (/usr/lib/systemd/system/tftp.service; indirect; vendor preset: disabled)
Drop-In: /etc/systemd/system/tftp.service.d
└─params.conf
Active: inactive (dead)
Docs: man:in.tftpd
Trigger it ..
$ tftp -4 -v 192.168.1.221 -c get pxelinux.cfg/dhcpbasic_template Connected to 192.168.1.221 (192.168.1.221), port 69 getting from 192.168.1.221:pxelinux.cfg/dhcpbasic_template to dhcpbasic_template [netascii] Received 293 bytes in 0.1 seconds [17818 bit/s]
then
# systemctl status tftp.service ● tftp.service - Tftp Server Loaded: loaded (/usr/lib/systemd/system/tftp.service; indirect; vendor preset: disabled) Drop-In: /etc/systemd/system/tftp.service.d └─params.conf Active: active (running) since Wed 2019-05-01 16:42:55 UTC; 8s ago Docs: man:in.tftpd Main PID: 5887 (in.tftpd) CGroup: /system.slice/tftp.service └─5887 /usr/sbin/in.tftpd -s /srv/tftp/pxe -vv -u tftp --ipv4 --timeout 300 May 01 16:42:55 systemd[1]: Started Tftp Server.
Log entries for actual TFTP traffic still only appear in /var/log/messages; journald doesn’t pick them up, so you can’t get the traffic logging this way:
# journalctl --unit=tftp.service
thewatertower.org 
Leave a comment