Bug 2026765

Summary: Can't define a TFTP server without a DHCP server in network configuration
Product: Red Hat Enterprise Linux 9 Reporter: Jiri Kortus <jikortus>
Component: libvirtAssignee: Michal Privoznik <mprivozn>
libvirt sub component: General QA Contact: yalzhang <yalzhang>
Status: CLOSED ERRATA Docs Contact:
Severity: unspecified    
Priority: unspecified CC: dzheng, jdenemar, mprivozn, pkrempa, xuzhang, yanqzhan, yicui
Version: 9.0Keywords: Triaged, Upstream
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: libvirt-8.5.0-1.el9 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-11-15 10:03:03 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version: 8.5.0
Embargoed:

Description Jiri Kortus 2021-11-25 18:27:21 UTC 
Description of problem:
I hit the following issue with libvirt related to TFTP server setup: I needed to reconfigure an existing libvirt network to provide PXE boot. Initially, I had an existing DHCP configuration in place, based on dhcpd. I also had the isolated libvirt network setup without DHCP configuration (provided by dhcpd). Then a need came for TFTP server and as tftp-server is not available on RHEL-9, I thought I will just use the existing setup and let dnsmasq perform the TFTP server function via libvirt network configuration.

Adding only <tftp root='/var/lib/tftpboot'/> into the network definition didn't make any change to the real configuration, virsh net-edit <network> didn't show the change, as well as dnsmasq configuration file for the particular network. However, after also adding DHCP server configuration for the network, the TFTP configuration was put in place as well.

I can imagine my intended setup (DNS + TFTP via libvirt/dnsmasq and DHCP via dhcpd) can be quite unusual, although I think it should be possible to configure all of the services potentially covered by dnsmasq separately, without any unnecessary dependece among them.

Also there's another related issue - after running virsh net-create net.xml, the network is created despite parts of the XML (TFTP server configuration in my case) were ignored and no feedback (error message) was displayed.

Version-Release number of selected component (if applicable):
RHEL-9.0.0-20211122.0 / libvirt-7.9.0-1.el9.x86_64 (dnsmasq-2.85-2.el9.x86_64)

How reproducible:
100%

Steps to Reproduce:
1. Install libvirt and start libvirtd service.
2. Either create or edit an existing network, so that it defines a TFTP server, but not a DHCP server.
3. Create / restart the network with the new definition.

Actual results:
Check the network configuration - via virsh net-edit and in the running dnsmasq network configuration.

Expected results:
The network definition and running dnsmasq configuration doesn't contain TFTP server setup.

Additional info:
The network definition and running dnsmasq configuration contains TFTP server setup even without DHCP server configured in the network definition.
Comment 1 Peter Krempa 2021-11-26 07:40:09 UTC 
Generally we don't try to support every possible configuration but only those which make sense together with the usecase of running VMs. Thus any more complex setup as in the case of running a different DHCP server are not something we've designed this for, as it's not a general purpose dnsmasq config tool. That said I'm not against the idea altogheter, I just don't think this is justified for a downstream RFE.
Comment 4 Michal Privoznik 2021-12-09 15:57:14 UTC 
@jikortus is there need for this bug to be private? We like to have bugs open by default (until they contain customer sensitive data) and include links in commits. Can you please make it public?
Comment 5 Michal Privoznik 2021-12-09 16:18:33 UTC 
v1:

https://listman.redhat.com/archives/libvir-list/2021-December/msg00357.html
Comment 6 Jiri Kortus 2021-12-10 10:20:02 UTC 
Michal: Sure, I'll make it public. Thank you for fixing this bug!
Comment 7 Michal Privoznik 2022-06-01 07:46:16 UTC 
Merged upstream as:

12be42ee7e network: Generate TFTP config regardless of DHCP
bab462db6e network: Separate DHCP config generator into a function
314dac422d network: Initialize variables in networkDnsmasqConfContents()

v8.4.0-5-g12be42ee7e
Comment 8 yalzhang@redhat.com 2022-06-02 06:22:01 UTC 
Reproduce the bug on libvirt-8.3.0-1.el9.x86_64
1. define and start a network with tftp setting, but no dhcp enabled:
# virsh net-dumpxml net_boot
<network>
  <name>net_boot</name>
  <uuid>bdaf91ff-5f91-4edb-ab9f-6ac6253cae31</uuid>
  <forward mode='nat'>
    <nat>
      <port start='1024' end='65535'/>
    </nat>
  </forward>
  <bridge name='virbr1' stp='on' delay='0'/>
  <mac address='52:54:00:10:0b:a1'/>
  <ip address='192.168.120.1' netmask='255.255.255.0'>
    <tftp root='/var/lib/tftpboot'/>
  </ip>
</network>

# cat /var/lib/libvirt/dnsmasq/net_boot.conf
##WARNING:  THIS IS AN AUTO-GENERATED FILE. CHANGES TO IT ARE LIKELY TO BE
##OVERWRITTEN AND LOST.  Changes to this configuration should be made using:
##    virsh net-edit net_boot
## or other application using the libvirt API.
##
## dnsmasq conf file created by libvirt
strict-order
pid-file=/run/libvirt/network/net_boot.pid
except-interface=lo
bind-dynamic
interface=virbr1
addn-hosts=/var/lib/libvirt/dnsmasq/net_boot.addnhosts

there is no tftp related settings in the conf file.

Test on  v8.4.0-83-g215b2466cd:
When there is no tftp folder prepared, the network will fail to start:
# virsh net-start net_boot
error: Failed to start network net_boot
error: internal error: Child process (VIR_BRIDGE_NAME=virbr1 /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/net_boot.conf --leasefile-ro --dhcp-script=/usr/libexec/libvirt_leaseshelper) unexpected exit status 3: 
dnsmasq: TFTP directory /var/lib/tftpboot inaccessible: No such file or directory

When the tftp folder prepared, start the network:
# virsh net-start net_boot
Network net_boot started
# cat net_boot.conf
##WARNING:  THIS IS AN AUTO-GENERATED FILE. CHANGES TO IT ARE LIKELY TO BE
##OVERWRITTEN AND LOST.  Changes to this configuration should be made using:
##    virsh net-edit net_boot
## or other application using the libvirt API.
##
## dnsmasq conf file created by libvirt
strict-order
pid-file=/run/libvirt/network/net_boot.pid
except-interface=lo
bind-dynamic
interface=virbr1
enable-tftp
tftp-root=/var/lib/tftpboot
addn-hosts=/var/lib/libvirt/dnsmasq/net_boot.addnhosts

# netstat -anu  | grep ":69 "
udp        0      0 192.168.120.1:69        0.0.0.0:*    

try to get a file on the host:
# tftp  192.168.120.1 -c get pxelinux.0
# ll pxelinux.0 
-rw-r--r--. 1 root root 42681 Jun  2 06:06 pxelinux.0

Start a vm which connected to this network, configure a static ip like 192.168.120.20/24, and try to get a file:
# tftp  192.168.120.1 -c get pxelinux.0
# ll pxelinux.0
-rw-r--r--. 1 root root 42681 Jun  2 14:18 pxelinux.0
Comment 11 yalzhang@redhat.com 2022-07-08 01:07:05 UTC 
Test on libvirt-8.5.0-1.el9.x86_64 with the same steps in comment 8, the result is as expected.
Comment 13 errata-xmlrpc 2022-11-15 10:03:03 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Low: libvirt security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:8003