ironic pxe tftp（二）Permission denied

阿新 • • 發佈：2020-07-16

[root@bogon ~]# cd /etc/xinetd.d/
[root@bogon xinetd.d]# ls
chargen-dgram   daytime-dgram   discard-dgram   echo-dgram   tcpmux-server  time-dgram
chargen-stream  daytime-stream  discard-stream  echo-stream  tftp           time-stream
[root@bogon xinetd.d]# cat tftp 
# default: off
# description: The tftp server serves files  
using the trivial file transfer \
#       protocol.  The tftp protocol is often used to boot diskless \
#       workstations, download configuration files to network-aware printers, \
#       and to start the installation process for some operating systems.
service tftp
{
        socket_type              
= dgram
        protocol                = udp
        wait                    = yes
        user                    = root
        server                  = /usr/sbin/in.tftpd
        #server_args            = -s /var/lib/tftpboot
    server_args     = -v -v -v -v -v --map-file /tftpboot/map-file /tftpboot
        disable                  
= no
        per_source              = 11
        cps                     = 100 2
        flags                   = IPv4
}

如果回顯資訊顯示”Permission denied”，表示TFTP服務目錄“tftpboot”的訪問許可權未開啟。
執行vi /etc/sysconfig/selinux命令。
在回顯資訊中編輯修改如下。
SELINUX=permissive
按“ESC”。
按“Shift”+“:”，輸入wq，按“Enter”儲存並退出編輯。
執行sudo setenforce 0，開啟訪問許可權。

[root@bogon ~]# service firewalld status
Redirecting to /bin/systemctl status firewalld.service
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
   Active: active (running) since Thu 2020-07-16 04:25:51 CST; 5h 21min ago
     Docs: man:firewalld(1)
 Main PID: 1788 (firewalld)
    Tasks: 2
   CGroup: /system.slice/firewalld.service
           └─1788 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid

Jul 16 04:25:49 localhost.localdomain systemd[1]: Starting firewalld - dynamic firewall daemon...
Jul 16 04:25:51 localhost.localdomain systemd[1]: Started firewalld - dynamic firewall daemon.
[root@bogon ~]#

[root@bogon ~]# service firewalld status

service xinetd restart

[root@bogon data2]# tcpdump -i enahisic2i3.900 -T tftp -env 
tcpdump: listening on enahisic2i3.900, link-type EN10MB (Ethernet), capture size 262144 bytes

910, offset 0, flags [none], proto UDP (17), length 544)
    172.16.100.99.50487 > 172.16.100.82.51334:  516 DATA block 1284
10:11:02.059619 48:57:02:64:e7:ae > 48:57:02:64:ea:1e, ethertype IPv4 (0x0800), length 56: (tos 0x0, ttl 64, id 45169, offset 0, flags [DF], proto UDP (17), length 32)
    172.16.100.82.51334 > 172.16.100.99.50487:  4 ACK block 1284
10:11:02.059634 48:57:02:64:ea:1e > 48:57:02:64:e7:ae, ethertype IPv4 (0x0800), length 558: (tos 0x0, ttl 64, id 2911, offset 0, flags [none], proto UDP (17), length 544)
    172.16.100.99.50487 > 172.16.100.82.51334:  516 DATA block 1285
10:11:02.059672 48:57:02:64:e7:ae > 48:57:02:64:ea:1e, ethertype IPv4 (0x0800), length 56: (tos 0x0, ttl 64, id 45170, offset 0, flags [DF], proto UDP (17), length 32)
    172.16.100.82.51334 > 172.16.100.99.50487:  4 ACK block 1285
10:11:02.059686 48:57:02:64:ea:1e > 48:57:02:64:e7:ae, ethertype IPv4 (0x0800), length 558: (tos 0x0, ttl 64, id 2912, offset 0, flags [none], proto UDP (17), length 544)
    172.16.100.99.50487 > 172.16.100.82.51334:  516 DATA block 1286
10:11:02.059725 48:57:02:64:e7:ae > 48:57:02:64:ea:1e, ethertype IPv4 (0x0800), length 56: (tos 0x0, ttl 64, id 45171, offset 0, flags [DF], proto UDP (17), length 32)
    172.16.100.82.51334 > 172.16.100.99.50487:  4 ACK block 1286
10:11:02.059739 48:57:02:64:ea:1e > 48:57:02:64:e7:ae, ethertype IPv4 (0x0800), length 558: (tos 0x0, ttl 64, id 2913, offset 0, flags [none], proto UDP (17), length 544)