I have a switch whose firmware was in dire need of being updated. Thing is, the switch will only take the upgrade firmware if it is offered by a tftp server, don't ask me why. And that is something I tend not to have running; last time I used one was to network boot Solaris boxes. Sounds like an excuse to write another article.
Just to be different I will be deploying this on a Ubuntu Linux host instead of a CentOS/RedHat one as I usually do. Why? Doing the same all the time gets boring quickly. So, let's see which versions of tftpd we can pick and choose:
raub@desktop:~$ apt-cache search tftpd tftpd-hpa - HPA's tftp server atftpd - advanced TFTP server libnet-tftpd-perl - Perl extension for Trivial File Transfer Protocol Server tftpd - Trivial file transfer protocol server uec-provisioning-tftpd - the UEC Provisioning TFTP server raub@desktop:~$
After careful scientific consideration, the atftpd one sounds more interesting (Multi-threaded TFTP server implementing extension and multicast), so we will pick that one. I think this is the part of the show in which we go through the steps to do the deed:
A good place to start is to install it. I like command line and apt-get, so I think
sudo apt-get install atftpd
should do the trick. Of course you can use aptitude or the GUI. But I am lazy.
Traditionally the directory used to put stuff that will be shared by tftp is /tftpboot, but current practice is to use /srv/tftp. In fact, atftpd does create /srv/tftp for you. For the same of showing how to customize things, let's say we want to be old school. And that means creating /tftpboot ourselves:
sudo mkdir /tftpboot sudo chmod -R 777 /tftpboot sudo chown -R nobody:nogroup /tftpboot
This might be a good time to put the files we want to be shared, in this example a file called image.bin in /tftpboot
We need to configure it by editing /etc/default/atftpd. Here is what mine looks like
raub@desktop:~$ cat /etc/default/atftpd USE_INETD=false OPTIONS="--tftpd-timeout 300 --retry-timeout 5 --port=69 --mcast-port 1758 --mcast-addr 192.168.0.0-255 --mcast-ttl 1 --maxthread 100 --verbose=7 /tftpboot" raub@desktop:~$
where:
- --port=69 we are forcing it to use the default tftp port
- --mcast-addr 192.168.0.0-255 specifies the multicast address range we will be using. Being lazy, I am using the entire 192.168.0.0/24 range
- /tftpboot is the directory we will be sharing as explained above. By default the config file specifies /srv/tftp which means if we put our file in /tftpboot we would get a message like
Sep 13 13:54:00 desktop atftpd[28045]: File /srv/tftp/image.bin not found
when we try to fetch the file
- --verbose=7 is the highest amount of verbose we can use. By default its value is set to 5.
Once it starts properly (service atftpd start should be enough to start it), you should see something like
raub@desktop:~$ ps -ef|grep ftp raub 16510 11504 0 15:26 pts/11 00:00:00 grep ftp nobody 28161 1 0 Sep13 ? 00:00:00 /usr/sbin/atftpd --daemon --tftpd-timeout 300 --retry-timeout 5 --port=69 --mcast-port 1758 --mcast-addr 192.168.0.0-255 --mcast-ttl 1 --maxthread 100 --verbose=7 /tftpboot raub@desktop:~$
- --port=69 we are forcing it to use the default tftp port
How to get the file using tftp is beyond this discussion because it depends on your OS and the tftp client you are using. For instance the switch might show a webpage where you can configure the name of the tftp server -- 192.168.0.102 in my example -- and the name of the file you want to grab. What is more interesting is to see how the entire enchilada from we started the tftp server until we get the file image.bin looks like. By default (can be configured) we would see that in /var/log/syslog:
Sep 13 13:55:52 desktop systemd[1]: Starting LSB: Launch atftpd server... Sep 13 13:55:52 desktop atftpd[28160]: Advanced Trivial FTP server started (0.7) Sep 13 13:55:52 desktop atftpd[28153]: Starting Advanced TFTP server: atftpd. Sep 13 13:55:52 desktop atftpd[28161]: running in daemon mode on port 69 Sep 13 13:55:52 desktop atftpd[28161]: logging level: 7 Sep 13 13:55:52 desktop atftpd[28161]: directory: /tftpboot/ Sep 13 13:55:52 desktop atftpd[28161]: user: nobody.nogroup Sep 13 13:55:52 desktop atftpd[28161]: log file: syslog Sep 13 13:55:52 desktop atftpd[28161]: not forcing to listen on local interfaces. Sep 13 13:55:52 desktop atftpd[28161]: server timeout: Not used Sep 13 13:55:52 desktop atftpd[28161]: tftp retry timeout: 5 Sep 13 13:55:52 desktop atftpd[28161]: maximum number of thread: 100 Sep 13 13:55:52 desktop atftpd[28161]: option timeout: enabled Sep 13 13:55:52 desktop atftpd[28161]: option tzise: enabled Sep 13 13:55:52 desktop atftpd[28161]: option blksize: enabled Sep 13 13:55:52 desktop atftpd[28161]: option multicast: enabled Sep 13 13:55:52 desktop atftpd[28161]: address range: 192.168.0.0-255 Sep 13 13:55:52 desktop atftpd[28161]: port range: 1758 Sep 13 13:55:52 desktop systemd[1]: Started LSB: Launch atftpd server. Sep 13 13:55:59 desktop atftpd[28161]: socket may listen on any address, including broadcast Sep 13 13:55:59 desktop atftpd[28161]: Creating new socket: 192.168.0.102:45115 Sep 13 13:55:59 desktop atftpd[28161]: Serving image.bin to 192.168.0.3:2295 Sep 13 13:56:03 desktop atftpd[28161]: End of transfer Sep 13 13:56:03 desktop atftpd[28161]: Server thread exiting
The underline on the entry when the file image.bin is transferred was added to make it easy to see. And that is pretty much all I had to do. Once file was transfered, I stopped atftpd and then remove it
sudo apt-get remove --purge atftpd
because I do not like to have unused services running.
PS: Always backup your switch/network device's config before upgrading its firmware in case it reverts to default as part of the upgrade process. Guess who forgot to do that? Good thing I had good notes and could reconfigure it using the time-honored cut-n-paste technique
No comments:
Post a Comment