Enable tftp service and firewall rules for vCenter 6 Appliance Autodeploy and make them persistent

When using the vCenter 6 appliance as an Autodeploy server you can also use the appliance as your TFTP-server. But for that to work you need to start that service and enable access to it via a firewall rule.

Of course you also need to enable the Autodeploy service itself, which can be done from the vSphere Web Client under Home - Administration - Deployment - System Configuration - Services. 

To enable the TFTP-server that is already installed on the appliance access the console of the appliance or access the appliance with SSH. Enable the shell with the instructions that will be printed on the screen after connecting:

​shell.set --enabled True
shell

Login as root and run this command to start the TFTP server:

service atftpd start

And to make this permanent to start after the appliance is rebooted execute this command:

insserv atftpd    (ignore any messages about syslog for runlevel 2, not relevant to this service)

Next you need to enable the firewall rule to allow clients to access this service:

iptables -A port_filter -p udp -m udp --dport 69 -j ACCEPT

This is not persistent, how to set the firewall rule as persistent is described in a knowledge base article or you can follow my instructions below, which also will work.

The Autodeploy TFTP service is unreachable on vCenter Server Appliance 6.0(2116018)

My way of making the iptables rules persistent is to load them after a reboot from the after.local script. First set the firewall rule with the command described above and then save the current active rules to a file:

iptables-save > /etc/iptables.rules

Next edit the file /etc/init.d/after.local and add this line:

iptables-restore -c < /etc/iptables.rules

This will execute this command and reload the firewall tables after the system is initialized.

 

 

 

 

 

Tags:
Follow us on LinkedIn

  

   

   

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer