subject:"\[ClusterLabs\] chap lio\-t \/ iscsitarget disabled \- why\?"

Re: [ClusterLabs] chap lio-t / iscsitarget disabled - why?

2018-04-03 Thread Valentin Vidic

On Tue, Apr 03, 2018 at 04:48:00PM +0200, Stefan Friedel wrote:
> we've a running drbd - iscsi cluster (two nodes Debian stretch, pacemaker /
> corosync, res group w/ ip + iscsitarget/lio-t + iscsiluns + lvm etc. on top of
> drbd etc.). Everything is running fine - but we didn't manage to get CHAP to
> work. targetcli / lio-t always switches the authentication off after a 
> migration
> or restart.
> 
> I found the following lines in the iSCSITarget resource file (Debian stretch
> /usr/lib/ocf/resource.d/heartbeat/iSCSITarget, also in
> https://github.com/ClusterLabs/resource-agents/blob/master/heartbeat/iSCSITarget.in):
> 
>[...]
># TODO: add CHAP authentication support when it gets added back into LIO
>ocf_run targetcli /iscsi/${OCF_RESKEY_iqn}/tpg1/ set attribute 
> authentication=0 || exit $OCF_ERR_GENERIC
>[...]

Yes, another comment in that file suggests that CHAP support was not
available at that time (2009) in lio and/or lio-t:

lio|lio-t)
# TODO: Remove incoming_username and incoming_password
# from this check when LIO 3.0 gets CHAP authentication
unsupported_params="tid incoming_username incoming_password"
;;

If you get it working with the current version of targetcli-fb, you can
create a pull request in the ClusterLabs repo :)

-- 
Valentin
___
Users mailing list: Users@clusterlabs.org
https://lists.clusterlabs.org/mailman/listinfo/users

Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org

[ClusterLabs] chap lio-t / iscsitarget disabled - why?

2018-04-03 Thread Stefan Friedel

Hi all,

we've a running drbd - iscsi cluster (two nodes Debian stretch, pacemaker /
corosync, res group w/ ip + iscsitarget/lio-t + iscsiluns + lvm etc. on top of
drbd etc.). Everything is running fine - but we didn't manage to get CHAP to
work. targetcli / lio-t always switches the authentication off after a migration
or restart.

I found the following lines in the iSCSITarget resource file (Debian stretch
/usr/lib/ocf/resource.d/heartbeat/iSCSITarget, also in
https://github.com/ClusterLabs/resource-agents/blob/master/heartbeat/iSCSITarget.in):

   [...]
   # TODO: add CHAP authentication support when it gets added back into LIO
   ocf_run targetcli /iscsi/${OCF_RESKEY_iqn}/tpg1/ set attribute 
authentication=0 || exit $OCF_ERR_GENERIC
   [...]

(l384ff on github).

This targetcli command actually disables authentication...but why? Is the
assumption "LIO does not offer CHAP support" still true? Anybody out there who
is successfully using lio-t + iSCSITarget + CHAP?

Any hint is welcome!

MfG/Sincerely
Stefan Friedel
--
IWR * 4.317 * INF205 * 69120 Heidelberg
T +49 6221 5414404 * F +49 6221 5414427
stefan.frie...@iwr.uni-heidelberg.de


signature.asc
Description: signature
___
Users mailing list: Users@clusterlabs.org
https://lists.clusterlabs.org/mailman/listinfo/users

Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org

Re: [ClusterLabs] chap lio-t / iscsitarget disabled - why?

[ClusterLabs] chap lio-t / iscsitarget disabled - why?

2 matches

Site Navigation

Mail list logo

Footer information