On 01/04/2018 09:36 PM, Joshua Chen wrote: > Hello Michael, > Thanks for the reply. > I did check this ceph doc at > http://docs.ceph.com/docs/master/rbd/iscsi-target-cli/ > And yes, I need acl instead of chap usr/passwd, but I will negotiate > with my colleagues for changing the management style. > Really appreciated for pointing the doc's bug and current status of > chap/acl limitation. looking forwarding to this ACL function adding to > gwcli. I made a patch for that here: https://github.com/ceph/ceph-iscsi-config/pull/44 It is enabled by default when you first create a initiator/client. If you have chap enabled but want to switch then when you do "auth nochap" it will switch to the initiator ACL. > > > Cheers > Joshua > > On Fri, Jan 5, 2018 at 12:47 AM, Michael Christie <mchristi@xxxxxxxxxx > <mailto:mchristi@xxxxxxxxxx>> wrote: > > On 01/04/2018 03:50 AM, Joshua Chen wrote: > > Dear all, > > Although I managed to run gwcli and created some iqns, or luns, > > but I do need some working config example so that my initiator could > > connect and get the lun. > > > > I am familiar with targetcli and I used to do the following ACL > style > > connection rather than password, > > the targetcli setting tree is here: > > What docs have you been using? Did you check out the gwcli man page and > upstream ceph doc: > > http://docs.ceph.com/docs/master/rbd/iscsi-target-cli/ > <http://docs.ceph.com/docs/master/rbd/iscsi-target-cli/> > > Let me know what is not clear in there. > > There is a bug in the upstream doc and instead of doing > > cd /iscsi-target/iqn.2003-01.com > <http://iqn.2003-01.com>.redhat.iscsi-gw:<target_name>/disks/ > > you do > > > cd /disks > > in step 3. Is that the issue you are hitting? > > > For gwcli, a client is the initiator. It only supports one way chap, so > there is just the 3 commands in those docs above. > > 1. create client/initiator-name. This is the same as creating the ACL in > targetcli. > > > create iqn.1994-05.com.redhat:15dbed23be9e > > 2. set CHAP username and password for that initiator. You have to do > this with gwcli right now due to a bug, or maybe feature :), in the > code. This is simiar to doing the set auth command in targetcli. > > auth chap=<user_name>/<password> > > 3. export a image as a lun. This is equivalent to creating the lun in > targetcli. > > disk add rbd.some-image > > > > > > (or see this page > <http://www.asiaa.sinica.edu.tw/~cschen/targetcli.html > <http://www.asiaa.sinica.edu.tw/~cschen/targetcli.html>>) > > > > #targetcli ls > > o- / > > > ......................................................................................................................... > > [...] > > o- backstores > > > .............................................................................................................. > > [...] > > | o- block > > > .................................................................................................. > > [Storage Objects: 1] > > | | o- vmware_5t > > .......................................................... > > [/dev/rbd/rbd/vmware_5t (5.0TiB) write-thru activated] > > | | o- alua > > > ................................................................................................... > > [ALUA Groups: 1] > > | | o- default_tg_pt_gp > > > ....................................................................... > > [ALUA state: Active/optimized] > > | o- fileio > > > ................................................................................................. > > [Storage Objects: 0] > > | o- pscsi > > > .................................................................................................. > > [Storage Objects: 0] > > | o- ramdisk > > > ................................................................................................ > > [Storage Objects: 0] > > | o- user:rbd > > > ............................................................................................... > > [Storage Objects: 0] > > o- iscsi > > > ............................................................................................................ > > [Targets: 1] > > | o- iqn.2017-12.asiaa.cephosd1:vmware5t > > > ............................................................................... > > [TPGs: 1] > > | o- tpg1 > > > .................................................................................................. > > [gen-acls, no-auth] > > | o- acls > > > ......................................................................................................... > > [ACLs: 12] > > | | o- iqn.1994-05.com.redhat:15dbed23be9e > > .................................................................. > > [Mapped LUNs: 1] > > | | | o- mapped_lun0 > > > ............................................................................. > > [lun0 block/vmware_5t (rw)] > > | | o- iqn.1994-05.com.redhat:15dbed23be9e-ovirt1 > > ........................................................... > [Mapped LUNs: 1] > > | | | o- mapped_lun0 > > > ............................................................................. > > [lun0 block/vmware_5t (rw)] > > | | o- iqn.1994-05.com.redhat:2af344ba6ae5-ceph-admin-test > > .................................................. [Mapped LUNs: 1] > > | | | o- mapped_lun0 > > > ............................................................................. > > [lun0 block/vmware_5t (rw)] > > | | o- iqn.1994-05.com.redhat:67669afedddf > > .................................................................. > > [Mapped LUNs: 1] > > | | | o- mapped_lun0 > > > ............................................................................. > > [lun0 block/vmware_5t (rw)] > > | | o- iqn.1994-05.com.redhat:67669afedddf-ovirt3 > > ........................................................... > [Mapped LUNs: 1] > > | | | o- mapped_lun0 > > > ............................................................................. > > [lun0 block/vmware_5t (rw)] > > | | o- iqn.1994-05.com.redhat:a7c1ec3c43f7 > > .................................................................. > > [Mapped LUNs: 1] > > | | | o- mapped_lun0 > > > ............................................................................. > > [lun0 block/vmware_5t (rw)] > > | | o- iqn.1994-05.com.redhat:a7c1ec3c43f7-ovirt2 > > ........................................................... > [Mapped LUNs: 1] > > | | | o- mapped_lun0 > > > ............................................................................. > > [lun0 block/vmware_5t (rw)] > > | | o- iqn.1994-05.com.redhat:b01662ec2129-ceph-node2 > > ....................................................... [Mapped > LUNs: 1] > > | | | o- mapped_lun0 > > > ............................................................................. > > [lun0 block/vmware_5t (rw)] > > | | o- iqn.1994-05.com.redhat:d46b42a1915b-ceph-node3 > > ....................................................... [Mapped > LUNs: 1] > > | | | o- mapped_lun0 > > > ............................................................................. > > [lun0 block/vmware_5t (rw)] > > | | o- iqn.1994-05.com.redhat:e7692a10f661-ceph-node1 > > ....................................................... [Mapped > LUNs: 1] > > | | | o- mapped_lun0 > > > ............................................................................. > > [lun0 block/vmware_5t (rw)] > > | | o- iqn.1998-01.com.vmware:localhost-0f904dfd > > ............................................................ [Mapped > > LUNs: 1] > > | | | o- mapped_lun0 > > > ............................................................................. > > [lun0 block/vmware_5t (rw)] > > | | o- iqn.1998-01.com.vmware:localhost-6af62e4c > > ............................................................ [Mapped > > LUNs: 1] > > | | o- mapped_lun0 > > > ............................................................................. > > [lun0 block/vmware_5t (rw)] > > | o- luns > > > .......................................................................................................... > > [LUNs: 1] > > | | o- lun0 .................................................... > > [block/vmware_5t (/dev/rbd/rbd/vmware_5t) (default_tg_pt_gp)] > > | o- portals > > > .................................................................................................... > > [Portals: 1] > > | o- 172.20.0.12:3260 <http://172.20.0.12:3260> > <http://172.20.0.12:3260> > > > ................................................................................................. > > [OK] > > o- loopback > > > ......................................................................................................... > > [Targets: 0] > > o- xen_pvscsi > > > ....................................................................................................... > > [Targets: 0] > > > > > > > > > > > > > > My targetcli setup procedure is like this, could someone translate > it to > > gwcli equivalent procedure? > > sorry for asking for this due to lack of documentation and examples. > > thanks in adavance > > > > Cheers > > Joshua > > > > > > > > > > targetcli /backstores/block create name=vmware_5t > dev=/dev/rbd/rbd/vmware_5t > > targetcli /iscsi/ create iqn.2017-12.asiaa.cephosd1:vmware5t > > targetcli /iscsi/iqn.2017-12.asiaa.cephosd1:vmware5t/tpg1/portals > delete > > ip_address=0.0.0.0 ip_port=3260 > > > > targetcli > > cd /iscsi/iqn.2017-12.asiaa.cephosd1:vmware5t/tpg1 > > portals/ create 172.20.0.12 > > acls/ > > create iqn.1994-05.com.redhat:e7692a10f661-ceph-node1 > > create iqn.1994-05.com.redhat:b01662ec2129-ceph-node2 > > create iqn.1994-05.com.redhat:d46b42a1915b-ceph-node3 > > create iqn.1994-05.com.redhat:15dbed23be9e > > create iqn.1994-05.com.redhat:a7c1ec3c43f7 > > create iqn.1994-05.com.redhat:67669afedddf > > create iqn.1994-05.com.redhat:15dbed23be9e-ovirt1 > > create iqn.1994-05.com.redhat:a7c1ec3c43f7-ovirt2 > > create iqn.1994-05.com.redhat:67669afedddf-ovirt3 > > create > iqn.1994-05.com.redhat:2af344ba6ae5-ceph-admin-test > > create iqn.1998-01.com.vmware:localhost-6af62e4c > > create iqn.1998-01.com.vmware:localhost-0f904dfd > > cd .. > > set attribute generate_node_acls=1 > > cd luns > > create /backstores/block/vmware_5t > > > > > > > > > > On Thu, Jan 4, 2018 at 10:55 AM, Joshua Chen > <cschen@xxxxxxxxxxxxxxxxxxx <mailto:cschen@xxxxxxxxxxxxxxxxxxx> > > <mailto:cschen@xxxxxxxxxxxxxxxxxxx > <mailto:cschen@xxxxxxxxxxxxxxxxxxx>>> wrote: > > > > I had the same problem before, mine is CentOS, and when I created > > /iscsi/create iqn_bla-bla > > it goes > > ocal LIO instance already has LIO configured with a target - > unable > > to continue > > > > > > > > then finally the solution happened to be, turn off target service > > > > systemctl stop target > > systemctl disable target > > > > > > somehow they are doing the same thing, you need to disable > 'target' > > service (targetcli) in order to allow gwcli (rbd-target-api) > do it's > > job. > > > > Cheers > > Joshua > > > > On Thu, Jan 4, 2018 at 2:39 AM, Mike Christie > <mchristi@xxxxxxxxxx <mailto:mchristi@xxxxxxxxxx> > > <mailto:mchristi@xxxxxxxxxx <mailto:mchristi@xxxxxxxxxx>>> wrote: > > > > On 12/25/2017 03:13 PM, Joshua Chen wrote: > > > Hello folks, > > > I am trying to share my ceph rbd images through iscsi > protocol. > > > > > > I am trying iscsi-gateway > > > http://docs.ceph.com/docs/master/rbd/iscsi-overview/ > <http://docs.ceph.com/docs/master/rbd/iscsi-overview/> > > <http://docs.ceph.com/docs/master/rbd/iscsi-overview/ > <http://docs.ceph.com/docs/master/rbd/iscsi-overview/>> > > > > > > > > > now > > > > > > systemctl start rbd-target-api > > > is working and I could run gwcli > > > (at a CentOS 7.4 osd node) > > > > > > gwcli > > > /> ls > > > o- / > > > > > > ......................................................................................................................... > > > [...] > > > o- clusters > > > > > > ........................................................................................................ > > > [Clusters: 1] > > > | o- ceph > > > > > > ............................................................................................................ > > > [HEALTH_OK] > > > | o- pools > > > > > > .......................................................................................................... > > > [Pools: 1] > > > | | o- rbd > > > > > > ........................................................................... > > > [(x3), Commit: 0b/25.9T (0%), Used: 395M] > > > | o- topology > > > > > > ................................................................................................ > > > [OSDs: 9,MONs: 3] > > > o- disks > > > > > > .......................................................................................................... > > > [0b, Disks: 0] > > > o- iscsi-target > > > > > > ..................................................................................................... > > > [Targets: 0] > > > > > > > > > but when I created iscsi-target, I got > > > > > > Local LIO instance already has LIO configured with a > target - > > unable to > > > continue > > > > > > > > > /> /iscsi-target create > > > iqn.2003-01.org.linux-iscsi.ceph-node1.x8664:sn.571e1ab51af2 > > > Local LIO instance already has LIO configured with a > target - > > unable to > > > continue > > > /> > > > > > > > > > Could you send the output of > > > > targetcli ls > > > > ? > > > > What distro are you using? > > > > You might just have a target setup from a non gwcli source. > > Maybe from > > the distro targetcli systemd tools. > > > > > > > > _______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
 |