That is Awesome! and wonderful,
Thanks for making this acl option available.
Cheers
Joshua
On Sat, Jan 6, 2018 at 7:17 AM, Mike Christie <mchristi@xxxxxxxxxx> wrote:
On 01/04/2018 09:36 PM, Joshua Chen wrote:
> Hello Michael,
> Thanks for the reply.
> I did check this ceph doc at
> http://docs.ceph.com/docs/master/rbd/iscsi-target-cli/
> And yes, I need acl instead of chap usr/passwd, but I will negotiate
> with my colleagues for changing the management style.
> Really appreciated for pointing the doc's bug and current status of
> chap/acl limitation. looking forwarding to this ACL function adding to
> gwcli.
I made a patch for that here:
https://github.com/ceph/ceph-iscsi-config/pull/44
It is enabled by default when you first create a initiator/client. If
you have chap enabled but want to switch then when you do "auth nochap"
it will switch to the initiator ACL.
>
>
> Cheers
> Joshua
>
> On Fri, Jan 5, 2018 at 12:47 AM, Michael Christie <mchristi@xxxxxxxxxx
> <mailto:mchristi@xxxxxxxxxx>> wrote:
>
> On 01/04/2018 03:50 AM, Joshua Chen wrote:
> > Dear all,
> > Although I managed to run gwcli and created some iqns, or luns,
> > but I do need some working config example so that my initiator could
> > connect and get the lun.
> >
> > I am familiar with targetcli and I used to do the following ACL
> style
> > connection rather than password,
> > the targetcli setting tree is here:
>
> What docs have you been using? Did you check out the gwcli man page and
> upstream ceph doc:
>
> http://docs.ceph.com/docs/master/rbd/iscsi-target-cli/
> <http://docs.ceph.com/docs/master/rbd/iscsi-target-cli/ >
>
> Let me know what is not clear in there.
>
> There is a bug in the upstream doc and instead of doing
> > cd /iscsi-target/iqn.2003-01.com
> <http://iqn.2003-01.com>.redhat.iscsi-gw:<target_name>/ disks/
>
> you do
>
> > cd /disks
>
> in step 3. Is that the issue you are hitting?
>
>
> For gwcli, a client is the initiator. It only supports one way chap, so
> there is just the 3 commands in those docs above.
>
> 1. create client/initiator-name. This is the same as creating the ACL in
> targetcli.
>
> > create iqn.1994-05.com.redhat:15dbed23be9e
>
> 2. set CHAP username and password for that initiator. You have to do
> this with gwcli right now due to a bug, or maybe feature :), in the
> code. This is simiar to doing the set auth command in targetcli.
>
> auth chap=<user_name>/<password>
>
> 3. export a image as a lun. This is equivalent to creating the lun in
> targetcli.
>
> disk add rbd.some-image
>
>
> >
> > (or see this page
> <http://www.asiaa.sinica.edu.tw/~cschen/targetcli.html
> <http://www.asiaa.sinica.edu.tw/~cschen/targetcli.html >>)
> >
> > #targetcli ls
> > o- /
> >
> ............................................................ .............................. .............................. .
> > [...]
> > o- backstores
> >
> ............................................................ .............................. ....................
> > [...]
> > | o- block
> >
> ............................................................ .............................. ........
> > [Storage Objects: 1]
> > | | o- vmware_5t
> > ..........................................................
> > [/dev/rbd/rbd/vmware_5t (5.0TiB) write-thru activated]
> > | | o- alua
> >
> ............................................................ .............................. .........
> > [ALUA Groups: 1]
> > | | o- default_tg_pt_gp
> >
> ............................................................ ...........
> > [ALUA state: Active/optimized]
> > | o- fileio
> >
> ............................................................ .............................. .......
> > [Storage Objects: 0]
> > | o- pscsi
> >
> ............................................................ .............................. ........
> > [Storage Objects: 0]
> > | o- ramdisk
> >
> ............................................................ .............................. ......
> > [Storage Objects: 0]
> > | o- user:rbd
> >
> ............................................................ .............................. .....
> > [Storage Objects: 0]
> > o- iscsi
> >
> ............................................................ .............................. ..................
> > [Targets: 1]
> > | o- iqn.2017-12.asiaa.cephosd1:vmware5t
> >
> ............................................................ ...................
> > [TPGs: 1]
> > | o- tpg1
> >
> ............................................................ .............................. ........
> > [gen-acls, no-auth]
> > | o- acls
> >
> ............................................................ .............................. ...............
> > [ACLs: 12]
> > | | o- iqn.1994-05.com.redhat:15dbed23be9e
> > ............................................................ ......
> > [Mapped LUNs: 1]
> > | | | o- mapped_lun0
> >
> ............................................................ .................
> > [lun0 block/vmware_5t (rw)]
> > | | o- iqn.1994-05.com.redhat:15dbed23be9e-ovirt1
> > ...........................................................
> [Mapped LUNs: 1]
> > | | | o- mapped_lun0
> >
> ............................................................ .................
> > [lun0 block/vmware_5t (rw)]
> > | | o- iqn.1994-05.com.redhat:2af344ba6ae5-ceph-admin-test
> > .................................................. [Mapped LUNs: 1]
> > | | | o- mapped_lun0
> >
> ............................................................ .................
> > [lun0 block/vmware_5t (rw)]
> > | | o- iqn.1994-05.com.redhat:67669afedddf
> > ............................................................ ......
> > [Mapped LUNs: 1]
> > | | | o- mapped_lun0
> >
> ............................................................ .................
> > [lun0 block/vmware_5t (rw)]
> > | | o- iqn.1994-05.com.redhat:67669afedddf-ovirt3
> > ...........................................................
> [Mapped LUNs: 1]
> > | | | o- mapped_lun0
> >
> ............................................................ .................
> > [lun0 block/vmware_5t (rw)]
> > | | o- iqn.1994-05.com.redhat:a7c1ec3c43f7
> > ............................................................ ......
> > [Mapped LUNs: 1]
> > | | | o- mapped_lun0
> >
> ............................................................ .................
> > [lun0 block/vmware_5t (rw)]
> > | | o- iqn.1994-05.com.redhat:a7c1ec3c43f7-ovirt2
> > ...........................................................
> [Mapped LUNs: 1]
> > | | | o- mapped_lun0
> >
> ............................................................ .................
> > [lun0 block/vmware_5t (rw)]
> > | | o- iqn.1994-05.com.redhat:b01662ec2129-ceph-node2
> > ....................................................... [Mapped
> LUNs: 1]
> > | | | o- mapped_lun0
> >
> ............................................................ .................
> > [lun0 block/vmware_5t (rw)]
> > | | o- iqn.1994-05.com.redhat:d46b42a1915b-ceph-node3
> > ....................................................... [Mapped
> LUNs: 1]
> > | | | o- mapped_lun0
> >
> ............................................................ .................
> > [lun0 block/vmware_5t (rw)]
> > | | o- iqn.1994-05.com.redhat:e7692a10f661-ceph-node1
> > ....................................................... [Mapped
> LUNs: 1]
> > | | | o- mapped_lun0
> >
> ............................................................ .................
> > [lun0 block/vmware_5t (rw)]
> > | | o- iqn.1998-01.com.vmware:localhost-0f904dfd
> > ............................................................ [Mapped
> > LUNs: 1]
> > | | | o- mapped_lun0
> >
> ............................................................ .................
> > [lun0 block/vmware_5t (rw)]
> > | | o- iqn.1998-01.com.vmware:localhost-6af62e4c
> > ............................................................ [Mapped
> > LUNs: 1]
> > | | o- mapped_lun0
> >
> ............................................................ .................
> > [lun0 block/vmware_5t (rw)]
> > | o- luns
> >
> ............................................................ .............................. ................
> > [LUNs: 1]
> > | | o- lun0 ....................................................
> > [block/vmware_5t (/dev/rbd/rbd/vmware_5t) (default_tg_pt_gp)]
> > | o- portals
> >
> ............................................................ .............................. ..........
> > [Portals: 1]
> > | o- 172.20.0.12:3260 <http://172.20.0.12:3260>
> <http://172.20.0.12:3260>
> >
> ............................................................ .............................. .......
> > [OK]
> > o- loopback
> >
> ............................................................ .............................. ...............
> > [Targets: 0]
> > o- xen_pvscsi
> >
> ............................................................ .............................. .............
> > [Targets: 0]
> >
> >
> >
> >
> >
> >
> > My targetcli setup procedure is like this, could someone translate
> it to
> > gwcli equivalent procedure?
> > sorry for asking for this due to lack of documentation and examples.
> > thanks in adavance
> >
> > Cheers
> > Joshua
> >
> >
> >
> >
> > targetcli /backstores/block create name=vmware_5t
> dev=/dev/rbd/rbd/vmware_5t
> > targetcli /iscsi/ create iqn.2017-12.asiaa.cephosd1:vmware5t
> > targetcli /iscsi/iqn.2017-12.asiaa.cephosd1:vmware5t/tpg1/portals
> delete
> > ip_address=0.0.0.0 ip_port=3260
> >
> > targetcli
> > cd /iscsi/iqn.2017-12.asiaa.cephosd1:vmware5t/tpg1
> > portals/ create 172.20.0.12
> > acls/
> > create iqn.1994-05.com.redhat:e7692a10f661-ceph-node1
> > create iqn.1994-05.com.redhat:b01662ec2129-ceph-node2
> > create iqn.1994-05.com.redhat:d46b42a1915b-ceph-node3
> > create iqn.1994-05.com.redhat:15dbed23be9e
> > create iqn.1994-05.com.redhat:a7c1ec3c43f7
> > create iqn.1994-05.com.redhat:67669afedddf
> > create iqn.1994-05.com.redhat:15dbed23be9e-ovirt1
> > create iqn.1994-05.com.redhat:a7c1ec3c43f7-ovirt2
> > create iqn.1994-05.com.redhat:67669afedddf-ovirt3
> > create
> iqn.1994-05.com.redhat:2af344ba6ae5-ceph-admin-test
> > create iqn.1998-01.com.vmware:localhost-6af62e4c
> > create iqn.1998-01.com.vmware:localhost-0f904dfd
> > cd ..
> > set attribute generate_node_acls=1
> > cd luns
> > create /backstores/block/vmware_5t
> >
> >
> >
> >
> > On Thu, Jan 4, 2018 at 10:55 AM, Joshua Chen
> <cschen@xxxxxxxxxxxxxxxxxxx <mailto:cschen@asiaa.sinica.edu.tw >
> > <mailto:cschen@asiaa.sinica.edu.tw
> <mailto:cschen@asiaa.sinica.edu.tw >>> wrote:
> >
> > I had the same problem before, mine is CentOS, and when I created
> > /iscsi/create iqn_bla-bla
> > it goes
> > ocal LIO instance already has LIO configured with a target -
> unable
> > to continue
> >
> >
> >
> > then finally the solution happened to be, turn off target service
> >
> > systemctl stop target
> > systemctl disable target
> >
> >
> > somehow they are doing the same thing, you need to disable
> 'target'
> > service (targetcli) in order to allow gwcli (rbd-target-api)
> do it's
> > job.
> >
> > Cheers
> > Joshua
> >
> > On Thu, Jan 4, 2018 at 2:39 AM, Mike Christie
> <mchristi@xxxxxxxxxx <mailto:mchristi@xxxxxxxxxx>
> > <mailto:mchristi@xxxxxxxxxx <mailto:mchristi@xxxxxxxxxx>>> wrote:
> >
> > On 12/25/2017 03:13 PM, Joshua Chen wrote:
> > > Hello folks,
> > > I am trying to share my ceph rbd images through iscsi
> protocol.
> > >
> > > I am trying iscsi-gateway
> > > http://docs.ceph.com/docs/master/rbd/iscsi-overview/
> <http://docs.ceph.com/docs/master/rbd/iscsi-overview/ >
> > <http://docs.ceph.com/docs/master/rbd/iscsi-overview/
> <http://docs.ceph.com/docs/master/rbd/iscsi-overview/ >>
> > >
> > >
> > > now
> > >
> > > systemctl start rbd-target-api
> > > is working and I could run gwcli
> > > (at a CentOS 7.4 osd node)
> > >
> > > gwcli
> > > /> ls
> > > o- /
> > >
> >
> ............................................................ .............................. .............................. .
> > > [...]
> > > o- clusters
> > >
> >
> ............................................................ .............................. ..............
> > > [Clusters: 1]
> > > | o- ceph
> > >
> >
> ............................................................ .............................. ..................
> > > [HEALTH_OK]
> > > | o- pools
> > >
> >
> ............................................................ .............................. ................
> > > [Pools: 1]
> > > | | o- rbd
> > >
> >
> ............................................................ ...............
> > > [(x3), Commit: 0b/25.9T (0%), Used: 395M]
> > > | o- topology
> > >
> >
> ............................................................ .............................. ......
> > > [OSDs: 9,MONs: 3]
> > > o- disks
> > >
> >
> ............................................................ .............................. ................
> > > [0b, Disks: 0]
> > > o- iscsi-target
> > >
> >
> ............................................................ .............................. ...........
> > > [Targets: 0]
> > >
> > >
> > > but when I created iscsi-target, I got
> > >
> > > Local LIO instance already has LIO configured with a
> target -
> > unable to
> > > continue
> > >
> > >
> > > /> /iscsi-target create
> > > iqn.2003-01.org.linux-iscsi.ceph-node1.x8664:sn. 571e1ab51af2
> > > Local LIO instance already has LIO configured with a
> target -
> > unable to
> > > continue
> > > />
> > >
> >
> >
> > Could you send the output of
> >
> > targetcli ls
> >
> > ?
> >
> > What distro are you using?
> >
> > You might just have a target setup from a non gwcli source.
> > Maybe from
> > the distro targetcli systemd tools.
> >
> >
> >
>
>
_______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
