Re: iSCSI GW trusted IPs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I just setup iscisi on a reef cluster and I couldn’t add targets properly until I put in the username and password entered for the gateways via the "Discovery Authentication" button at the top of the targets page in the iscsi area.  I don’t remember if the quincy console had that though.  In my previous setup, it was something you entered through the command line.

-Brent

-----Original Message-----
From: Ramon Orrù <ramon.orru@xxxxxxxxxxx> 
Sent: Wednesday, November 15, 2023 6:27 AM
To: ceph-users@xxxxxxx
Subject:  iSCSI GW trusted IPs

Hi,
I’m configuring  the  iSCSI GW services on a quincy  17.2.3 cluster.

I brought almost everything up and running (using cephadm), but I’m stuck in a configuration detail:

if I check the gateway status in the   Block -> iSCSI -> Overview section of the dashboard, they’re showing “Down” status, while the gateways are actually running. It makes me think the mgr is not able to talk with iSCSI APIs in order to collect info on the gateways, despite I correctly added my mgr hosts IPs to the trusted_ip_list parameter in my iscsi service definition yaml.

While further checking the gateway logs I found some messages like: 

debug ::ffff:172.17.17.22 - - [15/Nov/2023 10:54:05] "GET /api/config?decrypt_passwords=True HTTP/1.1" 200 - debug ::ffff:172.17.17.22 - - [15/Nov/2023 10:54:05] "GET /api/_ping HTTP/1.1" 200 - debug ::ffff:172.17.17.22 - - [15/Nov/2023 10:54:05] "GET /api/gatewayinfo HTTP/1.1" 200 -

Just after I reload the dashboard page. So I tried to add the 172.17.17.22 IP address to trusted_ip_list and it worked: iSCSI gateways status went green and Up on the dashboard.
It sounds to me like it's some container private network address, but I can’t find any evidence of it when inspecting the containers cephadm spawned.

My question is: how can I identify the IPs I need to make the iSCSI gateways properly reachable? I tried to add the whole  172.16.0.0/24 private class but no luck , the iscsi container starts but is not allowing  172.17.17.22 to access the APIs.

Thanks in advance

regards

Ramon


_______________________________________________
ceph-users mailing list -- ceph-users@xxxxxxx To unsubscribe send an email to ceph-users-leave@xxxxxxx
_______________________________________________
ceph-users mailing list -- ceph-users@xxxxxxx
To unsubscribe send an email to ceph-users-leave@xxxxxxx
[Index of Archives]     [Information on CEPH]     [Linux Filesystem Development]     [Ceph Development]     [Ceph Large]     [Ceph Dev]     [Linux USB Development]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [xfs]

  Powered by Linux