Hi,
Why exactly can you not use ACLs? Maybe it is possible to tweak them
so that they will work for your use-case ?
Not tested at all, not even compile tested, but this might do what you want :
(I doubt this kind of feature will go into mainline)
{
int cnt = 0;
struct list_head *tmp;
list_for_each(tmp, &target->it_nexus_list)
cnt++;
if (cnt > 1)
return -EEXIST;
}
On Mon, Jan 21, 2013 at 8:12 PM, Bruno Condez <bcondez@xxxxxxxxxxxxx> wrote:
> Hi Everyone,
>
> I'm looking for what I hope to be a quick help from you stgt developers.
>
> I run stgt 1.0.33 on a Centos 6.2 OS and i'm looking for a way to limit
> the number of sessions a target can have.
>
> A bit of background:
> I have a bunch of client computers booting their OS through software iSCSI
> by leveraging iPXE.
> I pxe boot iPXE which then presents a LUN to the computer as a local disk
> which then instructs such computer to boot from it.
> These computers are used by different users who need their own OS
> customized a specific way and bootable from different computers (same
> hardware through).
>
> Each user as it's own target.
> A boot menu exists that allows a user to choose his own target (OS image)
> from a list.
> Now, the reason why I need to limit the number of sessions is to prevent 2
> users from booting the same LUN. Users can make mistakes and accidentally
> (or on purpose) boot someone else's LUNs.
>
> There are reasons why setting up CHAP authentication or initiator ACLs
> will not work for this specific setup.
>
> Hence, limiting the sessions per targets is the desired effect that works
> for this setup.
>
> I have found a patch from 2008 that makes every target allow only a single
> session.
> In particular, the code below does the trick:
>
> diff --git a/usr/target.c b/usr/target.c
> index dc30c87..91085dc 100644
> --- a/usr/target.c
> +++ b/usr/target.c
> @@ -248,6 +248,9 @@ int it_nexus_create(int tid, uint64_t itn_id, int
> host_no, char *info)
>
> target = target_lookup(tid);
>
> + if (!list_empty(&target->it_nexus_list))
> + return -EEXIST;
> +
> itn = zalloc(sizeof(*itn));
> if (!itn)
> return -ENOMEM;
>
>
>
> I've applied that patch to the current code (git'ed today) and it does
> work as intended.
>
> However, I actually need it to allow a max of 2 sessions per target.
> This is because, during initial boot, iPXE creates a session and presents
> the LUN to the computer.; which then boots from that LUN and during boot
> the OS detects it's on iSCSI and takes over iSCSI handling from
> iPXE by establishing a new session to the same target.
> When this happens, in tgtadm output I see two sessions from the same IP,
> though the original session shows 0 connections and the second session 1
> connection (the actual OS). But for tgt, there are still two sessions.
>
> So, would it be possible to have a patch similar to the above but that
> allows a max of 2 sessions? Or a user configurable value?
>
> I realize this is a very specific request. I'm ok with this patch being
> ad-hoc, not officially supported and me having to deal with it on my own.
> I would do such patch myself but my knowledge of C is zero.
>
> I do appreciate any help in getting this specific request going.
>
> Cheers,
> Bruno
>
>
> ________________________________
>
> Riot Games Ltd, Registered in Ireland No 483483. Registered Office 1st Floor, Beaux Lane House, Lower Mercer Street, Dublin 2
> --
> To unsubscribe from this list: send the line "unsubscribe stgt" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe stgt" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
