On 10/15/2014 03:02 AM, Andy Grover wrote:
On 10/13/2014 08:37 PM, Rufe Glick wrote:
Hello all,
I'm just starting to learn the targetcli. Examples on internet that
set up 'TPG demo mode' along with authentication=0,
generate_noide_acls=1 and demo_mode_write_protect=0 parameters use
cache_dynamic_acls=1. I figured what the first three parameters do,
but I can't find information on the fourth - cache_dynamic_acls. Can
someone please explain me what does that parameter do. Also what are
dynamic acls?
I think dynamic acls are those that are created when generate_node_acls
is true -- they're not created through configfs but they exist because
the code requires an ACL to exist for every initiator.
This is correct.
By default, each initiator who wants to connect to a target needs to
have a corresponding ACL, allowing the initiator WWN to connect. We have
a "demo mode" though, which basically allows any initiator to connect.
This works by creating node ACLs on-the-fly internally and corresponds
to the generate_node_acls attribute set to 1.
I did a quick grep of the code and it didn't seem to me like
cache_dynamic_acls actually affects Lio's behavior, but maybe I missed
something.
Here is my understanding.
When dynamic ACLs are used (generate_node_acls == 1), se_node_acls
structs are created on-the-fly for initiators. The cache_dynamic_acls=1
effect is to keep those around and reuse them instead of re-creating new
ones. From a functional standpoint, this has an effect on the
persistence of some SCSI persistent reservations operations.
However, since a couple of years or so, when generate_node_acls is set
to 1 and cache_dynamic_acls is set to 0, the iSCSI kernel code should
detect it and set cache_dynamic_acls to 1 in the iscsi_tpg_attrib struct
internally, allowing reservation code to reuse dynamic ACL structures
when they already exist.
In the qla2xxx case, cache_dynamic_acls defaults to 1, along with
read-only, login-only TPG demo-mode access. This can have side-effects
when auto_enable_tpg is set, and one wants to move out of the login-only
demo mode. For more information, see
http://comments.gmane.org/gmane.linux.scsi.target.devel/5192
Another question -- is there any better documentation available for
targetcli? I found the man page for targetcli version 2.1.fb34-1 that
comes with CentOS 7 pretty scanty. The man page from github repository
(https://github.com/agrover/targetcli-fb/blob/master/targetcli.8) is a
bit better, but still doesn't thoroughly describe all available
configuration parameters.
Marc beat me to it, but again the linux-iscsi.org portal has a great
deal of socumentation and examples.
Do you have some specific parameters that you think we should document
better? Docs certainly could be made comprehensive, but it would help to
know where to focus first.
Regards -- Andy
--
To unsubscribe from this list: send the line "unsubscribe target-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe target-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
