Hi Nicholas,
This is a good option.
The solution seems to be good for a small set of IP/initiator pair. But
it will not scale for 100s of servers.
Regards,
Vaibhav
On 05/16/2015 12:31 AM, Nicholas A. Bellinger wrote:
Hi Kumar,
On Thu, 2015-05-14 at 17:25 +0530, Kumar Vaibhav wrote:
Hi,
I use iscsi targets for booting my 100 diskless servers.
They are all identified uniquely based on their IP address (BIOS get
from DHCP).
This was working well by having one target for each host and their
access is controlled by /etc/initiators.allow.
So When machine boots it gets IP from DHCP and based on its IP it can
see only one target and boot with the disk associated with the target.
But in the new LIO implementation I cannot find any way to provide IP
address based Target access control.
Is there anyway to do this? Or any workaround for this problem?
As Thomas mentioned, access control with iscsi-target to individual
TargetName+TargetPortalGroupTag endpoints is done using InitiatorName
and/or CHAP authentication credentials.
One option for your use-case would be use NIC aliases (eg: eth0:0) with
specific IP addresses that are used as network portals to individual
TargetName+TargetPortalGroupTag endpoints.
This can be used in combination with iptables rules to limit traffic
from a specific initiator IP to individual target endpoints containing
the aliased network portal IPs.
HTH.
--nab
--
To unsubscribe from this list: send the line "unsubscribe target-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
