That is Awesome! and wonderful, Thanks for making this acl option available.
Cheers Joshua On Sat, Jan 6, 2018 at 7:17 AM, Mike Christie <mchri...@redhat.com> wrote: > On 01/04/2018 09:36 PM, Joshua Chen wrote: > > Hello Michael, > > Thanks for the reply. > > I did check this ceph doc at > > http://docs.ceph.com/docs/master/rbd/iscsi-target-cli/ > > And yes, I need acl instead of chap usr/passwd, but I will negotiate > > with my colleagues for changing the management style. > > Really appreciated for pointing the doc's bug and current status of > > chap/acl limitation. looking forwarding to this ACL function adding to > > gwcli. > > I made a patch for that here: > > https://github.com/ceph/ceph-iscsi-config/pull/44 > > It is enabled by default when you first create a initiator/client. If > you have chap enabled but want to switch then when you do "auth nochap" > it will switch to the initiator ACL. > > > > > > > > Cheers > > Joshua > > > > On Fri, Jan 5, 2018 at 12:47 AM, Michael Christie <mchri...@redhat.com > > <mailto:mchri...@redhat.com>> wrote: > > > > On 01/04/2018 03:50 AM, Joshua Chen wrote: > > > Dear all, > > > Although I managed to run gwcli and created some iqns, or luns, > > > but I do need some working config example so that my initiator > could > > > connect and get the lun. > > > > > > I am familiar with targetcli and I used to do the following ACL > > style > > > connection rather than password, > > > the targetcli setting tree is here: > > > > What docs have you been using? Did you check out the gwcli man page > and > > upstream ceph doc: > > > > http://docs.ceph.com/docs/master/rbd/iscsi-target-cli/ > > <http://docs.ceph.com/docs/master/rbd/iscsi-target-cli/> > > > > Let me know what is not clear in there. > > > > There is a bug in the upstream doc and instead of doing > > > cd /iscsi-target/iqn.2003-01.com > > <http://iqn.2003-01.com>.redhat.iscsi-gw:<target_name>/disks/ > > > > you do > > > > > cd /disks > > > > in step 3. Is that the issue you are hitting? > > > > > > For gwcli, a client is the initiator. It only supports one way chap, > so > > there is just the 3 commands in those docs above. > > > > 1. create client/initiator-name. This is the same as creating the > ACL in > > targetcli. > > > > > create iqn.1994-05.com.redhat:15dbed23be9e > > > > 2. set CHAP username and password for that initiator. You have to do > > this with gwcli right now due to a bug, or maybe feature :), in the > > code. This is simiar to doing the set auth command in targetcli. > > > > auth chap=<user_name>/<password> > > > > 3. export a image as a lun. This is equivalent to creating the lun in > > targetcli. > > > > disk add rbd.some-image > > > > > > > > > > (or see this page > > <http://www.asiaa.sinica.edu.tw/~cschen/targetcli.html > > <http://www.asiaa.sinica.edu.tw/~cschen/targetcli.html>>) > > > > > > #targetcli ls > > > o- / > > > > > ............................................................ > ............................................................. > > > [...] > > > o- backstores > > > > > ............................................................ > .................................................. > > > [...] > > > | o- block > > > > > ............................................................ > ...................................... > > > [Storage Objects: 1] > > > | | o- vmware_5t > > > .......................................................... > > > [/dev/rbd/rbd/vmware_5t (5.0TiB) write-thru activated] > > > | | o- alua > > > > > ............................................................ > ....................................... > > > [ALUA Groups: 1] > > > | | o- default_tg_pt_gp > > > > > ............................................................ > ........... > > > [ALUA state: Active/optimized] > > > | o- fileio > > > > > ............................................................ > ..................................... > > > [Storage Objects: 0] > > > | o- pscsi > > > > > ............................................................ > ...................................... > > > [Storage Objects: 0] > > > | o- ramdisk > > > > > ............................................................ > .................................... > > > [Storage Objects: 0] > > > | o- user:rbd > > > > > ............................................................ > ................................... > > > [Storage Objects: 0] > > > o- iscsi > > > > > ............................................................ > ................................................ > > > [Targets: 1] > > > | o- iqn.2017-12.asiaa.cephosd1:vmware5t > > > > > ............................................................ > ................... > > > [TPGs: 1] > > > | o- tpg1 > > > > > ............................................................ > ...................................... > > > [gen-acls, no-auth] > > > | o- acls > > > > > ............................................................ > ............................................. > > > [ACLs: 12] > > > | | o- iqn.1994-05.com.redhat:15dbed23be9e > > > .................................................................. > > > [Mapped LUNs: 1] > > > | | | o- mapped_lun0 > > > > > ............................................................ > ................. > > > [lun0 block/vmware_5t (rw)] > > > | | o- iqn.1994-05.com.redhat:15dbed23be9e-ovirt1 > > > ........................................................... > > [Mapped LUNs: 1] > > > | | | o- mapped_lun0 > > > > > ............................................................ > ................. > > > [lun0 block/vmware_5t (rw)] > > > | | o- iqn.1994-05.com.redhat:2af344ba6ae5-ceph-admin-test > > > .................................................. [Mapped LUNs: > 1] > > > | | | o- mapped_lun0 > > > > > ............................................................ > ................. > > > [lun0 block/vmware_5t (rw)] > > > | | o- iqn.1994-05.com.redhat:67669afedddf > > > .................................................................. > > > [Mapped LUNs: 1] > > > | | | o- mapped_lun0 > > > > > ............................................................ > ................. > > > [lun0 block/vmware_5t (rw)] > > > | | o- iqn.1994-05.com.redhat:67669afedddf-ovirt3 > > > ........................................................... > > [Mapped LUNs: 1] > > > | | | o- mapped_lun0 > > > > > ............................................................ > ................. > > > [lun0 block/vmware_5t (rw)] > > > | | o- iqn.1994-05.com.redhat:a7c1ec3c43f7 > > > .................................................................. > > > [Mapped LUNs: 1] > > > | | | o- mapped_lun0 > > > > > ............................................................ > ................. > > > [lun0 block/vmware_5t (rw)] > > > | | o- iqn.1994-05.com.redhat:a7c1ec3c43f7-ovirt2 > > > ........................................................... > > [Mapped LUNs: 1] > > > | | | o- mapped_lun0 > > > > > ............................................................ > ................. > > > [lun0 block/vmware_5t (rw)] > > > | | o- iqn.1994-05.com.redhat:b01662ec2129-ceph-node2 > > > ....................................................... [Mapped > > LUNs: 1] > > > | | | o- mapped_lun0 > > > > > ............................................................ > ................. > > > [lun0 block/vmware_5t (rw)] > > > | | o- iqn.1994-05.com.redhat:d46b42a1915b-ceph-node3 > > > ....................................................... [Mapped > > LUNs: 1] > > > | | | o- mapped_lun0 > > > > > ............................................................ > ................. > > > [lun0 block/vmware_5t (rw)] > > > | | o- iqn.1994-05.com.redhat:e7692a10f661-ceph-node1 > > > ....................................................... [Mapped > > LUNs: 1] > > > | | | o- mapped_lun0 > > > > > ............................................................ > ................. > > > [lun0 block/vmware_5t (rw)] > > > | | o- iqn.1998-01.com.vmware:localhost-0f904dfd > > > ............................................................ > [Mapped > > > LUNs: 1] > > > | | | o- mapped_lun0 > > > > > ............................................................ > ................. > > > [lun0 block/vmware_5t (rw)] > > > | | o- iqn.1998-01.com.vmware:localhost-6af62e4c > > > ............................................................ > [Mapped > > > LUNs: 1] > > > | | o- mapped_lun0 > > > > > ............................................................ > ................. > > > [lun0 block/vmware_5t (rw)] > > > | o- luns > > > > > ............................................................ > .............................................. > > > [LUNs: 1] > > > | | o- lun0 .............................. > ...................... > > > [block/vmware_5t (/dev/rbd/rbd/vmware_5t) (default_tg_pt_gp)] > > > | o- portals > > > > > ............................................................ > ........................................ > > > [Portals: 1] > > > | o- 172.20.0.12:3260 <http://172.20.0.12:3260> > > <http://172.20.0.12:3260> > > > > > ............................................................ > ..................................... > > > [OK] > > > o- loopback > > > > > ............................................................ > ............................................. > > > [Targets: 0] > > > o- xen_pvscsi > > > > > ............................................................ > ........................................... > > > [Targets: 0] > > > > > > > > > > > > > > > > > > > > > My targetcli setup procedure is like this, could someone translate > > it to > > > gwcli equivalent procedure? > > > sorry for asking for this due to lack of documentation and > examples. > > > thanks in adavance > > > > > > Cheers > > > Joshua > > > > > > > > > > > > > > > targetcli /backstores/block create name=vmware_5t > > dev=/dev/rbd/rbd/vmware_5t > > > targetcli /iscsi/ create iqn.2017-12.asiaa.cephosd1:vmware5t > > > targetcli /iscsi/iqn.2017-12.asiaa.cephosd1:vmware5t/tpg1/portals > > delete > > > ip_address=0.0.0.0 ip_port=3260 > > > > > > targetcli > > > cd /iscsi/iqn.2017-12.asiaa.cephosd1:vmware5t/tpg1 > > > portals/ create 172.20.0.12 > > > acls/ > > > create iqn.1994-05.com.redhat: > e7692a10f661-ceph-node1 > > > create iqn.1994-05.com.redhat: > b01662ec2129-ceph-node2 > > > create iqn.1994-05.com.redhat: > d46b42a1915b-ceph-node3 > > > create iqn.1994-05.com.redhat:15dbed23be9e > > > create iqn.1994-05.com.redhat:a7c1ec3c43f7 > > > create iqn.1994-05.com.redhat:67669afedddf > > > create iqn.1994-05.com.redhat:15dbed23be9e-ovirt1 > > > create iqn.1994-05.com.redhat:a7c1ec3c43f7-ovirt2 > > > create iqn.1994-05.com.redhat:67669afedddf-ovirt3 > > > create > > iqn.1994-05.com.redhat:2af344ba6ae5-ceph-admin-test > > > create iqn.1998-01.com.vmware:localhost-6af62e4c > > > create iqn.1998-01.com.vmware:localhost-0f904dfd > > > cd .. > > > set attribute generate_node_acls=1 > > > cd luns > > > create /backstores/block/vmware_5t > > > > > > > > > > > > > > > On Thu, Jan 4, 2018 at 10:55 AM, Joshua Chen > > <csc...@asiaa.sinica.edu.tw <mailto:csc...@asiaa.sinica.edu.tw> > > > <mailto:csc...@asiaa.sinica.edu.tw > > <mailto:csc...@asiaa.sinica.edu.tw>>> wrote: > > > > > > I had the same problem before, mine is CentOS, and when I > created > > > /iscsi/create iqn_bla-bla > > > it goes > > > ocal LIO instance already has LIO configured with a target - > > unable > > > to continue > > > > > > > > > > > > then finally the solution happened to be, turn off target > service > > > > > > systemctl stop target > > > systemctl disable target > > > > > > > > > somehow they are doing the same thing, you need to disable > > 'target' > > > service (targetcli) in order to allow gwcli (rbd-target-api) > > do it's > > > job. > > > > > > Cheers > > > Joshua > > > > > > On Thu, Jan 4, 2018 at 2:39 AM, Mike Christie > > <mchri...@redhat.com <mailto:mchri...@redhat.com> > > > <mailto:mchri...@redhat.com <mailto:mchri...@redhat.com>>> > wrote: > > > > > > On 12/25/2017 03:13 PM, Joshua Chen wrote: > > > > Hello folks, > > > > I am trying to share my ceph rbd images through iscsi > > protocol. > > > > > > > > I am trying iscsi-gateway > > > > http://docs.ceph.com/docs/master/rbd/iscsi-overview/ > > <http://docs.ceph.com/docs/master/rbd/iscsi-overview/> > > > <http://docs.ceph.com/docs/master/rbd/iscsi-overview/ > > <http://docs.ceph.com/docs/master/rbd/iscsi-overview/>> > > > > > > > > > > > > now > > > > > > > > systemctl start rbd-target-api > > > > is working and I could run gwcli > > > > (at a CentOS 7.4 osd node) > > > > > > > > gwcli > > > > /> ls > > > > o- / > > > > > > > > > ............................................................ > ............................................................. > > > > [...] > > > > o- clusters > > > > > > > > > ............................................................ > ............................................ > > > > [Clusters: 1] > > > > | o- ceph > > > > > > > > > ............................................................ > ................................................ > > > > [HEALTH_OK] > > > > | o- pools > > > > > > > > > ............................................................ > .............................................. > > > > [Pools: 1] > > > > | | o- rbd > > > > > > > > > ............................................................ > ............... > > > > [(x3), Commit: 0b/25.9T (0%), Used: 395M] > > > > | o- topology > > > > > > > > > ............................................................ > .................................... > > > > [OSDs: 9,MONs: 3] > > > > o- disks > > > > > > > > > ............................................................ > .............................................. > > > > [0b, Disks: 0] > > > > o- iscsi-target > > > > > > > > > ............................................................ > ......................................... > > > > [Targets: 0] > > > > > > > > > > > > but when I created iscsi-target, I got > > > > > > > > Local LIO instance already has LIO configured with a > > target - > > > unable to > > > > continue > > > > > > > > > > > > /> /iscsi-target create > > > > iqn.2003-01.org.linux-iscsi.ceph-node1.x8664:sn. > 571e1ab51af2 > > > > Local LIO instance already has LIO configured with a > > target - > > > unable to > > > > continue > > > > /> > > > > > > > > > > > > > Could you send the output of > > > > > > targetcli ls > > > > > > ? > > > > > > What distro are you using? > > > > > > You might just have a target setup from a non gwcli source. > > > Maybe from > > > the distro targetcli systemd tools. > > > > > > > > > > > > > > >
_______________________________________________ ceph-users mailing list ceph-users@lists.ceph.com http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
