Re: [RFC PATCH 0/4] Make iSCSI network namespace aware
On 05/20/2015 08:45 PM, Andy Grover wrote: On 05/13/2015 03:12 PM, Chris Leech wrote: This is only about the structures and functionality involved in maintaining the iSCSI session, the SCSI host along with it's discovered targets and devices has no association with network namespaces. These patches are functional, but not complete. There's no isolation enforced in the kernel just yet, so it relies on well behaved userspace. I plan on fixing that, but wanted some feedback on the idea and approach so far. Seems like a good direction, to me. What would be the extent of the userspace (open-iscsi) changes needed to go along with this? What I would like to see is to split off iscsid to have one instance/process per session. With that we could trivially run open-iscsi in containers and stufflike; currently it'll be hard as there really is only one iscsid expected to be running in a system. Cheers, Hannes -- Dr. Hannes ReineckezSeries Storage h...@suse.de +49 911 74053 688 SUSE LINUX GmbH, Maxfeldstr. 5, 90409 Nürnberg GF: F. Imendörffer, J. Smithard, J. Guild, D. Upmanyu, G. Norton HRB 21284 (AG Nürnberg) -- To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [RFC PATCH 0/4] Make iSCSI network namespace aware
On Wed, May 20, 2015 at 11:45:43AM -0700, Andy Grover wrote: On 05/13/2015 03:12 PM, Chris Leech wrote: This is only about the structures and functionality involved in maintaining the iSCSI session, the SCSI host along with it's discovered targets and devices has no association with network namespaces. These patches are functional, but not complete. There's no isolation enforced in the kernel just yet, so it relies on well behaved userspace. I plan on fixing that, but wanted some feedback on the idea and approach so far. Seems like a good direction, to me. What would be the extent of the userspace (open-iscsi) changes needed to go along with this? There's no core changes needed in the open-iscsi tools, it's more a matter of how iscsid is packaged and executed. The control socket between iscsid and iscsiadm binds to an abstract unix domain path, so that works fine as long as you run iscsiadm from within the same net ns as the iscsid instance you want to talk to. The pid file checks clash if /var/run is common between instances. Putting iscsid in a container could provide separate config files and configuration databases, but there may be something that could improve handling there. I've been testing using 'ip netns exec' to run iscsid in a new network namespace (it actually crates a new mount namespace as well, to remount /sys with the new namespace filtered view). My test setup so far has been the following: A VM with two virtio network interfaces on different virtual networks. I have an iSCSI target configured with two portals, one on each virtual network. I create two new network namespaces with 'ip netns add' and then move the nics into them with 'ip link dev netns ns' and bring them online. Using 'ip netns exec' I start up an iscsid instance in each namespace, using the --foreground option to avoid the PID file clash. Form within each namespace I can run iscsiadm to manage sessions through one of the iscsid instances. With this setup they share the persistent configuration database, so I specifically select which records to start/stop. - Chris -- To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [RFC PATCH 0/4] Make iSCSI network namespace aware
On 05/13/2015 03:12 PM, Chris Leech wrote: This is only about the structures and functionality involved in maintaining the iSCSI session, the SCSI host along with it's discovered targets and devices has no association with network namespaces. These patches are functional, but not complete. There's no isolation enforced in the kernel just yet, so it relies on well behaved userspace. I plan on fixing that, but wanted some feedback on the idea and approach so far. Seems like a good direction, to me. What would be the extent of the userspace (open-iscsi) changes needed to go along with this? Regards -- Andy -- To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[RFC PATCH 0/4] Make iSCSI network namespace aware
I've had a few reports of people trying to run iscsid in a container, which doesn't work at all when using network namespaces. This is the start of me looking at what it would take to make that work, and if it makes sense at all. The first issue is that the kernel side of the iSCSI netlink control protocol only operates in the initial network namespace. But beyond that, if we allow iSCSI to be managed within a namespace we need to decide what that means. I think it makes the most sense to isolate the iSCSI host, along with it's associated endpoints, connections, and sessions, to a network namespace and allow multiple instances of the userspace tools to exist in separate namespaces managing separate hosts. It works well for iscsi_tcp, which creates a host per session. There's no attempt to manage sessions on offloading hosts independently, although future work could include the ability to move an entire host to a new namespace like is supported for network devices. This is only about the structures and functionality involved in maintaining the iSCSI session, the SCSI host along with it's discovered targets and devices has no association with network namespaces. These patches are functional, but not complete. There's no isolation enforced in the kernel just yet, so it relies on well behaved userspace. I plan on fixing that, but wanted some feedback on the idea and approach so far. Thanks, Chris Chris Leech (4): iscsi: create per-net iscsi nl kernel sockets iscsi: sysfs filtering by network namespace iscsi: make all netlink multicast namespace aware iscsi: set netns for iscsi_tcp hosts drivers/scsi/iscsi_tcp.c| 7 + drivers/scsi/scsi_transport_iscsi.c | 264 +--- include/scsi/scsi_transport_iscsi.h | 2 + 3 files changed, 222 insertions(+), 51 deletions(-) -- 2.1.0 -- To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
