This is pretty much what "Host Groups" are for. They are not "fibre
channel only". Host Groups, Target Groups, and views are described in
the page
http://wikis.sun.com/display/OpenSolarisInfo/How+to+Make+SCSI+Logical+Units+Available
. Specifically, look at the section called
How to Make a Logical Unit Available to Selected Hosts
In your case, it sounds like the initiator hosts are iSCSI initiators,
so you would use a variant something like:
stmfadm create-hg VI1
stmfadm add-hg-member -g VI1 iqn.1986-03.com.sun:01:c08a885e03ff.4a2d5229
stmfadm remove-view -a -l <LU-GUID>
stmfadm add-view -h VI1 <LU-GUID>
You would end up with a setup something like the following:
-bash-3.2# stmfadm list-lu
LU Name: 600144F0E5490A0000004A4BC8FC0001
LU Name: 600144F0E5490A0000004A4BC8FE0002
LU Name: 600144F0E5490A0000004A53A97E0003
-bash-3.2# stmfadm list-view -l 600144F0E5490A0000004A4BC8FE0002
View Entry: 0
Host group : VI1
Target group : All
LUN : 3
-bash-3.2# stmfadm list-hg
Host Group: VI1
-bash-3.2# stmfadm list-hg -v
Host Group: VI1
Member: iqn.1986-03.com.sun:01:c08a885e03ff.4a2d5229
-bash-3.2#
(and similarly for the other host).
Another useful resource (perhaps a tiny bit dated) is the following
discussion from the COMSTAR opensolaris page:
http://www.opensolaris.org/os/project/comstar/files/ve_description.pdf
That page is written from a Fibre Channel context. One of the things
about COMSTAR that takes a bit of getting used to is that it is very
general and similar commands can be used about each of the different
SCSI port providers (FC, FCoE, iSCSI, iSER, and SRP). Once you know the
initiator names and target names that each port provider uses, all the
rest of the COMSTAR commands to sbdadm and stmfadm are very similar.
Note that the above suggestions do not accomplish /quite/ what you asked
for, because COMSTAR iSCSI does not have a way to use the IP address as
a kind of "poor man's authentication and authorization". If you really
need to ensure that only a single host is allowed to connect to a
particular target, then that is what CHAP authentication is for.
Peter
Adam Sobotka wrote:
Hello,
I am lost in admin guide. Everything worked until I tried to limit access (to let one server see only one logical unit). There is stmfadm create-tg which creates something fibrechannel related and itadm create-tpg which should probably limit access to iqn name to some IP. I am not sure how they relate, all I need is for example:
let server 10.253.27.1 acceess LU
GUID DATA SIZE SOURCE
-------------------------------- ------------------- ----------------
600144f08a2a090000004a5736990001 322122547200
/dev/zvol/rdsk/pool_1/technical
and server 10.253.27.2 access LU
600144f08a2a090000004a574c530002 107374182400
/dev/zvol/rdsk/pool_1/b2bdbbackup
Is this possible?
_______________________________________________
storage-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/storage-discuss
