Hi, are there currently any plans to make an iSCSI target created by setting shareiscsi=on on a zvol bindable to a single interface (setting tpgt or acls)? I can cobble something together with ipfilter, but that doesn''t give me enough granularity to say something like: ''host a can see target 1, host c can see targets 2-9'', etc. Also, am I right in thinking without this, all targets should be visible on all interfaces? -- Rasputin :: Jack of All Trades - Master of Nuns http://number9.hellooperator.net/
On Jan 15, 2007, at 8:34 AM, Dick Davies wrote:> Hi, are there currently any plans to make an iSCSI target created by > setting shareiscsi=on on a zvol > bindable to a single interface (setting tpgt or acls)? > > I can cobble something together with ipfilter, > but that doesn''t give me enough granularity to say something like: > > ''host a can see target 1, host c can see targets 2-9'', etc. > > Also, am I right in thinking without this, all targets should be > visible on all interfaces? >We''re working on some more interface stuff for setting up various properties like TPGT''s and ACL for the ZVOLs which are shared through ZFS. Now that I''ve knocked off a couple of things that have been on my plate I''ve got room to add some more. These definitely rank right up towards the top.> > -- > Rasputin :: Jack of All Trades - Master of Nuns > http://number9.hellooperator.net/ > _______________________________________________ > zfs-discuss mailing list > zfs-discuss at opensolaris.org > http://mail.opensolaris.org/mailman/listinfo/zfs-discuss---- Rick McNeal "If ignorance is bliss, this lesson would appear to be a deliberate attempt on your part to deprive me of happiness, the pursuit of which is my unalienable right according to the Declaration of Independence. I therefore assert my patriotic prerogative not to know this material. I''ll be out on the playground." -- Calvin
On 15/01/07, Rick McNeal <Rick.McNeal at sun.com> wrote:> > On Jan 15, 2007, at 8:34 AM, Dick Davies wrote:> > Hi, are there currently any plans to make an iSCSI target created by > > setting shareiscsi=on on a zvol > > bindable to a single interface (setting tpgt or acls)?> We''re working on some more interface stuff for setting up various > properties like TPGT''s and ACL for the ZVOLs which are shared through > ZFS.> Now that I''ve knocked off a couple of things that have been on my > plate I''ve got room to add some more. These definitely rank right up > towards the top.Great news. For the record, the reason I asked was we have an iscsi target host with 2 NICs and for some reason clients were attempting to connect to the targets on the private interface instead of the one they were doing discovery on (which I thought was a bit odd). I tried creating a TPGT with iscsitadm, which seemed to work: vera ~ # iscsitadm list tpgt -v TPGT: 1 IP Address: 131.251.5.8 but adding a ZFS iscsi target into it gives me: vera ~ # iscsitadm modify target -p 1 tank/iscsi/second4gb iscsitadm: Error Can''t call daemon which is a pity (I''m assuming it can''t find the targets to modify). I''ve had to go back to just using iscsitadm due to time pressures, but will be watching any progress closely. -- Rasputin :: Jack of All Trades - Master of Nuns http://number9.hellooperator.net/
On Jan 18, 2007, at 6:17 AM, Dick Davies wrote:> On 15/01/07, Rick McNeal <Rick.McNeal at sun.com> wrote: >> >> On Jan 15, 2007, at 8:34 AM, Dick Davies wrote: > >> > Hi, are there currently any plans to make an iSCSI target >> created by >> > setting shareiscsi=on on a zvol >> > bindable to a single interface (setting tpgt or acls)? > >> We''re working on some more interface stuff for setting up various >> properties like TPGT''s and ACL for the ZVOLs which are shared through >> ZFS. > >> Now that I''ve knocked off a couple of things that have been on my >> plate I''ve got room to add some more. These definitely rank right up >> towards the top. > > Great news. > > For the record, the reason I asked was we have an iscsi target host > with > 2 NICs and for some reason clients were attempting to connect to > the targets > on the private interface instead of the one they were doing > discovery on > (which I thought was a bit odd).This is due to a bug in the initiator. A prior change caused the discovery list, as returned from the SendTargets request, to be sorted in reverse order. The Solaris target goes out of it''s way to return the address used to discovery targets as the first address in the list of available IP addresses for any given target. So, if you had a public and private network and the discovery was done on the public network, the public network IP address is first. Now the iSCSI draft is mute on this point, so the initiator isn''t violating the draft, but it''s definitely not the desired behavior. When the engineer made the original fix for another bug they clearly didn''t see this side effect and nobody else who reviewed the code fix did either. This is something which is being fixed now.> > I tried creating a TPGT with iscsitadm, which seemed to work: > > vera ~ # iscsitadm list tpgt -v > TPGT: 1 > IP Address: 131.251.5.8 > > but adding a ZFS iscsi target into it gives me: > > vera ~ # iscsitadm modify target -p 1 tank/iscsi/second4gb > iscsitadm: Error Can''t call daemon > > > which is a pity (I''m assuming it can''t find the targets to modify). > I''ve had to go back to just using iscsitadm due to time pressures, but > will be watching any progress closely. >This was an oversight on my part and should work.> > -- > Rasputin :: Jack of All Trades - Master of Nuns > http://number9.hellooperator.net/---- Rick McNeal "If ignorance is bliss, this lesson would appear to be a deliberate attempt on your part to deprive me of happiness, the pursuit of which is my unalienable right according to the Declaration of Independence. I therefore assert my patriotic prerogative not to know this material. I''ll be out on the playground." -- Calvin
> > On 15/01/07, Rick McNeal <Rick.McNeal at sun.com> wrote: > >> > >> On Jan 15, 2007, at 8:34 AM, Dick Davies wrote:> > For the record, the reason I asked was we have an iscsi target host > > with > > 2 NICs and for some reason clients were attempting to connect to > > the targets > > on the private interface instead of the one they were doing > > discovery on > > (which I thought was a bit odd).> This is due to a bug in the initiator. A prior change caused the > discovery list, as returned from the SendTargets request, to be > sorted in reverse order. The Solaris target goes out of it''s way to > return the address used to discover targets as the first address in > the list of available IP addresses for any given target. So, if you > had a public and private network and the discovery was done on the > public network, the public network IP address is first.> ..... This is something which is being fixed now.Great, thanks.> > I tried creating a TPGT with iscsitadm, which seemed to work: > > > > vera ~ # iscsitadm list tpgt -v > > TPGT: 1 > > IP Address: 131.251.5.8 > > > > but adding a ZFS iscsi target into it gives me: > > > > vera ~ # iscsitadm modify target -p 1 tank/iscsi/second4gb > > iscsitadm: Error Can''t call daemon > > > > which is a pity (I''m assuming it can''t find the targets to modify).> This was an oversight on my part and should work.Actually, after running iscstadm create admin -d /somewhere assigning both ''handmade'' and ''shareiscsi=on'' LUNs to a TPGT seems ok, so presumably there just wasn''t anywhere to record this information. Thanks again for the update. -- Rasputin :: Jack of All Trades - Master of Nuns http://number9.hellooperator.net/