[libvirt] [PATCH 5/6] iscsi: Inhibit autologin for only libvirt managed targets

Peter Krempa pkrempa at redhat.com
Mon May 16 13:44:15 UTC 2016


On Mon, May 16, 2016 at 08:49:17 -0400, John Ferlan wrote:
> 
> 
> On 05/13/2016 05:29 PM, John Ferlan wrote:
> > https://bugzilla.redhat.com/show_bug.cgi?id=1331552
> > 
> > Based on code originally posted by Fritz Elfert <fritz at fritz-elfert.de>
> > to remove the Autologin code entirely from libvirt, but reworked to only
> > set Autologin for libvirt managed targets.
> > 
> > Commit id '3c12b654' took a "large hammer" approach to inhibiting logins
> > which causes issues if there are iSCSI targets not being managed by libvirt.
> > 
> > Now that the previous commit ensures that the iscsi initiator doesn't update
> > the /var/lib/iscsi tree with the results for a 'sendtargets' by using the
> > "--op nonpersistent" option, let's remove the code from virISCSIScanTargets
> > that disables autologin for every target, but add that same setting into
> > the start pool code for each managed/started target to ensure that nothing
> > else goes and tries to autologin.
> > 
> > Signed-off-by: John Ferlan <jferlan at redhat.com>
> > ---
> >  src/storage/storage_backend_iscsi.c | 11 +++++++++++
> >  src/util/viriscsi.c                 | 15 ++-------------
> >  2 files changed, 13 insertions(+), 13 deletions(-)
> > 
> 
> Over the weekend I got more "data" on this from Fritz...
> 
> Seems with targets implemented by external SAN hardware, the host has a
> single iSCSI initiator with multiple targets. The claim is libvirt
> doesn't need the targets in manual mode. I'm still trying to process

Well, if you create them in the mode without adding host config as of
the previous patch this indeed should not be necessary.

In addition the first hunk of this patch then doesn't make much sense.

> that so patches 3-5 could need more adjustment. The adjustment being the
> removal of the autologin code.  Since patch 4 would add the "--op
> nonpersistent" to the listing command line, the adjustment made to the
> /var/lib/iscsi doesn't happen.  Still trying to process that feedback. I

Excactly.

> did find that even with this patch applied, if something runs the
> "--mode discovery" without the "--op nonpersistent" (something other
> than libvirt), then the mode in the /var/lib/iscsi goes *back to*
> automatic.  So in a way, it doesn't matter what we set this to, it can

Indeed. If you modify your host from outside of libvirt we can't really
do much.

> be overridden. So what's the point of setting it then <sigh>.  Was
> really trying to follow the spirit of the original change...

Exactly. I don't think we need to set it at all.

Peter
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20160516/7a21bcce/attachment-0001.sig>


More information about the libvir-list mailing list