restore from json - failed auth from iscsi initiators

[dkelson]

If I run these commands my initiator can login:

targetcli "/backstores/block create name=mptarget4 dev=/dev/vg_storage/station4mp" targetcli "/iscsi set discovery_auth enable=1" targetcli "/iscsi set discovery_auth mutual_userid=target" targetcli "/iscsi set discovery_auth mutual_password=itsreallyme" targetcli "/iscsi set discovery_auth userid=initiator" targetcli "/iscsi set discovery_auth password=letmein" targetcli "/iscsi create wwn=iqn.2003-01.org.linux-iscsi.storage:mptarget4" targetcli "/iscsi/iqn.2003-01.org.linux-iscsi.storage:mptarget4/tpgt1/luns create storage_object=/backstores/block/mptarget4" targetcli "/iscsi/iqn.2003-01.org.linux-iscsi.storage:mptarget4/tpgt1/acls create wwn=iqn.1994-05.com.redhat:station4" targetcli "/iscsi/iqn.2003-01.org.linux-iscsi.storage:mptarget4/tpgt1/acls/iqn.1994-05.com.redhat:station4 set auth mutual_userid=target" targetcli "/iscsi/iqn.2003-01.org.linux-iscsi.storage:mptarget4/tpgt1/acls/iqn.1994-05.com.redhat:station4 set auth mutual_password=itsreallyme" targetcli "/iscsi/iqn.2003-01.org.linux-iscsi.storage:mptarget4/tpgt1/acls/iqn.1994-05.com.redhat:station4 set auth userid=station4" targetcli "/iscsi/iqn.2003-01.org.linux-iscsi.storage:mptarget4/tpgt1/acls/iqn.1994-05.com.redhat:station4 set auth password=letmein" targetcli "/iscsi/iqn.2003-01.org.linux-iscsi.storage:mptarget4/tpgt1/portals create 10.100.0.199 ip_port=3260"

And on my initiator:

iscsiadm -m node -T iqn.2003-01.org.linux-iscsi.storage:mptarget4 -l

Logging in to [iface: default, target: iqn.2003-01.org.linux-iscsi.storage:mptarget4, portal: 10.100.0.199,3260] Login to [iface: default, target: iqn.2003-01.org.linux-iscsi.storage:mptarget4, portal: 10.100.0.199,3260] successful.

But if I I then do a:

targetcli "/ saveconfig"

and

targetcli restoreconfig clear_existing=true (or a reboot)

Then the initiator can't login and I get "iSCSI Login negotiation failed" in dmesg on the target.

Here is the saveconfig.json that saveconfig creates above and that the initiator can't login with:

[root@storage ~]# cat /etc/target/saveconfig.json { "fabric_modules": [ { "discovery_enable_auth": true, "discovery_mutual_password": "itsreallyme", "discovery_mutual_userid": "target", "discovery_password": "letmein", "discovery_userid": "initiator", "name": "iscsi" } ], "storage_objects": [ { "attributes": { "block_size": 512, "emulate_dpo": 0, "emulate_fua_read": 0, "emulate_fua_write": 1, "emulate_rest_reord": 0, "emulate_tas": 1, "emulate_tpu": 0, "emulate_tpws": 0, "emulate_ua_intlck_ctrl": 0, "emulate_write_cache": 0, "enforce_pr_isids": 1, "is_nonrot": 0, "max_sectors": 1024, "max_unmap_block_desc_count": 0, "max_unmap_lba_count": 0, "optimal_sectors": 1024, "queue_depth": 128, "task_timeout": 0, "unmap_granularity": 0, "unmap_granularity_alignment": 0 }, "dev": "/dev/vg_storage/station4mp", "name": "mptarget4", "plugin": "block", "wwn": "6be30fb6-3bc9-43c4-a866-4d8633af5cf2" } ], "targets": [ { "fabric": "iscsi", "tpgs": [ { "attributes": { "authentication": 1, "cache_dynamic_acls": 0, "default_cmdsn_depth": 16, "demo_mode_write_protect": 1, "generate_node_acls": 0, "login_timeout": 15, "netif_timeout": 2, "prod_mode_write_protect": 0 }, "luns": [ { "index": 0, "storage_object": "/backstores/block/mptarget4" } ], "node_acls": [ { "attributes": { "dataout_timeout": 3, "dataout_timeout_retries": 5, "default_erl": 0, "nopin_response_timeout": 5, "nopin_timeout": 5, "random_datain_pdu_offsets": 0, "random_datain_seq_offsets": 0, "random_r2t_offsets": 0 }, "chap_mutual_password": "itsreallyme", "chap_mutual_userid": "target", "chap_password": "letmein", "chap_userid": "station4", "mapped_luns": [ { "index": 0, "write_protect": false } ], "node_wwn": "iqn.1994-05.com.redhat:station4", "tcq_depth": 16 } ], "portals": [ { "ip_address": "10.100.0.199", "port": 3260 } ], "tag": 1 } ], "wwn": "iqn.2003-01.org.linux-iscsi.storage:mptarget4" } ] }

[agrover]

Should be fixed, rpms available:

http://kojipkgs.fedoraproject.org/packages/python-rtslib/2.1.fb7/1.fc17/noarch/python-rtslib-2.1.fb7-1.fc17.noarch.rpm http://kojipkgs.fedoraproject.org/packages/targetcli/2.0rc1.fb5/1.fc17/noarch/targetcli-2.0rc1.fb5-1.fc17.noarch.rpm

[dkelson]

On Wed, 2012-01-25 at 10:53 -0800, Andy Grover wrote:

Should be fixed

Unfortunately, the problem persists with the fixed RPMs installed.

If run the shell script that has all the targetcli commands in it along with the "saveconfig" at end -- all good

However, if I then run "targetcli restoreconfig clear_existing=true"

I immediately start to get "iSCSI Login negotiation failed" on the system console.

If I then run the shell script, the iSCSI Logins succeed.

If you like, I can get you remote access to the box again.

Dax

[agrover]

Thanks for your help on getting to the bottom of this. Should be fixed for real now.

http://kojipkgs.fedoraproject.org/packages/python-rtslib/2.1.fb8/1.fc17/noarch/python-rtslib-2.1.fb8-1.fc17.noarch.rpm http://kojipkgs.fedoraproject.org/packages/targetcli/2.0rc1.fb6/1.fc17/noarch/targetcli-2.0rc1.fb6-1.fc17.noarch.rpm