[ofa-general] srp_daemon and partitions.
David McMillen
davem at systemfabricworks.com
Tue Jun 9 20:07:01 PDT 2009
Chris Worley wrote:
>On Thu, Nov 20, 2008 at 1:06 PM, Vu Pham <vuhuong at mellanox.com <http://lists.openfabrics.org/cgi-bin/mailman/listinfo/general>> wrote:
>>/
>/>/ Hi James,
>/>/
>/>/ it's srp_daemon and ibsrpdm bug. We'll try to fix it to provide zoning thru pkey.
>/
>I don't think pkeys are the answer to zoning, as I don't see a way to
>tie a specific disk or partition to a pkey. At one point I tried to
>tie IB ports to pkeys, but found that all levels of the SRP stack
>needed to be pkey-aware. It looks like a daunting task, and probably
>not what pkeys were intended to do.
>
>I think SCST "security groups" are the intended way to zone. The
>scst/README says:
>
>...
> 2. Initiator-oriented. In this mode you define which devices and
>their LUNs are accessible for each initiator. In this mode you should
>createfor each set of one or more initiators, which should access to
>the same set of devices with the same LUNs, a separate security group,
>then add to it available devices and names of allowed initiator(s).
>...
># echo "add_group
>Default_iqn.2007-05.com.example:storage.disk1.sys1.xyz"
>>//proc/scsi_tgt/scsi_tgt
>/# echo "add dev1 0"
>>//proc/scsi_tgt/groups/Default_iqn.2007-05.com.example:storage.disk1.sys1.xyz/devices
>/# echo "add dev2 1"
>>//proc/scsi_tgt/groups/Default_iqn.2007-05.com.example:storage.disk1.sys1.xyz/devices
>/
># echo "add_group spec_ini" >/proc/scsi_tgt/scsi_tgt
># echo "add iqn.2007-05.com.example:storage.disk1.spec_ini.xyz"
>>//proc/scsi_tgt/groups/spec_ini/names
>/# echo "add dev2 0" >/proc/scsi_tgt/groups/spec_ini/devices
>...
>
> But, I don't understand how the zoning example selects the initiator
>visibility... I'd hope w/ IB this could be done w/ the port GUID of
>the initiator. The example uses the name of
>"iqn.2007-05.com.example:storage.disk1.spec_ini.xyz" to specify the
>initiator. I'm guessing "iqn.2007-05.com.example" specifies the host
>name of the initiator, but not a clue what
>"storage.disk1.spec_ini.xyz" means.
>
>Chris
>
You got pretty close. I think there is at least one typographical error
in the explanation above, but let me try to explain it differently.
The groups are used to create different sets of LUNs that are presented
to the initiators that match a group. When a login request comes in,
scst is asked to find the group given a name. You can get scst to
output a message like
Using security group "Default" for initiator "xxx"
on the console. The value in "xxx" (not really xxx, but dependent upon
the target code using scst) is matched against all of the entries in the
"names" pseudo file under each group's directory. The first group that
matches is the winner. The LUNs defined by the entries in the "devices"
pseudo file under that same group will be the only LUNs seen for that
session. If no group has a line in "names" that matches, then the group
"Default" is used. There is a "names" pseudo file here but it's
contents are ignored -- everybody is a winner matching the Default group.
The name of the group is completely arbitrary and meaningless to scst
other than to differentiate groups. If you intend to have a unique
group for every initiator, then you could use the same value you will
write to "names" as the name of the group, but you could just as easily
just generate random names that are unique.
If you want a particular LUN to show up in more than one group, you have
to add it to "devices" for every group that will use it. Also, if you
want that LUN to have the same LUN number, you have to arrange that as well.
It is probably worth noting that there can be problems if a group does
not have a device defined for LUN 0. It works, but there are initiators
and user-level programs that issue SCSI commands and expect to get
something when LUN 0 is addressed. All real devices have some kind of
response at LUN 0, even if it is an odd SCSI device or a zero byte /
offline disk.
Back to the "xxx" mentioned above, I don't know what the code you have
uses as the key for scst to find a group. That is why I suggested you
check your dmesg output, and you might have to enable some verbose/debug
output. I believe this changed at least once, and in our implementation
we are reworking it so we can have highly selective LUN masking against
the initiator/target pair.
Dave
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openfabrics.org/pipermail/general/attachments/20090609/46acf00a/attachment.html>
More information about the general
mailing list