Ask Your Question
0

Iscsi authorization issue leads to unable to attach volumes to instance

asked 2016-08-08 10:12:16 -0600

ghostist gravatar image

Issue Description: When attaching an available volume to instance, status of this operation changed from "attaching" to "available" again without showing the point where it's supposed to attach to.

Detailed description: 1. cinder configuration: [DEFAULT] rootwrap_config = /etc/cinder/rootwrap.conf api_paste_confg = /etc/cinder/api-paste.ini volume_name_template = volume-%s volume_group = cinder-volumes verbose = True auth_strategy = keystone state_path = /var/lib/cinder lock_path = /var/lock/cinder volumes_dir = /var/lib/cinder/volumes rpc_backend = rabbit my_ip = 10.156.95.101 enabled_backends = lvm glance_api_servers = http://controller:9292

[database] connection = mysql+pymysql://cinder:cinder@controller/cinder

[oslo_messaging_rabbit] rabbit_host = controller rabbit_userid = openstack rabbit_password = root@123

[keystone_authtoken] auth_uri = http://controller:5000 auth_url = http://controller:35357 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = cinder password = cinder

[lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver volume_group = cinder-volumes iscsi_protocol = iscsi iscsi_helper = tgtadm

[oslo_concurrency] lock_path = /var/lib/cinder/tmp


  1. cinder log: root@fr-s-isp-opst-1:~# tail -f /var/log/cinder/cinder-volume.log 2016-08-08 10:41:00.801 2058 WARNING cinder.volume.targets.tgt [req-775e93d3-ee40-45b4-8e54-be49614df3f7 224155b9063e4173b95da432995987fc c64329f25847469a964255fbc9144e1b - - -] Persistence file already exists for volume, found file at: /var/lib/cinder/volumes/volume-6f7759c9-77ae-41e0-8dd6-7cbfb08d9387 2016-08-08 10:41:41.395 2058 INFO cinder.volume.manager [req-e56997af-8338-472c-9ee9-fad1e6174cb0 224155b9063e4173b95da432995987fc c64329f25847469a964255fbc9144e1b - - -] Terminate volume connection completed successfully. 2016-08-08 10:42:21.739 2058 INFO cinder.volume.manager [req-775e93d3-ee40-45b4-8e54-be49614df3f7 224155b9063e4173b95da432995987fc c64329f25847469a964255fbc9144e1b - - -] Initialize volume connection completed successfully.

Info about volume created in storage node by tgtadm: root@fr-s-isp-opst-1:~# tgtadm --lld iscsi --op show --mode target Target 1: iqn.2010-10.org.openstack:volume-6f7759c9-77ae-41e0-8dd6-7cbfb08d9387 System information: Driver: iscsi State: ready I_T nexus information: LUN information: LUN: 0 Type: controller SCSI ID: IET 00010000 SCSI SN: beaf10 Size: 0 MB, Block size: 1 Online: Yes Removable media: No Prevent removal: No Readonly: No SWP: No Thin-provisioning: No Backing store type: null Backing store path: None Backing store flags: LUN: 1 Type: disk SCSI ID: IET 00010001 SCSI SN: beaf11 Size: 107374 MB, Block size: 512 Online: Yes Removable media: No Prevent removal: No Readonly: No SWP: No Thin-provisioning: No Backing store type: rdwr Backing store path: /dev/cinder-volumes/volume-6f7759c9-77ae-41e0-8dd6-7cbfb08d9387 Backing store flags: Account information: D7Qu6WRXHCAnnFttHC5b ACL information: ALL

Erro message when I try to login from compute node(iscsi initiator) to storage node(target):

root@fr-s-it-os-cmp1:~# iscsiadm -m node --login Logging in to [iface: default, target: iqn.2010-10.org.openstack:volume-6f7759c9-77ae-41e0-8dd6-7cbfb08d9387, portal: 10.156.95.101,3260] (multiple) iscsiadm: Could not login to [iface: default, target: iqn.2010-10.org.openstack:volume-6f7759c9-77ae-41e0-8dd6-7cbfb08d9387, portal: 10.156.95.101,3260]. iscsiadm: initiator reported error (24 - iSCSI login failed due to authorization failure) iscsiadm: Could not log into all portals

iscsi configuration(/etc/iscsi/iscsi.conf) in compute node about authorization: node.session.auth.authmethod = CHAP

// To set a CHAP username and password for initiator // authentication by the target(s), uncomment the following lines: node.session.auth.username = D7Qu6WRXHCAnnFttHC5b node.session.auth.password = yo9a43RpfdA4nNah

// To set a CHAP username and password for target(s) // authentication by the initiator, uncomment the following lines: node.session.auth.username_in = D7Qu6WRXHCAnnFttHC5b node.session.auth.password_in = yo9a43RpfdA4nNah

volume information in storage node: vi /var ...

(more)
edit retag flag offensive close merge delete

2 answers

Sort by ยป oldest newest most voted
1

answered 2016-08-09 01:58:17 -0600

yprokule gravatar image

General steps:

  • firewall
  • iscsi.conf both on compute/controller
  • try manual discovery with debug
edit flag offensive delete link more
0

answered 2016-08-09 07:45:39 -0600

ghostist gravatar image

This issue is fixed, and caused by below 3 configuration:

  1. Cache in iscsi configuration --- now set to clear cache every time iscsi restarts
  2. Set incoming user credential with CHAP in iscsi(compute node) to make authorization successful.
  3. Some daemon in RDMA is using host name, reconfigure the correct host name(previously wrongly configured)

Thank you all! Hope this might be of help.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2016-08-08 10:12:16 -0600

Seen: 802 times

Last updated: Aug 09 '16