|Summary:||RFE: Enforce read-only target|
|Product:||Red Hat Enterprise Linux 6||Reporter:||Alexander Todorov <atodorov>|
|Component:||scsi-target-utils||Assignee:||Mike Christie <mchristi>|
|Status:||CLOSED ERRATA||QA Contact:||Storage QE <storage-qe>|
|Fixed In Version:||Doc Type:||Enhancement|
Support for read-only target devices has been added to scsi-target-utils. Set read-only devices with the "--params" option of the tgtadm command, like so: tgtadm --lld iscsi --mode logicalunit --op update --tid 1 --lun 1 --params readonly=1 or add "readonly 1" in the target element of your targets.conf file: <target iqn.2008-09.com.target> readonly 1 allow-in-use yes backing-store /storage/lun1 </target> Note that "allow-in-use" must also be set if you enable read-only targets in the targets.conf file.
|:||695870 (view as bug list)||Environment:|
|Last Closed:||2011-05-19 14:14:59 UTC||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
|Bug Depends On:|
|Bug Blocks:||655920, 695870|
Description Alexander Todorov 2010-07-20 11:22:13 UTC
Description of problem: As of now I'm not aware of any config file settings that will make a target read-only to the initiator. What we need is probably ACL settings for read/write permissions so that an admin can define read-only access for a group of initiators and read-write for another group.
Comment 1 Mike Christie 2010-07-20 15:56:18 UTC
Not implemented. There have been patches http://lists.wpkg.org/pipermail/stgt/2010-March/003567.html It has been discussed more here: http://lists.wpkg.org/pipermail/stgt/2010-April/003644.html The tgt maintainer has said it is ok as long as someone implements it nicely. So this should be ok for 6.1.
Comment 2 Mike Christie 2010-07-20 16:04:10 UTC
Oh yeah, could you describe what exactly you want for this feature? I guess there are a ton of different options, and I want to make sure the upstream patch is going to cover your needs.
Comment 3 Alexander Todorov 2010-07-20 16:49:15 UTC
(In reply to comment #1) > It has been discussed more here: > http://lists.wpkg.org/pipermail/stgt/2010-April/003644.html I guess I want what's requested on the list. A read-only setting that can be applied on per-initiator basis. My use case is that I have multiple netboot systems that have read-only root and one of those systems will be r/w to perform upgrades.
Comment 5 Mike Christie 2011-02-03 02:53:28 UTC
I was not able to add exactly what you wanted on this take, but we can take another stab at it in 6.2 if you want We added read only device support. To set this you can pass it in with tgtadm like other params: tgtadm --lld iscsi --mode logicalunit --op update --tid 1 --lun 1 --params readonly=1 or in targets.conf you can do: <target iqn.2008-09.com.target> readonly 1 backing-store /storage/lun1 </target> With this and some other params you can sort of do what you want. You could create 2 targets that share the disk. target1 would leave the lun rw. target2 would set it as read only. Then you can bind initiators to the different targets based on the permissions. Note that if you are doing this in targets.conf you need to set allow-in-use. So it would look something like this: <target iqn.2008.09.com.target.readonly> readonly 1 initiator-address 192.168.100.100 192.168.100.101 192.168.100.102 allow-in-use yes backing-store /storage/lun1 </target> <target iqn.2008.09.com.target.rw> initiator-address 192.168.100.99 allow-in-use yes backing-store /storage/lun1 </target> I put a rpm here: http://people.redhat.com/mchristi/target/tgt/6.1/
Comment 6 Barry Donahue 2011-03-10 23:57:12 UTC
Verified on RHEL6.1-20110224.2. I created the FS and then set the lun to readonly (comment #5). I could read from the volume but could not write to it.
Comment 7 Laura Bailey 2011-05-05 04:43:46 UTC
Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: Support for read-only target devices has been added to scsi-target-utils. Set read-only devices with the "--params" option of the tgtadm command, like so: tgtadm --lld iscsi --mode logicalunit --op update --tid 1 --lun 1 --params readonly=1 or add "readonly 1" in the target element of your targets.conf file: <target iqn.2008-09.com.target> readonly 1 allow-in-use yes backing-store /storage/lun1 </target> Note that "allow-in-use" must also be set if you enable read-only targets in the targets.conf file.
Comment 8 errata-xmlrpc 2011-05-19 14:14:59 UTC
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2011-0734.html