iSCSI Login negotiation failed due to Initiator is requesting CSG: 1, has not been successfully authenticated, and the Target is enforcing iSCSI Authentication
Description of problem:
For our CNS product, we can hit the "iSCSI Login negotiation failed" very frequently, and from the target side dmesg logs we can see the following logs:
Sep 02 22:39:28 rhel1 kernel: Added timeout timer to iSCSI login request for 15 seconds.
Sep 02 22:39:28 rhel1 kernel: Moving to TARG_CONN_STATE_XPT_UP.
Sep 02 22:39:28 rhel1 tcmu-runner[1042]: 2018-09-02 22:39:28.296 1042 [WARN] tcmu_print_cdb_info:1195 glfs/block4: a3 c 1 12 0 0 0 0 2 0 0 0 is not support
Sep 02 22:39:28 rhel1 tcmu-runner[1042]: tcmu_print_cdb_info:1195 glfs/block4: a3 c 1 12 0 0 0 0 2 0 0 0 is not supported
Sep 02 22:39:28 rhel1 kernel: Got Login Command, Flags 0x87, ITT: 0x00000000, CmdSN: 0x00000000, ExpStatSN: 0x00000000, CID: 0, Length: 494
Sep 02 22:39:28 rhel1 kernel: Received iSCSI login request from 192.168.195.161:41620 on iSCSI/TCP Network Portal 192.168.195.157:3260
Sep 02 22:39:28 rhel1 kernel: Moving to TARG_CONN_STATE_IN_LOGIN.
Sep 02 22:39:28 rhel1 kernel: Entering iscsi_target_set_sock_callbacks: conn: ffff9be258024000
Sep 02 22:39:28 rhel1 kernel: Located Storage Object: iqn.2016-12.org.gluster-block:46bc4514-ef24-42f6-9090-fe4f75f29160
Sep 02 22:39:28 rhel1 kernel: Located Portal Group Object: 1
Sep 02 22:39:28 rhel1 kernel: Initiator is requesting CSG: 1, has not been successfully authenticated, and the Target is enforcing iSCSI Authentication, lo
Sep 02 22:39:28 rhel1 kernel: Entering iscsi_target_restore_sock_callbacks: conn: ffff9be258024000
Sep 02 22:39:28 rhel1 kernel: iSCSI Login negotiation failed.
Sep 02 22:39:28 rhel1 kernel: Moving to TARG_CONN_STATE_FREE.
From the iscsi proto and the kernel code/logs, this case is because that when doing login auth the initiator side just skip the CSG stage0, which should be CSG stage0 --> CSG stage1.
Version-Release number of selected component (if applicable):
How reproducible:
30%
I have tried the newest open-iscsi code from the upstream, still the same.
This will be very easy to reproduce when trying to login multi targets in parallel, more detail and the reproduce scrtipt could be found in https://bugzilla.redhat.com/show_bug.cgi?id=1597320#c26.
Thanks