Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 957293

Summary: support libiscsi for SCSI passthrough devices
Product: Red Hat Enterprise Linux 7 Reporter: Paolo Bonzini <pbonzini>
Component: libvirtAssignee: John Ferlan <jferlan>
Status: CLOSED ERRATA QA Contact: Virtualization Bugs <virt-bugs>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.0CC: amureini, cwei, derez, dyuan, honzhang, juzhang, lcheng, mzhan, pbonzini, rbalakri, sluo, tnisan, ydu
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: libvirt-1.2.8-1.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-03-05 07:20:23 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 769712    

Description Paolo Bonzini 2013-04-26 21:50:22 UTC 
<disk> supports libiscsi for direct userspace access to iSCSI LUNs.  This should be supported with an XML similar to this:

  <hostdev mode='subsystem' type='scsi'>
    <source protocol='iscsi'>
      <host name="iscsi.example.com"/>
      <device path='iqn.1992-01.com.example'/>
      <auth username='myname'>
        <secret type='iscsi' usage='mycluster_myname'/>
      </auth>
    </source>
    <address type='drive' controller='0' bus='0' target='0' unit='1'/>
  </hostdev>
Comment 2 Paolo Bonzini 2013-05-21 14:48:26 UTC 
As of 3.10, the queue object is only exposed for SCSI disks, so there is no way to toggle unpriv_sgio on non-disk devices.  If one wants to bypass the kernel's command whitelist, the choices are either iSCSI or running with CAP_SYS_RAWIO.

So, this bug is required to support persistent reservation on non-disk devices (e.g. tapes or media changers), unless one is okay with running as CAP_SYS_RAWIO---which effectively means root.
Comment 9 John Ferlan 2014-07-11 12:37:23 UTC 
Code is now posted upstream with the series starting at :

http://www.redhat.com/archives/libvir-list/2014-July/msg00592.html
Comment 10 John Ferlan 2014-08-07 19:12:54 UTC 
This has now been pushed upstream:

commit 54ac483e68328b35749ed9cbdc837d541da5fabd
Author: John Ferlan <jferlan>
Date:   Wed Jul 9 10:08:34 2014 -0400

    hostdev: Add iSCSI hostdev XML
    
    Introduce a new structure to handle an iSCSI host device based on the
    existing virDomainHostdevSubsysSCSI by adding a "protocol='iscsi'" to
    the <source/> element. The existing scsi_host subsystem RNG was modified
    to read an optional "protocol='adapter'", although it won't be written
    out nor is it documented as an option (by choice).
    
    The new hostdev structure mimics the existing <disk/> element for an
    iSCSI device (network) device. New XML is:
    
      <hostdev mode='subsystem' type='scsi' managed='yes'>
        <source protocol='iscsi' name='iqn.1992-01.com.example'>
          <host name='example.org' port='3260'/>
          <auth username='myname'>
            <secret type='iscsi' usage='mycluster_myname'/>
          </auth>
        </source>
        <address type='drive' controller='0' bus='0' target='2' unit='5'/>
      </hostdev>
    
    The controller element will mimic the existing scsi_host code insomuch
    as when 'lsi' and 'virtio-scsi' are used.

git describe : v1.2.7-21-g54ac483
Comment 12 lcheng 2014-12-03 06:47:55 UTC 
Verified the bug with following scenarions. The results are expected. Change the status to VERIFIED.
 

Version:
libvirt-1.2.8-9.el7.x86_64
qemu-kvm-1.5.3-82.el7.x86_64
qemu-kvm-rhev-2.1.2-13.el7.x86_64



Scenario 1: Start guest with a iscsi device. The device can be used in guest.

1. Start guest with a iscsi device.

On host:

# virsh edit r7
Domain r7 XML configuration edited.

# virsh start r7
Domain r7 started

# virsh dumpxml r7 
...
    <hostdev mode='subsystem' type='scsi' managed='no'>
      <source protocol='iscsi' name='iqn.yy:server.target1/1'>
        <host name='10.66.100.101' port='3260'/>
      </source>
      <alias name='hostdev0'/>
      <address type='drive' controller='0' bus='0' target='0' unit='0'/>
    </hostdev>

# ps -axu | grep qemu
... -device virtio-scsi-pci,id=scsi0,bus=pci.0,addr=0x8 ... -drive file=iscsi://10.66.100.101:3260/iqn.yy%3Aserver.target1/1,if=none,format=raw,id=drive-hostdev0 -device scsi-generic,bus=scsi0.0,channel=0,scsi-id=0,lun=0,drive=drive-hostdev0,id=hostdev0 


2. Using 'fdisk -l' command can find the device in guest. And the device can read and write.



Scenario 2: iscsi device hot-plug/hot-unplug.

1. Start a guest and hot-plug a iscsi device.
# virsh start r7
Domain r7 started


# virsh attach-device r7 iscsi.xml 
Device attached successfully

# virsh dumpxml r7
...
    <hostdev mode='subsystem' type='scsi' managed='no'>
      <source protocol='iscsi' name='iqn.yy:server.target1/1'>
        <host name='10.66.100.101' port='3260'/>
      </source>
      <alias name='hostdev0'/>
      <address type='drive' controller='0' bus='0' target='0' unit='0'/>
    </hostdev>

2. Using 'fdisk -l' command can find the device in guest. And the device can read and write.

3. Hot-unplug the device.
# virsh detach-device r7 iscsi.xml 
Device detached successfully

4. The device can't find in guest.


Scenario 3: Start guest with a iscsi device. Accessing the device need to auth.

1. Preparation. 
# cat secret.xml 
      <secret ephemeral='no' private='yes'>
         <description>Passphrase for the iSCSI example.com server</description>
         <usage type='iscsi'>
            <target>libvirtiscsi</target>
         </usage>
      </secret>

# virsh secret-define secret.xml 
Secret 51611f0c-9afa-44f9-9ae0-27eae978cbdd created

# virsh secret-list
 UUID                                  Usage
--------------------------------------------------------------------------------
 51611f0c-9afa-44f9-9ae0-27eae978cbdd  iscsi libvirtiscsi

# virsh secret-set-value 51611f0c-9afa-44f9-9ae0-27eae978cbdd `printf %s "redhat" | base64`
Secret value set


2. Start guest with the iscsi device.
# virsh start r7
Domain r7 started

# virsh dumpxml r7
...
    <hostdev mode='subsystem' type='scsi' managed='no'>
      <source protocol='iscsi' name='iqn.yy:server.target2/1'>
        <host name='10.66.100.101' port='3260'/>
        <auth username='redhat'>
          <secret type='iscsi' usage='libvirtiscsi'/>
        </auth>
      </source>
      <alias name='hostdev0'/>
      <address type='drive' controller='0' bus='0' target='0' unit='0'/>
    </hostdev>

3. Using 'fdisk -l' command can find the device in guest. And the device can read and write.

4. Remove 'auth' element from guest xml. Starting guest fail.
# virsh destroy r7
Domain r7 destroyed

# virsh edit r7
Domain r7 XML configuration edited.

# virsh dumpxml r7
...
    <hostdev mode='subsystem' type='scsi' managed='no'>
      <source protocol='iscsi' name='iqn.yy:server.target2/1'>
        <host name='10.66.100.101' port='3260'/>
      </source>
      <address type='drive' controller='0' bus='0' target='0' unit='0'/>
    </hostdev>

# virsh start r7
error: Failed to start domain r7
error: internal error: process exited while connecting to monitor: 2014-12-03T06:18:38.900010Z qemu-kvm: -drive file=iscsi://10.66.100.101:3260/iqn.yy%3Aserver.target2/1,if=none,format=raw,id=drive-hostdev0: could not open disk image iscsi://10.66.100.101:3260/iqn.yy%3Aserver.target2/1: iSCSI: Failed to connect to LUN : Failed to log in to target. Status: Authentication failure(513)


Scenario 4: iscsi device hot-plug/hot-unplug. Accessing the device need to auth.

1. Start guest. Hot-plug the iscsi device to guest.
# virsh start r7
Domain r7 started

# cat iscsi.xml 
    <hostdev mode='subsystem' type='scsi' managed='no'>
      <source protocol='iscsi' name='iqn.yy:server.target2/1'>
        <host name='10.66.100.101' port='3260'/>
        <auth username='redhat'>
          <secret type='iscsi' usage='libvirtiscsi'/>
        </auth>
      </source>
      <address type='drive' controller='0' bus='0' target='0' unit='0'/>
    </hostdev>


# virsh attach-device r7 iscsi.xml 
Device attached successfully

# virsh dumpxml r7
...
    <hostdev mode='subsystem' type='scsi'>
      <source protocol='iscsi' name='iqn.yy:server.target2/1'>
        <host name='10.66.100.101' port='3260'/>
        <auth username='redhat'>
          <secret type='iscsi' usage='libvirtiscsi'/>
        </auth>
      </source>
      <alias name='hostdev0'/>
      <address type='drive' controller='0' bus='0' target='0' unit='0'/>
    </hostdev>


2. Using 'fdisk -l' command can find the device in guest. And the device can read and write.

3. Hot-unplug the device. 
# virsh detach-device r7 iscsi.xml 
Device detached successfully

4. The device can't find in guest.

5. Remove 'auth' element from xml. Attaching the device fail.
# cat iscsi.xml 
    <hostdev mode='subsystem' type='scsi' managed='no'>
      <source protocol='iscsi' name='iqn.yy:server.target2/1'>
        <host name='10.66.100.101' port='3260'/>
      </source>
      <address type='drive' controller='0' bus='0' target='0' unit='0'/>
    </hostdev>


# virsh attach-device r7 s.xml 
error: Failed to attach device from s.xml
error: internal error: unable to execute QEMU command '__com.redhat_drive_add': Device 'drive-hostdev0' could not be initialized
Comment 14 errata-xmlrpc 2015-03-05 07:20:23 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-0323.html