Description of problem: After updating to 4.2.3-200 from the 4.1.* kernel my iscsi vouumes will not mount. Take ages to boot no mounts mounted and running systemctl iscsi restart just hangs. Booting to 4.1.10-200 and all is well. Version-Release number of selected component (if applicable): 4.2.3-200 I seem to have a lot of issue with iscsi on Fedora and updates breaking things. How reproducible: Everytime. Steps to Reproduce: 1. Boot into 4.2.3-200 2. Not iscsi volumes mounted. 3. Boot into 4.1.10-200 4. All is well Actual results: Cant mount iscsi volumes/filesystems. Expected results: Works as it does in 4.1.10-200
This might be a duplicate of bug 1271812. We have a patch in Fedora git for that, but it has not made it into a build yet.
I can confirm this. This is what happened to me on the 4.2.3-200 Kernel: 8 root@fbox # iscsiadm -m discovery -t sendtargets -p 192.168.1.10 iscsiadm: got read error (-1/104), daemon died? iscsiadm: got read error (-1/104), daemon died? iscsiadm: Cannot perform discovery. Initiatorname required. iscsiadm: Could not perform SendTargets discovery: could not communicate to iscsid 18 root@fbox # It works with the 4.1.10-200 kernel. Mebus
Please try the 4.2.5 update in updates-testing.
*** Bug 1277262 has been marked as a duplicate of this bug. ***
The 4.2.5 kernel in updates-testing didn't fix this problem for me, but upgrading to Fedora 23 resolved the issue on several machines.
*** This bug has been marked as a duplicate of bug 1271812 ***
There is no difference in the F23 and F22 kernels for iscsi. I am guessing this is something that was addressed in the iscsi-initiator-utils update for F23, and simply needs to be brought back to F22? Reopening and reassigning.
There's something happening with the selinux-policy from 3.13.1-122 to 3.13.1-128.18, I haven't narrowed it down to an exact build but there's not much change specific to iSCSI. > audit2why -b type=AVC msg=audit(1446685101.879:315): avc: denied { create } for pid=1004 comm="iscsid" scontext=system_u:system_r:iscsid_t:s0 tcontext=system_u:system_r:iscsid_t:s0 tclass=netlink_iscsi_socket permissive=0 Was caused by: Missing type enforcement (TE) allow rule. You can use audit2allow to generate a loadable module to allow this access. type=AVC msg=audit(1446685101.884:317): avc: denied { create } for pid=1008 comm="iscsid" scontext=system_u:system_r:iscsid_t:s0 tcontext=system_u:system_r:iscsid_t:s0 tclass=netlink_iscsi_socket permissive=0 Was caused by: Missing type enforcement (TE) allow rule. You can use audit2allow to generate a loadable module to allow this access. type=AVC msg=audit(1446685101.889:319): avc: denied { create } for pid=1012 comm="iscsid" scontext=system_u:system_r:iscsid_t:s0 tcontext=system_u:system_r:iscsid_t:s0 tclass=netlink_iscsi_socket permissive=0 Was caused by: Missing type enforcement (TE) allow rule. You can use audit2allow to generate a loadable module to allow this access. type=AVC msg=audit(1446685101.894:321): avc: denied { create } for pid=1016 comm="iscsid" scontext=system_u:system_r:iscsid_t:s0 tcontext=system_u:system_r:iscsid_t:s0 tclass=netlink_iscsi_socket permissive=0 Was caused by: Missing type enforcement (TE) allow rule. You can use audit2allow to generate a loadable module to allow this access. type=AVC msg=audit(1446685101.898:323): avc: denied { create } for pid=1020 comm="iscsid" scontext=system_u:system_r:iscsid_t:s0 tcontext=system_u:system_r:iscsid_t:s0 tclass=netlink_iscsi_socket permissive=0 Was caused by: Missing type enforcement (TE) allow rule. You can use audit2allow to generate a loadable module to allow this access.
Sorry took time to test but the later kernel has not fixed it. Booting into 4.2.5 and iscsi is not working.
I can also confirm this with: iscsi-initiator-utils-6.2.0.873-25.gitc9d830b.fc22.x86_64 kernel-4.2.5-201.fc22.x86_64. # iscsiadm --mode discovery --type sendtargets --portal 172.16.7.3 iscsiadm: got read error (-1/104), daemon died? iscsiadm: Could not scan /sys/class/iscsi_transport. iscsiadm: got read error (-1/104), daemon died? iscsiadm: Cannot perform discovery. Initiatorname required. iscsiadm: Could not perform SendTargets discovery: could not communicate to iscsid Meanwhile, the journal captured: ... systemd[1]: Listening on Open-iSCSI iscsid Socket. ... systemd[1]: Starting Open-iSCSI iscsid Socket. ... systemd[1]: Listening on Open-iSCSI iscsiuio Socket. ... polkitd[1059]: Unregistered Authentication Agent for unix-process:1515:17960 (system bus name :1.14, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus) ... systemd[1]: Starting Open-iSCSI... ... iscsid[1520]: iSCSI logger with pid=1521 started! ... audit[1522]: <audit-1400> avc: denied { create } for pid=1522 comm="iscsid" scontext=system_u:system_r:iscsid_t:s0 tcontext=system_u:system_r:iscsid_t:s0 tclass=netlink_iscsi_socket permissive=0 ... iscsid[1521]: iSCSI daemon with pid=1522 started! ... iscsid[1521]: can not create NETLINK_ISCSI socket ... systemd[1]: Failed to read PID from file /var/run/iscsid.pid: Invalid argument ... systemd[1]: Failed to start Open-iSCSI. ... systemd[1]: Unit iscsid.service entered failed state. ... systemd[1]: iscsid.service failed. ... audit[1]: <audit-1130> pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=iscsid comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'
not sure if it is relevant to this bug or not but kernel 4.2.5-201.fc22.x86_64 works with the ms iscsi initiator. but initially during my testing it didn't work very well because for some reason targetcli didn't load the config at boot, so i was doing the testing against a blank unconfigured targetcli that made me think it was still broken when it really wasn't.
https://github.com/fedora-selinux/selinux-policy/commit/19d02bee8b616ef31d64e36434c55e8291019819
selinux-policy-3.13.1-128.21.fc22 has been submitted as an update to Fedora 22. https://bodhi.fedoraproject.org/updates/FEDORA-2015-1bbd3df966
I have install the above test packages from koji and it has fixed the issue. I am now running the 4.2.6-200 with iscsi volumes mounted on F22. Thanks.
selinux-policy-3.13.1-128.21.fc22 has been pushed to the Fedora 22 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with $ su -c 'dnf --enablerepo=updates-testing update selinux-policy' You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-1bbd3df966
selinux-policy-3.13.1-128.21.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.