Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1474209 - [RFE] - Hosted Engine: iSCSI Setup Should use different User/Password For Discovery and Portal
[RFE] - Hosted Engine: iSCSI Setup Should use different User/Password For Dis...
Status: CLOSED ERRATA
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: ovirt-hosted-engine-setup (Show other bugs)
4.1.3
x86_64 Linux
medium Severity medium
: ovirt-4.2.2
: ---
Assigned To: Simone Tiraboschi
Nikolai Sednev
: FutureFeature, Triaged
Depends On: 1353713
Blocks: 1551828
  Show dependency treegraph
 
Reported: 2017-07-24 03:18 EDT by Rhys Oxenham
Modified: 2018-05-17 08:40 EDT (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Previously, hosted-engine-setup assumed that the user set the same CHAP username and password for both iSCSI discovery and iSCSI login. Now, the user can pass different username and password couples for iSCSI discovery and iSCSI login at setup time.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2018-05-15 13:32:21 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: Integration
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
nsednev: testing_plan_complete+

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2018:1471 None None None 2018-05-15 13:34 EDT

  None (edit)
Description Rhys Oxenham 2017-07-24 03:18:54 EDT 
Description of problem:

I'm trying to utilise an iSCSI target that has no user credentials to discover targets, but has an ACL on a specific target. The hosted engine setup script (or via the WebUI) only permits authentication to be set for the initial portal login. Therefore it fails to connect to the target, and the setup fails.

Version-Release number of selected component (if applicable):

RHV 4.1.3 (based on RHVH-4.1-20170706.1-RHVH-x86_64-dvd1.iso)

[root@node06 ~]# nodectl info
layers:
  rhvh-4.1-0.20170706.0:
    rhvh-4.1-0.20170706.0+1
bootloader:
  default: rhvh-4.1-0.20170706.0+1
  entries:
    rhvh-4.1-0.20170706.0+1:
      index: 0
      title: rhvh-4.1-0.20170706.0
      kernel: /boot/rhvh-4.1-0.20170706.0+1/vmlinuz-3.10.0-514.26.1.el7.x86_64
      args: "ro crashkernel=auto rd.lvm.lv=rhvh_node06/rhvh-4.1-0.20170706.0+1 rd.lvm.lv=rhvh_node06/swap biosdevname=0 rhgb quiet LANG=en_US.UTF-8 img.bootid=rhvh-4.1-0.20170706.0+1"
      initrd: /boot/rhvh-4.1-0.20170706.0+1/initramfs-3.10.0-514.26.1.el7.x86_64.img
      root: /dev/rhvh_node06/rhvh-4.1-0.20170706.0+1
current_layer: rhvh-4.1-0.20170706.0+1

How reproducible:

Every time

Steps to Reproduce:
1. Create an iSCSI target with no auth on the portal, but an ACL on a target
2. Attempt hosted engine setup and point to the target
3. Watch it fail to connect to the target and setup fail

Actual results:

Setup fails to proceed, or allow you to specify ACL/credentials for the target LUN.

Expected results:

Either provide an option to specify credentials before the target connection attempt, or upon failure offer an option to specify them then.

Additional info:

2017-07-24 03:02:41 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND       **%QStart: OVEHOSTED_STORAGE_ISCSI_IP_ADDR
2017-07-24 03:02:41 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND       ### Please specify the iSCSI portal IP address:
2017-07-24 03:02:41 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND       **%QHidden: FALSE
2017-07-24 03:02:41 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND       ***Q:STRING OVEHOSTED_STORAGE_ISCSI_IP_ADDR
2017-07-24 03:02:41 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND       **%QEnd: OVEHOSTED_STORAGE_ISCSI_IP_ADDR
2017-07-24 03:05:24 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:RECEIVE    10.x.x.x
2017-07-24 03:05:24 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND       **%QStart: OVEHOSTED_STORAGE_ISCSI_IP_PORT
2017-07-24 03:05:24 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND       ### Please specify the iSCSI portal port [3260]:
2017-07-24 03:05:24 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND       **%QDefault: 3260
2017-07-24 03:05:24 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND       **%QHidden: FALSE
2017-07-24 03:05:24 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND       ***Q:STRING OVEHOSTED_STORAGE_ISCSI_IP_PORT
2017-07-24 03:05:24 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND       **%QEnd: OVEHOSTED_STORAGE_ISCSI_IP_PORT
2017-07-24 03:05:25 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:RECEIVE    3260
2017-07-24 03:05:25 DEBUG otopi.plugins.gr_he_setup.storage.blockd dialog.queryEnvKey:90 queryEnvKey called for key OVEHOSTED_STORAGE/iSCSIPortalUser
2017-07-24 03:05:25 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND       **%QStart: OVEHOSTED_STORAGE_ISCSI_USER
2017-07-24 03:05:25 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND       ### Please specify the iSCSI portal user:
2017-07-24 03:05:25 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND       **%QHidden: FALSE
2017-07-24 03:05:25 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND       ***Q:STRING OVEHOSTED_STORAGE_ISCSI_USER
2017-07-24 03:05:25 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND       **%QEnd: OVEHOSTED_STORAGE_ISCSI_USER
2017-07-24 03:05:26 DEBUG otopi.plugins.gr_he_setup.storage.blockd blockd._iscsi_discovery:320 {'status': {'message': 'Done', 'code': 0}, 'items': [u'10.x.x.x:3260,1 iqn.2017-07.com.rhv:t1']}
2017-07-24 03:05:26 DEBUG otopi.plugins.gr_he_setup.storage.blockd blockd._iscsi_discovery:337 found: [{'tgpt': u'1', 'iqn': u'iqn.2017-07.com.rhv:t1', 'portal_hostname': u'10.x.x.x', 'portal_port': u'3260'}]
2017-07-24 03:05:26 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND       **%QStart: OVEHOSTED_STORAGE_ISCSI_TARGET
2017-07-24 03:05:26 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND       ### Please specify the target name (iqn.2017-07.com.rhv:t1) [iqn.2017-07.com.rhv:t1]:
2017-07-24 03:05:26 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND       **%QDefault: iqn.2017-07.com.rhv:t1
2017-07-24 03:05:26 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND       **%QValidValues: iqn.2017-07.com.rhv:t1
2017-07-24 03:05:26 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND       **%QHidden: FALSE
2017-07-24 03:05:26 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND       ***Q:STRING OVEHOSTED_STORAGE_ISCSI_TARGET
2017-07-24 03:05:26 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:SEND       **%QEnd: OVEHOSTED_STORAGE_ISCSI_TARGET
2017-07-24 03:05:56 DEBUG otopi.plugins.otopi.dialog.machine dialog.__logString:204 DIALOG:RECEIVE    iqn.2017-07.com.rhv:t1
2017-07-24 03:05:56 DEBUG otopi.plugins.gr_he_setup.storage.blockd blockd._iscsi_get_lun_list:347 {'status': {'message': 'Done', 'code': 0}}
2017-07-24 03:05:56 INFO otopi.plugins.gr_he_setup.storage.blockd blockd._iscsi_get_lun_list:359 Discovering iSCSI node
2017-07-24 03:05:57 DEBUG otopi.plugins.gr_he_setup.storage.blockd blockd._iscsi_discovery:320 {'status': {'message': 'Done', 'code': 0}, 'items': [u'10.x.x.x:3260,1 iqn.2017-07.com.rhv:t1']}
2017-07-24 03:05:57 DEBUG otopi.plugins.gr_he_setup.storage.blockd blockd._iscsi_discovery:337 found: [{'tgpt': u'1', 'iqn': u'iqn.2017-07.com.rhv:t1', 'portal_hostname': u'10.x.x.x', 'portal_port': u'3260'}]
2017-07-24 03:05:57 INFO otopi.plugins.gr_he_setup.storage.blockd blockd._iscsi_get_lun_list:366 Connecting to the storage server
2017-07-24 03:05:58 DEBUG otopi.plugins.gr_he_setup.storage.blockd blockd._iscsi_get_lun_list:347 {'status': {'message': 'Done', 'code': 0}}
2017-07-24 03:05:58 INFO otopi.plugins.gr_he_setup.storage.blockd blockd._iscsi_get_lun_list:359 Discovering iSCSI node
2017-07-24 03:05:58 DEBUG otopi.plugins.gr_he_setup.storage.blockd blockd._iscsi_discovery:320 {'status': {'message': 'Done', 'code': 0}, 'items': [u'10.x.x.x:3260,1 iqn.2017-07.com.rhv:t1']}
2017-07-24 03:05:58 DEBUG otopi.plugins.gr_he_setup.storage.blockd blockd._iscsi_discovery:337 found: [{'tgpt': u'1', 'iqn': u'iqn.2017-07.com.rhv:t1', 'portal_hostname': u'10.x.x.x', 'portal_port': u'3260'}]
2017-07-24 03:05:58 INFO otopi.plugins.gr_he_setup.storage.blockd blockd._iscsi_get_lun_list:366 Connecting to the storage server
2017-07-24 03:06:00 DEBUG otopi.context context._executeMethod:142 method exception
Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/otopi/context.py", line 132, in _executeMethod
    method['method']()
  File "/usr/share/ovirt-hosted-engine-setup/scripts/../plugins/gr-he-setup/storage/blockd.py", line 615, in _customization
    lunGUID = self._customize_lun(self.domainType, target)
  File "/usr/share/ovirt-hosted-engine-setup/scripts/../plugins/gr-he-setup/storage/blockd.py", line 208, in _customize_lun
    iqn=target,
  File "/usr/share/ovirt-hosted-engine-setup/scripts/../plugins/gr-he-setup/storage/blockd.py", line 389, in _iscsi_get_lun_list
    raise RuntimeError("Unable to retrieve the list of LUN(s) please "
RuntimeError: Unable to retrieve the list of LUN(s) please check the SELinux log and settings on your iscsi target
2017-07-24 03:06:00 ERROR otopi.context context._executeMethod:151 Failed to execute stage 'Environment customization': Unable to retrieve the list of LUN(s) please check the SELinux log and settings on your iscsi target
2017-07-24 03:06:00 DEBUG otopi.context context.dumpEnvironment:760 ENVIRONMENT DUMP - BEGIN
2017-07-24 03:06:00 DEBUG otopi.context context.dumpEnvironment:770 ENV BASE/error=bool:'True'
2017-07-24 03:06:00 DEBUG otopi.context context.dumpEnvironment:770 ENV BASE/exceptionInfo=list:'[(<type 'exceptions.RuntimeError'>, RuntimeError('Unable to retrieve the list of LUN(s) please check the SELinux log and settings on your iscsi target',), <traceback object at 0x4410710>)]'
2017-07-24 03:06:00 DEBUG otopi.context context.dumpEnvironment:770 ENV OVEHOSTED_STORAGE/iSCSIPortalIPAddress=str:'10.x.x.x'
2017-07-24 03:06:00 DEBUG otopi.context context.dumpEnvironment:770 ENV OVEHOSTED_STORAGE/iSCSIPortalPassword=str:''
2017-07-24 03:06:00 DEBUG otopi.context context.dumpEnvironment:770 ENV OVEHOSTED_STORAGE/iSCSIPortalPort=str:'3260'
2017-07-24 03:06:00 DEBUG otopi.context context.dumpEnvironment:770 ENV OVEHOSTED_STORAGE/iSCSIPortalUser=str:''
2017-07-24 03:06:00 DEBUG otopi.context context.dumpEnvironment:774 ENVIRONMENT DUMP - END
2017-07-24 03:06:00 INFO otopi.context context.runSequence:687 Stage: Clean up
2017-07-24 03:06:00 DEBUG otopi.context context.runSequence:691 STAGE cleanup
Comment 1 Rhys Oxenham 2017-07-24 03:23:22 EDT 
I worked around this by removing all authentication and ACL's from my configuration with the following:

/iscsi/iqn.20...m.rhv:t1/tpg1> set attribute authentication=0
Parameter authentication is now '0'.
/iscsi/iqn.20...m.rhv:t1/tpg1> set attribute demo_mode_write_protect=0
Parameter demo_mode_write_protect is now '0'.
/iscsi/iqn.20...m.rhv:t1/tpg1> set attribute generate_node_acls=1
Parameter generate_node_acls is now '1'.

This allowed the setup to proceed...

The following luns have been found on the requested target:
[1]	3600140530f7bc68401a47f9b3819d3d6	97GiB	LIO-ORG	rhv_iscsi
status: free, paths: 1 active
Comment 2 Nikolai Sednev 2018-02-20 12:39:15 EST 
Works for me on these components on host:
rhvm-appliance-4.2-20180202.0.el7.noarch
ovirt-hosted-engine-ha-2.2.5-1.el7ev.noarch
ovirt-hosted-engine-setup-2.2.10-1.el7ev.noarch
Red Hat Enterprise Linux Server release 7.4 (Maipo)
Linux 3.10.0-693.19.1.el7.x86_64 #1 SMP Thu Feb 1 12:34:44 EST 2018 x86_64 x86_64 x86_64 GNU/Linux

I've created different usernames and passwords for discovery and portal on iSCSI storage and with CHAP authentication, authenticated successfully and received all 5 paths provided by the storage.

 [ INFO  ] ok: [localhost]
           The following targets have been found:
                 [1]     iqn.2005-10.org.freenas.ctl:freenasshedeploymentstarget
                         TPGT: 1, portals:
                                 10.35.162.21:3260
                                 10.35.163.24:3260
                                 10.35.163.32:3260
                                 10.35.163.42:3260
                                 10.35.163.43:3260

Then continued with iSCSI deployment and successfully finished it.

Moving to verified.
Comment 5 errata-xmlrpc 2018-05-15 13:32:21 EDT 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:1471
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.