Created attachment 1486702 [details] screenshot1 Description of problem: create an iscsi target use targetcli,and set discovery and login authentication as following: /iscsi> set discovery_auth enable=1 Parameter enable is now 'True'. /iscsi> set discovery_auth userid=IncomingUser Parameter userid is now 'IncomingUser'. /iscsi> set discovery_auth password=SomePassword1 Parameter password is now 'SomePassword1'. /iscsi> set discovery_auth mutual_userid=OutgoingUser Parameter mutual_userid is now 'OutgoingUser'. /iscsi> set discovery_auth mutual_password=AnotherPassword2 Parameter mutual_password is now 'AnotherPassword2'. /iscsi> cd iqn.2018-02.com.example:target/ /iscsi/iqn.20...xample:target> cd tpg1/ /iscsi/iqn.20...e:target/tpg1> set attribute authentication=1 Parameter authentication is now '1'. /iscsi/iqn.20...e:target/tpg1> set auth userid=IncomingUser2 Parameter userid is now 'IncomingUser2'. /iscsi/iqn.20...e:target/tpg1> set auth password=SomePassword3 Parameter password is now 'SomePassword3'. /iscsi/iqn.20...e:target/tpg1> set auth mutual_userid=OutgoingUser2 Parameter mutual_userid is now 'OutgoingUser2'. /iscsi/iqn.20...e:target/tpg1> set auth mutual_password=AnotherPassword4 Parameter mutual_password is now 'AnotherPassword4'. /iscsi/iqn.20...e:target/tpg1> exit Global pref auto_save_on_exit=true Last 10 configs saved in /etc/target/backup. Configuration saved to /etc/target/saveconfig.json As shown in the attached screenshots,the installer failed to discover the target,and after I set discovery_auth enable=0,the installer can discover the target but failed to login Version-Release number of selected component (if applicable): Fedora-Server-dvd-x86_64-29_Beta-1.5.iso How reproducible: always Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
Created attachment 1486703 [details] screenshot2
Created attachment 1486704 [details] anaconda.log
Created attachment 1486705 [details] storage.log
Created attachment 1486706 [details] syslog
Proposed as a Blocker for 29-final by Fedora user lnie using the blocker tracking app because: Seems to affect the criteria: The installer must be able to detect (if possible) and install to supported network-attached storage devices
Discussed during the 2018-10-01 blocker review meeting: [1] The decision to classify this bug as an "AcceptedBlocker" was made as it violates the following criteria: "The installer must be able to detect (if possible) and install to supported network-attached storage devices" - The criterion does not explicitly say whether auth is blocking, but we believe it is sufficiently commonly used in the real world that we should accept the bug. [1] https://meetbot.fedoraproject.org/fedora-blocker-review/2018-10-01/f29-blocker-review.2018-10-01-16.00.txt
Seems that reverse (target) CHAP authentication is not working both for discover and login. Initiator authentication should work fine for both. The same issue is present in F28 GA. On RHEL 7 reverse CHAP works.
Reassigning to blivet storage library for investigating.
Upstream PR: https://github.com/storaged-project/blivet/pull/728
python-blivet-3.1.1-2.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2018-d610e2461a
python-blivet-3.1.1-2.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-d610e2461a
lnie, can you please test the fix? Thanks!
The discovery authentication works fine now,but still unable to login and use the iscsi targets when Reverse CHAP authentication is set. After click the Login button you will see the error shown in the attached screenshot.
Created attachment 1491846 [details] screenshot
Created attachment 1491847 [details] anaconda.log
Created attachment 1491848 [details] storage.log
I've tested this again and both discovery and login works for me. My configuration: - updates.img: https://vtrefny.fedorapeople.org/img/iscsi1632274.img - targetcli config: https://vtrefny.fedorapeople.org/misc/iscsi-discover-auth-mutual.json - initiator name: "iqn.1994-05.com.redhat:iscsi-test" - discovery credentials: "mytargetuid", "mytargetsecret", "mymutualuid", "mymutualsecret" - login credentials: "udisks-user", "udisks-password", "udisks-mutual-user", "udisks-mutual-password" lnie: Can you please share your targetcli config? Maybe I'm testing something different.
Created attachment 1492032 [details] configuration file
unable to open your configuration file,mine is attached.
Thank you, I can confirm that the login doesn't work with your configuration. It works on Fedora 28 (with latest blivet and udisks), but doesn't on Fedora 29. The same happens when using iscsiadm manually, so I think it is a different problem: On Fedora 28: $ sudo iscsiadm --mode node --targetname iqn.2018-02.com.example:target --portal 10.37.176.17:3260 --login --name node.session.auth.authmethod --value=CHAP --name node.session.auth.username --value="IncomingUser2" --name node.session.auth.password --value="SomePassword3" --name node.session.auth.username_in --value="OutgoingUser2" --name node.session.auth.password_in --value="AnotherPassword4" Logging in to [iface: default, target: iqn.2018-02.com.example:target, portal: 10.37.176.17,3260] (multiple) Login to [iface: default, target: iqn.2018-02.com.example:target, portal: 10.37.176.17,3260] successful. On Fedora 29: $ sudo iscsiadm --mode node --targetname iqn.2018-02.com.example:target --portal 10.37.176.17:3260 --login --name node.session.auth.authmethod --value=CHAP --name node.session.auth.username --value="IncomingUser2" --name node.session.auth.password --value="SomePassword3" --name node.session.auth.username_in --value="OutgoingUser2" --name node.session.auth.password_in --value="AnotherPassword4" Logging in to [iface: default, target: iqn.2018-02.com.example:target, portal: 10.37.176.17,3260] (multiple) iscsiadm: Could not login to [iface: default, target: iqn.2018-02.com.example:target, portal: 10.37.176.17,3260]. iscsiadm: initiator reported error (24 - iSCSI login failed due to authorization failure) iscsiadm: Could not log into all portals
python-blivet-3.1.1-2.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.
python-blivet-3.1.2-1.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2018-5827b58873
blivet-gui-2.1.10-1.fc29, python-blivet-3.1.2-1.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-5827b58873
blivet-gui-2.1.10-2.fc29, python-blivet-3.1.2-1.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-5827b58873
blivet-gui-2.1.10-2.fc29, python-blivet-3.1.2-1.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.