Bug 616402 - RFE: Enforce read-only target
RFE: Enforce read-only target
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: scsi-target-utils (Show other bugs)
6.0
All Linux
low Severity medium
: rc
: ---
Assigned To: Mike Christie
Storage QE
: FutureFeature
Depends On:
Blocks: 655920 695870
  Show dependency treegraph
 
Reported: 2010-07-20 07:22 EDT by Alexander Todorov
Modified: 2015-09-27 22:02 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Support for read-only target devices has been added to scsi-target-utils. Set read-only devices with the "--params" option of the tgtadm command, like so: tgtadm --lld iscsi --mode logicalunit --op update --tid 1 --lun 1 --params readonly=1 or add "readonly 1" in the target element of your targets.conf file: <target iqn.2008-09.com.target> readonly 1 allow-in-use yes backing-store /storage/lun1 </target> Note that "allow-in-use" must also be set if you enable read-only targets in the targets.conf file.
Story Points: ---
Clone Of:
: 695870 (view as bug list)
Environment:
Last Closed: 2011-05-19 10:14:59 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Alexander Todorov 2010-07-20 07:22:13 EDT
Description of problem:
As of now I'm not aware of any config file settings that will make a target read-only to the initiator. What we need is probably ACL settings for read/write permissions so that an admin can define read-only access for a group of initiators and read-write for another group.
Comment 1 Mike Christie 2010-07-20 11:56:18 EDT
Not implemented.
There have been patches
http://lists.wpkg.org/pipermail/stgt/2010-March/003567.html
It has been discussed more here:
http://lists.wpkg.org/pipermail/stgt/2010-April/003644.html
The tgt maintainer has said it is ok as long as someone implements it nicely.

So this should be ok for 6.1.
Comment 2 Mike Christie 2010-07-20 12:04:10 EDT
Oh yeah, could you describe what exactly you want for this feature? I guess there are a ton of different options, and I want to make sure the upstream patch is going to cover your needs.
Comment 3 Alexander Todorov 2010-07-20 12:49:15 EDT
(In reply to comment #1)
> It has been discussed more here:
> http://lists.wpkg.org/pipermail/stgt/2010-April/003644.html

I guess I want what's requested on the list. A read-only setting that can be applied on per-initiator basis. My use case is that I have multiple netboot systems that have read-only root and one of those systems will be r/w to perform upgrades.
Comment 5 Mike Christie 2011-02-02 21:53:28 EST
I was not able to add exactly what you wanted on this take, but we can take another stab at it in 6.2 if you want

We added read only device support. To set this you can pass it in with tgtadm like other params:

tgtadm --lld iscsi --mode logicalunit --op update --tid 1 --lun 1 --params readonly=1

or in targets.conf you can do:

    <target iqn.2008-09.com.target>
            readonly 1
            backing-store /storage/lun1
    </target>


With this and some other params you can sort of do what you want. You could create 2 targets that share the disk. target1 would leave the lun rw. target2 would set it as read only. Then you can bind initiators to the different targets based on the permissions.

Note that if you are doing this in targets.conf you need to set allow-in-use. So it would look something like this:

<target iqn.2008.09.com.target.readonly>
     readonly 1
     initiator-address 192.168.100.100 192.168.100.101 192.168.100.102
     allow-in-use yes
     backing-store /storage/lun1

</target>

<target iqn.2008.09.com.target.rw>
     initiator-address 192.168.100.99
     allow-in-use yes
     backing-store /storage/lun1
</target>

I put a rpm here:
http://people.redhat.com/mchristi/target/tgt/6.1/
Comment 6 Barry Donahue 2011-03-10 18:57:12 EST
Verified on RHEL6.1-20110224.2. I created the FS and then set the lun to readonly (comment #5). I could read from the volume but could not write to it.
Comment 7 Laura Bailey 2011-05-05 00:43:46 EDT
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Support for read-only target devices has been added to scsi-target-utils. Set read-only devices with the "--params" option of the tgtadm command, like so:

tgtadm --lld iscsi --mode logicalunit --op update --tid 1 --lun 1 --params readonly=1

or add "readonly 1" in the target element of your targets.conf file:

    <target iqn.2008-09.com.target>
            readonly 1
            allow-in-use yes
            backing-store /storage/lun1
    </target>

Note that "allow-in-use" must also be set if you enable read-only targets in the targets.conf file.
Comment 8 errata-xmlrpc 2011-05-19 10:14:59 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-0734.html

Note You need to log in before you can comment on or make changes to this bug.