RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 616402 - RFE: Enforce read-only target
Summary: RFE: Enforce read-only target
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: scsi-target-utils
Version: 6.0
Hardware: All
OS: Linux
low
medium
Target Milestone: rc
: ---
Assignee: Mike Christie
QA Contact: Storage QE
URL:
Whiteboard:
Depends On:
Blocks: 655920 695870
TreeView+ depends on / blocked
 
Reported: 2010-07-20 11:22 UTC by Alexander Todorov
Modified: 2015-09-28 02:02 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Support for read-only target devices has been added to scsi-target-utils. Set read-only devices with the "--params" option of the tgtadm command, like so: tgtadm --lld iscsi --mode logicalunit --op update --tid 1 --lun 1 --params readonly=1 or add "readonly 1" in the target element of your targets.conf file: <target iqn.2008-09.com.target> readonly 1 allow-in-use yes backing-store /storage/lun1 </target> Note that "allow-in-use" must also be set if you enable read-only targets in the targets.conf file.
Clone Of:
: 695870 (view as bug list)
Environment:
Last Closed: 2011-05-19 14:14:59 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2011:0734 0 normal SHIPPED_LIVE scsi-target-utils bug fix and enhancement update 2011-05-18 18:31:39 UTC

Description Alexander Todorov 2010-07-20 11:22:13 UTC 
Description of problem:
As of now I'm not aware of any config file settings that will make a target read-only to the initiator. What we need is probably ACL settings for read/write permissions so that an admin can define read-only access for a group of initiators and read-write for another group.
Comment 1 Mike Christie 2010-07-20 15:56:18 UTC 
Not implemented.
There have been patches
http://lists.wpkg.org/pipermail/stgt/2010-March/003567.html
It has been discussed more here:
http://lists.wpkg.org/pipermail/stgt/2010-April/003644.html
The tgt maintainer has said it is ok as long as someone implements it nicely.

So this should be ok for 6.1.
Comment 2 Mike Christie 2010-07-20 16:04:10 UTC 
Oh yeah, could you describe what exactly you want for this feature? I guess there are a ton of different options, and I want to make sure the upstream patch is going to cover your needs.
Comment 3 Alexander Todorov 2010-07-20 16:49:15 UTC 
(In reply to comment #1)
> It has been discussed more here:
> http://lists.wpkg.org/pipermail/stgt/2010-April/003644.html

I guess I want what's requested on the list. A read-only setting that can be applied on per-initiator basis. My use case is that I have multiple netboot systems that have read-only root and one of those systems will be r/w to perform upgrades.
Comment 5 Mike Christie 2011-02-03 02:53:28 UTC 
I was not able to add exactly what you wanted on this take, but we can take another stab at it in 6.2 if you want

We added read only device support. To set this you can pass it in with tgtadm like other params:

tgtadm --lld iscsi --mode logicalunit --op update --tid 1 --lun 1 --params readonly=1

or in targets.conf you can do:

    <target iqn.2008-09.com.target>
            readonly 1
            backing-store /storage/lun1
    </target>


With this and some other params you can sort of do what you want. You could create 2 targets that share the disk. target1 would leave the lun rw. target2 would set it as read only. Then you can bind initiators to the different targets based on the permissions.

Note that if you are doing this in targets.conf you need to set allow-in-use. So it would look something like this:

<target iqn.2008.09.com.target.readonly>
     readonly 1
     initiator-address 192.168.100.100 192.168.100.101 192.168.100.102
     allow-in-use yes
     backing-store /storage/lun1

</target>

<target iqn.2008.09.com.target.rw>
     initiator-address 192.168.100.99
     allow-in-use yes
     backing-store /storage/lun1
</target>

I put a rpm here:
http://people.redhat.com/mchristi/target/tgt/6.1/
Comment 6 Barry Donahue 2011-03-10 23:57:12 UTC 
Verified on RHEL6.1-20110224.2. I created the FS and then set the lun to readonly (comment #5). I could read from the volume but could not write to it.
Comment 7 Laura Bailey 2011-05-05 04:43:46 UTC 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Support for read-only target devices has been added to scsi-target-utils. Set read-only devices with the "--params" option of the tgtadm command, like so:

tgtadm --lld iscsi --mode logicalunit --op update --tid 1 --lun 1 --params readonly=1

or add "readonly 1" in the target element of your targets.conf file:

    <target iqn.2008-09.com.target>
            readonly 1
            allow-in-use yes
            backing-store /storage/lun1
    </target>

Note that "allow-in-use" must also be set if you enable read-only targets in the targets.conf file.
Comment 8 errata-xmlrpc 2011-05-19 14:14:59 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-0734.html
Note You need to log in before you can comment on or make changes to this bug.