rpms/isns-utils/F-9 isns-utils-add-rh-readme.patch, NONE, 1.1 isns-utils.spec, 1.2, 1.3
Mike Christie (michaelc)
fedora-extras-commits at redhat.com
Tue Jun 10 19:14:08 UTC 2008
Author: michaelc
Update of /cvs/pkgs/rpms/isns-utils/F-9
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv30673
Modified Files:
isns-utils.spec
Added Files:
isns-utils-add-rh-readme.patch
Log Message:
Add simple setup guide and release
isns-utils-add-rh-readme.patch:
--- NEW FILE isns-utils-add-rh-readme.patch ---
diff -Naurp open-isns-0.91/README.redhat.setup open-isns-0.91.work/README.redhat.setup
--- open-isns-0.91/README.redhat.setup 1969-12-31 18:00:00.000000000 -0600
+++ open-isns-0.91.work/README.redhat.setup 2008-03-03 09:58:05.000000000 -0600
@@ -0,0 +1,221 @@
+iSNS client and Server setup using isns-utils (open-isns).
+==========================================================
+v0.1 Feb 19, 2008
+
+
+A Simple Example Using the Default Discovery Domain
+===================================================
+
+1. By default the iSNS server will place all targets and initiators
+into a Default Discovery Domain, so to get going on the server you
+only need to run:
+
+# service isnsd start
+
+See the next section for configuring more complex Domains.
+
+
+2. Setup iSNS initiator client.
+
+ A. Edit /etc/iscsi/iscsi.conf so isns.address is the IP address of the
+ iSNS server setup in step 1. The default ports used by both the client
+ and server is 3205.
+ B. Start iSCSI initiator. iscsid will connect to the iSNS server
+ at the address set in step A. You will not see
+ a message indicating this was successful, but if there is an error
+ you will see a error message in /var/log/messages. Also when iscsiadm
+ is used to discovery targets using iSNS, iscsiadm will report an
+ error.
+
+ # service iscsi start
+
+3. Setup iSNS target client.
+
+ This step is different for each target.
+
+ IET:
+ A. Set the iSNSServer value in /etc/ietd.conf to the IP address of the
+ iSNS server setup in step 1.
+ B. Start IET. ietd will connect to the iSNS server. You will not see
+ a message indicating this was successful, but if there is an error
+ you will see a error message in /var/log/messages.
+
+ #service iscsi-target start
+
+ TGT:
+
+ (This will change in the next release when TGT is out of Tech
+ Preview, and there is a nice way to setup TGT.)
+
+ A. On the iSNS server RegistrationPeriod must be set to 0, in
+ /etc/isns/isnsd.conf, because tgt does not refresh registration
+ by default.
+ B. Install isns-utils on target box.
+ C. Edit /etc/isns/isnsadm.conf, so SourceName is the target name
+ for the iscsi tgt target, and ServerAddress is the address of
+ the server setup in step 1.
+ D. Run isnsadm in registration mode to register the target and portal.
+ (tgt uses the tpgt=1 by default so there is not need to set this).
+
+ # isnsadm --register target=iqn.2005-01.com.redhat.foo portal=20.15.0.3:3260/tcp
+
+ In this example the target name that was set in step B is
+ iqn.2005-01.com.redhat.foo. It is listening at IP address 20.15.0.3
+ on port 3260 (3260 is the default port tgt uses), and using TCP.
+
+4. Discovering targets.
+
+ A. With the iSCSI service started, run:
+
+ #iscsiadm -m discovery -t isns
+
+ This will print out a list of targets that were discovered and
+ targets that were found through iSNS previously. Currently, iscsiadm
+ will not remove node records for stale targets using isns like
+ is done with sendtargets discovery. This will be fixed in the next
+ iscsi-initiator-utils release.
+
+
+Adding Discovery Domains and Domain Sets
+========================================
+
+For most simple setups using the Default Discovery Domain will be all
+that is needed. However, to add more complex domain setups, you need to
+create a iSNS management station. This can be a seperate box from the iSNS
+server or it can be the same box.
+
+
+1. Setup Management Station
+===========================
+To setup a management station authentication mode must be set up. To do this
+first stop the isnsd service if it is running and edit the /etc/isns/isnsd.conf
+file so:
+
+Security = 1
+
+is not commented.
+
+The next instructions for setting up authentication are taken from the
+isnsadm man page "EXAMPLES" section:
+
+ If you want to use Open-iSNS in authenticated mode, you first need to
+ initialize the serverâs DSA key and DSA parameters. This can be done
+ conveniently by using
+
+ # isnsd --init
+
+ This will create the serverâs private and public key, and place them in
+ /etc/isns/auth_key and auth_key.pub, respectively.
+
+ Next start the isnsd service
+
+ # service isnsd start
+
+ The following command will create a policy object for a node named
+ isns.control , and grant it control privileges:
+
+ # isnsadm --local --keyfile=control.key --enroll isns.control \
+ node-type=ALL functions=ALL object-type=ALL
+
+ Before executing this command make sure that the SourceName in
+ /etc/isns/isnsadm.conf is isns.control, or if you have named your
+ control node differently replace isns.control with that name in the
+ above command.
+
+ In the process of entrolling the client, this will generate a DSA key
+ pair, and place the private key portion in the file control.key. This
+ file must be installed as /etc/isns/control.key on the host you wish to
+ use as an iSNS management station.
+
+ Next, you need to create a storage node object for the management sta-
+ tion:
+
+ # isnsadm --local --register control
+
+ On the management station, you can then enroll additional hosts if
+ you want to be able to control the server from remote machines.
+
+ # isnsadm --control --keyfile=somehost.key --enroll iqn.2005-01.org.open-
+ iscsi.somehost \
+ node-type=target+initiator
+
+ Again, this will generate a DSA key pair and store the private key por-
+ tion in auth_key. Note the use of the --control option that tells
+ isnsadm to use the identity of the control node instead of the default
+ key and source name.
+
+ You then need to copy somehost.key to the client host and install it as
+ /etc/isns/auth_key. Likewise, the serverâs public key (which resides
+ in /etc/isns/auth_key.pub on the server) needs to be copied to the
+ client machine, and placed in /etc/isns/server_key.pub. If running
+ the management station on the server, then remember to copy
+ auth_key.pub to server_key.pub on that same box.
+
+ By default, when a client registers a storage node (be it initiator or
+ target) with iSNS, the client will be able to all the other storage
+ nodes. This can be turned off by setting DefaultDiscoveryDomain to
+ zero in the isnsd.conf file.
+
+ If DefaultDiscoveryDomain is disabled, or to better control which
+ storage is visable to different initiators you need to create so-called
+ Discovery Domains (or DDs for short).
+
+ Currently, domain membership operations require administrator privi-
+ lege. Future extensions may allow iSNS clients to add themselves to one
+ or more DDs upon registration.
+
+ To create a discovery domain, and add nodes to it, you can use
+
+ # isnsadm --control --dd-register dd-name=mydomain \
+ member-name=iqn.org.bozo.client \
+ member-name=iqn.org.bozo.jbod ...
+
+ If the control station is on the same machine as the server then
+ the --control argument should be replaced with the --local argument.
+
+ # isnsadm --local --dd-register dd-name=mydomain \
+ member-name=iqn.org.bozo.client \
+ member-name=iqn.org.bozo.jbod ...
+
+ In order to add members to an existing DD, you have to specify the
+ numeric domain ID - using the DD name is not sufficient, unfortunately
+ (this is a requirement of the RFC, not an implementation issue):
+
+ isnsadm --control --dd-register dd-id=42 \
+ member-name=iqn.com.foo member-name=iqn.com.bar
+
+ If the control station is on the same machine as the server then
+ the --control argument should be replaced with the --local argument.
+
+ The DD ID can be obtained by doing a query for the DD name:
+
+ isnsadm --control --query dd-name=mydomain
+
+ If the control station is on the same machine as the server then
+ the --control argument should be replaced with the --local argument.
+
+ In management mode, you can also register and deregister nodes and por-
+ tals manually, in case you want to fix up an inconsisteny in the
+ database. For instance, this will register a node and portal on a host
+ named client.bozo.org:
+
+ isnsadm --control --register entity=client.bozo.org \
+ initiator=iqn.org.bozo.client portal=191.168.7.1:860
+
+ If the control station is on the same machine as the server then
+ the --control argument should be replaced with the --local argument.
+
+ Note that this registration explicitly specifies the network entity in
+ which to place the new objects. If you omit this, the new objects will
+ be placed in an entity named CONTROL, which is decidedly not what you
+ want.
+
+Now with the Discovery Domains setup, if you did not register nodes in control
+mode you can register nodes and discover storage like in
+"A Simple Example Using the Default Discovery Domain" section 2 to 3.
+
+However, because most initiators and target clients do not support security
+which was setup above, authentication on the iSNS server must be disabled by
+setting Security to 0 on /etc/isns/isnsd.conf, the auth*, server* and control*
+key files created above must be removed, and the isnsd service must be
+restarted.
Index: isns-utils.spec
===================================================================
RCS file: /cvs/pkgs/rpms/isns-utils/F-9/isns-utils.spec,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- isns-utils.spec 11 Feb 2008 22:58:10 -0000 1.2
+++ isns-utils.spec 10 Jun 2008 19:13:18 -0000 1.3
@@ -1,6 +1,6 @@
Name: isns-utils
Version: 0.91
-Release: 0.0%{?dist}
+Release: 0.1%{?dist}
Summary: The iSNS daemon and utility programs
Group: System Environment/Daemons
@@ -11,7 +11,7 @@
Patch0: isns-utils-turn-default-dd-on-to-match-msft.patch
Patch1: isns-utils-update-isnsadm-man.patch
Patch2: isns-utils-fix-non-utf8-chars-in-copying.patch
-Patch3: isns-utils-include-limits.patch
+Patch3: isns-utils-add-rh-readme.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -29,8 +29,7 @@
%patch0 -p1 -b .turn-default-dd-on-to-match-msft
%patch1 -p1 -b .update-isnsadm-man
%patch2 -p1 -b .fix-non-utf8-chars-in-copying
-%patch3 -p1 -b .isns-utils-include-limits
-
+%patch3 -p1 -b .add-rh-readme
%build
if pkg-config openssl ; then
@@ -84,7 +83,7 @@
%files
%defattr(-, root, root, -)
-%doc COPYING README
+%doc COPYING README README.redhat.setup
%{_sbindir}/isnsd
%{_sbindir}/isnsadm
%{_sbindir}/isnsdd
@@ -97,5 +96,8 @@
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/isns/*
%changelog
+* Wed Jan 16 2008 Mike Christie <mchristie at redhat.com> - 0.91-0.1
+- 433514 Add README that documents the Red Hat specifics of setup
+
* Wed Jan 16 2008 Mike Christie <mchristie at redhat.com> - 0.91-0.0
- first build
More information about the scm-commits
mailing list