Restricting Access to iSCSI Targets on Openfiler

Finding

There seems to be a problem with access to Openfiler. An entry in /etc/initiators.deny is generated automatically denying the access from ALL to every iSCSI target configured:

[root@localhost ~]# cat /etc/initiators.deny 

# PLEASE DO NOT MODIFY THIS CONFIGURATION FILE!
#   This configuration file was autogenerated
#   by Openfiler. Any manual changes will be overwritten
#   Generated at: Sat Dec 25 23:29:38 CET 2010

iqn.2006-01.com.openfiler:tsn.bb9e3f57be77 ALL

iqn.2006-01.com.openfiler:tsn.86f8bd9df8cb ALL


# End of Openfiler configuration

In my case when there was only one target, it prevents every client from accessing the disks exported. To solve this I added a second target (as I had to setup another cluster), added every client in the “System / Network” section and set the ACL for every iSCSI target explicitly.

How to…

Add every client in “System / Network”:

Then create another iSCSI target in “Volumes / iSCSI Targets / Target Configuration”:

And setup the ACL for every target:

Here we go

So my Oracle RAC sees the following disks:

root@rac1:/ # format                                                                                                               
Searching for disks...done


AVAILABLE DISK SELECTIONS:
      0. c0d0 
         /pci@0,0/pci-ide@1f,1/ide@0/cmdk@0,0
      1. c1t1d0 
         /iscsi/disk@0000iqn.2006-01.com.openfiler%3Atsn.bb9e3f57be770001,0
      2. c1t2d0 
         /iscsi/disk@0000iqn.2006-01.com.openfiler%3Atsn.bb9e3f57be770001,1
      3. c1t3d0 
         /iscsi/disk@0000iqn.2006-01.com.openfiler%3Atsn.bb9e3f57be770001,2
      4. c1t4d0 
         /iscsi/disk@0000iqn.2006-01.com.openfiler%3Atsn.bb9e3f57be770001,3
      5. c1t5d0 
         /iscsi/disk@0000iqn.2006-01.com.openfiler%3Atsn.bb9e3f57be770001,4
      6. c1t6d0 
         /iscsi/disk@0000iqn.2006-01.com.openfiler%3Atsn.bb9e3f57be770001,5
      7. c1t7d0 
         /iscsi/disk@0000iqn.2006-01.com.openfiler%3Atsn.bb9e3f57be770001,6
      8. c1t8d0 
         /iscsi/disk@0000iqn.2006-01.com.openfiler%3Atsn.bb9e3f57be770001,7
      9. c1t9d0 
         /iscsi/disk@0000iqn.2006-01.com.openfiler%3Atsn.bb9e3f57be770001,8
     10. c1t10d0 
         /iscsi/disk@0000iqn.2006-01.com.openfiler%3Atsn.bb9e3f57be770001,9
     11. c1t11d0 
         /iscsi/disk@0000iqn.2006-01.com.openfiler%3Atsn.bb9e3f57be770001,10
     12. c1t12d0 
         /iscsi/disk@0000iqn.2006-01.com.openfiler%3Atsn.bb9e3f57be770001,11
     13. c1t13d0 
         /iscsi/disk@0000iqn.2006-01.com.openfiler%3Atsn.bb9e3f57be770001,12
     14. c1t14d0 
         /iscsi/disk@0000iqn.2006-01.com.openfiler%3Atsn.bb9e3f57be770001,13
     15. c1t15d0 
         /iscsi/disk@0000iqn.2006-01.com.openfiler%3Atsn.bb9e3f57be770001,14
     16. c1t16d0 
         /iscsi/disk@0000iqn.2006-01.com.openfiler%3Atsn.bb9e3f57be770001,15
     17. c1t17d0 
         /iscsi/disk@0000iqn.2006-01.com.openfiler%3Atsn.bb9e3f57be770001,16
Specify disk (enter its number):

Note that every disk on controller c1 just shows the tsn.bb9e3f57be770001 so it’s from the first target. My Solaris Cluster sees the disks from target tsn.86f8bd9df8cb0001 on controller c2:

root@sol1:/ # format
Searching for disks...done


AVAILABLE DISK SELECTIONS:
     0. c0t0d0 
        /pci@0,0/pci8086,2829@d/disk@0,0
     1. c1t0d0 
        /pci@0,0/pci1000,8000@14/sd@0,0
     2. c1t1d0 
        /pci@0,0/pci1000,8000@14/sd@1,0
     3. c2t5d0 
        /iscsi/disk@0000iqn.2006-01.com.openfiler%3Atsn.86f8bd9df8cb0001,0
     4. c2t7d0 
        /iscsi/disk@0000iqn.2006-01.com.openfiler%3Atsn.86f8bd9df8cb0001,1
Specify disk (enter its number):

That’s exactly what I want.

HTH.

Restricting Access to iSCSI Targets on Openfiler

Finding

How to…

Here we go

Java

Java Resources

Groovy

Clojure

Clojure Resources

Follow

Follow

Archive