rpms/isns-utils/F-9 isns-utils-add-rh-readme.patch, NONE, 1.1 isns-utils.spec, 1.2, 1.3

Mike Christie (michaelc) fedora-extras-commits at redhat.com
Tue Jun 10 19:14:08 UTC 2008 

Author: michaelc

Update of /cvs/pkgs/rpms/isns-utils/F-9
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv30673

Modified Files:
	isns-utils.spec 
Added Files:
	isns-utils-add-rh-readme.patch 
Log Message:
Add simple setup guide and release

isns-utils-add-rh-readme.patch:

--- NEW FILE isns-utils-add-rh-readme.patch ---
diff -Naurp open-isns-0.91/README.redhat.setup open-isns-0.91.work/README.redhat.setup
--- open-isns-0.91/README.redhat.setup	1969-12-31 18:00:00.000000000 -0600
+++ open-isns-0.91.work/README.redhat.setup	2008-03-03 09:58:05.000000000 -0600
@@ -0,0 +1,221 @@
+iSNS client and Server setup using isns-utils (open-isns).
+==========================================================
+v0.1 Feb 19, 2008
+
+
+A Simple Example Using the Default Discovery Domain
+===================================================
+
+1. By default the iSNS server will place all targets and initiators
+into a Default Discovery Domain, so to get going on the server you
+only need to run:
+
+# service isnsd start
+
+See the next section for configuring more complex Domains.
+
+
+2. Setup iSNS initiator client.
+
+	A. Edit /etc/iscsi/iscsi.conf so isns.address is the IP address of the
+	iSNS server setup in step 1. The default ports used by both the client
+	and server is 3205.
+	B. Start iSCSI initiator. iscsid will connect to the iSNS server
+	at the address set in step A. You will not see
+	a message indicating this was successful, but if there is an error
+	you will see a error message in /var/log/messages. Also when iscsiadm
+	is used to discovery targets using iSNS, iscsiadm will report an
+	error.
+
+	# service iscsi start
+
+3. Setup iSNS target client.
+
+	This step is different for each target.
+
+	IET:
+	A. Set the iSNSServer value in /etc/ietd.conf to the IP address of the
+	iSNS server setup in step 1.
+	B. Start IET. ietd will connect to the iSNS server. You will not see
+	a message indicating this was successful, but if there is an error
+	you will see a error message in /var/log/messages.
+
+	#service iscsi-target start
+
+	TGT:
+
+	(This will change in the next release when TGT is out of Tech
+	Preview, and there is a nice way to setup TGT.)
+
+	A. On the iSNS server RegistrationPeriod must be set to 0, in
+	/etc/isns/isnsd.conf, because tgt does not refresh registration
+	by default.
+	B. Install isns-utils on target box.
+	C. Edit /etc/isns/isnsadm.conf, so SourceName is the target name
+	for the iscsi tgt target, and ServerAddress is the address of
+	the server setup in step 1.
+	D. Run isnsadm in registration mode to register the target and portal.
+	(tgt uses the tpgt=1 by default so there is not need to set this).
+
+	# isnsadm --register target=iqn.2005-01.com.redhat.foo portal=20.15.0.3:3260/tcp
+
+	In this example the target name that was set in step B is
+	iqn.2005-01.com.redhat.foo. It is listening at IP address 20.15.0.3
+	on port 3260 (3260 is the default port tgt uses), and using TCP.
+
+4. Discovering targets.
+
+	A. With the iSCSI service started, run:
+
+	#iscsiadm -m discovery -t isns
+
+	This will print out a list of targets that were discovered and
+	targets that were found through iSNS previously. Currently, iscsiadm
+	will not remove node records for stale targets using isns like
+	is done with sendtargets discovery. This will be fixed in the next
+	iscsi-initiator-utils release.
+
+
+Adding Discovery Domains and Domain Sets
+========================================
+
+For most simple setups using the Default Discovery Domain will be all
+that is needed. However, to add more complex domain setups, you need to
+create a iSNS management station. This can be a seperate box from the iSNS
+server or it can be the same box.
+
+
+1. Setup Management Station
+===========================
+To setup a management station authentication mode must be set up. To do this
+first stop the isnsd service if it is running and edit the /etc/isns/isnsd.conf
+file so:
+
+Security       = 1
+
+is not commented.
+
+The next instructions for setting up authentication are taken from the
+isnsadm man page "EXAMPLES" section:
+
+       If  you  want to use Open-iSNS in authenticated mode, you first need to
+       initialize the server’s DSA key and DSA parameters. This  can  be  done
+       conveniently by using
+
+       # isnsd --init
+
+       This will create the server’s private and public key, and place them in
+       /etc/isns/auth_key and auth_key.pub, respectively.
+
+       Next start the isnsd service
+
+       # service isnsd start
+
+       The following command will create a policy  object  for  a  node  named
+       isns.control , and grant it control privileges:
+
+       # isnsadm --local --keyfile=control.key --enroll isns.control \
+                  node-type=ALL functions=ALL object-type=ALL
+
+       Before executing this command make sure that the SourceName in
+       /etc/isns/isnsadm.conf is isns.control, or if you have named your
+       control node differently replace isns.control with that name in the
+       above command.
+
+       In  the  process of entrolling the client, this will generate a DSA key
+       pair, and place the private key portion in the file control.key.   This
+       file must be installed as /etc/isns/control.key on the host you wish to
+       use as an iSNS management station.
+
+       Next, you need to create a storage node object for the management  sta-
+       tion:
+
+       # isnsadm --local --register control
+
+       On the management station, you can then enroll additional hosts if
+       you want to be able to control the server from remote machines.
+
+       # isnsadm --control --keyfile=somehost.key --enroll iqn.2005-01.org.open-
+       iscsi.somehost \
+                  node-type=target+initiator
+
+       Again, this will generate a DSA key pair and store the private key por-
+       tion  in  auth_key.  Note  the  use  of the --control option that tells
+       isnsadm to use the identity of the control node instead of the  default
+       key and source name.
+
+       You then need to copy somehost.key to the client host and install it as
+       /etc/isns/auth_key.  Likewise, the server’s public key  (which  resides
+       in  /etc/isns/auth_key.pub  on  the  server)  needs to be copied to the
+       client machine, and placed in /etc/isns/server_key.pub. If running
+       the management station on the server, then remember to copy
+       auth_key.pub to server_key.pub on that same box.
+
+       By default, when a client registers a storage node (be it initiator  or
+       target) with iSNS, the client will be able to all the other storage
+       nodes. This can be turned off by setting DefaultDiscoveryDomain to
+       zero in the isnsd.conf file.
+
+       If DefaultDiscoveryDomain is disabled, or to better control which
+       storage is visable to different initiators you need to create so-called
+       Discovery Domains (or DDs for short).
+
+       Currently,  domain  membership  operations require administrator privi-
+       lege. Future extensions may allow iSNS clients to add themselves to one
+       or more DDs upon registration.
+
+       To create a discovery domain, and add nodes to it, you can use
+
+       # isnsadm --control --dd-register dd-name=mydomain \
+                  member-name=iqn.org.bozo.client \
+                  member-name=iqn.org.bozo.jbod ...
+
+       If the control station is on the same machine as the server then
+       the --control argument should be replaced with the --local argument.
+
+       # isnsadm --local --dd-register dd-name=mydomain \
+                  member-name=iqn.org.bozo.client \
+                  member-name=iqn.org.bozo.jbod ...
+
+       In  order  to  add  members  to an existing DD, you have to specify the
+       numeric domain ID - using the DD name is not sufficient,  unfortunately
+       (this is a requirement of the RFC, not an implementation issue):
+
+       isnsadm --control --dd-register dd-id=42 \
+                  member-name=iqn.com.foo member-name=iqn.com.bar
+
+       If the control station is on the same machine as the server then
+       the --control argument should be replaced with the --local argument.
+
+       The DD ID can be obtained by doing a query for the DD name:
+
+       isnsadm --control --query dd-name=mydomain
+
+       If the control station is on the same machine as the server then
+       the --control argument should be replaced with the --local argument.
+
+       In management mode, you can also register and deregister nodes and por-
+       tals manually, in case you want  to  fix  up  an  inconsisteny  in  the
+       database.  For instance, this will register a node and portal on a host
+       named client.bozo.org:
+
+       isnsadm --control --register entity=client.bozo.org \
+                  initiator=iqn.org.bozo.client portal=191.168.7.1:860
+
+       If the control station is on the same machine as the server then
+       the --control argument should be replaced with the --local argument.
+
+       Note that this registration explicitly specifies the network entity  in
+       which  to place the new objects. If you omit this, the new objects will
+       be placed in an entity named CONTROL, which is decidedly not  what  you
+       want.
+
+Now with the Discovery Domains setup, if you did not register nodes in control
+mode you can register nodes and discover storage like in
+"A Simple Example Using the Default Discovery Domain" section 2 to 3.
+
+However, because most initiators and target clients do not support security
+which was setup above, authentication on the iSNS server must be disabled by
+setting Security to 0 on /etc/isns/isnsd.conf, the auth*, server* and control*
+key files created above must be removed, and the isnsd service must be
+restarted.


Index: isns-utils.spec
===================================================================
RCS file: /cvs/pkgs/rpms/isns-utils/F-9/isns-utils.spec,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- isns-utils.spec	11 Feb 2008 22:58:10 -0000	1.2
+++ isns-utils.spec	10 Jun 2008 19:13:18 -0000	1.3
@@ -1,6 +1,6 @@
 Name:           isns-utils
 Version:        0.91
-Release:        0.0%{?dist}
+Release:        0.1%{?dist}
 Summary:        The iSNS daemon and utility programs
 
 Group:          System Environment/Daemons
@@ -11,7 +11,7 @@
 Patch0:         isns-utils-turn-default-dd-on-to-match-msft.patch
 Patch1:         isns-utils-update-isnsadm-man.patch
 Patch2:         isns-utils-fix-non-utf8-chars-in-copying.patch
-Patch3:         isns-utils-include-limits.patch
+Patch3:         isns-utils-add-rh-readme.patch
 
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
@@ -29,8 +29,7 @@
 %patch0 -p1 -b .turn-default-dd-on-to-match-msft
 %patch1 -p1 -b .update-isnsadm-man
 %patch2 -p1 -b .fix-non-utf8-chars-in-copying
-%patch3 -p1 -b .isns-utils-include-limits
-
+%patch3 -p1 -b .add-rh-readme
 
 %build
 if pkg-config openssl ; then
@@ -84,7 +83,7 @@
 
 %files
 %defattr(-, root, root, -)
-%doc COPYING README
+%doc COPYING README README.redhat.setup
 %{_sbindir}/isnsd
 %{_sbindir}/isnsadm
 %{_sbindir}/isnsdd
@@ -97,5 +96,8 @@
 %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/isns/*
 
 %changelog
+* Wed Jan 16 2008 Mike Christie <mchristie at redhat.com> - 0.91-0.1
+- 433514 Add README that documents the Red Hat specifics of setup
+
 * Wed Jan 16 2008 Mike Christie <mchristie at redhat.com> - 0.91-0.0
 - first build

More information about the fedora-extras-commits mailing list