I have a home lab set up with libvirtd and iSCSI. I have most issues worked out/around but there's one issue that still puzzles me. I can't find an answer on Google or serverfault.com.
Often when logging in to my targets I'll get an authentication denied error and find that iscsiadm has apparently deleted the CHAP credentials in my configuration. It deletes the username and password lines and sets the authmethod to "None". It's not really a problem as I can just re-run my Ansible playbook to put the credentials back, but I would prefer not to have to do it.
Is there a way to configure iscsiadm to not delete my credentials?
I would prefer not to chattr +i all the node config files as that complicates my Ansible playbook. I'm sure that's not the right answer.
The iSCSI host is a QNAP TS-431P so something of a pain to configure. :) Works great once it's done though.
Not sure if it helps but here's my MWE.
Versions:
QNAP firmware: 4.3.6.0959
open-iscsi: 2.1.0
libiscsi: 1.19.0
libiscsi-tools: 1.19.0
/etc/iscsi/initiatorname.iscsi:
InitiatorName=iqn.2005-03.org.open-iscsi:634e222dfd1
/etc/iscsi/iscsid.conf:
node.startup = manual
node.leading_login = No
node.session.timeo.replacement_timeout = 120
node.conn[0].timeo.login_timeout = 15
node.conn[0].timeo.logout_timeout = 15
node.conn[0].timeo.noop_out_interval = 5
node.conn[0].timeo.noop_out_timeout = 5
node.session.err_timeo.abort_timeout = 15
node.session.err_timeo.lu_reset_timeout = 30
node.session.err_timeo.tgt_reset_timeout = 30
node.session.initial_login_retry_max = 8
node.session.cmds_max = 128
node.session.queue_depth = 32
node.session.xmit_thread_priority = -20
node.session.iscsi.InitialR2T = No
node.session.iscsi.ImmediateData = Yes
node.session.iscsi.FirstBurstLength = 262144
node.session.iscsi.MaxBurstLength = 16776192
node.conn[0].iscsi.MaxRecvDataSegmentLength = 262144
node.conn[0].iscsi.MaxXmitDataSegmentLength = 0
discovery.sendtargets.iscsi.MaxRecvDataSegmentLength = 32768
node.session.nr_sessions = 1
node.session.iscsi.FastAbort = Yes
node.session.scan = auto
Here's a node configuration, note the "node.session.auth" options are all set (dummy password obviously and IPs masked).
/etc/iscsi/nodes/iqn.2004-04.com.qnap:ts-431p:iscsi.website.14b57f/10.nas.nas.nas,3260,1/default:
# BEGIN RECORD 2.0-876
node.name = iqn.2004-04.com.qnap:ts-431p:iscsi.website.14b57f
node.tpgt = 1
node.startup = manual
node.leading_login = No
iface.iscsi_ifacename = default
iface.prefix_len = 0
iface.transport_name = tcp
iface.vlan_id = 0
iface.vlan_priority = 0
iface.iface_num = 0
iface.mtu = 0
iface.port = 0
iface.tos = 0
iface.ttl = 0
iface.tcp_wsf = 0
iface.tcp_timer_scale = 0
iface.def_task_mgmt_timeout = 0
iface.erl = 0
iface.max_receive_data_len = 0
iface.first_burst_len = 0
iface.max_outstanding_r2t = 0
iface.max_burst_len = 0
node.discovery_address = 10.nas.nas.nas
node.discovery_port = 3260
node.discovery_type = send_targets
node.session.initial_cmdsn = 0
node.session.initial_login_retry_max = 8
node.session.xmit_thread_priority = -20
node.session.cmds_max = 128
node.session.queue_depth = 32
node.session.nr_sessions = 1
node.session.auth.authmethod = CHAP
node.session.auth.username = gimmedisks
node.session.auth.password = Password@1
node.session.timeo.replacement_timeout = 120
node.session.err_timeo.abort_timeout = 15
node.session.err_timeo.lu_reset_timeout = 30
node.session.err_timeo.tgt_reset_timeout = 30
node.session.err_timeo.host_reset_timeout = 60
node.session.iscsi.FastAbort = Yes
node.session.iscsi.InitialR2T = No
node.session.iscsi.ImmediateData = Yes
node.session.iscsi.FirstBurstLength = 262144
node.session.iscsi.MaxBurstLength = 16776192
node.session.iscsi.DefaultTime2Retain = 0
node.session.iscsi.DefaultTime2Wait = 2
node.session.iscsi.MaxConnections = 1
node.session.iscsi.MaxOutstandingR2T = 1
node.session.iscsi.ERL = 0
node.session.scan = auto
node.conn[0].address = 10.nas.nas.nas
node.conn[0].startup = manual
node.conn[0].tcp.window_size = 524288
node.conn[0].tcp.type_of_service = 0
node.conn[0].timeo.logout_timeout = 15
node.conn[0].timeo.login_timeout = 15
node.conn[0].timeo.auth_timeout = 45
node.conn[0].timeo.noop_out_interval = 5
node.conn[0].timeo.noop_out_timeout = 5
node.conn[0].iscsi.MaxXmitDataSegmentLength = 0
node.conn[0].iscsi.MaxRecvDataSegmentLength = 262144
node.conn[0].iscsi.HeaderDigest = None
node.conn[0].iscsi.DataDigest = None
node.conn[0].iscsi.IFMarker = No
node.conn[0].iscsi.OFMarker = No
# END RECORD
