diff options
author | Mike Christie <michaelc@cs.wisc.edu> | 2010-02-19 19:19:22 -0600 |
---|---|---|
committer | Mike Christie <michaelc@cs.wisc.edu> | 2010-03-22 17:32:08 -0500 |
commit | 22610b42dea26f17d9be3f5bd23fed0f32436932 (patch) | |
tree | 93f5d9f26e9a9ee0d1476984e83734be7e7e24aa /utils/open-isns/README | |
parent | 7fef761e193dc3a1ff3c65b7eb9f8d3942d69bbb (diff) | |
download | open-iscsi-22610b42dea26f17d9be3f5bd23fed0f32436932.tar.gz |
iscsi tools: use open-isns services
This replaces the native isns code with open-isns's libisns.
I included the open-isns code in the open-iscsi tarball
to make distribution easier since some distros use different
isns clients and may not want to carry open-isns.
This is based on open-isns commit
5e09f36d3446e41de0b8361601ffec4cd140d513.
Changes in iSNS behavior/use:
- To do discovery you must pass the ip and optionally the
port to iscsiadm:
iscsiadm -m discovery -t st -p 10.15.0.9
This command accepts the same ops as sendtargets so you can
add/remove/update the node records that are created.
It also supports ifaces properly now.
- isns.address and isns.port in iscsid.conf are no longer
used.
- ESI is temporarily not supported. This will be fixed in the
next patch when SCNs support is added.
- The iscsiadm isns discovery command is not marked as stable.
Signed-off-by: Mike Christie <michaelc@cs.wisc.edu>
Diffstat (limited to 'utils/open-isns/README')
-rw-r--r-- | utils/open-isns/README | 173 |
1 files changed, 173 insertions, 0 deletions
diff --git a/utils/open-isns/README b/utils/open-isns/README new file mode 100644 index 0000000..acff29b --- /dev/null +++ b/utils/open-isns/README @@ -0,0 +1,173 @@ + +Welcome to Open-iSNS +==================== + +This is a partial implementation of iSNS, according to RFC4171. +The implementation is still somewhat incomplete, but I'm releasing +it for your reading pleasure. + +The distribution comprises + + isnsd + This is the iSNS server, supporting persistent storage + of registrations in a file based database. + + isnsadm + A command line utility for querying the iSNS database, + and for registering/deregistering nodes and portals + + isnsdd + An iSNS Discovery Daemon, which is still very much work + in progress. The daemon is supposed to handle all the + bit banging and server communications required to register + a node, its portals, and to maintain the registration. + It is also supposed to use the iSNS State Change Notification + framework to learn of new targets or initiators coming online, + and inform local services (such as the iSCSI initiator daemon) + about these changes. + +Thanks! +------- + +Many thanks to Albert Pauw for his fearless testing of snapshots, +and his copious feedback! + +What works, after a fashion: +---------------------------- + + - For now, I've been focusing on getting the iSCSI part to + work. There is some very basic support for FC objects, but + this will be hardly useful yet. + + - Registration, deregistration, query, getnext + You can use isnsadm to register iSCSI nodes, and portals. + isnsadm also illustrates how this is supposed to be used from + the client perspective. + + - Discovery domains are supported mostly. The administrator + can create discovery domains using isnsadm, and place storage + nodes in domains. Queries by clients are scoped by their + discovery domains membership, so that they will be unable to + see nodes not part of a shared DD. + + Open-iSNS currently does not allow clients to place themselves + in a DD. + + Optionally, storage nodes that are not in any discovery domain + will be placed in a "default DD" (see the DefaultDiscoveryDomain + in isnsd.conf). + + - ESI, supported both by the server and the discovery daemon + + - SCN, supported by the server and the discovery daemon + +What is still missing +--------------------- + + - Better documentation (esp. a HOWTO on getting started with iSNS) + - DD Sets + - Various bits and pieces of the protocol + - FC support + + +Building Open-iSNS +------------------ + +The Open-iSNS build is now based on autoconf. The distributed tarball +should include a configure script and a config.h.in file generated +from configure.ac. If these are missing, you can generate them +by running + + autoconf + autoheader + +For most people, it should be sufficient to run configure without any +arguments, or at most with the option --prefix. If run without --prefix, +program files, manpages etc will be installed below /usr/local. To have +everything installed /usr/bin, /usr/share/man etc, run it as + + ./configure --prefix=/usr + +Dependencies: + + - If you want to build Open-iSNS with support for authentication, + you need the OpenSSL libraries and header files installed. + + The configure script should pick up the presence of these + libraries, and enable security support automatically. To disable + this explicitly in your build, pass the --without-security option + to configure. + + - If you want to build Open-iSNS with SLP support, you need the + OpenSLP library and header file installed. + + The configure script should pick up the presence of this library, + and enable SLP support automatically. To disable this explicitly + in your build, pass the --without-slp option to configure. + +When configure is run, it checks for a the presence of a number of +headers and libraries in your system (the results of most of these checks +are currently ignored :-). Then, it creates a Makefile and a config.h +include file. With these in place, you can build the binaries and libraries: + + make + make install + +Getting started +--------------- + +On the iSNS server, you need to generate a server key and install it. The +simplest way is probably to use the isnssetup script included in the +source package. + +For each client you wish to use, you should then + +iSNS Security +------------- + +This implementation of iSNS supports authentication, as descibed in RFC +4171. In order to use it, you have to create DSA keys for the server and +all clients. + +iSNS uses conceptually the same security mechanism as SLP, and identifies +principals by a "Security Parameter Index", which is essentially a string +identifying a key. + +Open-iSNS fully supports DSA based security, and offers a flexible +policy mechanism that ties an SPI to a network entity and the storage +node names it is allowed to use. For an introduction to the security +model used by Open-iSNS, refer to the isns_config(5) manual page. An +overview on setting up the iSNS server for authentication is given in +the EXAMPLES section of the isnsadm(8) manual page. + +Downloading Open-iSNS +--------------------- + +Open-iSNS is available for download from + + http://oss.oracle.com/~okir/open-isns + +You have to grab the latest tarball and compile it; fancy things such +as RPMs are not available yet. + +------------------------------------------------------------------ + + + COPYRIGHT NOTICE + + Copyright (C) 2007 Olaf Kirch. + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with this library; if not, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + |