From: Chris Leech <cleech-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
To: open-iscsi-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org,
linux-scsi-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
netdev-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
Subject: [RFC PATCH 0/4] Make iSCSI network namespace aware
Date: Wed, 13 May 2015 15:12:43 -0700 [thread overview]
Message-ID: <1431555167-23995-1-git-send-email-cleech@redhat.com> (raw)
I've had a few reports of people trying to run iscsid in a container, which
doesn't work at all when using network namespaces. This is the start of me
looking at what it would take to make that work, and if it makes sense at all.
The first issue is that the kernel side of the iSCSI netlink control protocol
only operates in the initial network namespace. But beyond that, if we allow
iSCSI to be managed within a namespace we need to decide what that means. I
think it makes the most sense to isolate the iSCSI host, along with it's
associated endpoints, connections, and sessions, to a network namespace and
allow multiple instances of the userspace tools to exist in separate namespaces
managing separate hosts.
It works well for iscsi_tcp, which creates a host per session. There's no
attempt to manage sessions on offloading hosts independently, although future
work could include the ability to move an entire host to a new namespace like
is supported for network devices.
This is only about the structures and functionality involved in maintaining the
iSCSI session, the SCSI host along with it's discovered targets and devices has
no association with network namespaces.
These patches are functional, but not complete. There's no isolation enforced
in the kernel just yet, so it relies on well behaved userspace. I plan on
fixing that, but wanted some feedback on the idea and approach so far.
Thanks,
Chris
Chris Leech (4):
iscsi: create per-net iscsi nl kernel sockets
iscsi: sysfs filtering by network namespace
iscsi: make all netlink multicast namespace aware
iscsi: set netns for iscsi_tcp hosts
drivers/scsi/iscsi_tcp.c | 7 +
drivers/scsi/scsi_transport_iscsi.c | 264 +++++++++++++++++++++++++++++-------
include/scsi/scsi_transport_iscsi.h | 2 +
3 files changed, 222 insertions(+), 51 deletions(-)
--
2.1.0
--
You received this message because you are subscribed to the Google Groups "open-iscsi" group.
To unsubscribe from this group and stop receiving emails from it, send an email to open-iscsi+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To post to this group, send email to open-iscsi-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
Visit this group at http://groups.google.com/group/open-iscsi.
For more options, visit https://groups.google.com/d/optout.
next reply other threads:[~2015-05-13 22:12 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-05-13 22:12 Chris Leech [this message]
2015-05-13 22:12 ` [RFC PATCH 3/4] iscsi: make all netlink multicast namespace aware Chris Leech
[not found] ` <1431555167-23995-1-git-send-email-cleech-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2015-05-13 22:12 ` [RFC PATCH 1/4] iscsi: create per-net iscsi nl kernel sockets Chris Leech
2015-05-13 22:12 ` [RFC PATCH 2/4] iscsi: sysfs filtering by network namespace Chris Leech
[not found] ` <1431555167-23995-3-git-send-email-cleech-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2015-05-21 20:49 ` iscsi flashnode bus? " Chris Leech
[not found] ` <20150521204906.GF17115-r8IHplWLGbA5tHQWs+pTeqPFFGjUI2lm2LY78lusg7I@public.gmane.org>
2015-05-22 15:49 ` Mike Christie
2015-05-13 22:12 ` [RFC PATCH 4/4] iscsi: set netns for iscsi_tcp hosts Chris Leech
2015-05-20 18:45 ` [RFC PATCH 0/4] Make iSCSI network namespace aware Andy Grover
[not found] ` <555CD657.6080004-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2015-05-21 9:04 ` Hannes Reinecke
2015-05-21 20:26 ` Chris Leech
2015-06-01 3:43 ` vaibhavkhanduja-Re5JQEeQqe8AvxtiuMwx3w
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1431555167-23995-1-git-send-email-cleech@redhat.com \
--to=cleech-h+wxahxf7alqt0dzr+alfa@public.gmane.org \
--cc=linux-scsi-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=netdev-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=open-iscsi-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).