发现成功:
[root@ncdqd0110 iqn.11351.com.xxx:AAA]# iscsiadm -m discoverydb -t sendtargets -p 127.0.0.1:54541 --discover
127.0.0.1:54541,-1 iqn.2495.com.xxx:AAA
登录失败:
[root@ncdqd0110 ~]# iscsiadm --mode node --target iqn.2495.com.xxx:AAA --portal 127.0.0.1:54541 --login
Logging in to [iface: default, target: iqn.2495.com.xxx:AAA, portal: 127.0.0.1,54541] (multiple)
**iscsiadm: Could not login to [iface: default, target: iqn.2495.com.xxx:AAA, portal: 127.0.0.1,54541].**
**iscsiadm: initiator reported error (8 - connection timed out)**
iscsiadm: Could not log into all portals
这发生在红帽v7.0. 在 Suse 中它运行良好。
下面给出了一些命令的结果:
[root@ncdqd0110 iqn.2495.com.xxx:AAA]# netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 10.31.224.1 0.0.0.0 UG 0 0 0 eno16780032
10.31.224.0 0.0.0.0 255.255.252.0 U 0 0 0 eno16780032
[root@ncdqd0110 ~]# ip route show
default via 10.31.224.1 dev eno16780032 proto static metric 1024
10.31.224.0/22 dev eno16780032 proto kernel scope link src 10.31.227.110
# BEGIN RECORD 6.2.0.873-21
node.name = iqn.2495.com.emc:BBB
node.tpgt = -1
node.startup = automatic
node.leading_login = No
iface.net_ifacename = eno16780032
iface.iscsi_ifacename = default
iface.transport_name = tcp
iface.vlan_id = 0
iface.vlan_priority = 0
iface.iface_num = 0
iface.mtu = 0
iface.port = 0
iface.tos = 0
iface.ttl = 0
iface.tcp_wsf = 0
iface.tcp_timer_scale = 0
iface.def_task_mgmt_timeout = 0
iface.erl = 0
iface.max_receive_data_len = 0
iface.first_burst_len = 0
iface.max_outstanding_r2t = 0
iface.max_burst_len = 0
node.discovery_address = 127.0.0.1
node.discovery_port = 54541
node.discovery_type = send_targets
node.session.initial_cmdsn = 0
node.session.initial_login_retry_max = 8
node.session.xmit_thread_priority = -20
node.session.cmds_max = 128
node.session.queue_depth = 32
node.session.nr_sessions = 1
node.session.auth.authmethod = None
node.session.timeo.replacement_timeout = 120
node.session.err_timeo.abort_timeout = 15
node.session.err_timeo.lu_reset_timeout = 30
node.session.err_timeo.tgt_reset_timeout = 30
node.session.err_timeo.host_reset_timeout = 60
node.session.iscsi.FastAbort = Yes
node.session.iscsi.InitialR2T = No
node.session.iscsi.ImmediateData = Yes
node.session.iscsi.FirstBurstLength = 262144
node.session.iscsi.MaxBurstLength = 16776192
node.session.iscsi.DefaultTime2Retain = 0
node.session.iscsi.DefaultTime2Wait = 2
node.session.iscsi.MaxConnections = 1
node.session.iscsi.MaxOutstandingR2T = 1
node.session.iscsi.ERL = 0
node.conn[0].address = 127.0.0.1
node.conn[0].port = 54541
node.conn[0].startup = manual
node.conn[0].tcp.window_size = 524288
node.conn[0].tcp.type_of_service = 0
node.conn[0].timeo.logout_timeout = 15
node.conn[0].timeo.login_timeout = 15
node.conn[0].timeo.auth_timeout = 45
node.conn[0].timeo.noop_out_interval = 5
node.conn[0].timeo.noop_out_timeout = 5
node.conn[0].iscsi.MaxXmitDataSegmentLength = 0
node.conn[0].iscsi.MaxRecvDataSegmentLength = 262144
node.conn[0].iscsi.HeaderDigest = None
node.conn[0].iscsi.IFMarker = No
node.conn[0].iscsi.OFMarker = No
# END RECORD
如果有人知道这个问题,请告诉我如何解决这个问题。
答案1
这似乎是 SELinux 的策略选择。发现会话在 iscsiadm 中运行,但 iscsid 在其可以连接的端口上受到限制。
一种选择是使用 policycoreutils 中的 audit2why/audit2allow 实用程序来创建本地策略模块,扩展默认系统 SELinux 策略以允许此功能。