Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bi-directional CHAP authentication does not work #404

Closed
tksm opened this issue May 19, 2020 · 7 comments
Closed

Bi-directional CHAP authentication does not work #404

tksm opened this issue May 19, 2020 · 7 comments
Labels
bug tracked

Comments

@tksm
Copy link

tksm commented May 19, 2020

Describe the bug

I created iSCSI backend using CHAP with ontap-san driver. It enabled CHAP authentication, but username_in was not set, which means bi-directional authentication is not enabled.

$ sudo iscsiadm -m session -P 3
Target: iqn.1992-08.com.netapp:sn.********************************:vs.8
...
                *****
                CHAP:
                *****
                username: myusername
                password: ********
                username_in: <empty> # It should not be empty
                password_in: ********

I found that volumePublishInfo.json misses iscsiTargetUsername key, so it seems bidirectional authentication setting will be skipped.

Environment

  • Trident version: 20.04.0
  • Trident installation flags used: -n trident
  • Container runtime: Docker 18.06.3-ce
  • Kubernetes version: v1.18.2
  • Kubernetes orchestrator: Kubernetes
  • Kubernetes enabled feature gates: none
  • OS: Ubuntu 18.04
  • NetApp backend types: ONTAP AFF 9.1P14
  • Other: none

To Reproduce

  • Create iSCSI backend using CHAP with ontap-san driver
  • Create PVC and Pod
  • Run following command on the node that runs the pod
    • sudo iscsiadm -m session -P 3
    • It will show username_in is empty, which means bidirectional auth is not enabled

Expected behavior

Bi-directional CHAP Authentication should be enabled.

Additional context

None
@tksm tksm added the bug label May 19, 2020
@gnarl gnarl added the tracked label May 19, 2020
@gnarl
Copy link
Contributor

gnarl commented May 19, 2020

@tksm confirmed that your assessment is correct.

@bigg01
Copy link

bigg01 commented Jun 29, 2020

Is there an idea when this will be fixed? We just integrated the Operator and CHAP is a must.
We are blocked.
bg
Oliver G.

@gnarl
Copy link
Contributor

gnarl commented Jun 29, 2020

A fix is scheduled to be included in the Trident 20.07 release.

@bigg01
Copy link

bigg01 commented Jun 30, 2020

OK and this will be? I am facing 3 problems at the moment with 20.04 and all of them are existing reportet issues in trident repo. Our AFF700 is usless with those bugs. Should we create a NetApp Case?

Cheers Oli

@gnarl
Copy link
Contributor

gnarl commented Jun 30, 2020

@bigg01 you are welcome to open a case with NetApp support. The Trident releases are versioned as YY.MM so the Trident 20.07 release will occur near the end of July. You can still use CHAP with Trident 20.04 as unidirectional CHAP is working.

@bigg01
Copy link

bigg01 commented Jul 3, 2020

Thank you i did. BG

@tksm
Copy link
Author

tksm commented Aug 4, 2020

@gnarl I confirmed that bi-directional CHAP works correctly on Trident v20.07.0.
Thank you so much for the fix!

$ sudo iscsiadm -m session -P 3
Target: iqn.1992-08.com.netapp:sn.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx:vs.8
...
                *****
                CHAP:
                *****
                username: stateful_vs4
                password: ********
                username_in: target_vs4 # username_in is set correctly
                password_in: ********

@tksm tksm closed this as completed Aug 4, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug tracked
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@gnarl @bigg01 @tksm