跳转到主内容
NetApp Response to Russia-Ukraine Cyber Threat
In response to the recent rise in cyber threat due to the Russian-Ukraine crisis, NetApp is actively monitoring the global security intelligence and updating our cybersecurity measures. We follow U.S. Federal Government guidance and remain on high alert. Customers are encouraged to monitor the Cybersecurity and Infrastructure Security (CISA) website for new information as it develops and remain on high alert.

Trident—由于iSCSI会话身份验证错误、OpenShift Pod一直处于容器创建状态

Views:
15
Visibility:
Public
Votes:
0
Category:
trident-kubernetes
Specialty:
solidfire
Last Updated:

适用场景

  • 三叉
  • SolidFire
  • OpenShift 4.4.13+
  • Red Hat Enterprise Linux CoreOS 4.5及更高版本
  • Red Hat Enterprise Linux 8.2+

问题描述

1. 在使用NetApp Trident PVC配置Pod时、Pod会停留在"容器创建"状态、因为OpenShift工作节点由于哈希算法不匹配而无法与Element建立iSCSI会话。

2. 升级到OpenShift 4.4.13+后、具有PVC的现有Pod无法重新建立其iSCSI会话。

 

要确认此情况、可以执行以下操作:

Trident会按预期创建PVC。

[root@master k8s]# kubectl get pvc
NAME                           STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS   AGE
persistent-volume-claim-sf     Bound    pvc-7489898e-087b-4db0-b211-e5b254074d56   2Gi        RWO            sf-gold        46h

iscsiadm -m discovery 工作节点上运行将显示已正确发现此门户。

[root@node-1 iscsi]# iscsiadm -m discovery
192.168.1.50:3260 via sendtargets

iscsiadm -m node 将显示正确发现的目标。

[root@node-1 iscsi]# iscsiadm -m node
192.168.1.50:3260,1 iqn.2010-01.com.solidfire:3x71.pvc-7489898e-087b-4db0-b211-e5b254074d56.1

但是 iscsiadm -m session 、不会显示任何条目。

[root@node-1 ~]# iscsiadm -m session
iscsiadm: No active sessions.

/var/log/messages Pod所在的工作节点上查看将在登录到目标时显示身份验证错误。

Jul 30 04:12:36 node-1 iscsid[1372]: iscsid: Login authentication failed with target iqn.2010-01.com.solidfire:3x71.pvc-7489898e-087b-4db0-b211-e5b254074d56.1
Jul 30 04:12:36 node-1 iscsid[1372]: iscsid: Kernel reported iSCSI connection 207:0 error (1020 - ISCSI_ERR_TCP_CONN_CLOSE: TCP connection closed) state (1)
Jul 30 04:12:41 node-1 iscsid[1372]: iscsid: Login failed to authenticate with target iqn.2010-01.com.solidfire:3x71.pvc-7489898e-087b-4db0-b211-e5b254074d56.1
Jul 30 04:12:41 node-1 iscsid[1372]: iscsid: session 207 login rejected: Initiator failed authentication with target
Jul 30 04:12:41 node-1 iscsid[1372]: iscsid: Connection207:0 to [target: iqn.2010-01.com.solidfire:3x71.pvc-7489898e-087b-4db0-b211-e5b254074d56.1, portal: 192.168.1.50,3260] through [iface: default] is shutdown.

 

Scan to view the article on your device
CUSTOMER EXCLUSIVE CONTENT

Registered NetApp customers get unlimited access to our dynamic Knowledge Base.

New authoritative content is published and updated each day by our team of experts.

Current Customer or Partner?

Sign In for unlimited access

New to NetApp?

Learn more about our award-winning Support