democratic-csi: Unable to mount iSCSI targets when the portal is a hostname in certain situations
Buckle up, we are going down the rabbit hole!
Through an unfortunate series of events, I discovered that iSCSI portal discovery is completely broken on TrueNAS Scale when binding your portal to one or more IPv6 addresses. Unbeknownst to me at the time, it turned out that democratic-csi can cope with this and just skip iscsi portal discovery entirely and add targets to the discovery db on its own since it already knows what portal and IQNs the LUNs are accessible at through the PV resources and/or its config.
So, I debugged the TrueNAS problem and PR’d the fix here: https://github.com/truenas/middleware/pull/12664
This created a new problem. Now that iscsi portal discovery suddenly started working, democratic-csi started taking advantage of that fact and everything fell apart. I was now faced with this dreaded message when creating a pod depending on an iSCSI LUN: MountVolume.MountDevice failed for volume "pvc-4562489f2f2c4fb4" : rpc error: code = Unknown desc = unable to find iscsi session for iqn: iqn.2005-10.org.freenas.ctl:csi-pvc-4562489f2f2c4fb4-cluster, portal: spitfire.storage.235.tdude.co:3260.
I perused the source code to find out what was going on. So it turns out that despite logging into the iSCSI portal with hostname, the iSCSI Target is replying with literal IP addresses it is bound to (the hostname resolves to one of these addresses) in the discovery response. This causes a problem because democratic-csi is looking for the LUN from the hostname but the discovery db now only contains entries associated to the IP address.
The error occurs here because we can’t find the session associated with the host name.
The information is sourced from iscsiadm -m session which is filled with a bunch of ip address literals after discovery/target login.
Finally, the crux of the issue happens here:
Because the portal argument to the function will be the FQDN I set in the config and the sessions will all be identified by ip literals.
I feel like there are three solutions here:
- Get
scstonTrueNASto return a hostname from discovery (will probably never happen). - Add some logic to resolve the portal hostname inside democratic-csi and perform the mapping in the
getSessionfunction. - Add a config option to the driver to always skip iSCSI discovery.
Let me know what you think!
About this issue
- Original URL
- State: closed
- Created 7 months ago
- Comments: 21 (13 by maintainers)
I’ll unbuckle and come out of the rabbit hole now 😄
Just tried this out and can confirm that my iSCSI volumes are properly being mounted again! Thanks so much for the fix, looking forward to the next release!
OK, I’m relatively confident I’ll have another commit for you to try shortly.
Holidays and all that but this isn’t off my radar. I looked at some nodejs code that I can use to translate to ip addresses. Should be able to clean this up with that approach.
If you mean ICMP (IPv4) there is none, I am using IPv6 only. You can resolve the record yourself, it’s in public DNS and it only has an AAAA record.