Describe the bug
I created iSCSI backend using CHAP with ontap-san driver. It enabled CHAP authentication, but username_in was not set, which means bi-directional authentication is not enabled.
$ sudo iscsiadm -m session -P 3
Target: iqn.1992-08.com.netapp:sn.********************************:vs.8
...
*****
CHAP:
*****
username: myusername
password: ********
username_in: <empty> # It should not be empty
password_in: ********
I found that volumePublishInfo.json misses iscsiTargetUsername key, so it seems bidirectional authentication setting will be skipped.
Environment
To Reproduce
sudo iscsiadm -m session -P 3username_in is empty, which means bidirectional auth is not enabledExpected behavior
Bi-directional CHAP Authentication should be enabled.
Additional context
None
@tksm confirmed that your assessment is correct.
Is there an idea when this will be fixed? We just integrated the Operator and CHAP is a must.
We are blocked.
bg
Oliver G.
A fix is scheduled to be included in the Trident 20.07 release.
OK and this will be? I am facing 3 problems at the moment with 20.04 and all of them are existing reportet issues in trident repo. Our AFF700 is usless with those bugs. Should we create a NetApp Case?
Cheers Oli
@bigg01 you are welcome to open a case with NetApp support. The Trident releases are versioned as YY.MM so the Trident 20.07 release will occur near the end of July. You can still use CHAP with Trident 20.04 as unidirectional CHAP is working.
Thank you i did. BG
@gnarl I confirmed that bi-directional CHAP works correctly on Trident v20.07.0.
Thank you so much for the fix!
$ sudo iscsiadm -m session -P 3
Target: iqn.1992-08.com.netapp:sn.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx:vs.8
...
*****
CHAP:
*****
username: stateful_vs4
password: ********
username_in: target_vs4 # username_in is set correctly
password_in: ********