KB045253 – Petasan – Making ACL Changes to an Online / In Production RBD (iSCSI LUN)
Posted on October 30, 2020 by Mitchell Hall
This article will demonstrate the steps to edit any ACL configurations on an RBD (iSCSI LUN) in Petasan without taking it offline. This must be done via the command line, as it cannot be done via the GUI without first taking it offline.
The changes discussed in this document are:
- The editing of ACL configuration on an RBD (iSCSI LUN) and then ensuring those changes are reflected in the dashboard UI
- A deployed Petasan cluster.
- Refer to this guide to build a Petasan cluster
- Terminal (SSH) access to any of the monitor nodes.
There may come a time when you must update the allowed IQN’s that have access to an iSCSI LUN that is currently in production use such as if a new ESXi host has been added to a vSphere cluster. Petasan does not allow live changes to iSCSI LUN’s in the dashboard, therefor the changes must be made in the command line.
Petasan uses a script called disk_meta.py to scrape all of the RBD metadata and output it to a file that outputs the data in json format. From there, you can open this file, make the required changes, and then output that change back to Petasan so the changes are reflected in the dashboard and take effect for iSCSI.
- Navigate to the iSCSI Disks page in the Petasan dashboard.
- Note the Disk ID of the iSCSI Disk you are looking to change the size of. This can be found in the furthest left most column.
- SSH into one of the nodes that is running the monitor service. In a 3-node cluster, any node will work.
- Change directories to the folder with the disk_meta.py script
# cd /opt/petasan/scripts/util
- First, we need to output the metadata of this disk to a temporary file so we can make the necessary changes.
# ./disk_meta.py read –image image-00002 –pool rbd > /tmp/image02
- The metadata for this disk has now been output in json format to a file at /tmp/image02 The next step is to open that file with a text editor, and make the necessary changes. In this instance, we are looking to make a change such as the IQN’s allowed to access this iSCSI LUN.
# vim /tmp/image02
- To update the IQN’s allowed to access this LUN, you will add these IQN’s inside the “acl:” row.
- The final step is to take the json metadata file and update the cluster with those changes. To do this, we use the same script, only with different commands. Rather than using the read flag, we use the write flag which will write the changes permanently. We also will use the --file flag, and point to the location of the edited metadata file.
# ./disk_meta.py write –image image-00002 –pool rbd --file /tmp/image02
- The changes will now be reflected in the Petasan dashboard. If they don’t appear immediately, refresh the page.
- To verify any IQN ACL changes have been made, navigate to the iSCSI Disks page in the Petasan dashboard, and click on the iSCSI Disk the changes have been made on. If this page has been updated, the changes have propagated through the system.
- Make sure to refresh your browser to ensure the updates show up in the configuration.