github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-21 19:01:49 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #90985 from mrobson/iscsi-nodescan-manual

Browse Source 
Set session scanning to manual to avoid discovering all iSCSI devices…
This commit is contained in:
Kubernetes Prow Robot 2020-05-20 16:45:15 -07:00 committed by GitHub
commit 2fa00e30ce
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
pkg/volume/iscsi/iscsi_util.go
View File

@ -107,11 +107,18 @@ func updateISCSIDiscoverydb(b iscsiDiskMounter, tp string) error {
}
func updateISCSINode(b iscsiDiskMounter, tp string) error {
// setting node.session.scan to manual to handle https://github.com/kubernetes/kubernetes/issues/90982
out, err := execWithLog(b, "iscsiadm", "-m", "node", "-p", tp, "-T", b.Iqn, "-I", b.Iface, "-o", "update", "-n", "node.session.scan", "-v", "manual")
if err != nil {
// don't fail if iscsiadm fails or the version does not support node.session.scan - log a warning to highlight the potential exposure
klog.Warningf("iscsi: failed to update node with node.session.scan=manual, possible exposure to issue 90982: %v", out)
}
if !b.chapSession {
return nil
}
out, err := execWithLog(b, "iscsiadm", "-m", "node", "-p", tp, "-T", b.Iqn, "-I", b.Iface, "-o", "update", "-n", "node.session.auth.authmethod", "-v", "CHAP")
out, err = execWithLog(b, "iscsiadm", "-m", "node", "-p", tp, "-T", b.Iqn, "-I", b.Iface, "-o", "update", "-n", "node.session.auth.authmethod", "-v", "CHAP")
if err != nil {
return fmt.Errorf("iscsi: failed to update node with CHAP, output: %v", out)
}