简体中文版经机器翻译而成,仅供参考。如与英语版出现任何冲突,应以英语版为准。
适用于采用ONTAP的RHEL 9.5的NVMe-oF主机配置
贡献者
建议更改
PDF
NetApp SAN主机配置支持采用非对称命名空间访问(AANA)的基于网络结构的NVMe (NVMe-oF)协议。在NVMe-oF环境中、ANA相当于iSCSI和FCP环境中的非对称逻辑单元访问(AMUA)多路径功能。ANA是使用内核NVMe多路径功能实施的。
关于此任务
您可以在适用于Red Hat Enterprise Linux (RHEL) 9.5的NVMe-oF主机配置中使用以下支持和功能。在开始配置过程之前、您还应查看已知限制。
-
提供支持:
-
支持基于TCP的NVMe (NVMe/TCP)以及基于光纤通道的NVMe (NVMe/FC)。本机软件包中的NetApp插件 `nvme-cli`可显示NVMe/FC和NVMe/TCP命名库的ONTAP详细信息。
-
在同一主机上同时运行NVMe和SCSI流量。例如、您可以为SCSI LUN的SCSI mpath设备配置dm-Multipath、并使用NVMe多路径在主机上配置NVMe-oF命名空间设备。
有关支持的配置的其他详细信息、请参见 "NetApp 互操作性表工具"。
-
-
可用功能:
-
从ONTAP 9.12.1开始、NVMe-oF引入了对安全带内身份验证的支持。您可以在RHEL 9.5中对NVMe-oF使用安全带内身份验证。
-
默认情况下、RHEL 9.5会为NVMe命名空间启用内核NVMe多路径、从而无需显式设置。
-
支持使用NVMe/FC协议进行SAN启动。
-
-
已知限制:
-
没有已知限制。
-
验证软件版本
您可以使用以下操作步骤验证支持的最低RHEL 9.5软件版本。
步骤
-
在服务器上安装RHEL 9.5。安装完成后、验证是否正在运行指定的RHEL 9.5内核:
uname -r
5.14.0-503.11.1.el9_5.x86_64
-
安装
NVMe-CLI软件包:rpm -qa|grep nvme-cli
nvme-cli-2.9.1-6.el9.x86_64
-
安装
libnvme软件包:rpm -qa|grep libnvme
libnvme-1.9-3.el9.x86_64
-
在RHEL 9.5主机上,检查以下位置的hostnqn字符串
/etc/nvme/hostnqn:cat /etc/nvme/hostnqn
nqn.2014-08.org.nvmexpress:uuid:4c4c4544-0056-5410-8048-b9c04f425633
-
验证是否已
hostnqn字符串与匹配hostnqnONTAP 阵列上对应子系统的字符串:::> vserver nvme subsystem host show -vserver vs_coexistence_LPE36002
显示示例
Vserver Subsystem Priority Host NQN ------- --------- -------- ------------------------------------------------ vs_coexistence_LPE36002 nvme regular nqn.2014-08.org.nvmexpress:uuid:4c4c4544-0056-5410-8048-b9c04f425633 nvme_1 regular nqn.2014-08.org.nvmexpress:uuid:4c4c4544-0056-5410-8048-b9c04f425633 nvme_2 regular nqn.2014-08.org.nvmexpress:uuid:4c4c4544-0056-5410-8048-b9c04f425633 nvme_3 regular nqn.2014-08.org.nvmexpress:uuid:4c4c4544-0056-5410-8048-b9c04f425633 4 entries were displayed.
如果 hostnqn字符串不匹配、请使用vserver modify用于更新的命令hostnqn要匹配的相应ONTAP 阵列子系统上的字符串hostnqn字符串自/etc/nvme/hostnqn在主机上。
配置 NVMe/FC
您可以使用Broadcom/Emulex FC或Marvell/Qlogic FC适配器配置NVMe/FC。对于配置有Broadcom适配器的NVMe/FC、可以启用大小为1 MB的I/O请求。
Broadcom/Emulex
步骤
-
验证您使用的适配器型号是否受支持:
-
cat /sys/class/scsi_host/host*/modelnameLPe36002-M64 LPe36002-M64
-
cat /sys/class/scsi_host/host*/modeldescEmulex LightPulse LPe36002-M64 2-Port 64Gb Fibre Channel Adapter Emulex LightPulse LPe36002-M64 2-Port 64Gb Fibre Channel Adapter
-
-
确认您使用的是建议的Broadcom
lpfc固件和内置驱动程序:-
cat /sys/class/scsi_host/host*/fwrev14.4.317.10, sli-4:6:d 14.4.317.10, sli-4:6:d
-
cat /sys/module/lpfc/version0:14.4.0.2
有关支持的适配器驱动程序和固件版本的最新列表、请参见 "NetApp 互操作性表工具"。
-
-
验证的预期输出是否
lpfc_enable_fc4_type`设置为 `3:cat /sys/module/lpfc/parameters/lpfc_enable_fc4_type3
-
验证是否可以查看启动程序端口:
cat /sys/class/fc_host/host*/port_name0x100000109bf044b1 0x100000109bf044b2
-
验证启动程序端口是否联机:
cat /sys/class/fc_host/host*/port_stateOnline Online
-
验证NVMe/FC启动程序端口是否已启用且目标端口是否可见:
cat /sys/class/scsi_host/host*/nvme_info显示示例
NVME Initiator Enabled XRI Dist lpfc2 Total 6144 IO 5894 ELS 250 NVME LPORT lpfc2 WWPN x100000109bf044b1 WWNN x200000109bf044b1 DID x022a00 ONLINE NVME RPORT WWPN x202fd039eaa7dfc8 WWNN x202cd039eaa7dfc8 DID x021310 TARGET DISCSRVC ONLINE NVME RPORT WWPN x202dd039eaa7dfc8 WWNN x202cd039eaa7dfc8 DID x020b10 TARGET DISCSRVC ONLINE NVME Statistics LS: Xmt 0000000810 Cmpl 0000000810 Abort 00000000 LS XMIT: Err 00000000 CMPL: xb 00000000 Err 00000000 Total FCP Cmpl 000000007b098f07 Issue 000000007aee27c4 OutIO ffffffffffe498bd abort 000013b4 noxri 00000000 nondlp 00000058 qdepth 00000000 wqerr 00000000 err 00000000 FCP CMPL: xb 000013b4 Err 00021443 NVME Initiator Enabled XRI Dist lpfc3 Total 6144 IO 5894 ELS 250 NVME LPORT lpfc3 WWPN x100000109bf044b2 WWNN x200000109bf044b2 DID x021b00 ONLINE NVME RPORT WWPN x2033d039eaa7dfc8 WWNN x202cd039eaa7dfc8 DID x020110 TARGET DISCSRVC ONLINE NVME RPORT WWPN x2032d039eaa7dfc8 WWNN x202cd039eaa7dfc8 DID x022910 TARGET DISCSRVC ONLINE NVME Statistics LS: Xmt 0000000840 Cmpl 0000000840 Abort 00000000 LS XMIT: Err 00000000 CMPL: xb 00000000 Err 00000000 Total FCP Cmpl 000000007afd4434 Issue 000000007ae31b83 OutIO ffffffffffe5d74f abort 000014a5 noxri 00000000 nondlp 0000006a qdepth 00000000 wqerr 00000000 err 00000000 FCP CMPL: xb 000014a5 Err 0002149a
Marvell/QLogic
为Marvell/QLogic适配器配置NVMe/FC。
|
|
RHEL 9.5 GA内核中附带的本机内置qla2xxx驱动程序已进行了最新修复。这些修复程序对于ONTAP支持至关重要。 |
步骤
-
验证您是否正在运行受支持的适配器驱动程序和固件版本:
cat /sys/class/fc_host/host*/symbolic_name
QLE2742 FW:v9.14.00 DVR:v10.02.09.200-k QLE2742 FW:v9.14.00 DVR:v10.02.09.200-k
-
请验证
ql2xnvmeenable已设置。这样、Marvell适配器便可用作NVMe/FC启动程序:cat /sys/module/qla2xxx/parameters/ql2xnvmeenable
预期输出为1。
启用1 MB I/O (可选)
ONTAP会在"识别 控制器"数据中报告MDTS (MAX Data传输大小)为8。这意味着最大I/O请求大小最多可以为1 MB。要向Broadcom NVMe/FC主机发出大小为1 MB的I/O请求、应将参数的值 `lpfc_sg_seg_cnt`从默认值64增加 `lpfc`到256。
|
|
这些步骤不适用于逻辑NVMe/FC主机。 |
步骤
-
将 `lpfc_sg_seg_cnt`参数设置为256:
cat /etc/modprobe.d/lpfc.conf
options lpfc lpfc_sg_seg_cnt=256
-
运行 `dracut -f`命令并重新启动主机。
-
验证的预期值是否 `lpfc_sg_seg_cnt`为256:
cat /sys/module/lpfc/parameters/lpfc_sg_seg_cnt
配置 NVMe/TCP
NVMe/TCP协议不支持此 auto-connect`操作。相反、您可以通过手动执行NVMe/TCP或 `connect-all`操作来发现NVMe/TCP子系统和命名路径 `connect。
步骤
-
验证启动程序端口是否可以通过受支持的NVMe/TCP LIF提取发现日志页面数据:
nvme discover -t tcp -w host-traddr -a traddr
显示示例
nvme discover -t tcp -w 192.168.1.31 -a 192.168.1.24 Discovery Log Number of Records 20, Generation counter 25 =====Discovery Log Entry 0====== trtype: tcp adrfam: ipv4 subtype: current discovery subsystem treq: not specified portid: 4 trsvcid: 8009 subnqn: nqn.1992-08.com.netapp:sn.0f4ba1e74eb611ef9f50d039eab6cb6d:discovery traddr: 192.168.2.25 eflags: explicit discovery connections, duplicate discovery information sectype: none =====Discovery Log Entry 1====== trtype: tcp adrfam: ipv4 subtype: current discovery subsystem treq: not specified portid: 2 trsvcid: 8009 subnqn: nqn.1992-08.com.netapp:sn.0f4ba1e74eb611ef9f50d039eab6cb6d:discovery traddr: 192.168.1.25 eflags: explicit discovery connections, duplicate discovery information sectype: none =====Discovery Log Entry 2====== trtype: tcp adrfam: ipv4 subtype: current discovery subsystem treq: not specified portid: 5 trsvcid: 8009 subnqn: nqn.1992-08.com.netapp:sn.0f4ba1e74eb611ef9f50d039eab6cb6d:discovery traddr: 192.168.2.24 eflags: explicit discovery connections, duplicate discovery information sectype: none =====Discovery Log Entry 3====== trtype: tcp adrfam: ipv4 subtype: current discovery subsystem treq: not specified portid: 1 trsvcid: 8009 subnqn: nqn.1992-08.com.netapp:sn.0f4ba1e74eb611ef9f50d039eab6cb6d:discovery traddr: 192.168.1.24 eflags: explicit discovery connections, duplicate discovery information sectype: none =====Discovery Log Entry 4====== trtype: tcp adrfam: ipv4 subtype: nvme subsystem treq: not specified portid: 4 trsvcid: 4420 subnqn: nqn.1992-08.com.netapp:sn.0f4ba1e74eb611ef9f50d039eab6cb6d:subsystem.nvme_tcp_1 traddr: 192.168.2.25 eflags: none sectype: none =====Discovery Log Entry 5====== trtype: tcp adrfam: ipv4 subtype: nvme subsystem treq: not specified portid: 2 trsvcid: 4420 subnqn: nqn.1992-08.com.netapp:sn.0f4ba1e74eb611ef9f50d039eab6cb6d:subsystem.nvme_tcp_1 traddr: 192.168.1.25 eflags: none sectype: none =====Discovery Log Entry 6====== trtype: tcp adrfam: ipv4 subtype: nvme subsystem treq: not specified portid: 5 trsvcid: 4420 subnqn: nqn.1992-08.com.netapp:sn.0f4ba1e74eb611ef9f50d039eab6cb6d:subsystem.nvme_tcp_1 traddr: 192.168.2.24 eflags: none sectype: none =====Discovery Log Entry 7====== trtype: tcp adrfam: ipv4 subtype: nvme subsystem treq: not specified portid: 1 trsvcid: 4420 subnqn: nqn.1992-08.com.netapp:sn.0f4ba1e74eb611ef9f50d039eab6cb6d:subsystem.nvme_tcp_1 traddr: 192.168.1.24 eflags: none sectype: none =====Discovery Log Entry 8====== trtype: tcp adrfam: ipv4 subtype: nvme subsystem treq: not specified portid: 4 trsvcid: 4420 subnqn: nqn.1992-08.com.netapp:sn.0f4ba1e74eb611ef9f50d039eab6cb6d:subsystem.nvme_tcp_4 traddr: 192.168.2.25 eflags: none sectype: none =====Discovery Log Entry 9====== trtype: tcp adrfam: ipv4 subtype: nvme subsystem treq: not specified portid: 2 trsvcid: 4420 subnqn: nqn.1992-08.com.netapp:sn.0f4ba1e74eb611ef9f50d039eab6cb6d:subsystem.nvme_tcp_4 traddr: 192.168.1.25 eflags: none sectype: none =====Discovery Log Entry 10====== trtype: tcp adrfam: ipv4 subtype: nvme subsystem treq: not specified portid: 5 trsvcid: 4420 subnqn: nqn.1992-08.com.netapp:sn.0f4ba1e74eb611ef9f50d039eab6cb6d:subsystem.nvme_tcp_4 traddr: 192.168.2.24 eflags: none sectype: none =====Discovery Log Entry 11====== trtype: tcp adrfam: ipv4 subtype: nvme subsystem treq: not specified portid: 1 trsvcid: 4420 subnqn: nqn.1992-08.com.netapp:sn.0f4ba1e74eb611ef9f50d039eab6cb6d:subsystem.nvme_tcp_4 traddr: 192.168.1.24 eflags: none sectype: none =====Discovery Log Entry 12====== trtype: tcp adrfam: ipv4 subtype: nvme subsystem treq: not specified portid: 4 trsvcid: 4420 subnqn: nqn.1992-08.com.netapp:sn.0f4ba1e74eb611ef9f50d039eab6cb6d:subsystem.nvme_tcp_3 traddr: 192.168.2.25 eflags: none sectype: none =====Discovery Log Entry 13====== trtype: tcp adrfam: ipv4 subtype: nvme subsystem treq: not specified portid: 2 trsvcid: 4420 subnqn: nqn.1992-08.com.netapp:sn.0f4ba1e74eb611ef9f50d039eab6cb6d:subsystem.nvme_tcp_3 traddr: 192.168.1.25 eflags: none sectype: none =====Discovery Log Entry 14====== trtype: tcp adrfam: ipv4 subtype: nvme subsystem treq: not specified portid: 5 trsvcid: 4420 subnqn: nqn.1992-08.com.netapp:sn.0f4ba1e74eb611ef9f50d039eab6cb6d:subsystem.nvme_tcp_3 traddr: 192.168.2.24 eflags: none sectype: none =====Discovery Log Entry 15====== trtype: tcp adrfam: ipv4 subtype: nvme subsystem treq: not specified portid: 1 trsvcid: 4420 subnqn: nqn.1992-08.com.netapp:sn.0f4ba1e74eb611ef9f50d039eab6cb6d:subsystem.nvme_tcp_3 traddr: 192.168.1.24 eflags: none sectype: none =====Discovery Log Entry 16====== trtype: tcp adrfam: ipv4 subtype: nvme subsystem treq: not specified portid: 4 trsvcid: 4420 subnqn: nqn.1992-08.com.netapp:sn.0f4ba1e74eb611ef9f50d039eab6cb6d:subsystem.nvme_tcp_2 traddr: 192.168.2.25 eflags: none sectype: none =====Discovery Log Entry 17====== trtype: tcp adrfam: ipv4 subtype: nvme subsystem treq: not specified portid: 2 trsvcid: 4420 subnqn: nqn.1992-08.com.netapp:sn.0f4ba1e74eb611ef9f50d039eab6cb6d:subsystem.nvme_tcp_2 traddr: 192.168.1.25 eflags: none sectype: none =====Discovery Log Entry 18====== trtype: tcp adrfam: ipv4 subtype: nvme subsystem treq: not specified portid: 5 trsvcid: 4420 subnqn: nqn.1992-08.com.netapp:sn.0f4ba1e74eb611ef9f50d039eab6cb6d:subsystem.nvme_tcp_2 traddr: 192.168.2.24 eflags: none sectype: none =====Discovery Log Entry 19====== trtype: tcp adrfam: ipv4 subtype: nvme subsystem treq: not specified portid: 1 trsvcid: 4420 subnqn: nqn.1992-08.com.netapp:sn.0f4ba1e74eb611ef9f50d039eab6cb6d:subsystem.nvme_tcp_2 traddr: 192.168.1.24 eflags: none sectype: none
-
验证其他NVMe/TCP启动程序-目标LIF组合是否能够成功提取发现日志页面数据:
nvme discover -t tcp -w host-traddr -a traddr
显示示例
nvme discover -t tcp -w 192.168.1.31 -a 192.168.1.24 nvme discover -t tcp -w 192.168.2.31 -a 192.168.2.24 nvme discover -t tcp -w 192.168.1.31 -a 192.168.1.25 nvme discover -t tcp -w 192.168.2.31 -a 192.168.2.25
-
运行
nvme connect-all在节点中所有受支持的NVMe/TCP启动程序-目标SIP上运行命令:nvme connect-all -t tcp -w host-traddr -a traddr
显示示例
nvme connect-all -t tcp -w 192.168.1.31 -a 192.168.1.24 nvme connect-all -t tcp -w 192.168.2.31 -a 192.168.2.24 nvme connect-all -t tcp -w 192.168.1.31 -a 192.168.1.25 nvme connect-all -t tcp -w 192.168.2.31 -a 192.168.2.25
|
|
从RHEL 9.5开始、NVMe/TCP超时的默认设置 ctrl_loss_tmo`已关闭。这意味着对重试次数没有限制(无限期重试)。因此,在使用或 `nvme connect-all`命令(选项-l)时,无需手动配置特定的 `ctrl_loss_tmo`超时持续时间 `nvme connect。通过此默认行为、NVMe/TCP控制器在发生路径故障时不会发生超时、并会无限期保持连接。
|
验证 NVMe-oF
要支持ONTAP LUN正确运行、请验证内核NVMe多路径状态、ANA状态和ONTAP命名空间是否适用于NVMe-oF配置。
步骤
-
验证是否已启用内核NVMe多路径:
cat /sys/module/nvme_core/parameters/multipath
Y
-
验证相应ONTAP命名库的适当NVMe-oF设置(例如、型号设置为NetApp ONTAP控制器、负载平衡iopolicy设置为循环)是否正确反映在主机上:
-
cat /sys/class/nvme-subsystem/nvme-subsys*/modelNetApp ONTAP Controller NetApp ONTAP Controller
-
cat /sys/class/nvme-subsystem/nvme-subsys*/iopolicyround-robin round-robin
-
-
验证是否已在主机上创建并正确发现命名空间:
nvme list
显示示例
Node SN Model --------------------------------------------------------- /dev/nvme4n1 81Ix2BVuekWcAAAAAAAB NetApp ONTAP Controller Namespace Usage Format FW Rev ----------------------------------------------------------- 1 21.47 GB / 21.47 GB 4 KiB + 0 B FFFFFFFF
-
验证每个路径的控制器状态是否为活动状态且是否具有正确的ANA状态:
NVMe/FCnvme list-subsys /dev/nvme4n5
显示示例
nvme-subsys4 - NQN=nqn.1992-08.com.netapp:sn.3a5d31f5502c11ef9f50d039eab6cb6d:subsystem.nvme_1 hostnqn=nqn.2014-08.org.nvmexpress:uuid:e6dade64-216d- 11ec-b7bb-7ed30a5482c3 iopolicy=round-robin\ +- nvme1 fc traddr=nn-0x2082d039eaa7dfc8:pn-0x2088d039eaa7dfc8,host_traddr=nn-0x20000024ff752e6d:pn-0x21000024ff752e6d live optimized +- nvme12 fc traddr=nn-0x2082d039eaa7dfc8:pn-0x208ad039eaa7dfc8,host_traddr=nn-0x20000024ff752e6d:pn-0x21000024ff752e6d live non-optimized +- nvme10 fc traddr=nn-0x2082d039eaa7dfc8:pn-0x2087d039eaa7dfc8,host_traddr=nn-0x20000024ff752e6c:pn-0x21000024ff752e6c live non-optimized +- nvme3 fc traddr=nn-0x2082d039eaa7dfc8:pn-0x2083d039eaa7dfc8,host_traddr=nn-0x20000024ff752e6c:pn-0x21000024ff752e6c live optimizedNVMe/TCPnvme list-subsys /dev/nvme1n1
显示示例
nvme-subsys5 - NQN=nqn.1992-08.com.netapp:sn.0f4ba1e74eb611ef9f50d039eab6cb6d:subsystem.nvme_tcp_3 hostnqn=nqn.2014-08.org.nvmexpress:uuid:4c4c4544-0035-5910-804b-b5c04f444d33 iopolicy=round-robin \ +- nvme13 tcp traddr=192.168.2.25,trsvcid=4420,host_traddr=192.168.2.31, src_addr=192.168.2.31 live optimized +- nvme14 tcp traddr=192.168.2.24,trsvcid=4420,host_traddr=192.168.2.31, src_addr=192.168.2.31 live non-optimized +- nvme5 tcp traddr=192.168.1.25,trsvcid=4420,host_traddr=192.168.1.31, src_addr=192.168.1.31 live optimized +- nvme6 tcp traddr=192.168.1.24,trsvcid=4420,host_traddr=192.168.1.31, src_addr=192.168.1.31 live non-optimized
-
验证NetApp插件是否为每个ONTAP 命名空间设备显示正确的值:
列nvme netapp ontapdevices -o column
显示示例
Device Vserver Namespace Path ----------------------- ------------------------------ /dev/nvme1n1 linux_tcnvme_iscsi /vol/tcpnvme_1_0_0/tcpnvme_ns NSID UUID Size ------------------------------------------------------------ 1 5f7f630d-8ea5-407f-a490-484b95b15dd6 21.47GB
JSONnvme netapp ontapdevices -o json
显示示例
{ "ONTAPdevices":[ { "Device":"/dev/nvme1n1", "Vserver":"linux_tcnvme_iscsi", "Namespace_Path":"/vol/tcpnvme_1_0_0/tcpnvme_ns", "NSID":1, "UUID":"5f7f630d-8ea5-407f-a490-484b95b15dd6", "Size":"21.47GB", "LBA_Data_Size":4096, "Namespace_Size":5242880 }, ] }
设置安全带内身份验证
从ONTAP 9.12.1开始、支持在RHEL 9.5主机和ONTAP控制器之间通过NVMe/TCP和NVMe/FC进行安全带内身份验证。
要设置安全身份验证、每个主机或控制器都必须与关联 DH-HMAC-CHAP 密钥、它是NVMe主机或控制器的NQN与管理员配置的身份验证密钥的组合。要对其对等方进行身份验证、NVMe主机或控制器必须识别与对等方关联的密钥。
您可以使用命令行界面或Config JSON文件设置安全带内身份验证。如果需要为不同的子系统指定不同的dhchap密钥、则必须使用config JSON文件。
命令行界面
使用命令行界面设置安全带内身份验证。
步骤
-
获取主机NQN:
cat /etc/nvme/hostnqn
-
为RHEL 9.5主机生成dhchap密钥。
以下输出说明了 `gen-dhchap-key`命令参数:
nvme gen-dhchap-key -s optional_secret -l key_length {32|48|64} -m HMAC_function {0|1|2|3} -n host_nqn • -s secret key in hexadecimal characters to be used to initialize the host key • -l length of the resulting key in bytes • -m HMAC function to use for key transformation 0 = none, 1- SHA-256, 2 = SHA-384, 3=SHA-512 • -n host NQN to use for key transformation在以下示例中、将生成一个随机dhchap密钥、其中HMAC设置为3 (SHA-512)。
# nvme gen-dhchap-key -m 3 -n nqn.2014-08.org.nvmexpress:uuid:e6dade64-216d-11ec-b7bb-7ed30a5482c3 DHHC-1:03:1CFivw9ccz58gAcOUJrM7Vs98hd2ZHSr+iw+Amg6xZPl5D2Yk+HDTZiUAg1iGgxTYqnxukqvYedA55Bw3wtz6sJNpR4=:
-
在ONTAP控制器上、添加主机并指定两个dhchap密钥:
vserver nvme subsystem host add -vserver <svm_name> -subsystem <subsystem> -host-nqn <host_nqn> -dhchap-host-secret <authentication_host_secret> -dhchap-controller-secret <authentication_controller_secret> -dhchap-hash-function {sha-256|sha-512} -dhchap-group {none|2048-bit|3072-bit|4096-bit|6144-bit|8192-bit} -
主机支持两种类型的身份验证方法:单向和双向。在主机上、连接到ONTAP控制器并根据所选身份验证方法指定dhchap密钥:
nvme connect -t tcp -w <host-traddr> -a <tr-addr> -n <host_nqn> -S <authentication_host_secret> -C <authentication_controller_secret>
-
验证
nvme connect authentication命令、验证主机和控制器dhchap密钥:-
验证主机dhchap密钥:
cat /sys/class/nvme-subsystem/<nvme-subsysX>/nvme*/dhchap_secret
显示单向配置的示例输出
# cat /sys/class/nvme-subsystem/nvme-subsys1/nvme*/dhchap_secret DHHC-1:01:iM63E6cX7G5SOKKOju8gmzM53qywsy+C/YwtzxhIt9ZRz+ky: DHHC-1:01:iM63E6cX7G5SOKKOju8gmzM53qywsy+C/YwtzxhIt9ZRz+ky: DHHC-1:01:iM63E6cX7G5SOKKOju8gmzM53qywsy+C/YwtzxhIt9ZRz+ky: DHHC-1:01:iM63E6cX7G5SOKKOju8gmzM53qywsy+C/YwtzxhIt9ZRz+ky:
-
验证控制器dhchap密钥:
cat /sys/class/nvme-subsystem/<nvme-subsysX>/nvme*/dhchap_ctrl_secret
显示双向配置的示例输出
# cat /sys/class/nvme-subsystem/nvme-subsys6/nvme*/dhchap_ctrl_secret DHHC-1:03:1CFivw9ccz58gAcOUJrM7Vs98hd2ZHSr+iw+Amg6xZPl5D2Yk+HDTZiUAg1iGgxTYqnxukqvYedA55Bw3wtz6sJNpR4=: DHHC-1:03:1CFivw9ccz58gAcOUJrM7Vs98hd2ZHSr+iw+Amg6xZPl5D2Yk+HDTZiUAg1iGgxTYqnxukqvYedA55Bw3wtz6sJNpR4=: DHHC-1:03:1CFivw9ccz58gAcOUJrM7Vs98hd2ZHSr+iw+Amg6xZPl5D2Yk+HDTZiUAg1iGgxTYqnxukqvYedA55Bw3wtz6sJNpR4=: DHHC-1:03:1CFivw9ccz58gAcOUJrM7Vs98hd2ZHSr+iw+Amg6xZPl5D2Yk+HDTZiUAg1iGgxTYqnxukqvYedA55Bw3wtz6sJNpR4=:
-
JSON 文件
如果ONTAP控制器配置中有多个NVMe子系统、则可以将文件与命令结合 nvme connect-all`使用 `/etc/nvme/config.json。
要生成JSON文件、可以使用 `-o`选项。有关更多语法选项、请参见NVMe Connect-all手册页。
步骤
-
配置 JSON 文件:
显示示例
# cat /etc/nvme/config.json [ { "hostnqn":"nqn.2014-08.org.nvmexpress:uuid:9796c1ec-0d34-11eb-b6b2-3a68dd3bab57", "hostid":"b033cd4fd6db4724adb48655bfb55448", "dhchap_key":"DHHC-1:01:zGlgmRyWbplWfUCPMuaP3mAypX0+GHuSczx5vX4Yod9lMPim:" }, { "hostnqn":"nqn.2014-08.org.nvmexpress:uuid:4c4c4544-0035-5910-804b-b5c04f444d33", "subsystems":[ { "nqn":"nqn.1992-08.com.netapp:sn.0f4ba1e74eb611ef9f50d039eab6cb6d:subsystem.bidir_DHCP", "ports":[ { "transport":"tcp", "traddr":" 192.168.1.24 ", "host_traddr":" 192.168.1.31 ", "trsvcid":"4420", "dhchap_ctrl_key":"DHHC-1:03:L52ymUoR32zYvnqZFe5OHhMg4gxD79jIyxSShHansXpVN+WiXE222aVc651JxGZlQCI863iVOz5dNWvgb+14F4B4bTQ=:" }, { "transport":"tcp", "traddr":" 192.168.1.24 ", "host_traddr":" 192.168.1.31", "trsvcid":"4420", "dhchap_ctrl_key":"DHHC-1:03:L52ymUoR32zYvnqZFe5OHhMg4gxD79jIyxSShHansXpVN+WiXE222aVc651JxGZlQCI863iVOz5dNWvgb+14F4B4bTQ=:" }, { "transport":"tcp", "traddr":" 192.168.1.24 ", "host_traddr":" 192.168.1.31", "trsvcid":"4420", "dhchap_ctrl_key":"DHHC-1:03:L52ymUoR32zYvnqZFe5OHhMg4gxD79jIyxSShHansXpVN+WiXE222aVc651JxGZlQCI863iVOz5dNWvgb+14F4B4bTQ=:" }, { "transport":"tcp", "traddr":" 192.168.1.24 ", "host_traddr":" 192.168.1.31", "trsvcid":"4420", "dhchap_ctrl_key":"DHHC-1:03:L52ymUoR32zYvnqZFe5OHhMg4gxD79jIyxSShHansXpVN+WiXE222aVc651JxGZlQCI863iVOz5dNWvgb+14F4B4bTQ=:" } ] } ] } ]
在上述示例中, dhchap_key`对应于, `dhchap_ctrl_key`对应 `dhchap_ctrl_secret`于 `dhchap_secret。 -
使用config JSON文件连接到ONTAP控制器:
# nvme connect-all -J /etc/nvme/config.json
显示示例
traddr=192.168.1.24 is already connected traddr=192.168.1.24 is already connected traddr=192.168.1.24 is already connected traddr=192.168.1.24 is already connected traddr=192.168.1.24 is already connected traddr=192.168.1.24 is already connected traddr=192.168.1.25 is already connected traddr=192.168.1.25 is already connected traddr=192.168.1.25 is already connected traddr=192.168.1.25 is already connected traddr=192.168.1.25 is already connected traddr=192.168.1.25 is already connected
-
验证是否已为每个子系统的相应控制器启用dhchap密码:
-
验证主机dhchap密钥:
# cat /sys/class/nvme-subsystem/nvme-subsys0/nvme0/dhchap_secret
DHHC-1:01:zGlgmRyWbplWfUCPMuaP3mAypX0+GHuSczx5vX4Yod9lMPim:
-
验证控制器dhchap密钥:
# cat /sys/class/nvme-subsystem/nvme-subsys0/nvme0/dhchap_ctrl_secret
DHHC-1:03:L52ymUoR32zYvnqZFe5OHhMg4gxD79jIyxSShHansXpVN+WiXE222aVc651JxGZlQCI863iVOz5dNWvgb+14F4B4bTQ=:
-
已知问题
在运行ONTAP版本的RHEL 9.5上、NVMe-oF主机配置不存在已知问题。