[LSF/MM/BPF TOPIC] network storage transports managed within a container
Chris Leech
cleech at redhat.com
Mon Feb 28 18:04:00 PST 2022
There are various challenges when users start trying to manage SAN
attachments from within a container, and how we deal with network
namespaces. I think it would be worth a discussion around what can be
agreed on as desired behavior, and what it means to attach block
devices from a containerized environment.
iSCSI has a number of issues here with the kernel to iscsid
interfaces, netlink and sysfs, which are largely fixable without
needing to break anything. But for kernel maintained network
connections, there's an issue of interacting with namespace lifetimes
without a process.
NVMe/TCP has avoided complex user-space control planes, but when I
checked subsystem connection occurred within the active namespace of
nvme-cli, but afterwords all fabrics subsystems were visible,
controllable, and disconnectable from any namespace.
Lee Duncan had submitted a proposal to discuss this for iSCSI last
year [1], partially based on some older work I did that never
completed [2] (I need to update that code)
[1]
https://lore.kernel.org/linux-scsi/e9f0297a-a914-ba83-f706-5a2d508c666b@suse.com/
[2] https://github.com/cleech/linux/commits/iscsi-netns-old-wip
- Chris Leech
More information about the Linux-nvme
mailing list