CN117453347A - Virtual machine login method, system, equipment and medium based on iSCSI - Google Patents
Virtual machine login method, system, equipment and medium based on iSCSI Download PDFInfo
- Publication number
- CN117453347A CN117453347A CN202311459946.XA CN202311459946A CN117453347A CN 117453347 A CN117453347 A CN 117453347A CN 202311459946 A CN202311459946 A CN 202311459946A CN 117453347 A CN117453347 A CN 117453347A
- Authority
- CN
- China
- Prior art keywords
- iscsi
- virtual machine
- iqn
- name
- source
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 42
- 239000003999 initiator Substances 0.000 claims abstract description 115
- 230000000694 effects Effects 0.000 abstract description 8
- 238000004364 calculation method Methods 0.000 abstract description 3
- 238000010586 diagram Methods 0.000 description 9
- 238000004891 communication Methods 0.000 description 5
- 238000004590 computer program Methods 0.000 description 5
- 230000009977 dual effect Effects 0.000 description 4
- 230000003287 optical effect Effects 0.000 description 4
- 230000006870 function Effects 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 238000004140 cleaning Methods 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000000644 propagated effect Effects 0.000 description 2
- 230000001413 cellular effect Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 230000004927 fusion Effects 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 238000000926 separation method Methods 0.000 description 1
- 238000004088 simulation Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45575—Starting, stopping, suspending or resuming virtual machine instances
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45595—Network integration; Enabling network access in virtual machine instances
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention discloses a virtual machine login method, a device, equipment and a medium based on iSCSI, wherein the virtual machine login method based on iSCSI comprises the following steps: responding to a login request of a virtual machine, acquiring iqn name and source ip of an iSCSI starting end of the virtual machine, wherein the source ip is ip of a physical machine running the virtual machine, and the iqn name is a unique identifier of the iSCSI starting end of the virtual machine; traversing the iqn name recorded in the storage unit, judging whether the iqn name which is the same as the iSCSI starting end exists or not, wherein the storage unit is used for recording the iqn name and the source ip of the iSCSI starting end corresponding to the logged-in virtual machine; if so, judging whether the source ip of the iSCSI initiator with the same iqn name as the iSCSI initiator is the same as the source ip of the iSCSI initiator; if not, rejecting the login request of the virtual machine. The virtual machine login method based on iSCSI provided by the invention can prevent the virtual machine from double-activity under the condition of separate storage and calculation deployment, and ensure the data consistency of the virtual machine. The adaptability of the virtual machine login method is improved to a certain extent.
Description
Technical Field
The present invention relates to the field of computer science, and in particular, to a virtual machine login method, system, device and readable storage medium based on iSCSI.
Background
Super fusion is an information infrastructure that integrates virtual computing resources and storage devices. Most of the existing virtual machine systems are in a super-fusion deployment mode, namely calculation and storage are deployed together and are deployed on the same set of physical machine clusters, and based on the super-fusion deployment mode, the virtual machines can directly access storage space, and the virtual machine is similar to a use method of local storage. Today, due to business requirements, there is a greater need to support a separate deployment of computing, i.e., separate deployment of computing and storage, where computing is on one set of clusters of physical machines and storage is on another set of clusters of physical machines.
In the prior art, after the mapping relationship between the disc and the client iqn is configured at the iSCSI target, the client can log in the iSCSI target by using its iqn and source ip, and after successful log in, the client can see its disc and then read and write the disc.
Based on a deployment mode of memory calculation separation, the virtual machine cannot be guaranteed not to have double activities, namely the same virtual machine operates on 2 different physical machines. When the virtual machines are dual-active, the same disk is mounted on 2 virtual machines, and if the 2 virtual machines all write IO, the disk data of the virtual machines are most likely to be damaged and inconsistent.
Accordingly, in view of the foregoing, it is desirable to provide a virtual machine login method, system, device and readable storage medium based on iSCSI.
The information disclosed in this background section is only for enhancement of understanding of the general background of the invention and should not be taken as an acknowledgement or any form of suggestion that this information forms the prior art already known to a person of ordinary skill in the art.
Disclosure of Invention
The invention aims to provide a virtual machine login method, a system, equipment and a readable storage medium based on iSCSI, which can prevent double activities of a virtual machine under separate storage and deployment and ensure the data consistency of the virtual machine.
In order to achieve the above purpose, the technical scheme provided by the invention is as follows:
in a first aspect, the present invention provides an iSCSI-based virtual machine login method, including:
responding to a login request of a virtual machine, acquiring iqn name and source ip of an iSCSI starting end of the virtual machine, wherein the source ip is ip of a physical machine running the virtual machine, and the iqn name is a unique identifier of the iSCSI starting end of the virtual machine;
traversing the iqname recorded in the storage unit, judging whether the iqn name which is the same as the iSCSI starting end exists or not, wherein the storage unit is used for recording the iqn name and source ip of the iSCSI starting end corresponding to the logged-in virtual machine;
if so, judging whether the source ip of the iSCSI initiator with the same iqn name as the iSCSI initiator is the same as the source ip of the iSCSI initiator;
if not, rejecting the login request of the virtual machine.
In one or more embodiments, the method further comprises:
and if the storage unit does not have the iqn name which is the same as the iSCSI initiator, allowing the login request of the iSCSI initiator, and recording the iqn name and source ip of the iSCSI initiator in the storage unit.
In one or more embodiments, the method further comprises:
when the logged-in virtual machine actively logs out, the iSCSI target terminal responds to the log-out request and deletes iqn name and source ip records of the iSCSI starting terminal of the logged-out virtual machine recorded in the storage unit.
In one or more embodiments, the method further comprises:
if the storage unit has the iqn name same as the iSCSI initiator, but the iSCSI initiator with the iqn name same as the iSCSI initiator is different from the iSCSI initiator source ip, allowing the iSCSI initiator to log in, and recording the iqn name and source ip of the iSCSI initiator in the storage unit.
In one or more embodiments, the storage unit is a zookeeper.
In a second aspect, the present invention provides an iSCSI-based virtual machine login system, comprising:
the acquisition module is used for responding to a login request of the iSCSI initiator and acquiring iqn name and source ip of the iSCSI initiator;
the source ip is an ip of a physical machine on which the virtual machine operates, the iqname is used for identifying an iSCSI starting end of the virtual machine, and the iqn name corresponds to the iSCSI starting end of the virtual machine one by one;
the first judging module is used for traversing the iqn name recorded in the storage unit and judging whether the iqn name which is the same as the iSCSI starting end exists or not;
the second judging module is used for judging whether the iSCSI initiator with the same iqn name as the iSCSI initiator is the same as the iSCSI initiator source ip;
and the login management module is used for allowing or rejecting the login request of the iSCSI initiator based on the result of the second judging module.
In one or more embodiments, the system further comprises:
if the storage unit does not have the iqn name which is the same as the iSCSI initiator, allowing the login request of the iSCSI initiator, and recording the iqn name and source ip of the iSCSI initiator in the storage unit
In one or more embodiments, the system further comprises:
if the storage unit has the iqn name same as the iSCSI initiator, but the iSCSI initiator with the iqn name same as the iSCSI initiator is different from the iSCSI initiator source ip, allowing the iSCSI initiator to log in, and recording the iqn name and source ip of the iSCSI initiator in the storage unit.
In a third aspect, the present invention provides a computer device comprising: the system comprises a memory and a processor, wherein the memory and the processor are in communication connection, the memory stores computer instructions, and the processor executes the computer instructions so as to execute the virtual machine login method based on iSCSI.
In a fourth aspect, the present invention provides a computer readable storage medium storing computer instructions for causing a computer to perform the iSCSI-based virtual machine login method.
Compared with the prior art, the iqn name and the source ip of the iSCSI starting end of the virtual machine are obtained in response to the login request of the virtual machine, wherein the source ip is the ip of the physical machine running the virtual machine, and the iqn name is the unique identifier of the iSCSI starting end of the virtual machine; traversing the iqn name recorded in the storage unit, judging whether the iqname which is the same as the iSCSI starting end exists or not, wherein the storage unit is used for recording the iqname and source ip of the iSCSI starting end corresponding to the logged-in virtual machine; if so, judging whether the source ip of the iSCSI initiator with the same iqn name as the iSCSI initiator is the same as the source ip of the iSCSI initiator; if not, rejecting the login request of the virtual machine. The virtual machine login method based on iSCSI has the following advantages:
(1) When a separate deployment mode is required to be calculated instead of a super-fusion deployment mode, the virtual machine login method based on iSCSI provided by the invention can avoid the condition that the same virtual machine runs on two different physical machines.
(2) The virtual machine login method based on the iSCSI ensures the consistency of the virtual machine data, expands the application scene of the virtual machine and improves the adaptability of the virtual machine login method based on the iSCSI.
Drawings
FIG. 1 is a schematic diagram of an application scenario of an iSCSI-based virtual machine login method according to an embodiment of the present invention;
FIG. 2 is a flow diagram of iSCSI-based virtual machine login in accordance with an embodiment of the invention;
FIG. 3 is a block diagram illustrating the architecture of an iSCSI-based virtual machine login system in accordance with an embodiment of the present invention;
fig. 4 is a block diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
The following detailed description of embodiments of the invention is, therefore, to be taken in conjunction with the accompanying drawings, and it is to be understood that the scope of the invention is not limited to the specific embodiments.
Throughout the specification and claims, unless explicitly stated otherwise, the term "comprise" or variations thereof such as "comprises" or "comprising", etc. will be understood to include the stated element or component without excluding other elements or components.
In order to facilitate understanding of the technical solutions of the present application, the following first explains in detail the technical terms that may occur in the present invention.
iSCSI (Internet Small Computer System Interface, small computer systems interface): the Internet small computer system interface, also called IP-SAN, is a storage technology based on the Internet and SCSI-3 protocols, proposed by the IETF, and has become a formal standard in 2/11/2003. Is an ethernet-based storage protocol invented by IBM, which is a solution to the problem of storage resource sharing with the NFS protocol of SUN.
Qemu: the computing virtualization software is a set of simulation processor software which distributes source codes by GPL license, and is widely used on a GNU/Linux platform. Hardware resources such as cpu, memory, etc. required by the virtual machine can be emulated.
Libissi: user-state iscsi initiator interface api.
iSCSI target: also called target service end, implements iSCSI protocol and provides iSCSI service.
iSCSI client: also called an iSCSI initiator, is used for sending an iSCSI request to an iSCSI target and establishing a link session.
Session: a set of TCP connections connecting the iSCSI initiator and iSCSI target form a session (which may be simply understood as i_t nexus). TCP connections may be added to or deleted from session. That is, there may be multiple connections in a session. Through all connections of a session, the iSCSI initiator sees only the same iSCSI target.
In the prior art, a method for ensuring consistency of data by a file lock mechanism to achieve dual activity processing specifically includes: based on the IO fence mechanism of the node, locking is performed on a node calling interface, writing IO of the same file is only received by the system, and writing IO of the same file from other nodes is completely refused. And the lock cannot be preempted, and the other node can be locked only after the lock is released or overtime is needed. The virtual machine must first take the file lock corresponding to the disk to send the write IO (disk and file are in one-to-one correspondence). Therefore, even if the virtual machine is double-lived, only one side can take file lock to send write IO, and the other side can write IO without going down, so that the data consistency of the virtual machine is ensured. However, there is still an unavoidable problem that the file lock fails when writing in the separate deployment mode of memory computation, because the virtual machine and the storage are not in the same cluster, and cannot be directly locked.
The inventor of the present invention finds the main disadvantages of the prior art and proposes a new technical implementation idea based on the disadvantages of the prior art: the source of write IO received by the limiting system after the double-activity appears is not as discriminated as when the virtual machine is logged in, the damage caused by the double-activity is blocked from the root, and the effect of avoiding the condition that the same virtual machine operates on two different physical machines is achieved.
Referring to fig. 1, a schematic application scenario diagram of an iSCSI-based virtual machine login method according to the present invention is shown. In the implementation scenario shown in fig. 1, the virtual machine iSCSI initiator 101, iSCSI target 102, and storage unit 103 are included. Specifically, the storage unit 103 may record the iqn name and source ip of the iSCSI initiator of the virtual machine that has already logged in, when the iSCSI initiator of the virtual machine logs in to the iSCSI target 102, the iSCSI target 102 may check whether the iSCSI initiator of the virtual machine that has already logged in to the storage unit 103 has the same iqn name, if the storage unit 103 does not have the same iqn name record, it indicates that the login request of the virtual machine is allowed to not cause the occurrence of the double-activity phenomenon, that is, the same virtual machine is not allowed to run on 2 different physical machines, so in this case, the login request of the virtual machine may be allowed, and the storage unit 103 records that the iSCSI initiator of the virtual machine corresponds to the iqn name and source ip while logging in.
It should be noted that, if the storage unit 103 already records the login of the iSCSI initiator of the virtual machine with the same iqn name, the login request cannot be directly denied, because whether the login occurs again due to the network failure of the virtual machine cannot be excluded, and further, it cannot be directly determined that the login will have dual activities.
If the same iqn name is already recorded in the storage unit 103, checking whether the source ip of the virtual machine iSCSI initiator with the same iqn name is the same. If the login request is the same, the description is the re-login of the virtual machine, so the login request should be allowed; if the login requests are different, the login requests are not the same, and in this case, if the login requests of the iSCSI initiator of the virtual machine are allowed, double-activity phenomena are caused, and damage to disk data of the virtual machine is easy to cause. The login request of the virtual machine iSCSI initiator should be denied to ensure consistency of the virtual machine data.
It should be noted that the virtual machine login method based on iSCSI according to the embodiment of the present invention may be applied to the virtual machine login system based on iSCSI according to the embodiment of the present invention. The iSCSI-based virtual machine login system may be configured at the terminal. Terminals may include, but are not limited to, PCs (Personal Computer, personal computers), PDAs (tablet computers), smartphones, smart wearable devices, and the like.
It should be noted that, the user terminal 101 may include, but is not limited to, a desktop computer (PC side), a desktop computer, a smart phone, a handheld computer, a tablet computer, a Personal Digital Assistant (PDA), and other portable electronic devices or wearable electronic devices, where the user terminal 101 is installed with a computer software program matched with the iSCSI virtual machine login system provided by the method; the user terminal 101 may be connected to a communication network by wire or wirelessly, wherein the communication network comprises a local area network or a combination of wide area networks communicating with the internet. The embodiments of the present invention do not limit the above matters.
Fig. 2 is a schematic flow chart of virtual machine login based on iSCSI according to an embodiment of the invention. The virtual machine login method based on iSCSI specifically comprises the following steps:
s201: responding to a login request of a virtual machine, acquiring iqn name and source ip of an iSCSI starting end of the virtual machine, wherein the source ip is ip of a physical machine running the virtual machine, and the iqn name is a unique identifier of the iSCSI starting end of the virtual machine;
specifically, the source IP is set by the small computer system interface based on TCP/IP, and the client needs to use IP to log in the iSCSI target end to establish connection, where the source IP refers to an IP address used by the client, and in the present invention and the corresponding embodiment is IP of a physical machine running the virtual machine. The iqn name, which is fully called iSCSIQualifiedName, is translated into an iSCSI defined name, and is a special and unique name used by iSCSI to identify the iSCSI node. The iSCSI node comprises a virtual machine iSCSI initiator and an iSCSI target, and in the same iSCSI network, both the iSCSI initiator and the iSCSI target need own iqn name which is the only name and cannot use the same iqn name.
S202: traversing the iqn name recorded in the storage unit, judging whether the iqn name which is the same as the iSCSI starting end exists or not, wherein the storage unit is used for recording the iqn name and source ip of the iSCSI starting end corresponding to the logged-in virtual machine;
it should be noted that, if the storage unit does not have the same iqn name as the iSCSI initiator, that is, the iSCSI initiator of the virtual machine is not currently in the logged-in state, the "dual-activity" phenomenon will not occur even if the login request is allowed. So the login request of the iSCSI initiator is allowed, and iqn name and source ip of the iSCSI initiator are recorded in the storage unit.
It should be further noted that, the storage unit is configured to record iqn name and source ip of the iSCSI initiator corresponding to the virtual machine that is allowed and has been logged in, and in a normal case, after the virtual machine is logged out, the storage unit may delete the records of iqn name and source ip of the iSCSI initiator of the logged-out virtual machine, so as to prevent the virtual machine from being misjudged as "logged in" when the virtual machine is logged in next time, thereby preventing the virtual machine from being logged in for dual-activity. Because it cannot be excluded whether the virtual machine re-logs in due to the occurrence of a virtual machine network failure or the like, even if the storage unit has the iqname same as the iSCSI initiator of the virtual machine requested by the current login, the current login request cannot be directly determined, and a secondary judgment is performed.
For example, in a specific embodiment, a virtual machine requests to log into an iSCSI target, the iqn name of the iSCSI initiator of the virtual machine is "iqn.1994-05.Com. Redhat: test-iqn-1", and the ip of the physical machine running the virtual machine, that is, the source ip of the virtual machine is 192.168.10.65. Traversing iqn name of the iSCSI starting end of the logged-in virtual machine recorded in the storage unit, judging whether the iqn name is the iqn starting end of the virtual machine which is also ' iqn.1994-05.Com. Redhat: test-iqn-1 ', if the iqn name is not recorded in the storage unit as the iqn.1994-05.Com. Redhat: test-iqn-1 ', agreeing to the login request of the virtual machine, and recording the iqn name and source ip of the iqn starting end to be logged-in the storage unit; if the iqn name is "iqn.1994-05.Com.redhat:test-iqn-1" virtual machine iSCSI initiator already recorded in the storage unit, a secondary judgment is needed.
S203: if so, judging whether the source ip of the iSCSI initiator with the same iqn name as the iSCSI initiator is the same as the source ip of the iSCSI initiator;
the method further comprises the steps of: if the storage unit has the iqn name which is the same as the iSCSI initiator and the iSCSI initiator which has the same iqn name as the iSCSI initiator is different from the iSCSI initiator source ip, allowing the iSCSI initiator to log in, and recording the iqn name and source ip of the iSCSI initiator in the storage unit; if the storage unit has the iqn name which is the same as the iSCSI initiator and the iSCSI initiator which has the iqn name which is the same as the iSCSI initiator source ip, the iSCSI initiator is refused to log in.
For example, following the specific embodiment described above, the iqn name of the virtual machine to be logged in is "iqn.1994-05.Com. Redhat: test-iqn-1" and source ip is 192.168.10.65. When the iqn name is already recorded in the storage unit and is also "iqn.1994-05.com redhat: test-iqn-1", further judgment is needed to determine whether the source ip of the virtual machine iSCSI initiator of which iqn name is "iqn.1994-05.com.redhat: test-iqn-1" recorded in the storage unit is the same as the source ip of the virtual machine iSCSI initiator to be logged in, and is also 192.168.10.65. If the virtual machines to be logged in are the same, the login request of the iSCSI starting end of the virtual machine to be logged in is refused; and if the virtual machines to be logged in are different, allowing the login request of the iSCSI initiator of the virtual machine to be logged in, and recording iqname and source ip of the login request in the storage unit.
Referring to fig. 3, based on the same inventive concept as the iSCSI-based virtual machine login method described above, in an embodiment of the present invention, an iSCSI-based virtual machine login system 300 is provided, which includes an acquisition module 301, a first judgment module 302, a second judgment module 303, and a login management module 304.
Specifically, the acquiring module is configured to respond to a login request of an iSCSI initiator, and acquire an iqn name and a source ip of the iSCSI initiator, where the source ip is an ip of a physical machine on which a virtual machine operates, the iqn name is used to identify the iSCSI initiator of the virtual machine, and the iqn name corresponds to the iSCSI initiator of the virtual machine one by one; the first judging module is used for traversing the iqn name recorded in the storage unit and judging whether the iqn name which is the same as the iSCSI starting end exists or not; the second judging module is configured to judge whether an iSCSI initiator having the same iqn name as the iSCSI initiator is the same as the source ip of the iSCSI initiator; the login management module is configured to allow or reject a login request of the iSCSI initiator based on a result of the second determination module.
It should be noted that, the first determining module 302 further includes: and if judging that the iqname which is the same as the iSCSI initiator does not exist in the storage unit, allowing the login request of the iSCSI initiator, and recording the iqn name and source ip of the iSCSI initiator in the storage unit.
The second judging module 303 further includes: if it is determined that the storage unit has the same iqn name as the iSCSI initiator, but the iSCSI initiator having the same iqn name as the iSCSI initiator is different from the iSCSI initiator source ip, allowing the iSCSI initiator to log in, and recording the iqn name and source ip of the iSCSI initiator in the storage unit.
The virtual machine login system based on iSCSI further comprises a cleaning module, wherein the cleaning module is used for responding to the login request by the iSCSI target end when the logged-in virtual machine is logged out actively, and deleting iqn name and source ip records of the iSCSI starting end of the logged-out virtual machine recorded in the storage unit.
Referring to fig. 4, an embodiment of the present invention further provides an electronic device 400, where the electronic device 400 includes at least one processor 401, a memory 402 (e.g., a nonvolatile memory), a memory 403, and a communication interface 404, and the at least one processor 401, the memory 402, the memory 403, and the communication interface 404 are connected together via a bus 405. The at least one processor 401 may be configured to invoke the at least one program instruction stored or encoded in the memory 402 to cause the at least one processor 401 to perform the various operations and functions of the iSCSI-based virtual machine login method described in various embodiments of the present specification.
In embodiments of the present description, electronic device 400 may include, but is not limited to: personal computers, server computers, workstations, desktop computers, laptop computers, notebook computers, mobile electronic devices, smart phones, tablet computers, cellular phones, personal Digital Assistants (PDAs), handsets, messaging devices, wearable electronic devices, consumer electronic devices, and the like.
Embodiments of the present invention also provide a computer readable medium having computer-executable instructions carried thereon that, when executed by a processor, may be used to implement the various operations and functions of iSCSI-based virtual machine login methods described in various embodiments of the present specification.
The computer readable medium in the present invention may be a computer readable signal medium or a computer readable storage medium or any combination of the two. The computer readable storage medium can be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples of the computer-readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
In the present invention, however, the computer-readable signal medium may include a data signal propagated in baseband or as part of a carrier wave, with the computer-readable program code embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wire, fiber optic cable, RF, etc., or any suitable combination of the foregoing.
It will be appreciated by those skilled in the art that embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus, systems, and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The foregoing descriptions of specific exemplary embodiments of the present invention are presented for purposes of illustration and description. It is not intended to limit the invention to the precise form disclosed, and obviously many modifications and variations are possible in light of the above teaching. The exemplary embodiments were chosen and described in order to explain the specific principles of the invention and its practical application to thereby enable one skilled in the art to make and utilize the invention in various exemplary embodiments and with various modifications as are suited to the particular use contemplated. It is intended that the scope of the invention be defined by the claims and their equivalents.
Claims (10)
1. A virtual machine login method based on iSCSI, comprising:
responding to a login request of a virtual machine, acquiring iqn name and source ip of an iSCSI starting end of the virtual machine, wherein the source ip is ip of a physical machine running the virtual machine, and the iqn name is a unique identifier of the iSCSI starting end of the virtual machine;
traversing the iqname recorded in the storage unit, judging whether the iqn name which is the same as the iSCSI starting end exists or not, wherein the storage unit is used for recording the iqn name and source ip of the iSCSI starting end corresponding to the logged-in virtual machine;
if so, judging whether the source ip of the iSCSI initiator with the same iqn name as the iSCSI initiator is the same as the source ip of the iSCSI initiator;
if not, rejecting the login request of the virtual machine.
2. An iSCSI-based virtual machine login method as in claim 1, wherein said method further comprises:
and if the storage unit does not have the iqn name which is the same as the iSCSI initiator, allowing the login request of the iSCSI initiator, and recording the iqn name and source ip of the iSCSI initiator in the storage unit.
3. An iSCSI-based virtual machine login method as in claim 1, wherein said method further comprises:
when the logged-in virtual machine actively logs out, the iSCSI target terminal responds to the log-out request and deletes iqn name and source ip records of the iSCSI starting terminal of the logged-out virtual machine recorded in the storage unit.
4. An iSCSI-based virtual machine login method as in claim 1, wherein said method further comprises:
if the storage unit has the iqn name same as the iSCSI initiator, but the iSCSI initiator with the iqn name same as the iSCSI initiator is different from the iSCSI initiator source ip, allowing the iSCSI initiator to log in, and recording the iqn name and source ip of the iSCSI initiator in the storage unit.
5. An iSCSI-based virtual machine login method as in claim 1, wherein said storage unit is a zookeeper.
6. An iSCSI-based virtual machine login system, comprising:
the device comprises an acquisition module, a storage module and a control module, wherein the acquisition module is used for responding to a login request of an iSCSI (Internet small computer system interface) starting end to acquire iqn name and source ip of the iSCSI starting end, wherein the source ip is ip of a physical machine on which a virtual machine operates, the iqn name is used for identifying the iSCSI starting end of the virtual machine, and the iqname corresponds to the iSCSI starting end of the virtual machine one by one;
the first judging module is used for traversing the iqn name recorded in the storage unit and judging whether the iqn name which is the same as the iSCSI starting end exists or not;
the second judging module is used for judging whether the iSCSI initiator with the same iqn name as the iSCSI initiator is the same as the iSCSI initiator source ip;
and the login management module is used for allowing or rejecting the login request of the iSCSI initiator based on the result of the second judging module.
7. An iSCSI-based virtual machine login system as in claim 6, wherein said system further comprises:
and if the storage unit does not have the iqn name which is the same as the iSCSI initiator, allowing the login request of the iSCSI initiator, and recording the iqn name and source ip of the iSCSI initiator in the storage unit.
8. An iSCSI-based virtual machine login system as in claim 6, wherein said system further comprises:
if the storage unit has the iqn name same as the iSCSI initiator, but the iSCSI initiator with the iqn name same as the iSCSI initiator is different from the iSCSI initiator source ip, allowing the iSCSI initiator to log in, and recording the iqn name and source ip of the iSCSI initiator in the storage unit.
9. A computer device, comprising: a memory and a processor communicatively coupled to each other, the memory having stored therein computer instructions that, upon execution, cause the processor to perform an iSCSI-based virtual machine login method as recited in any of claims 1-5.
10. A computer readable storage medium having stored thereon computer instructions for causing a computer to perform an iSCSI-based virtual machine login method as in any one of claims 1-5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311459946.XA CN117453347A (en) | 2023-11-01 | 2023-11-01 | Virtual machine login method, system, equipment and medium based on iSCSI |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311459946.XA CN117453347A (en) | 2023-11-01 | 2023-11-01 | Virtual machine login method, system, equipment and medium based on iSCSI |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117453347A true CN117453347A (en) | 2024-01-26 |
Family
ID=89594505
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311459946.XA Pending CN117453347A (en) | 2023-11-01 | 2023-11-01 | Virtual machine login method, system, equipment and medium based on iSCSI |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117453347A (en) |
-
2023
- 2023-11-01 CN CN202311459946.XA patent/CN117453347A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110166432B (en) | Method for accessing intranet target service and method for providing intranet target service | |
| TWI498744B (en) | Method, system, and computer readable storage device for bidirectional dynamic offloading of tasks between a host and a mobile device | |
| US10887307B1 (en) | Systems and methods for identifying users | |
| US10348755B1 (en) | Systems and methods for detecting network security deficiencies on endpoint devices | |
| CN110300133B (en) | Cross-domain data transmission method, device, equipment and storage medium | |
| CN103595790B (en) | The remote access method of equipment, thin-client and virtual machine | |
| US20170163479A1 (en) | Method, Device and System of Renewing Terminal Configuration In a Memcached System | |
| CN112805980B (en) | Techniques for mobile device management based on query-less device configuration determination | |
| US10798097B2 (en) | Intelligent redirection of authentication devices | |
| US9847987B2 (en) | Data center access and management settings transfer | |
| US9723064B1 (en) | Hybrid quorum policies for durable consensus in distributed systems | |
| US10489311B1 (en) | Managing webUSB support for local and redirected USB devices | |
| US10425475B2 (en) | Distributed data management | |
| CN106506484B (en) | Data backup method, device and system | |
| US8677120B2 (en) | Communication between key manager and storage subsystem kernal via management console | |
| US11411887B2 (en) | Method and device for performing traffic control on user equipment | |
| US9213618B2 (en) | Storage management systems and methods in hierarchical storage systems | |
| US9749278B1 (en) | Persistent connections for email web applications | |
| CN105159846B (en) | Method and storage system for supporting double-control switching of virtualized disk | |
| US9130994B1 (en) | Techniques for avoiding dynamic domain name system (DNS) collisions | |
| CN113791792A (en) | Application calling information acquisition method and device and storage medium | |
| CN111131409B (en) | Method and device for responding to request and related equipment | |
| CN117951101A (en) | File access method and device, electronic equipment and computer readable storage medium | |
| CN112711955B (en) | NFC information transmission method, NFC information transmission device and terminal | |
| CN111600755A (en) | Internet access behavior management system and method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |