From: Hannes Reinecke <hare@xxxxxxx>
Add --tls option to _create_nvmet_subsystem and allow to specify
the tls requirements in _create_nvmet_port.
Signed-off-by: Hannes Reinecke <hare@xxxxxxx>
Signed-off-by: Shin'ichiro Kawasaki <shinichiro.kawasaki@xxxxxxx>
---
common/nvme | 20 ++++++++++++++++++--
1 file changed, 18 insertions(+), 2 deletions(-)
diff --git a/common/nvme b/common/nvme
index 9327dff..47bcdc9 100644
--- a/common/nvme
+++ b/common/nvme
@@ -477,6 +477,7 @@ _fc_host_traddr() {
}
_create_nvmet_port() {
+ local tls="${1:-none}"
local trtype="${nvme_trtype}"
local traddr="${def_traddr}"
local adrfam="${def_adrfam}"
@@ -513,7 +514,13 @@ _create_nvmet_port() {
[[ "${adrfam}" != "loop" ]] ; then
echo "${trsvcid}" > "${portcfs}/addr_trsvcid"
fi
-
+ if [[ "${trtype}" == "tcp" ]] && \
+ [[ "${tls}" != "none" ]]; then
+ echo "tls1.3" > "${portcfs}/addr_tsas"
+ if [[ "${tls}" != "required" ]]; then
+ echo "not required" > "${portcfs}/addr_treq"
+ fi
+ fi
echo "${port}"
}
@@ -878,6 +885,7 @@ _nvmet_target_setup() {
local port p
local resv_enable=""
local num_ports=1
+ local tls="none"
local -a ARGS
while [[ $# -gt 0 ]]; do
@@ -910,6 +918,14 @@ _nvmet_target_setup() {
num_ports="$2"
shift 2
;;
+ --tls)
+ tls="not-required"
+ shift 1
+ ;;
+ --force-tls)
+ tls="required"
+ shift 1
+ ;;
*)
echo "WARNING: unknown argument: $1"
shift
@@ -956,7 +972,7 @@ _nvmet_target_setup() {
p=0
while (( p < num_ports )); do
- port="$(_create_nvmet_port)"
+ port="$(_create_nvmet_port ${tls})"
_add_nvmet_subsys_to_port "${port}" "${subsysnqn}"
p=$(( p + 1 ))
done
--
2.49.0
