Iscsid not detected despite service running (longhorn)

SpiderUnderUrBed · March 28, 2025, 8:38am

This is on NixOS, so my whole thing is in a single config
Here is the main issue:

[spiderunderurbed@extranuc:/mnt/media]$ curl -sSfL https://raw.githubusercontent.com/longhorn/longhorn/v1.8.1/scripts/environment_check.sh | bash && sudo systemctl status iscsid
[INFO]  Required dependencies 'kubectl jq mktemp sort printf' are installed.
[INFO]  All nodes have unique hostnames.
[INFO]  Waiting for longhorn-environment-check pods to become ready (0/0)...
[INFO]  Waiting for longhorn-environment-check pods to become ready (0/2)...
[INFO]  All longhorn-environment-check pods are ready (2/2).
[INFO]  MountPropagation is enabled
[INFO]  Checking kernel release...
nsenter: can't execute 'bash': No such file or directory
command terminated with exit code 127
[WARN]  Node extranuc has outdated kernel release: . Recommending kernel release >= 5.8
[INFO]  Checking iscsid...
[ERROR] Neither iscsid.service nor iscsid.socket is running on extranuc
[INFO]  Checking multipathd...
[INFO]  Checking packages...
nsenter: can't execute 'bash': No such file or directory
command terminated with exit code 127
nsenter: can't execute 'bash': No such file or directory
command terminated with exit code 127
[ERROR] Failed to detect OS on node extranuc
[INFO]  Checking nfs client...
nsenter: can't execute 'bash': No such file or directory
command terminated with exit code 127
[WARN]  Failed to check NFS client installation, because unable to detect kernel release on node extranuc
[INFO]  Cleaning up longhorn-environment-check pods...
[INFO]  Cleanup completed.
[sudo] password for spiderunderurbed: 
● iscsid.service - Open-iSCSI
     Loaded: loaded (/etc/systemd/system/iscsid.service; enabled; preset: ignored)
    Drop-In: /nix/store/hpgkq97gpif158sij6zlffxm3nplhyf3-system-units/iscsid.service.d
             └─overrides.conf
     Active: active (running) since Fri 2025-03-28 04:12:50 UTC; 4h 2min ago
 Invocation: 89fd34cc999e450e87238f364f87922d
TriggeredBy: ● iscsid.socket
       Docs: man:iscsid(8)
             man:iscsiuio(8)
             man:iscsiadm(8)
    Process: 973 ExecStartPre=/nix/store/806d8bx1vrdp1ypjbq8ak5f4q78kmrm8-unit-script-iscsid-pre-start/bin/iscsid-pre-start (code=exited, status=0/SUCCESS)
   Main PID: 987 (iscsid)
     Status: "Ready to process requests"
         IP: 0B in, 0B out
         IO: 2.6M read, 16K written
      Tasks: 1 (limit: 14339)
     Memory: 4.5M (peak: 4.6M)
        CPU: 47ms
     CGroup: /system.slice/iscsid.service
             └─987 /nix/store/m9660f4f40qdldidn4nz9rwf9j8q7b28-open-iscsi-2.1.10/sbin/iscsid -f

Mar 28 04:12:49 extranuc systemd[1]: Starting Open-iSCSI...
Mar 28 04:12:50 extranuc systemd[1]: Started Open-iSCSI.

Config (click to expand):

{ pkgs, config, specialArgs, ... }:

let
  managerIp = "192.168.68.77";
  credentialsFile = "/etc/nixos/smb-credentials";
  mountPoint = "/mnt/media";
  #secretFile = config.secrets.dockerswarm.file;
  password = "(censored)";
  mountScript = pkgs.writeShellScript "mount-samba-share.sh" ''
    #!/bin/sh
    set -e  # Exit on error

    # Create the mount point directory if it doesn't exist
    ${pkgs.coreutils}/bin/mkdir -p ${mountPoint}

    # Mount the Samba share
    /run/wrappers/bin/mount -t cifs //192.168.68.36/main ${mountPoint} \
      -o credentials=${credentialsFile},iocharset=utf8

    echo "Samba share mounted successfully at ${mountPoint}"
  '';

  fileSystems."/mnt/media" = {
   device = "//192.168.68.77/main";
   fsType = "cifs";
   options = [ "username=spiderunderurbed" "password=${password}" "x-systemd.automount" "noauto" ];
  };

  systemd.tmpfiles.rules = [ 
    "f ${credentialsFile} 600 root root"
    "d /mnt/media 0775 root users -"
  ];
  # Write a shell script to join the Docker Swarm with the token from the file
 clusterJoinScript = pkgs.writeShellScript "cluster-join" ''
  #!/bin/sh
  ENABLESWARM=$(cat "${config.secrets.enableswarm.file}")
  ENABLEK8S=$(cat "${config.secrets.enablek8s.file}")
  if [ "$ENABLESWARM" = "true" ]; then
    TOKEN=$(cat "${config.secrets.dockerswarm.file}")
    echo "$TOKEN"
    ${pkgs.docker}/bin/docker swarm join --token "$TOKEN" ${managerIp}:2377
  elif [ "$ENABLEK8S" = "true" ]; then
    # Fetch the Kubernetes join token
    K8S_TOKEN=$(cat ${config.secrets.k8stoken.file})

    # Join the Kubernetes cluster without the CA hash (unsafe)
    #${pkgs.kubernetes}/bin/kubeadm join ${managerIp}:6443 --token "$K8S_TOKEN" --discovery-token-unsafe-skip-ca-verification --cri-socket /var/run/docker.sock
    #${pkgs.kubernetes}/bin/kubeadm join ${managerIp}:6443 --token "$K8S_TOKEN" 
    K3S_URL=https://192.168.68.77:6443 
    ${pkgs.k3s}/bin/k3s agent --server $K3S_URL --token $K8S_TOKEN
  fi
  #mountPoint = "/mnt/media";
#  credentialsFile = "/etc/nixos/smb-credentials";
'';
#kubeletConfig = pkgs.writeText "kubelet.conf" ''
#apiVersion: kubelet.config.k8s.io/v1beta1
#kind: wKubeletConfiguration
#containerRuntime: docker
#containerRuntimeEndpoint: unix:///var/run/docker.sock
#'';

  # Write a shell script to echo the secret file content
  echoService = pkgs.writeShellScript "netsecrets-echo" ''
    #!/bin/sh
    echo "Secret file content:"
    cat ${config.secrets.dockerswarm.file}
  '';
in
{
  environment.etc."nixos/smb-credentials".text = ''
    username=spiderunderurbed
    password=${password}
  '';
  
#  systemd.tmpfiles.rules = [
#    "f ${credentialsFile} 600 root root"
#  ];

  virtualisation = {
    docker = {
      enable = true;
    };
    containerd = {
      enable = true;
    };
  };
  
  #services.openiscsi.enable = true;
  services.openiscsi = {
    enable = true;
    name = "${config.networking.hostName}-initiatorhost";
  };
  services.openssh = {
    enable = true;
    ports = [
      3060
    ];
    openFirewall = true;
    settings = {
      PermitRootLogin = "no";
      PasswordAuthentication = false;
      PubkeyAuthentication = true;
    };
  };
  services.tailscale = {
        enable = true;
  };
  services.kubernetes.kubelet = {
        enable = false;
  };
  #services.k3s.enable = true;
  netsecrets = {
    enable = true;
    requesting = {
      server = "192.168.68.77";
      fallbacks = ["192.168.68.69"];
      password = "your_password";
      port = "8081";
      priority = 0;
      verbose = true;
      request_secrets = [
        "secret1" "dockerswarm" "enableswarm" "k8stoken" "enablek8s" 
#       "k8sca" "k8sclientcrt" "k8sclientkey"
        ];
    };
  };

  networking.firewall = {
    enable = true;
    allowedTCPPorts = [ 80 443 10250 6443 ];
  };

  systemd.services = {
 #  create-media-dir = {
 #   description = "Ensure /mnt/media exists";
#    before = [ "mount-samba-share.service" ];
#    script = ''
#      mkdir -p ${mountPoint}
#      chmod 775 ${mountPoint}
#    '';
#    serviceConfig = {
#      Type = "oneshot";
#      RemainAfterExit = true;
#    };s
#    wantedBy = [ "multi-user.target" ];
#  };
mount-samba-share = {
  description = "Mount Samba Share";
  after = [ "network-online.target" ];
  wants = [ "network-online.target" ];
  path = [ pkgs.coreutils ];  # Add coreutils to the service's path
  serviceConfig = {
    Type = "oneshot";
    RemainAfterExit = true;
    ExecStart = mountScript;
#''
#      ${pkgs.coreutils}/bin/mkdir -p ${mountPoint}
#      ${pkgs.cifs-utils}/bin/mount -t cifs //192.168.68.36/main ${mountPoint} \
#        -o credentials=${credentialsFile},iocharset=utf8
#    '';
    ExecStop = ''
      ${pkgs.cifs-utils}/bin/umount ${mountPoint}
    '';
  };
  wantedBy = [ "multi-user.target" ];
};
    kubelet = {
      enable = false;
      description = "Kubelet service";
      wantedBy = [ "multi-user.target" ];

      serviceConfig = {
        ExecStart = "echo test";
        #ExecStart = "${pkgs.kubernetes}/bin/kubelet";
      };
    };
    netsecrets-echo = {
      description = "Echo NetSecrets Content";
      wantedBy = [ "multi-user.target" ];
      serviceConfig = {
        ExecStart = echoService;
        Restart = "no";
        User = "root";
      };
    };

    cluster-join = {
      description = "Join Docker Swarm Cluster";
      after = [ "network.target" "netsecrets-receiver.service" ];

      serviceConfig = {
        Type = "oneshot";
        ExecStart = "${clusterJoinScript}";
        Restart = "on-failure";
      };

#      enable = config.secrets.enableswarm.value == "true";
#      restart = config.secrets.enableswarm.value == "true";

      wantedBy = [ "multi-user.target" ];
    };
  };

  networking.nameservers = [ "8.8.8.8" "8.8.4.4" ];
  networking.defaultGateway = {
    address = "192.168.68.1";
    interface = "eth0";
  };
  networking.interfaces.eth0.ipv4.addresses = [ {
    address = "192.168.68.38";
    prefixLength = 24;
  } ];

  networking.hostName = "extranuc";

  users.users = {
    spiderunderurbed = {
      password = "test";
      isNormalUser = true;

      openssh = {
        authorizedKeys.keys = [
          (builtins.readFile ./id_rsa.pub)
          (builtins.readFile ./id_ed25519.pub)
        ];
      };
      extraGroups = [ "wheel" ];
    };
  };

  environment.systemPackages = with pkgs; [
    kubectl 
    jq
    coreutils
    nfs-utils
    samba
    openiscsi
    cifs-utils
    tailscale
    lsof
    tmux
    screen
    k3s
    kubernetes
    specialArgs.netsecrets.packages.${system}.netsecrets
    docker
    docker-compose
  ];
}

Topic		Replies	Views
[solved] iSCSI into Container fails General Discussions	1	3037	June 22, 2018
Master node not working (CNI, k3s and longhorn) General Discussions network	0	31	March 25, 2025
K8s cant mount new iSCSI volumes General Discussions	1	672	April 10, 2022
Microk8s is not running. Use microk8s inspect for a deeper inspection microk8s	2	2605	April 24, 2023
[Security Advisory] CVE-2023-5528: Insufficient input sanitization in in-tree storage plugin leads to privilege escalation on Windows nodes Announcements	0	1495	November 14, 2023

Iscsid not detected despite service running (longhorn)

Related topics