Managing host access with nvmeof-cli

As a system administrator, you can add, list, and delete NVMe-oF host access by using the command-line interface (CLI).

Before you begin

Managing NVMe-oF hosts with the CLI requires the nvmeof-cli alias setup. For more information about defining the alias, see step 1 of Defining an NVMe-oF subsystem with nvmeof-cli.

About this task

At any point, you can use the -h or --help parameters for command help.
The following parameters are interchangeable:
  • --subsystem and -n
  • --host-nqn and -t
  • --serial-number and -s
  • --dhchap-key and -k
Use the commands listed here to manage host access.
Important: In-band authentication is supported on an initiator with Red Hat Enterprise Linux 9.5 or later. ESX is not supported.
Note: The commands here show the SUBSYSTEM_NQN with the subsystem NQN and group name, assuming that the --no-group-append was not added when adding the subsystem. For more information, see Managing subsystems with nvmeof-cli.

Adding a host

Use the host add command to add host access to an NVMe-oF subsystem. 
nvmeof-cli --server-address GATEWAY_IP --server-port SERVER_PORT host add --subsystem SUBSYSTEM_NQN --host-nqn HOST01_NQN [--dhchap-key KEY_VALUE]
Important: NQN and gateway name values must not contain an underscore character.
Note: Specific hosts can be selected, as in the following example. To specify all hosts, use --host-nqn "*".
Important: Only use the --dhchap-key parameter with a single specific host NQN. Do not use --host-nqn "*".
The following is an example of adding NVMe initiator the nqn.2014-08.org.nvmexpress:uuid:950ddadf-f995-47b7-9416-b9bb233f66e3 host: 
[root@host01 ~]# nvmeof-cli --server-address 10.172.19.01 --server-port 5500 host add --subsystem nqn.2016-06.io.spdk:cnode1.group1 --host-nqn nqn.2014-08.org.nvmexpress:uuid:950ddadf-f995-47b7-9416-b9bb233f66e3 --dhchap-key DHHC-1:00:abEcb12F100FNlZkIOkv37idpu/notvalid!!si1VQ09KhKv2g:
The following is an example of adding all NVMe initiator hosts: 
[root@host01 ~]# nvmeof-cli --server-address 10.172.19.01 --server-port 5500 host add --subsystem nqn.2016-06.io.spdk:cnode1.group1 --host-nqn “*”
Only one subsystem can be specified at a time. To specify multiple specific hosts, separate them by using a space.
Note: Do not use commas between host NQNs or quotes (") around the multiple host NQNs. Use the following example format:

--host-nqn HOST01_NQN HOST02_NQN

For example, 
[root@host01 ~]# nvmeof-cli --server-address 10.172.19.01 --server-port 5500 host add --subsystem nqn.2016-06.io.spdk:cnode1.group1 --host-nqn nqn.2014-08.org.nvmexpress:uuid:950ddadf-f995-47b7-9416-b9bb233f66e3 nqn.2014-08.org.nvmexpress:uuid:123ddadf-f456-47b7-9416-b9bb233f67f4
Adding host nqn.2014-08.org.nvmexpress:uuid:950ddadf-f995-47b7-9416-b9bb233f66e3 to nqn.2016-06.io.spdk:cnode1.group1: Successful
Adding host nqn.2014-08.org.nvmexpress:uuid:123ddadf-f456-47b7-9416-b9bb233f67f4 to nqn.2016-06.io.spdk:cnode1.group1: Successful

Changing a host authentication key

Use the host change_key command to change the in-band authentication keys for a host.
Important: Using the host change_key command without adding the --dhchap-key parameter removes the existing key.
host change_key --subsystem SUBSYSTEM_NQN --host-nqn HOST01_NQN --dhchap-key KEY_VALUE
For example, 
[root@host01 ~]# nvmeof-cli host change_key --subsystem nqn.2016-06.io.spdk:cnode1.group1 --host-nqn nqn.2014-08.org.nvmexpress:uuid:950ddadf-f995-47b7-9416-b9bb233f66e3 --dhchap-key DHHC-1:00:abEcb12F100FNlZkIOkv37idpu/notvalid!!si1VQ09KhKv2g:

Listing host access

Use the host list command to list NVMe-oF subsystem host access. 
nvmeof-cli --server-address GATEWAY_IP --server-port SERVER_PORT host list --subsystem SUBSYSTEM_NQN
For example, 
[root@host01 ~]# nvmeof-cli --server-address 10.172.19.01 --server-port 5500 host list --subsystem nqn.2016-06.io.spdk:cnode1.group1
Hosts allowed to access nqn.2016-06.io.spdk:cnode1.group1:
╒═══════════════════════════════════════════════════════════════════════════════╕
│                              Host NQN                               │
| ═════════════════════════════════════════════════════════════════════════════ |
│ nqn.2014-08.org.nvmexpress:uuid:123ddadf-f456-47b7-9416-b9bb233f67f4 │
╘═══════════════════════════════════════════════════════════════════════════════╛
[root@host01 ~]#

Deleting host access

Use the host del command to remove host access from NVMe-oF subsystems. 
nvmeof-cli --server-address GATEWAY_IP --server-port SERVER_PORT host del --subsystem SUBSYSTEM_NQN --host-nqn HOST_NQN
For example, 
[root@host01 ~]# nvmeof-cli --server-address 10.172.19.01 --server-port 5500 host del --subsystem nqn.2016-06.io.spdk:cnode1.group1 --host-nqn "*"
Disabling open host access to nqn.2016-06.io.spdk:cnode1.group1: Successful
To delete host access to multiple hosts, separate them by using a space.
Note: Do not use commas between host NQNs or quotes (") around the multiple host NQNs. Use the following example format:

--host-nqn HOST01_NQN HOST02_NQN

For example, 
[root@host01 ~]# nvmeof-cli --server-address 10.172.19.01 --server-port 5500 host del --subsystem nqn.2016-06.io.spdk:cnode1.group1 --host-nqn nqn.2014-08.org.nvmexpress:uuid:950ddadf-f995-47b7-9416-b9bb233f66e3 nqn.2014-08.org.nvmexpress:uuid:123ddadf-f456-47b7-9416-b9bb233f67f4
Removing host nqn.2014-08.org.nvmexpress:uuid:950ddadf-f995-47b7-9416-b9bb233f66e3  access from nqn.2016-06.io.spdk:cnode1.group1: Successful
Removing host nqn.2014-08.org.nvmexpress:uuid:123ddadf-f456-47b7-9416-b9bb233f67f4 access from nqn.2016-06.io.spdk:cnode1.group1: Successful