Linux iSCSI

From Wiki
Jump to: navigation, search

Install packages

yum install targetcli

Configure an iSCSI target

Create a backing device

Any block device can be used as a target backing device. targetcli also supports using a regular file as the backing store.

Note: oVirt has an issue moving disks to a pool backed by a target on LVM. Use the raw disk device to avoid this.

Clear existing config

This will clear all current config's (backing storges, portals, etc..)

# targetcli clearconfig confirm=true
All configuration cleared

create backing stores

/backstores/block> create 1g-1-win2k8clu /dev/rootvg/1g-1-win2k8clu.vol
Created block storage object 1g-1-win2k8clu using /dev/rootvg/1g-1-win2k8clu.vol.
/backstores/block> ls
o- block .................................................................................... [Storage Objects: 1]
  o- 1g-1-win2k8clu ............................. [/dev/rootvg/1g-1-win2k8clu.vol (1.0GiB) write-thru deactivated]

Configure authentication

Set a userid and a password:

/iscsi/iqn.20...ample:t1/tpg1> cd acls/iqn.2014-08.com.example:client/ /iscsi/iqn.20...xample:client> set auth userid=usr Parameter userid is now 'usr'. /iscsi/iqn.20...xample:client> set auth password=pwd Parameter password is now 'pwd'.

Authentication can also be disabled if needed.

/iscsi> set discovery_auth enable=0
Parameter enable is now '0'.

create wwn

/iscsi> create
Created target iqn.2003-01.org.linux-iscsi.fedora-storage.x8664:sn.ec2c4f720fae.
Created TPG 1.
/iscsi> ls
o- iscsi ............................................................................................ [Targets: 1]
  o- iqn.2003-01.org.linux-iscsi.fedora-storage.x8664:sn.ec2c4f720fae .................................. [TPGs: 1]
    o- tpg1 ............................................................................... [no-gen-acls, no-auth]
      o- acls .......................................................................................... [ACLs: 0]
      o- luns .......................................................................................... [LUNs: 0]
      o- portals .................................................................................... [Portals: 0]

Note: the wwn here ithe target's WWN. ( Target == Your host)

Create a LUN

/iscsi> cd iqn.2003-01.org.linux-iscsi.fedora-storage.x8664:sn.ec2c4f720fae/

/iscsi/iqn.20....ec2c4f720fae> ls
o- iqn.2003-01.org.linux-iscsi.fedora-storage.x8664:sn.ec2c4f720fae .................................... [TPGs: 1]
  o- tpg1 ................................................................................. [no-gen-acls, no-auth]
    o- acls ............................................................................................ [ACLs: 0]
    o- luns ............................................................................................ [LUNs: 0]
    o- portals ...................................................................................... [Portals: 0]

/iscsi> cd tpg1/luns

/iscsi/iqn.20...fae/tpg1/luns> create  /backstores/block/5g-2-win2k8clu
Created LUN 0.
/iscsi/iqn.20...fae/tpg1/luns> create  /backstores/block/5g-1-win2k8clu
Created LUN 1.
/iscsi/iqn.20...fae/tpg1/luns> create  /backstores/block/1g-2-win2k8clu
Created LUN 2.
/iscsi/iqn.20...fae/tpg1/luns> create  /backstores/block/1g-1-win2k8clu
Created LUN 3.

/iscsi/iqn.20...fae/tpg1/luns> ls
o- luns ................................................................................................ [LUNs: 4]
  o- lun0 ................................................ [block/5g-2-win2k8clu (/dev/rootvg/5g-2-win2k8clu.vol)]
  o- lun1 ................................................ [block/5g-1-win2k8clu (/dev/rootvg/5g-1-win2k8clu.vol)]
  o- lun2 ................................................ [block/1g-2-win2k8clu (/dev/rootvg/1g-2-win2k8clu.vol)]
  o- lun3 ................................................ [block/1g-1-win2k8clu (/dev/rootvg/1g-1-win2k8clu.vol)]

create ACLs

The ACL name is the name of the *initiator*.

cat /etc/iscsi/initiator.name
/iscsi/iqn.20...fae/tpg1/acls> create iqn.1991-05.com.microsoft:node01.infra.local
Created Node ACL for iqn.1991-05.com.microsoft:node01.infra.local
Created mapped LUN 3.
Created mapped LUN 2.
Created mapped LUN 1.
Created mapped LUN 0.

/iscsi/iqn.20...fae/tpg1/acls> create iqn.1991-05.com.microsoft:node02.infra.local
Created Node ACL for iqn.1991-05.com.microsoft:node02.infra.local
Created mapped LUN 3.
Created mapped LUN 2.
Created mapped LUN 1.
Created mapped LUN 0.

== Create target portal ==

This is done automatically on CentOS 7.5.

<pre>
/iscsi/iqn.20...0m1/tpg1/luns> cd ../portals

/iscsi/iqn.20.../tpg1/portals> create
Using default IP port 3260
Binding to INADDR_ANY (0.0.0.0)
Created network portal 0.0.0.0:3260.

save config

Press ctl-D to save and exit.

enable target service

systemctl enable target.service
systemctl start target.service

Troubleshooting

Scsi3 PR testing fails

If scsi-3 Persistant reservations fails (for clustering) check the /var/log/messages

I got the following error

Jan  7 07:38:12 fedora-storage kernel: [342826.365151] filp_open(/var/target/pr/aptpl_26dfe3fc-8399-4dc8-86d2-51c1
e2bc9752) for APTPL metadata failed
Jan  7 07:38:12 fedora-storage kernel: [342826.879052] filp_open(/var/target/pr/aptpl_26dfe3fc-8399-4dc8-86d2-51c1
e2bc9752) for APTPL metadata failed
Jan  7 07:38:13 fedora-storage kernel: [342827.409833] filp_open(/var/target/pr/aptpl_26dfe3fc-8399-4dc8-86d2-51c1
e2bc9752) for APTPL metadata failed
Jan  7 07:38:13 fedora-storage kernel: [342827.940662] filp_open(/var/target/pr/aptpl_26dfe3fc-8399-4dc8-86d2-51c1
e2bc9752) for APTPL metadata failed
Jan  7 07:38:14 fedora-storage kernel: [342828.471457] filp_open(/var/target/pr/aptpl_26dfe3fc-8399-4dc8-86d2-51c1
e2bc9752) for APTPL metadata failed
Jan  7 07:38:14 fedora-storage kernel: [342828.510760] filp_open(/var/target/pr/aptpl_26dfe3fc-8399-4dc8-86d2-51c1
e2bc9752) for APTPL metadata failed
Jan  7 07:38:14 fedora-storage kernel: [342829.067433] filp_open(/var/target/pr/aptpl_15c78f42-3830-482c-9fb0-38d2
f59ef2eb) for APTPL metadata failed
Jan  7 07:38:15 fedora-storage kernel: [342829.579961] filp_open(/var/target/pr/aptpl_15c78f42-3830-482c-9fb0-38d2
f59ef2eb) for APTPL metadata failed
Jan  7 07:38:15 fedora-storage kernel: [342830.095156] filp_open(/var/target/pr/aptpl_15c78f42-3830-482c-9fb0-38d2
f59ef2eb) for APTPL metadata failed
Jan  7 07:38:16 fedora-storage kernel: [342830.626011] filp_open(/var/target/pr/aptpl_15c78f42-3830-482c-9fb0-38d2
f59ef2eb) for APTPL metadata failed

The solution was to create the /var/target/pr folder :-)


Misc.

Context sensitive help

using help in a particular location in the tree will give you a context sensitive help


Get config options

To get all the available configuration group use 'get'

/backstores/block> cd /iscsi

</pre>

/iscsi> get

AVAILABLE CONFIGURATION GROUPS
==============================
global discovery_auth
/iscsi> get discovery_auth
DISCOVERY_AUTH CONFIG GROUP
===========================
enable=0
--------
The enable discovery_auth parameter.

mutual_password=
----------------
The mutual_password discovery_auth parameter.

mutual_userid=
--------------
The mutual_userid discovery_auth parameter.

password=
---------
The password discovery_auth parameter.

userid=
-------
The userid discovery_auth parameter.


Also, it can be useful to check the ports currently used:

# netstat -ant
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:3260            0.0.0.0:*               LISTEN
tcp        0      0 192.168.1.81:22         192.168.1.81:33584      ESTABLISHED
tcp6       0      0 :::22                   :::*                    LISTEN
tcp6       0      0 ::1:25                  :::*                    LISTEN

Finally, open the 3260 tcp port in the firewall configuration:

# firewall-cmd --permanent --add-port=3260/tcp
Success

Note1: With RHEL 7.2 (RHBZ#1150656), there is now a firewalld configuration file for the iscsi-target service. So you can type: # firewall-cmd –permanent –add-service iscsi-target

Note2: In the new /usr/lib/firewalld/services/iscsi-target.xml configuration file, two lines are specified for the ports: TCP 3260 and UDP 3260. As everything was working fine until now with the TCP 3260 argument, I suppose that you can run iSCSI on top of UDP but it’s not the default option (I didn’t find any details in the RFC7143 on this point).

Reload the firewall configuration:

# firewall-cmd --reload
Success

Mount iSCSI target

Install tools needed:

yum install iscsi-initiator-utils
apt-get install open-iscsi

List iscsi sessions:

iscsiadm -m session

Discover targets:

iscsiadm -m discovery -t sendtargets -p <portal>

Login to target

iscsiadm -m node -T <target> --login

Disconnect iscsi target:

iscsiadm -m node -T <target> --logout

Delete iscsi session:

iscsiadm -m discovery -p <portal> -o delete

Configure automatic login to iscsi target

Setting the login mode affects only nodes that are discovered after the value is set.

Step Set the login mode for a specific portal on a target, for all the portals on a target, or for all targets and their ports: To set the login mode for... Do the following...

A specific port on a target Enter the command with the applicable format for your system, including the targetname and whether the login will be manual or automatic:

iscsiadm --mode node -T targetname -p ip:port -o update -n node.startup -v manual|automatic
iscsiadm --mode node -T targetname -p ip:port -o update -n node.conn[0].startup -v manual|automatic

All the ports on a target Enter the command with the applicable format for your system, including the targetname and whether the login will be manual or automatic:

target=iqn.1994-12.com.promise.f5.3.65.55.1.0.0.20
iscsiadm --mode node -T $target -o update -n node.startup -v automatic
iscsiadm --mode node -T $target -o update -n node.conn[0].startup -v automatic

All the targets

Modify the following line of the /etc/iscsi/iscsid.conf file to specify either manual or automatic:

node.startup = manual|automatic

Rediscover the iSCSI target.

Restart the iSCSI service.