iSCSI storage on CentOS 7

Posted: July 9, 2015 in Linux

SCSI is a type of connection for storage which enables sharing local storage with another computers on the network.To remote computer shared storage appears as local hard disk which can be partitioned,mounted and formatted

iSCSI is a prorocol which allows clients (called initiators) to send SCSI commands to SCSI storage devices (targets) on remote servers over the network.Using this, iSCSI takes a  local storage bus and emulates it over a  networks, creating a storage area notwork (SAN). Unlike some SAN protocols, iSCSI requires no dedicated cabling, thanks to this iSCSI is  a low-cost alternative to FibreChannel, which requires dedicated infrastructure.

Initiator is iSCSI client that access the storage which is shared on target.Initiator is either software or hardware based.A software initiator uses kernel driver which uses network card to emulate SCSI device.A hardware initiator uses dedicated hardware, typically in combination with hardware’s firmware to implement iSCSI.The iSCSI initiator needs to install iscsi-initiator-utils package.This package provides the iscsiadm management command, the /etc/iscsi/iscsid.conf configuration file, and other commands and files.

Target is the name of the iSCSI server.The iSCSI server offers its devices  to the clients (initiator).Storage resources which reside on target servers are called backstore. A backstore can be an  physical or virtual disk ,a standard partition a RAID partition or LVM logical volume.Target also can host objects with one or more LUN’s.

LUN (Logical Unit Number) is an SCSI device that is part of a physical SCSI device (target). In an iSCSI terminology, LUNs are  numbered disk drivesTo utilize iSCSi target functionality,package targetcli needs to be installed on target server.This package confgure and share storage resources so it can be available to client computers (initiators) over the network.It gives as the ability to present local storage resources (disk,logical volume,RAID partition, disk partition) to iSCSI clients (initiator).It also enables view of all target LUNs configured on the target server in directory fashion presentations.

Server with IP address 192.168.122.200 (server1.example.com),with /dev/sda disk of 2GB,will serve as target server.We will make this 2GB hard disk available to client (initiator).Machine with 192.168.122.90 will be our initiator.

On target server install targetcli package:

[root@server1 ja]#yum install targetcli -y

run targetcli and list object tree

[root@server1 ja]# targetcli
targetcli shell version 2.1.fb37
Copyright 2011-2013 by Datera, Inc and others.
For help on commands, type 'help'.

/> ls
/> ls
o- / .....................................................................[...]
o- backstores ............................................................[...]
| o- block ................................................[Storage Objects: 0]
| o- fileio ...............................................[Storage Objects: 0]
| o- pscsi ................................................[Storage Objects: 0]
| o- ramdisk ............................................. [Storage Objects: 0]
o- iscsi ......................................................... [Targets: 0]
o- loopback ................................................. .... [Targets: 0]

Enter into /backstores/block folder to build a backstore iscsidisk1 using the /dev/sda disk:

/> cd backstores/
/backstores/block> create iscsidisk1 dev=/dev/sda
Created block storage object iscsidisk1 using /dev/sda.
/backstores/block> ls
o- block .................................................. [Storage Objects: 1]
o- iscsidisk1 ....................... [/dev/sda (2.0GiB) write-thru deactivated]

Go into the /iscsi directory:

Build an iSCSI target with address iqn.2015-07.com.example.s1:iscsidisk1 on the
iscsidisk1 backstore in the default TPG
iSCSI naming:

iSCSI assigns a unique address to each target server.Most of the implementations use the iqn format.

We will create following address:iqn.2015-07.com.example.s1:iscsidisk1
Let’s split this address:

iqn stands for iSCSI address format
2015-07.year and month when domain was registered
com.example.s1 reversed domain name
iscsidisk1 backstore created in previous step

TPG (target portal group) represents set of portals which are assigned to a target LUN for conducting iSCSI sessions for that LUN.

Portal: a set comprising of an IP address and TCP port that a target server listens on and initiators connect to.Default port 3260.

/> cd iscsi
/iscsi> create iqn.2015-07.com.example.s1:iscsidisk1
Created target iqn.2015-07.com.example.s1:iscsidisk1.
Created TPG 1.
Global pref auto_add_default_portal=true
Created default portal listening on all IPs (0.0.0.0), port 3260.
/iscsi> ls
o- iscsi .........................................................[Targets: 1]
o- iqn.2015-07.com.example.s1:iscsidisk1 ........................... [TPGs: 1]
o- tpg1 ............................................... [no-gen-acls, no-auth]
o- acls ............................................................ [ACLs: 0]
o- luns ............................................................ [LUNs: 0]
o- portals ...................................................... [Portals: 1]
o- 0.0.0.0:3260 ......................................................... [OK]

Create a network portal for the target using the IP (192.168.122.200) to be used for iSCSI traffic
and the default port by going into the iqn.2015-07.com.example.s1:iscsidisk1 directory.By doing this we will make target to be discoverable and accessible over the network.

Note: if you face “Could not create NetworkPortal in configFS.” error you need to delete default portal (0.0.0.0 3260)

/iscsi/iqn.20.../tpg1/portals> delete 0.0.0.0 3260
Deleted network portal 0.0.0.0:3260
/iscsi> cd iqn.2015-07.com.example.s1:iscsidisk1/tpg1/
/iscsi/iqn.20...csidisk1/tpg1> portals/ create 192.168.122.200
Using default IP port 3260
Could not create NetworkPortal in configFS.
/iscsi/iqn.20...csidisk1/tpg1> ls
o- tpg1 ................................................. [no-gen-acls, no-auth]
o- acls ............................................................ [ACLs: 0]
o- luns ............................................................ [LUNs: 0]
o- portals ...................................................... [Portals: 1]
o- 0.0.0.0:3260 ......................................................... [OK]
/iscsi/iqn.20...csidisk1/tpg1> cd portals/
/iscsi/iqn.20.../tpg1/portals> ls
o- portals ........................................................ [Portals: 1]
o- 0.0.0.0:3260 ........................................................... [OK]
/iscsi/iqn.20.../tpg1/portals> delete 0.0.0.0 3260
Deleted network portal 0.0.0.0:3260
/iscsi/iqn.20.../tpg1/portals> cd ..
/iscsi/iqn.20...csidisk1/tpg1> ls
o- tpg1 ................................................. [no-gen-acls, no-auth]
o- acls ............................................................ [ACLs: 0]
o- luns ............................................................ [LUNs: 0]
o- portals ...................................................... [Portals: 0]
/iscsi/iqn.20...csidisk1/tpg1> ls
o- tpg1 ................................................. [no-gen-acls, no-auth]
o- acls ............................................................ ..[ACLs: 0]
o- luns .............................................................. [LUNs: 0]
o- portals ........................................................ [Portals: 0]
/iscsi/iqn.20...csidisk1/tpg1> portals/ create 192.168.122.200
Using default IP port 3260
Created network portal 192.168.122.200:3260.

Create a LUN called lun0 in the target:

/iscsi/iqn.20...csidisk1/tpg1> luns/ create /backstores/block/iscsidisk1
Created LUN 0.
/iscsi/iqn.20...csidisk1/tpg1> ls
o- tpg1 ................................................. [no-gen-acls, no-auth]
o- acls ............................................................ [ACLs: 0]
o- luns ............................................................ [LUNs: 1]
| o- lun0 ...................................... [block/iscsidisk1 (/dev/sda)]
o- portals ...................................................... [Portals: 1]
o- 192.168.122.200:3260 ..................................................[OK]

ACL’s

If generate_node_acls is 1, the TPG-wide settings will be used (ignore ACLs). If generate_node_acls is 0, then the user-created ACLs’ settings will be used.

set attribute authentication=0 disable authentication so that any initiator can access  LUN.

demo_mode_write_protect=0  makes the LUN write-enabled

Disable authentication so that any initiator can access this LUN

/iscsi/iqn.20...csidisk1/tpg1> set attribute authentication=0 demo_mode_write_protect=0 generate_node_acls=1
Parameter authentication is now '0'.
Parameter demo_mode_write_protect is now '0'.
Parameter generate_node_acls is now '1'.

Add a service called iscsi.You can do this by copying one of xml files from /usr/lib/firewalld/services to /etc/firewalld/services/folder  (i copied dhcp.xml file as iscsi.xml,but you can use any you wish) and permit iSCSI traffic on port 3260.

[root@server1 services]# cp /usr/lib/firewalld/services/dhcp.xml /etc/firewalld//services/iscsi.xml
[root@server1 services]# vi /etc/firewalld/services/iscsi.xml
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>iSCSI</short>
<description>This allows a iSCSI traffic through the firewall.</description>
<port protocol="tcp" port="3260"/>
</service>

Add the new iscsi service to firewalld and activate it:

firewall-cmd --permanent --add-service iscsi ; firewall-cmd --reload
success
success

Commands on the client (initiator)

Switch now to client (initiator),install iscsi-initiator-utils package

yum install iscsi-initiator-utils -y

iscsiadm command-line options:

–D (–discover) Discovers targets using discovery records. If no matching record is found, a new record is created based on
settings defined in the /etc/iscsi/iscsi.conf file.
–l (–login) Logs in to the specified target.
–L (– loginall) Logs in to all discovered targets.
–m (–mode) Specifies one of the supported modes of operation: discovery, node, fw, iface, and session.
–p (–portal) Specifies a target server portal.
–o (–op) Specifies one of the supported database operators: new, delete, update, show, or non-persistent.
–T (–targetname) Specifies a target name.
–t (–type) Specifies a type of discovery. Sendtargets (st) is usually used. iSNS is another available type.
–u (–logout) Logs out from a target.
–U (–logoutall) Logs out from all targets.

Execute the iscsiadm command in sendtargets type (–t) discovery mode (–m) to locate
available iSCSI targets from the specified portal (–p):

iscsiadm –m discovery –t st –p 192.168.122.200
192.168.122.200:3260,1 iqn.2015-07.com.example.s1:iscsidisk1

The above command also adds the new record to discovery database files located
in the /var/lib/iscsi directory, and starts the iscsid daemon. This information remains persistent unless you delete it.

Untitled

Log in (–l) to the target (–T) in node mode (–m) at the  portal (–p) to establish a
target/initiator session:

[root@s1 godon]# iscsiadm -m node -T iqn.2015-07.com.example.s1:iscsidisk1 -p 192.168.122.200 -l
Logging in to [iface: default, target: iqn.2015-07.com.example.s1:iscsidisk1, portal: 192.168.122.200,3260] (multiple)
Login to [iface: default, target: iqn.2015-07.com.example.s1:iscsidisk1, portal: 192.168.122.200,3260] successful.

See information for the established iSCSI session (–m) and specify printlevel (–P) 3 for verbosity.At the end of this verbose output we can see LUN name (sde):

[root@s1 godon]# iscsiadm -m session -P3
iSCSI Transport Class version 2.0-870
version 6.2.0.873-24
Target: iqn.2015-07.com.example.s1:iscsidisk1 (non-flash)
 Current Portal: 192.168.122.200:3260,1
 Persistent Portal: 192.168.122.200:3260,1
 **********
 Interface:
 **********
 Iface Name: default
 Iface Transport: tcp
 Iface Initiatorname: iqn.1994-05.com.redhat:fad77bb17a31
 Iface IPaddress: 192.168.122.1
 Iface HWaddress: <empty>
 Iface Netdev: <empty>
 SID: 1
 iSCSI Connection State: LOGGED IN
 iSCSI Session State: LOGGED_IN
 Internal iscsid Session State: NO CHANGE
 *********
 Timeouts:
 *********
 Recovery Timeout: 120
 Target Reset Timeout: 30
 LUN Reset Timeout: 30
 Abort Timeout: 15
 *****
 CHAP:
 *****
 username: <empty>
 password: ********
 username_in: <empty>
 password_in: ********
 ************************
 Negotiated iSCSI params:
 ************************
 HeaderDigest: None
 DataDigest: None
 MaxRecvDataSegmentLength: 262144
 MaxXmitDataSegmentLength: 262144
 FirstBurstLength: 65536
 MaxBurstLength: 262144
 ImmediateData: Yes
 InitialR2T: Yes
 MaxOutstandingR2T: 1
 ************************
 Attached SCSI devices:
 ************************
 Host Number: 6 State: running
 scsi6 Channel 00 Id 0 Lun: 0
 Attached scsi disk sde State: running

We now need to add target name to /etc/iscsi/initiatorname.iscsi file
(iqn.2015-07.com.example.s1:iscsidisk1)

See new LUN:

[root@s1 godon]# lsblk | grep sde
sde 8:64 0 2G 0 disk

Initialize LUN:

[root@s1 godon]# pvcreate /dev/sde 
Physical volume "/dev/sde" successfully created

create volume group myiscsivg

[root@s1 godon]# vgcreate myiscsivg /dev/sde1
Volume group "myiscsivg" successfully created

create  a logical volume (lmyiscsilv) of size 1GB

[root@s1 godon]# lvcreate -L 1G myiscsivg -n myiscsilv
Logical volume "myiscsilv" created

Format logical volume

[root@s1 godon]# mke2fs /dev/myiscsivg/myiscsilv
mke2fs 1.42.11 (09-Jul-2014)
Creating filesystem with 262144 4k blocks and 65536 inodes
Filesystem UUID: fb7c0705-4a4b-4c01-9fa6-7013bccbfda9
Superblock backups stored on blocks:
32768, 98304, 163840, 229376
Allocating group tables: done
Writing inode tables: done
Writing superblocks and filesystem accounting information: done

I created folder /iscsidisk in which we will mount logical volume (/dev/myiscsivg/myiscsilv)

For mount to be permamnet we need to add this mount point to /etc/fstab file

/dev/myiscsivg/myiscsilv /iscsidisk ext4 _netdev 0 0
_netdev is used to prevent the system from attempting to mount these filesystems until the network has been enabled on the system.

After reboot you should see iSCSI mounted

Advertisements
Comments
  1. CertDepot says:

    Using ‘set attribute authentication=0 demo_mode_write_protect=0 generate_node_acls=1’ is not the correct way to set up iScsi: use ACL instead.

    Like

  2. web site says:

    I have been browsing online greater than 3 hours today, yet I
    never found any interesting article like yours.

    It’s lovely price sufficient for me. In my view, if all website owners and bloggers made good content material
    as you probably did, the web will likely be a
    lot more helpful than ever before.

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s