RHEL7 - Configuring an iSCSI target
With an iSCSI target, client system will access the disk storage from a server to a client.
The iSCSI initiator (client) access the storage from the iSCSI target server as a local disk. Here are the steps to set up both an iSCSI target and an iSCSI initiator use them together.
Plan:
iSCSI target server: sam.expanor.local/192.168.10.120
- This host provides the disk space accessible to the client over the network.
iSCSI initiator client: sama.expanor.local/192.168.10.110
- This host is a client system access to the iSCSI target on the iSCSI target server over the
network.
Pre-plan the following disk partitions
# cat /proc/partitions
/dev/sdb
/dev/sdc
# fdisk /dev/sdb
# pvcreate /dev/sdb1
# vgcreate myvg /dev/sdb1
# vgs
# lvcreate -L 2G -n mylv1 myvg
# lvcreate -L 2G -n mylv2 myvg
# lvs
# lvscan
A. Configure iSCSI Target
- Lets configure the iSCSI target on the server, which will provide its disk space over the
network to client system (the iSCSI initiator).
- Lets install ‘targetcli’ package on the server, which offer a shell like environment to
view and modify the target configuration and export local storage resources such as files,
volumes or RAM disks to other external systems. It provides the similar navigation liek
filesystem commands such as cd, ls.
1. Install targetcli package
# yum install targetcli
2. enable and start the target service.
# systemctl enable target
# systemctl start target
3. Now, run the targetcli command. It will provide targetcli prompt. Just run ls to see the
default interface
# targetcli
/> ls
targetcli commmand has a feature like a bash shell tab completion. Just press tab couple of
times to see available options. You can use go up and back using cd command.
4. Creating a Backstore
Backstores offer a different ways of storing the data locally and export to an external
system. The available options are block, fileio, pscsi and ramdisk. Here, we will be using
block and fileio options.
Now, you have to configure the backstore to set up an iSCSI target. Type cd /backstores to go
to the backstores branch of targetcli. Here it allow you to specify which backing storage is
going to be used.
/> cd backstores/
Now, Type block/ create block1 /dev/myvg/mylv1. This will add the LVM we created as the
backstore in the iSCSI target.
A fileio backstore is a file on the filesystem that is created with a predefined size but
performance is not as good as a block backstore. Use write_back=false option which disable
any caching which will reduce the performance but will reduce possible data loss.
/backstores> block/ create block1 /dev/myvg/mylv1
/backstores> block/ create block2 /dev/myvg/mylv2
/backstores> block create block3 dev=/dev/sdc
or
/> backstores/block create block1 /dev/myvg/mylv1
/> backstores/block create block2 /dev/myvg/mylv2
/> backstores/block create block3 dev=/dev/sdc
/> backstore/fileio create testfile1 /root/fileio1 500M write_back=false
or
/backstores> fileio/ create testfile2 /root/diskfile1 500M
Pay attention to the command and the output.
Type ls at the prompt and see the block and file backstore listing
.
/backstores> ls
5. Create the iSCSI Target and Portal
Now, the block backstores part is done. Lets create iSCSI target.
/backstores> cd /
/> cd iscsi
/iscsi> ls
6. Now, a iSCSI target with IQN (iqn.2016-12.local.expanor) and iSCSI target name (target)
Note: The IQN naming convention used here is iqn.YY-MM followed by inversed DNS domain name.
/iscsi> create iqn.2016-12.local.expanor:target
note: rather than specifying iqn name, just press enter after typing create, system will
automatically use the default IQN and target name.
Run ls command to see the iSCSI target listing
/iscsi> ls
The output shows the contents of the iscsi branch of IQN you just created, and TPG tpg1 which
is created automatically.
7. Create LUNs
Now, you have to create the LUNs. We need to associate a block device with a specific TPG. We
create LUN with previously defined backstore.
a. Go to target portal group (TPG)
cd to IQN that you created on iSCSI target. Type cd iqn.[Tab] to go to IQN.
/iscsi> cd iqn.2016-12.local.expanor:target/tpg1/
b. Create LUN by specifying any backstore we created before. We will create LUN for block and
fileod backstores. Lun create this way has read/write permission by default.
/iscsi/iqn.2016-12.local.expanor:target/tpg1> luns/ create /backstores/block/block1
/iscsi/iqn.2016-12.local.expanor:target/tpg1> luns/ create /backstores/block/block2
/iscsi/iqn.2016-12.local.expanor:target/tpg1> luns/ create /backstores/block/block3
/iscsi/iqn.2016-12.local.expanor:target/tpg1> luns/ create /backstores/fileio/testfile1
/iscsi/iqn.2016-12.local.expanor:target/tpg1> luns/ create /backstores/fileio/testfile2
Note: When creating LUNs, you can specify additional parameters. For eg, if you want to
assign specific lun id to specific storage, you can do as follow
> create lun=2 storage_object=/backstores/block/block1
c. Verify you can see the LUNs just created.
/iscsi/iqn.2016-12.local.expanor:target/tpg1> ls
8. Create an access control list (ACL)
Now, we have to create ACL to allow access to the iSCSI target, because iSCSI initiator can
not access without ACLs. Any new LUN created will be mapped to each ACL that is associated
with the TPG because auto_add_mapped_luns feature is on by default.
a. Before assigning ACL, go to your client system (iSCSI initiator) and get the output of the
/etc/iscsi/initiatorname.iscsi file.
Note: you can leave the default value but if you want to edit this file make sure the entry
on ACL iSCSI target server has the same content of this file.
b. On iSCSI initiator record the InitiatorName and assign ACL.
# cat /etc/iscsi/initiatorname.iscsi
InitiatorName=iqn........
c. To create the ACL, cd to IQN that you created on iSCSI target. Type cd iqn.[Tab] to go to
IQN.
/iscsi> cd iqn.2016-12.local.expanor:target/tpg1/acls/
/iscsi/iqn.20...r:target/tpg1/acls/ create iqn.<from_client>
or
/iscsi/iqn.20...r:target/tpg1/acls/ create iqn.2015-12.local.expanor:sama
The above command creates a node ACL that allows sama server (iSCSI initiator) to access the
IQN you just created on server. Make sure to verify the contents of this file on the iSCSI
initiatorname matches.
You can repeat same steps for other iSCSI initiators that need to access the iSCSI target.
d. Now, all the LUNs created within the iSCSI target will have ACL mapped.
/iscsi/iqn.20...get/tpg1/acls> ls
e. Go back to iSCSI target root and view the configuration
/iscsi/iqn.20...get/tpg1/acls> cd ../..
/iscsi/iqn.20...expanor:target> ls
f. Save the configuration
- exit from the prompt and the configuration is saved to /etc/target/saveconfig.json file.
This config file is on JAVA JSON format and do not edit directly. Upon saving the
configuration, iSCSI target service is also started automatically and listen to 3260 of
specified portal IP address if portal is configured.
# netstat -antup | grep 3260
9. Creating the portal
The portal connects the iSCSI configuration to the specific IP address on the iSCSI target
server. Lets say you have specifit static address on your iSCSI target server, you can use
portal create command with the ip address of the target.
/iscsi/iqn.20...r:target/tpg1> portals/ create 192.168.10.120
Please note, this step is only used if you want to have iSCSI target offering its services to
a specific IP address. If you do not create a portal, a default portal is used that binds to
the address 0.0.0.0, which in fact represents all IP addresses on your server.
10. iSCSI firewall rules
Now, allow traffic to pass through the firewall on this port
# firewall-cmd --add-port=3260/tcp --permanent
# firewall-cmd --reload
# firewall-cmd --list-all
11. Review the configuration file
# cat /etc/target/saveconfig.json
12. Check the status of target service and verify that the target is currently active.
# systemctl start target
# systemctl status target
Finally, iSCSI target server should accept connections from the iSCSI initiator from client
system.
High Level Overview
- Create the backstores to provide the storage that the iSCSI target is sharing.
- Create an IQN, which also automatically creates the TPG.- create ACLs to allow nodes to
access the target.
- Create the LUNs. Note the association between ACLs and the LUN
- Configure the portal and write the configuration.
Note: If you type ls on the targetcli interface, you will get all the steps to configure
target. Use man page of the targetcli command to get some help on the iSCSI configuration
This concludes the iSCSI target server configuration.
For iSCSI initiator, please go to initiator page.
With an iSCSI target, client system will access the disk storage from a server to a client.
The iSCSI initiator (client) access the storage from the iSCSI target server as a local disk. Here are the steps to set up both an iSCSI target and an iSCSI initiator use them together.
Plan:
iSCSI target server: sam.expanor.local/192.168.10.120
- This host provides the disk space accessible to the client over the network.
iSCSI initiator client: sama.expanor.local/192.168.10.110
- This host is a client system access to the iSCSI target on the iSCSI target server over the
network.
Pre-plan the following disk partitions
# cat /proc/partitions
/dev/sdb
/dev/sdc
# fdisk /dev/sdb
# pvcreate /dev/sdb1
# vgcreate myvg /dev/sdb1
# vgs
# lvcreate -L 2G -n mylv1 myvg
# lvcreate -L 2G -n mylv2 myvg
# lvs
# lvscan
A. Configure iSCSI Target
- Lets configure the iSCSI target on the server, which will provide its disk space over the
network to client system (the iSCSI initiator).
- Lets install ‘targetcli’ package on the server, which offer a shell like environment to
view and modify the target configuration and export local storage resources such as files,
volumes or RAM disks to other external systems. It provides the similar navigation liek
filesystem commands such as cd, ls.
1. Install targetcli package
# yum install targetcli
2. enable and start the target service.
# systemctl enable target
# systemctl start target
3. Now, run the targetcli command. It will provide targetcli prompt. Just run ls to see the
default interface
# targetcli
/> ls
targetcli commmand has a feature like a bash shell tab completion. Just press tab couple of
times to see available options. You can use go up and back using cd command.
4. Creating a Backstore
Backstores offer a different ways of storing the data locally and export to an external
system. The available options are block, fileio, pscsi and ramdisk. Here, we will be using
block and fileio options.
Now, you have to configure the backstore to set up an iSCSI target. Type cd /backstores to go
to the backstores branch of targetcli. Here it allow you to specify which backing storage is
going to be used.
/> cd backstores/
Now, Type block/ create block1 /dev/myvg/mylv1. This will add the LVM we created as the
backstore in the iSCSI target.
A fileio backstore is a file on the filesystem that is created with a predefined size but
performance is not as good as a block backstore. Use write_back=false option which disable
any caching which will reduce the performance but will reduce possible data loss.
/backstores> block/ create block1 /dev/myvg/mylv1
/backstores> block/ create block2 /dev/myvg/mylv2
/backstores> block create block3 dev=/dev/sdc
or
/> backstores/block create block1 /dev/myvg/mylv1
/> backstores/block create block2 /dev/myvg/mylv2
/> backstores/block create block3 dev=/dev/sdc
/> backstore/fileio create testfile1 /root/fileio1 500M write_back=false
or
/backstores> fileio/ create testfile2 /root/diskfile1 500M
Pay attention to the command and the output.
Type ls at the prompt and see the block and file backstore listing
.
/backstores> ls
5. Create the iSCSI Target and Portal
Now, the block backstores part is done. Lets create iSCSI target.
/backstores> cd /
/> cd iscsi
/iscsi> ls
6. Now, a iSCSI target with IQN (iqn.2016-12.local.expanor) and iSCSI target name (target)
Note: The IQN naming convention used here is iqn.YY-MM followed by inversed DNS domain name.
/iscsi> create iqn.2016-12.local.expanor:target
note: rather than specifying iqn name, just press enter after typing create, system will
automatically use the default IQN and target name.
Run ls command to see the iSCSI target listing
/iscsi> ls
The output shows the contents of the iscsi branch of IQN you just created, and TPG tpg1 which
is created automatically.
7. Create LUNs
Now, you have to create the LUNs. We need to associate a block device with a specific TPG. We
create LUN with previously defined backstore.
a. Go to target portal group (TPG)
cd to IQN that you created on iSCSI target. Type cd iqn.[Tab] to go to IQN.
/iscsi> cd iqn.2016-12.local.expanor:target/tpg1/
b. Create LUN by specifying any backstore we created before. We will create LUN for block and
fileod backstores. Lun create this way has read/write permission by default.
/iscsi/iqn.2016-12.local.expanor:target/tpg1> luns/ create /backstores/block/block1
/iscsi/iqn.2016-12.local.expanor:target/tpg1> luns/ create /backstores/block/block2
/iscsi/iqn.2016-12.local.expanor:target/tpg1> luns/ create /backstores/block/block3
/iscsi/iqn.2016-12.local.expanor:target/tpg1> luns/ create /backstores/fileio/testfile1
/iscsi/iqn.2016-12.local.expanor:target/tpg1> luns/ create /backstores/fileio/testfile2
Note: When creating LUNs, you can specify additional parameters. For eg, if you want to
assign specific lun id to specific storage, you can do as follow
> create lun=2 storage_object=/backstores/block/block1
c. Verify you can see the LUNs just created.
/iscsi/iqn.2016-12.local.expanor:target/tpg1> ls
8. Create an access control list (ACL)
Now, we have to create ACL to allow access to the iSCSI target, because iSCSI initiator can
not access without ACLs. Any new LUN created will be mapped to each ACL that is associated
with the TPG because auto_add_mapped_luns feature is on by default.
a. Before assigning ACL, go to your client system (iSCSI initiator) and get the output of the
/etc/iscsi/initiatorname.iscsi file.
Note: you can leave the default value but if you want to edit this file make sure the entry
on ACL iSCSI target server has the same content of this file.
b. On iSCSI initiator record the InitiatorName and assign ACL.
# cat /etc/iscsi/initiatorname.iscsi
InitiatorName=iqn........
c. To create the ACL, cd to IQN that you created on iSCSI target. Type cd iqn.[Tab] to go to
IQN.
/iscsi> cd iqn.2016-12.local.expanor:target/tpg1/acls/
/iscsi/iqn.20...r:target/tpg1/acls/ create iqn.<from_client>
or
/iscsi/iqn.20...r:target/tpg1/acls/ create iqn.2015-12.local.expanor:sama
The above command creates a node ACL that allows sama server (iSCSI initiator) to access the
IQN you just created on server. Make sure to verify the contents of this file on the iSCSI
initiatorname matches.
You can repeat same steps for other iSCSI initiators that need to access the iSCSI target.
d. Now, all the LUNs created within the iSCSI target will have ACL mapped.
/iscsi/iqn.20...get/tpg1/acls> ls
e. Go back to iSCSI target root and view the configuration
/iscsi/iqn.20...get/tpg1/acls> cd ../..
/iscsi/iqn.20...expanor:target> ls
f. Save the configuration
- exit from the prompt and the configuration is saved to /etc/target/saveconfig.json file.
This config file is on JAVA JSON format and do not edit directly. Upon saving the
configuration, iSCSI target service is also started automatically and listen to 3260 of
specified portal IP address if portal is configured.
# netstat -antup | grep 3260
9. Creating the portal
The portal connects the iSCSI configuration to the specific IP address on the iSCSI target
server. Lets say you have specifit static address on your iSCSI target server, you can use
portal create command with the ip address of the target.
/iscsi/iqn.20...r:target/tpg1> portals/ create 192.168.10.120
Please note, this step is only used if you want to have iSCSI target offering its services to
a specific IP address. If you do not create a portal, a default portal is used that binds to
the address 0.0.0.0, which in fact represents all IP addresses on your server.
10. iSCSI firewall rules
Now, allow traffic to pass through the firewall on this port
# firewall-cmd --add-port=3260/tcp --permanent
# firewall-cmd --reload
# firewall-cmd --list-all
11. Review the configuration file
# cat /etc/target/saveconfig.json
12. Check the status of target service and verify that the target is currently active.
# systemctl start target
# systemctl status target
Finally, iSCSI target server should accept connections from the iSCSI initiator from client
system.
High Level Overview
- Create the backstores to provide the storage that the iSCSI target is sharing.
- Create an IQN, which also automatically creates the TPG.- create ACLs to allow nodes to
access the target.
- Create the LUNs. Note the association between ACLs and the LUN
- Configure the portal and write the configuration.
Note: If you type ls on the targetcli interface, you will get all the steps to configure
target. Use man page of the targetcli command to get some help on the iSCSI configuration
This concludes the iSCSI target server configuration.
For iSCSI initiator, please go to initiator page.
No comments:
Post a Comment