How to configure ISCSI Target|Storage server on Linux|CentOS|RHEL

ISCSI Storage

Internet Small Computer Systems Interface(ISCSI) is IP-based storage, works on top of the internet protocol. It caries the SCSI commands over IP network. The major benefits of ISCSI target that, it transports the block-level data between an iSCSI initiator on a client machine and an iSCSI target on the server system. iSCSI uses an existing IP based protocol and it does not require any additional cabling, such as Fibre Channel (FC) storage area networks(SAN).

Topic

  • How to configure ISCSI target server on Centos7?
  • How to configure ISCSI target server on Rhel7?
  • How to configure ISCSI target server on Linux?

apt

  • Linux
  • Centos
  • RHEL


Solution


In our demonstration, we will configure 2 LVM disks on ISCSI Target server and will share those disks to client nodes as a SAN block device(LUN).

LAB Information

Server Details:

  • Server Name: str1.example.local
  • Server IP: 192.168.5.24
  • Client Name: client1.example.local
  • Client IP: 192.168.5.25

Prerequisites
  • Bare minimal or base installation of centos 7

Configuration

Following are the step by step configuration details to setup a ISCSI target server and share LUN with the client systems.

Package Installation [1]
  • Install the following package on iscsi target server.
[root@str1 ~]# yum install targetcli

  • Execute following command to start and enable iscsi target service.
[root@str1 ~]# systemctl start target.service 
[root@str1 ~]# systemctl enable target.service 
Created symlink from /etc/systemd/system/multi-user.target.wants/target.service to /usr/lib/systemd/system/target.service.

Firewall Configuration [2]
  • Execute the following command to add firewall rules.
[root@str1 ~]# firewall-cmd --add-service=iscsi-target --permanent 
success
[root@str1 ~]# firewall-cmd --reload 
success

LVM Configuration [3]
  • Attache a volume on target server and create two lvm volumes. We will share those volumes to client systems through ISCSI target server.
List available disks:
[root@str1 ~]# fdisk -l | grep -i sd
Disk /dev/sda: 10.7 GB, 10737418240 bytes, 20971520 sectors

Create a physical volume:
[root@str1 ~]# pvcreate /dev/sda
  Physical volume "/dev/sda" successfully created

[root@str1 ~]# pvs
  PV         VG     Fmt  Attr PSize  PFree 
  /dev/sda   vg1    lvm2 a--  10.00g     0 
  /dev/vda2  centos lvm2 a--   9.51g 40.00m

Create volume group:
[root@str1 ~]# vgcreate vg1 /dev/sda
  Volume group "vg1" successfully created
r
[root@str1 ~]# vgs
  VG     #PV #LV #SN Attr   VSize  VFree 
  centos   1   2   0 wz--n-  9.51g 40.00m
  vg1      1   2   0 wz--n- 10.00g     0

Create logical volume:
[root@str1 ~]# lvcreate -n lv1 -l 50%FREE vg1
  Logical volume "lv1" created.

[root@str1 ~]# lvcreate -n lv2 -l 100%FREE vg1
  Logical volume "lv2" created.

[root@str1 ~]# lvs
  LV   VG     Attr       LSize Pool Origin Data%  Meta%  Move Log Cpy%Sync Convert
  root centos -wi-ao---- 8.47g                                                    
  swap centos -wi-ao---- 1.00g                                                    
  lv1  vg1    -wi-a----- 5.00g                                                    
  lv2  vg1    -wi-a----- 5.00g

Target Server Configuration [4]
  • Execute targetcli command to configure target server.
[root@str1 ~]# targetcli 
targetcli shell version 2.1.fb41
Copyright 2011-2013 by Datera, Inc and others.
For help on commands, type 'help'. <<<

/> 

/> ls
o- / ............................................................................................................ [...]
  o- backstores ................................................................................................. [...]
  | o- block ..................................................................................... [Storage Objects: 0]
  | o- fileio .................................................................................... [Storage Objects: 0]
  | o- pscsi ..................................................................................... [Storage Objects: 0]
  | o- ramdisk ................................................................................... [Storage Objects: 0]
  o- iscsi ............................................................................................... [Targets: 0]
  o- loopback ............................................................................................ [Targets: 0]

Create block device [5]
  • Create block device 1) with /dev/vg1/lv1 and block device 2) with /dev/vg1/lv2

# List configuration

/> ls
o- / ............................................................................................................ [...]
  o- backstores ................................................................................................. [...]
  | o- block ..................................................................................... [Storage Objects: 0]
  | o- fileio .................................................................................... [Storage Objects: 0]
  | o- pscsi ..................................................................................... [Storage Objects: 0]
  | o- ramdisk ................................................................................... [Storage Objects: 0]
  o- iscsi ............................................................................................... [Targets: 0]
  o- loopback ............................................................................................ [Targets: 0]

 # Create block device
/> backstores/block create blckdev1 /dev/vg1/lv1 
Created block storage object blckdev1 using /dev/vg1/lv1.
/> backstores/block create blckdev2 /dev/vg1/lv2
Created block storage object blckdev2 using /dev/vg1/lv2.

# List configuration
/> ls
o- / ............................................................................................................ [...]
  o- backstores ................................................................................................. [...]
  | o- block ..................................................................................... [Storage Objects: 2]
  | | o- blckdev1 ...................................................... [/dev/vg1/lv1 (5.0GiB) write-thru deactivated]
  | | o- blckdev2 ...................................................... [/dev/vg1/lv2 (5.0GiB) write-thru deactivated]
  | o- fileio .................................................................................... [Storage Objects: 0]
  | o- pscsi ..................................................................................... [Storage Objects: 0]
  | o- ramdisk ................................................................................... [Storage Objects: 0]
  o- iscsi ............................................................................................... [Targets: 0]
  o- loopback ............................................................................................ [Targets: 0]

Create ISCSI Target [6]
  • Create iscsi target by passing an IQN Name. Once target is created it would create a Target Portal Group as well.
/> cd iscsi 
/iscsi> create IQN.2019-11.local.example:tgt1
Created target iqn.2019-11.local.example:tgt1.
Created TPG 1.

Global pref auto_add_default_portal=true
Created default portal listening on all IPs (0.0.0.0), port 3260.

/iscsi> ls
o- iscsi ................................................................................................. [Targets: 1]
  o- iqn.2019-11.local.example:tgt1 ......................................................................... [TPGs: 1]
    o- tpg1 .................................................................................... [no-gen-acls, no-auth]
      o- acls ............................................................................................... [ACLs: 0]
      o- luns ............................................................................................... [LUNs: 0]
      o- portals ......................................................................................... [Portals: 1]
        o- 0.0.0.0:3260 .......................................................................................... [OK]

Note:
IQN creation format IQN.year-month-:target name

Create ACL [7]
  • The ACL is used on client system to connect ISCSI Target.
# List configuration
/iscsi> ls
o- iscsi ................................................................................................. [Targets: 1]
  o- iqn.2019-11.local.example:tgt1 ......................................................................... [TPGs: 1]
    o- tpg1 .................................................................................... [no-gen-acls, no-auth]
      o- acls ............................................................................................... [ACLs: 0]
      o- luns ............................................................................................... [LUNs: 0]
      o- portals ......................................................................................... [Portals: 1]
        o- 0.0.0.0:3260 .......................................................................................... [OK]

# Switch 
/iscsi> cd iqn.2019-11.local.example:tgt1/tpg1/acls 

# Create ACL
/iscsi/iqn.20...gt1/tpg1/acls> create iqn.2019-11.local.example:client1
Created Node ACL for iqn.2019-11.local.example:client1
/iscsi/iqn.20...gt1/tpg1/acls> 

# List
/iscsi/iqn.20...gt1/tpg1/acls> ls
o- acls ..................................................................................................... [ACLs: 1]
  o- iqn.2019-11.local.example:client1 ............................................................... [Mapped LUNs: 0]

Create LUN [8]
  • Create lun under the iscsi target
/iscsi/iqn.20...gt1/tpg1/acls> cd ..

/iscsi/iqn.20...ple:tgt1/tpg1> ls
o- tpg1 ........................................................................................ [no-gen-acls, no-auth]
  o- acls ................................................................................................... [ACLs: 1]
  | o- iqn.2019-11.local.example:client1 ............................................................. [Mapped LUNs: 0]
  o- luns ................................................................................................... [LUNs: 0]
  o- portals ............................................................................................. [Portals: 1]
    o- 0.0.0.0:3260 .............................................................................................. [OK]

# Create LUN
/iscsi/iqn.20...ple:tgt1/tpg1> luns/ create /backstores/block/blckdev1 
Created LUN 0.
Created LUN 0->0 mapping in node ACL iqn.2019-11.local.example:client1
/iscsi/iqn.20...ple:tgt1/tpg1> luns/ create /backstores/block/blckdev2
Created LUN 1.
Created LUN 1->1 mapping in node ACL iqn.2019-11.local.example:client1

# List
/iscsi/iqn.20...ple:tgt1/tpg1> ls
o- tpg1 ........................................................................................ [no-gen-acls, no-auth]
  o- acls ................................................................................................... [ACLs: 1]
  | o- iqn.2019-11.local.example:client1 ............................................................. [Mapped LUNs: 2]
  |   o- mapped_lun0 ....................................................................... [lun0 block/blckdev1 (rw)]
  |   o- mapped_lun1 ....................................................................... [lun1 block/blckdev2 (rw)]
  o- luns ................................................................................................... [LUNs: 2]
  | o- lun0 ........................................................................... [block/blckdev1 (/dev/vg1/lv1)]
  | o- lun1 ........................................................................... [block/blckdev2 (/dev/vg1/lv2)]
  o- portals ............................................................................................. [Portals: 1]
    o- 0.0.0.0:3260 .............................................................................................. [OK]

Create ISCSI portal [9]
  • While we create the iscsi target by IQN name, a default portal is created automatically with public access. So here we will delete the default portal and create a new portal.
/iscsi/iqn.20...ple:tgt1/tpg1> ls
o- tpg1 ........................................................................................ [no-gen-acls, no-auth]
  o- acls ................................................................................................... [ACLs: 1]
  | o- iqn.2019-11.local.example:client1 ............................................................. [Mapped LUNs: 2]
  |   o- mapped_lun0 ....................................................................... [lun0 block/blckdev1 (rw)]
  |   o- mapped_lun1 ....................................................................... [lun1 block/blckdev2 (rw)]
  o- luns ................................................................................................... [LUNs: 2]
  | o- lun0 ........................................................................... [block/blckdev1 (/dev/vg1/lv1)]
  | o- lun1 ........................................................................... [block/blckdev2 (/dev/vg1/lv2)]
  o- portals ............................................................................................. [Portals: 1]
    o- 0.0.0.0:3260 .............................................................................................. [OK]  <<< Default portal

# Switch to portal configuration
/iscsi/iqn.20...ple:tgt1/tpg1> cd portals/

# Delete default portal
/iscsi/iqn.20.../tpg1/portals> delete ip_address=0.0.0.0 ip_port=3260
Deleted network portal 0.0.0.0:3260
/iscsi/iqn.20.../tpg1/portals> ls
o- portals ............................................................................................... [Portals: 0]

# Create new portal
/iscsi/iqn.20.../tpg1/portals> create 192.168.5.24
Using default IP port 3260
Created network portal 192.168.5.24:3260.

Configure password Authentication [10]
  • By default the ACL is configured with without password. Execute the following command in targetcli shell to protect acl with a password.
# Switch to ACL directory
/iscsi/iqn.20...ple:tgt1/tpg1> cd /iscsi/iqn.2019-11.local.example:tgt1/tpg1/acls/iqn.2019-11.local.example:client1/

/iscsi/iqn.20...ample:client1> ls
o- iqn.2019-11.local.example:client1 ................................................................. [Mapped LUNs: 2]
  o- mapped_lun0 ........................................................................... [lun0 block/blckdev1 (rw)]
  o- mapped_lun1 ........................................................................... [lun1 block/blckdev2 (rw)]

# Set ACL with user and password
/iscsi/iqn.20...ample:client1> set auth userid=user
Parameter userid is now 'user'.

/iscsi/iqn.20...ample:client1> set auth password=password
Parameter password is now 'password'.

  • Enter exit to save the configuration.
/iscsi/iqn.20...ample:client1> exit
Global pref auto_save_on_exit=true
Last 10 configs saved in /etc/target/backup.
Configuration saved to /etc/target/saveconfig.json

Configure Iscsi Initiator [11]
  • Here we will configure iscsi Initiator to login Iscsi Target server. Execute the following command on client system to install iscsi Initiator.
[root@client1 ~]# yum install iscsi-initiator-utils

  • Edit /etc/iscsi/initiatorname.iscsi file and replace the content with the initiator name that we previously created as an acl on Iscsi Target server.
[root@client1 ~]# vim /etc/iscsi/initiatorname.iscsi
InitiatorName=iqn.2019-11.local.example:client1

Configure CHAP authentication [12]
  • We have previously set up a user id and a password on Iscsi Target server. Now edit /etc/iscsi/iscsid.conf file and make the changes on the following line.
[root@client1 ~]# vim /etc/iscsi/iscsid.conf
node.session.auth.authmethod = CHAP
node.session.auth.username_in = user
node.session.auth.password_in = password

Note:
The above option is not required if we did not set user name and password on iscsi target server.

Start and enable iscsi initiator service [13]
  • Execute the below command to start and enable iscsi initiator service.
[root@client1 ~]# systemctl start iscsi.service 
[root@client1 ~]# systemctl enable iscsi.service 
[root@client1 ~]# systemctl restart iscsi.service 

Discovery Iscsi Target [14]
  • Execute the iscsiadm command with discovery mode to discover iscsi target.
[root@client1 ~]# iscsiadm --mode discoverydb --type sendtargets --portal 192.168.5.24 --discover
192.168.5.24:3260,1 iqn.2019-11.local.example:tgt1

OR

[root@client1 ~]# iscsiadm -m discoverydb -t st -p 192.168.5.24 -D
192.168.5.24:3260,1 iqn.2019-11.local.example:tgt1

Login Discovered Target [15]
  • Run lsblk command to check the block device before login to target and re-execute the same command after login to target.

  • Execute following command to login to the discovered target from iscsi target server.

[root@client1 ~]# lsblk 
NAME            MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
sr0              11:0    1 1024M  0 rom  
vda             252:0    0   10G  0 disk 
├─vda1          252:1    0  500M  0 part /boot
└─vda2          252:2    0  9.5G  0 part 
  ├─centos-root 253:0    0  8.5G  0 lvm  /
  └─centos-swap 253:1    0    1G  0 lvm  [SWAP]

[root@client1 ~]# iscsiadm --mode node --targetname iqn.2019-11.local.example:tgt1 --portal 192.168.5.24:3260 --login
Logging in to [iface: default, target: iqn.2019-11.local.example:tgt1, portal: 192.168.5.24,3260] (multiple)
Login to [iface: default, target: iqn.2019-11.local.example:tgt1, portal: 192.168.5.24,3260] successful.

OR

[root@client1 ~]# iscsiadm -m node -T iqn.2019-11.local.example:tgt1 -p 192.168.5.24:3260 -l

[root@client1 ~]# lsblk 
NAME            MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
sda               8:0    0    5G  0 disk 
sdb               8:16   0    5G  0 disk 
sr0              11:0    1 1024M  0 rom  
vda             252:0    0   10G  0 disk 
├─vda1          252:1    0  500M  0 part /boot
└─vda2          252:2    0  9.5G  0 part 
  ├─centos-root 253:0    0  8.5G  0 lvm  /
  └─centos-swap 253:1    0    1G  0 lvm  [SWAP]

Note:
The above output of lsblk command shows two disk drives (sda, sdb) are the volumes which are shared from the target server.


Logout from Target – Optional [16]
  • Execute the following command to logout iscsi target if required.
[root@client1 ~]# iscsiadm --mode node --targetname iqn.2019-11.local.example:tgt1 --portal 192.168.5.24:3260 --logout

  • Execute the following command to delete target entry on iscsi initiator client if required.
[root@client1 ~]# iscsiadm --mode node --targetname iqn.2019-11.local.example:tgt1 --portal 192.168.5.24:3260 -o delete


Important ISCSI Initiator Configuration Files

The following are the ISCSI Initiator files on the client system for reference. We may need to check and edit these files for troubleshooting.

  • /etc/iscsi/iscsid.conf: This is the configuration file read by iscsid and iscsiadm on startup.
  • /etc/iscsi/initiatorname.iscsi: This file contains the iSCSI InitiatorName.
  • /var/lib/iscsi/nodes: This directory contains the nodes with their target map.
  • /var/lib/iscsi/send_targets: This directory contains iscsi portal information.

About the Author: Andrew Joseph

Leave a Reply

Your email address will not be published. Required fields are marked *