iSCSI (Internet Small Computer Systems Interface) is a protocol that allows SCSI commands to be transmitted over a TCP/IP network. Thus, enables the creation of SANs (Storage Area Networks) by allowing servers (called initiators) to access storage devices (called targets) shared over the network as if they were locally attached.
Among various storage solutions, iSCSI plays a critical role in highly available virtualization environments. In scenarios where a hypervisor host fails and its running VMs are brought down, another host (or node) in the cluster can quickly take over and restart those VMs. This is possible because the VM volumes are stored in a centralized iSCSI storage, ensuring seamless access across all cluster nodes.
Important Concepts and Nomenclatures
- TPGs = Target Portal Groups
- A group of one or more network portals associated with an iSCSI target.
- Portal = Network Endpoint
- It is composed of a binding IP and port. E.g. 192.168.1.100:3260
- LUNs = Logical UNities
- A unique storage resource identifier for a partition or volume. E.g. lun0, lun1, etc.
- IQN = iSCSI Qualified Name
- Both for initiators and targets and can be totally made up as long it follows the format: iqn.yyyy-mm.reverse_domain_name:unique_id
TARGET / SERVER
targetcli is the tool used to manage shared volumes. It does not require reloading or any additional command to apply because they take effect immediately.
As the tool exits, it writes to disk in JSON format, the configuration for persistency, backup, or source control. Depending on the distribution, the location might vary but often are located at /etc/target/saveconfig.json or /etc/rtslib-fb-target/saveconfig.json. At runtime, it might hold information on /sys/kernel/config/target/.
Installation on Ubuntu
sudo apt install targetcli-fb -y sudo systemctl enable target --now sudo mkdir -p /iscsi_disks sudo targetcli
Walkthrough
/> ls /> cd backstores/fileio /> create disk01 /iscsi_disks/disk01.img 1G
/> cd /iscsi /> set discovery_auth userid=username /> set discovery_auth password=secret /> set discovery_auth enable=1
/> create /> delete iqn.2003-01.org.linux-iscsi.u24.x8664:sn.0dcd420db0df /> create iqn.2003-01.lan.srv:disk01 /> cd /iscsi/iqn.2003-01.lan.srv:disk01/tpg1
/> portals/ create /> portals/ delete 0.0.0.0 3260 /> portals/ create 192.168.10.10 3260 /> luns/ create /backstores/fileio/disk01
/> get attribute authentication /> set attribute authentication=1
/> acls/ create iqn.2003-01.lan.client:disk01 /> cd acls/iqn.2003-01.lan.client:disk01/ /> set auth userid=username /> set auth password=secret /> set auth mutual_userid=username /> set auth mutual_password=secret
INITIATOR / CLIENT
On Linux hosts that use the volumes/disks, the tool iscsiadm is the tool used to discover and establish the connection to the resources.
Installation and Configuration on Ubuntu
sudo apt install open-iscsi -y sudo iscsiadm -m discovery -t sendtargets -p 192.168.10.10 sudo nano /etc/iscsi/initiatorname.iscsi
Edit or copy the IQN.
InitiatorName=iqn.2003-01.lan.client:disk01
I found it important to reboot after changing the IQN but it is optional.
#sudo reboot sudo nano /etc/iscsi/iscsid.conf
Uncomment the necessary lines according to your authentication configuration on the target side. Remember to replace the values.
# ************* # CHAP Settings # ************* ## For Discovery Auth discovery.sendtargets.auth.authmethod = CHAP discovery.sendtargets.auth.username = username discovery.sendtargets.auth.password = secret ## For 1-way Auth node.session.auth.authmethod = CHAP node.session.auth.username = username node.session.auth.password = secret ## For Multual Auth discovery.sendtargets.auth.username_in = username discovery.sendtargets.auth.password_in = secret
Test it out
sudo iscsiadm -m node --targetname iqn.2003-01.lan.srv:disk01 --portal 192.168.10.10:3260 --login sudo iscsiadm -m session sudo iscsiadm -m node -T iqn.2003-01.lan.srv:disk01 -p 192.168.10.10:3260 --logout sudo iscsiadm -m node -o delete -T iqn.2003-01.lan.srv:disk01 -p 192.168.10.10:3260