iSCSI stands for internet small computer system interface. iSCSI is a protocol that allows you to connect with the host storage remotely. Basically, iSCSI works on the TCP/IP layer by sending the SCSI data over TCP packets. These packets will be transported over LAN between iSCSI target and iSCSI initiator. Typically, iSCSI is implemented in the storage area network (SAN). In this guide, we will set up an iSCSI target and iSCSI initiator in Linux.
iSCSI Initiator: iSCSI initiators are clients that authenticate to an iSCSI target and get the authorization of block level storage access. Clients can have multiple iSCSI devices access the initiator.
iSCSI Target: An iSCSI target is a server that provides storage to an iSCSI Initiator. You can create a LUN in a target and provide block storage to the iSCSI initiator.
LUN (Logical Unit Number): A LUN is a SCSI concept that allows us to divide a large number of the storage into a sizable chunk. A LUN is a logical representation of a physical disk. Storage which has been assigned to the iSCSI initiator will be the LUN.
IQN (iSCSI qualified name): An IQN is a unique name that is assigned to the iSCSI target and iSCSI initiator to identify each other. IQN format looks like:
Iqn.yyyy-mm.<domain or naming>:unique name
Portal: The iSCSI portal is a network portal within the iSCSI network where the iSCSI network initiates. iSCSI works over TCP/IP, so the portal can be identified by IP address. There can be one or more Portal.
ACL: An access control list will allow the iSCSI initiator to connect to an iSCSI target. The ACL will restrict access for the iSCSI target so unauthorized initiators cannot connect
How does it work?
iSCSI offers different ways of storing data locally, including block, FileIO, pscsi, and RAMDisk. Here we are focusing on exporting block storage from iSCSI target to initiator. We will create a LUN in the target machine and export it to the initiator. The initiator then will be able to use this storage from the iSCSI target as if it were a local disk. We will create a partition from that disk. To accomplish this, we will use the targetcli utility, which will allow us to manage target configuration. We will create a LUN and IQN in the target and provide access to the initiator.
Client: client.example.com: This system will work as the iSCSI initiator.
Server: server.example.com: This system will work as the iSCSI target.
We will use a RedHat 7 machine for the demo.
Configure iSCSI target:
To create an iSCSI target, we should have extra storage available to assign it to the initiator. I have a 20 GB hard disk added to my machine from which we will create a partition and assign it to the iSCSI LUN.
Creating the Partition:
We will create a partition from /dev/xvdb disk. You should select the proper disk to create a partition. Enter the partition wizard by using the below command:
[root@server ~]# fdisk /dev/xvdb
Now, using fdisk we will create 10 GB partition. To create a new partition, enter the character “n”.
It will ask input for partition type, partition number, and first sector. We are going to keep default values here. Hit enter for all three options. For the last sector, we give a value of “+10G”. This means we are creating a partition of 10 GB out of the available 20 GBs.
Now, as you can see, we have 10 GB partition ready. You can print the number of the partition available for the disk by entering “p” character.
We have the “/dev/xvdb1” partition ready to use. This partition will be used to create a LUN in the targetcli utility. Exit the wizard, and enter command “partprobe”. This command will apply the changes immediately so we do not need to reboot the machine to reflect changes.
[root@server ~]# partprobe
[root@server ~]# yum update && yum install targetcli -y
2. Before using targetcli, we need to start target service. By enabling the service, targetcli will automatically start at boot time.
[root@server ~]# systemctl start target.service
[root@server ~]# systemctl enable target.service
3. Now we can use the targetcli utility.
[root@server ~]# targetcli
4. After entering in targetcli, browse to the /backstore/block path. We will create the backstore here. We can create different types of storage, such as block, pscsi, and FileIO. For this guide, we will use block storage, which is a simple block device like harddisk.
/backstores/block> create disk /dev/xvdb1
5. Now, browse to “iscsi”. We will create the iSCSI target with an IQN and iSCSI target name (“server”). If you don’t want to enter an IQN and target name, then you can just type “create” and it will automatically take the default IQN and target name.
/iscsi> create iqn.2017-08.com.example:server
6. Now we need to create an ACL so only our iSCSI initiator can access this target. Here I am keeping the initiator’s IQN as “iqn.2017-08.com.example.com:client”. We will set the IQN at the time of initiator configuration.
/iscsi/iqn.20...ver/tpg1/acls> create iqn.2017-08.com.example:client
7. Now, we will create the LUN from the disk we created in step 4. This LUN will have read-write permissions by default.
/iscsi/iqn.20...ver/tpg1/luns> create /backstores/block/disk
8. For the final step, we will create a portal. This portal will initiate the iSCSI network. We are going to give the private IP address of the current machine, which will be the IP address of iSCSI target.
/iscsi/iqn.20.../tpg1/portals> create 172.31.3.109
Remember that if you have any default portal, then it will not allow you to create a new portal. Most default portals would be “0.0.0.0”. You can keep that one, or you can delete the old portal and create a new portal as shown below. You can view the current portal with “ls” command.
/iscsi/iqn.20.../tpg1/portals> delete 0.0.0.0 3260
/iscsi/iqn.20.../tpg1/portals> create 172.31.3.109
Now we have the configuration ready for the iSCSI target.
Configure the iSCSI initiator
1. Log in to the iSCSI initiator where you want to mount your storage from the iSCSI target. Here we are going to install the “iscsi-initiator-utilits” package. Update the system, and install the package with the below command.
[root@client ~]# yum update && yum install iscsi-initiator-utils
2. Set up the IQN for the initiator. We are going to set “iqn.2017-08.com.example:client” as initiator’s IQN. You can set the IQN in the initiatorname.iscsi file.
[root@client ~]# vim /etc/iscsi/initiatorname.iscsi
3. Save and exit the file. Enable and start the iSCSI service.
[root@client ~]# systemctl start iscsid iscsi
[root@client ~]# systemctl enable iscsid iscsi
4. We need to discover the target with the private IP address of the target server and see what the target is offering. In this case, the target IP address is “172.31.3.109”.
[root@client ~]# iscsiadm --mode discovery -t st -p 172.31.3.109:3260
5. We can see the available target from the client. We must log in to the target to use it.
[root@client ~]# iscsiadm -m node -T iqn.2017-08.com.example:server -p 172.31.3.109:3260 -l
6. You can view the active iSCSI session using the below command.
[root@client ~]# iscsiadm -m session -P
7. The block disk shared from the iSCSI target is now available to the iSCSI initiator, as shown below.
[root@client ~]# fdisk -l
The partition is mounted as the “/dev/sda” device. You can create a partition, format it as an ext4 or xfs file system, and mount it to a directory.
Things to remember:
1. After mounting the file system to a directory, you can make an entry in “/etc/fstab” to mount it automatically at boot time. Remember to use the “_netdev” attribute, as shown below, in the “/etc/fstab” entry.
2. To log out of the iSCSI target, first unmount the disk from the directory, remove the entry from “/etc/fstab”, and execute the command below:
[root@client ec2-user]# iscsiadm -m node -u
3. If you have not mounted the disk properly, and you are rebooting the server without logging out, then there is a chance of a server crash.
4. The iSCSI target is using port 3260 for communication, so enable it from the firewall.