Pages

Saturday, 25 October 2014

iSCSI Configuration on RHEL 7 / CentOS 7

Step 1: First you need to create partition

    [root@server1 ~]# fdisk -c /dev/sdb

    Press 'p' to print partition table

    Press 'n' to create a new partition

    Press 'p' to create primary partition

    Type Partition Number : 1

    First Sector        : PRESS ENTER

    Last Sector        : +1G

    Press 'p' to print partition tables again

    Press 't' to change partition ID

    Type your partition Number :1

    Type Partition code     : 8e

     Press 'p' to print partition tables again

    Press 'w' to save and exit

Step 2: if required, use partprobe command to update partition table entry into kernel.

    [root@server1 ~]# partprobe /dev/sdb

Step 3: Now create a Logical Volume using /dev/sdb1 partition

    [root@server1 ~]# pvcreate /dev/sdb1

    [root@server1 ~]# vgcreate iSCSI_vg /dev/sdb1

    [root@server1 ~]# lvcreate -n iscsi_lv1 -l 100%FREE iSCSI_vg

                            

Step 4: First you need to install "targetcli" package

    [root@server1 ~]# yum install targetcli -y

Step 5: Now run targetcli with no options to enter into interactive mode:

    [root@server1 ~]# targetcli

    /> ls


Now Configure the existing /dev/iSCSI_vg/iscsi_lv1 logical volume as a block-type backing store using the name of "server1.disk1".

    /> cd backstores/
   
    /backstores> ls
   
    /backstores> cd block

    /backstores/block> ls

    /backstores/block> create server1.disk1 /dev/iSCSI_vg/iscsi_lv1

    /backstores/block> ls


Now Create a unique iSCSI Qualified Name (IQN) for the target.

    /backstores/block> cd /iscsi

    /iscsi> create iqn.2014-10.com.example.server1:iscsi-1


Now an ACL for client node (initiator). the initiator will be connecting with it's initiator name.

    /iscsi> cd /iscsi/iqn.2014-10.com.example.server1:iscsi-1/tpg1/acls

    /iscsi/iqn.20...i-1/tpg1/acls> create iqn.2014-10.com.example.com.server1:server2

Now set username and password into ACL to access this LUN

    /> cd iqn.2014-10.com.example.com.server1:server2

    /> set auth userid=user1

    /> set auth password=password



Now Create a LUN under the target, The LUN should use the previously defined backing storage device named "server1.disk1"

    /iscsi/iqn.20...i-1/tpg1/acls> cd /iscsi/iqn.2014-10.com.example.server1:iscsi-1/tpg1/luns

    /iscsi/iqn.20...i-1/tpg1/luns> create /backstores/block/server1.disk1


Now Configure a portal for the target to listen on 192.168.0.254

    /iscsi/iqn.20...i-1/tpg1/luns> cd /iscsi/iqn.2014-10.com.example.server1:iscsi-1/tpg1/portals

    /iscsi/iqn.20.../tpg1/portals> create 192.168.0.254


Now view, verify and save the target server configuration

    /iscsi/iqn.20.../tpg1/portals> cd /

    /> ls


Now Save this configuration

        /> saveconfig

        /> exit


NOTE-: this configuration will be saved to " ~]# cat /etc/target/saveconfig.json"


Step 6: Now Enable and Start target service

    [root@server1 ~]# systemctl enable target.service

    [root@server1 ~]# systemctl restart target.service
    [root@server1 ~]# systemctl status target.service



Step 7: Now Configure firewall to allow target service
    [root@server1 ~]# firewall-cmd --permanent --add-port=3260/tcp
    [root@server1 ~]# firewall-cmd --reload



                    Accessing iSCSI Storage with CHAP Authentication 
                


Step 1: First you need to install iSCSI initiator package

    [root@server2 ~]# yum install iscsi-initiator-utils -y

Step 2: Now Create a unique iSCSI IQN name for the client initiator. Otherwise you will not able to connect/login into IQN

    [root@server2 ~]# vim /etc/iscsi/initiatorname.iscsi

    InitiatorName=iqn.2014-10.com.example.server1:server2

    :wq (save and exit)

Step 3: Now you need to modify "/etc/iscsi/iscsid.conf" to provide username and password for chap authentication

    [root@server2 ~]# vim /etc/iscsi/iscsid.conf

    # line 54: uncomment

    node.session.auth.authmethod = CHAP

   
# line 58,59: uncomment and specify the username and password you set on the iSCSI target server

    node.session.auth.username = user1

    node.session.auth.password = password

    :wq (save and exit)

Step 4: Now Enable and start iscsi client service
    [root@server2 ~]# systemctl restart iscsid.service

    [root@server2 ~]# systemctl enable iscsid.service

   
Step 5: Now discover target using the following command:

    [root@server2 ~]# iscsiadm -m discovery -t st -p 192.168.0.254

Step 6: Confirm status after discovery

    [root@server2 ~]# iscsiadm -m node -o show

Step 7: Now connect/login the discovered target into system

  [root@server2 ~]# iscsiadm -m node -T iqn.2014-10.com.example.server1:tgt1 -p 192.168.0.254 -l
Step 8: Confirm the established session

    [root@server2 ~]# iscsiadm -m session -o show

Step 9: Confirm the partitions

    [root@server2 ~]# cat /proc/partitions

Step 10: Create label,  create a new primary partition, format it using xfs file system and the mount it on /mnt directory. 

    [root@server2 ~]# parted --script /dev/sdb "mklabel msdos"

    [root@server2 ~]# parted --script /dev/sdb "mkpart primary 0% 100%"

    [root@server2 ~]# mkfs.xfs -i size=1024 -s size=4096 /dev/sdb1

    [root@server2 ~]# mount /dev/sdb1 /mnt

    [root@server2 ~]# df -hT

Step 11: Now make it persistent entry to mount at booting
    [root@server2 ~]# blkid

    Now Copy the UUID of /deb/sdb1 and paste it into /etc/fstab as following:

    [root@server2 ~]# vim /etc/fstab

    UUID="be41aa12-1e30-4678-8c19-da3506df1d84" /mnt                xfs     _netdev     0 0

    :wq (save and exit) 


    [root@server2 ~]# umount /mnt/

    [root@server2 ~]# mount -a

    [root@server2 ~]# df -h
Step 12: Now unmount the iSCSI Storage

    [root@server2 ~]# cd

    [root@server2 ~]# umount /mnt/

    [root@server2 ~]# vim /etc/fstab

    Remove the following entry form this file
   
     UUID="be41aa12-1e30-4678-8c19-da3506df1d84" /mnt                xfs     _netdev         0 0

    :wq (save and exit)

    To Disconnect iSCSI storage

  [root@server2 ~]# iscsiadm -m node -T iqn.2014-10.com.example.server1:tgt1 -p 192.168.0.254 -u


    To delete cache as well

[root@server2 ~]# iscsiadm -m node -T iqn.2014-10.com.example.server1:tgt1 -p 192.168.0.254 -o delete

    Now if you want to connect it again, you need to discover it again.


                            Configuring iSCSI Targets without CHAP Authentication


Step 1: First you need to create partition

    [root@server1 ~]# fdisk -c /dev/sdc

    Press 'p' to print partition table

    Press 'n' to create a new partition

    Press 'p' to create primary partition

    Type Partition Number : 1

    First Sector        : PRESS ENTER

    Last Sector        : +1G

    Press 'p' to print partition tables again

    Press 't' to change partition ID

    Type your partition Number :1

    Type Partition code     : 8e

     Press 'p' to print partition tables again

    Press 'w' to save and exit


Step 2: if required, use partprobe command to update partition table entry into kernel.

    [root@server1 ~]# partprobe /dev/sdc

Step 3: Now create a Logical Volume using /dev/sdc1 partition
    [root@server1 ~]# pvcreate /dev/sdc1

    [root@server1 ~]# vgcreate iSCSI_vg2 /dev/sdc1

    [root@server1 ~]# lvcreate -n iscsi_lv2 -l 100%FREE iSCSI_vg2
                            

Step 4: First you need to install "targetcli" package

    [root@server1 ~]# yum install targetcli -y

Step 5: Now run targetcli with no options to enter into interactive mode:

    [root@server1 ~]# targetcli

    /> ls

Now Configure the existing /dev/iSCSI_vg2/iscsi_lv2 logical volume as a block-type backing store using the name of "server1.disk2".

    /> cd backstores/
   
    /backstores> ls
   
    /backstores> cd block

    /backstores/block> ls

    /backstores/block> create server1.disk2 /dev/iSCSI_vg2/iscsi_lv2

    /backstores/block> ls

Now Create a unique iSCSI Qualified Name (IQN) for the target.

    /backstores/block> cd /iscsi

    /iscsi> create iqn.2014-10.com.example.server1:iscsi-2

Now an ACL for client node (initiator). the initiator will be connecting with it's initiator name.

    /iscsi> cd /iscsi/iqn.2014-10.com.example.server1:iscsi-2/tpg1/acls

    /iscsi/iqn.20...i-1/tpg1/acls> create iqn.2014-10.com.example.com.server1:tgt1

By default authentication is enabled. To disable it:

    /> cd /iscsi/iqn.2014-10.com.example.server1:iscsi-2/tgp1/

    /iscsi/iqn.20...i-1/tpg1> set attribute authentication=0

    /iscsi/iqn.20...i-1/tpg1> set attribute generate_node_acls=1


Now Create a LUN under the target, The LUN should use the previously defined backing storage device named "server1.disk2"

    /iscsi/iqn.20...i-1/tpg1/acls> cd /iscsi/iqn.2014-10.com.example.server1:iscsi-2/tpg1/luns

    /iscsi/iqn.20...i-1/tpg1/luns> create /backstores/block/server1.disk2

Now Configure a portal for the target to listen on 192.168.0.254

    /iscsi/iqn.20...i-1/tpg1/luns> cd /iscsi/iqn.2014-10.com.example.server1:iscsi-2/tpg1/portals

    /iscsi/iqn.20.../tpg1/portals> create 192.168.0.254

Now view, verify and save the target server configuration

    /iscsi/iqn.20.../tpg1/portals> cd /

    /> ls

Now Save this configuration

        /> saveconfig

        /> exit

NOTE-: this configuration will be saved to " ~]# cat /etc/target/saveconfig.json"


Step 6: Now Enable and Start target service

    [root@server1 ~]# systemctl enable target.service

    [root@server1 ~]# systemctl restart target.service
    [root@server1 ~]# systemctl status target.service


Step 7: Now Configure firewall to allow target service

    [root@server1 ~]# firewall-cmd --permanent --add-port=3260/tcp
    [root@server1 ~]# firewall-cmd --reload



                    Accessing iSCSI Storage without CHAP Authentication 

Step 1: First you need to install iSCSI initiator package
    [root@server2 ~]# yum install iscsi-initiator-utils -y

Step 2: Now Create a unique iSCSI IQN name for the client initiator. Otherwise you will not able to connect/login into IQN

    [root@server2 ~]# vim /etc/iscsi/initiatorname.iscsi

    InitiatorName=iqn.2014-10.com.example.server1:tgt1

    :wq (save and exit)

Step 3: Now Enable and start iscsi client service

    [root@server2 ~]# systemctl restart iscsid.service

    [root@server2 ~]# systemctl enable iscsid.service
   
Step 4: Now discover target using the following command:
    [root@server2 ~]# iscsiadm -m discovery -t st -p 192.168.0.254

Step 5: Now you need to connect iscsi storage into system

[root@server2 ~]# iscsiadm -m node -T iqn.2014-10.com.example.server1:iscsi-2 -p 192.168.0.254 -l
   
    [root@server2 ~]# fdisk -l

Step 6: Create label,  create a new primary partition, format it using xfs file system and the mount it on /iscsi2 directory. 

    [root@server2 ~]# parted --script /dev/sdb "mklabel msdos"

    [root@server2 ~]# parted --script /dev/sdb "mkpart primary 0% 100%"

    [root@server2 ~]# mkfs.xfs -i size=1024 -s size=4096 /dev/sdb1

    [root@server2 ~]# mount /dev/sdb1 /iscsi2

    [root@server2 ~]# df -hT

Step 7: Now make it persistent entry to mount at booting

    [root@server2 ~]# blkid

    Now Copy the UUID of /deb/sdc1 and paste it into /etc/fstab as following:

    [root@server2 ~]# vim /etc/fstab

    UUID="be41aa12-1e30-4678-8c19-da3506df1d84" /iscsi2                xfs     _netdev     0 0

    :wq (save and exit) 


    [root@server2 ~]# umount /mnt/

    [root@server2 ~]# mount -a

    [root@server2 ~]# df -h



Step 8: Now unmount the iSCSI Storage

    [root@server2 ~]# cd

    [root@server2 ~]# umount /iscsi2

    [root@server2 ~]# vim /etc/fstab

    Remove the following entry form this file
   
     UUID="be41aa12-1e30-4678-8c19-da3506df1d84" /mnt                xfs     _netdev         0 0

    :wq (save and exit)

    To Disconnect iSCSI storage  


root@server2 ~]# iscsiadm -m node -T iqn.2014-10.com.example.server1:iscsi-2 -p 192.168.0.254 -u

    To delete cache as well

    [root@server2 ~]# iscsiadm -m node -T iqn.2014-10.com.example.server1:iscsi-2 -p 192.168.0.254 -o delete

    Now if you want to connect it again, you need to discover it again.
NOTE-: iSCSI store caching in  /var/lib/iscsi/ directory sometimes when we try to add another iscsi targets, system takes some information
    from cache. so you have two option to address it.

    1. reboot your system

    2. remove iscsi cache

    To remove nodes cache
    [root@server2 ~]# rm -rf /var/lib/iscsi/nodes/*

    To remove send_targets cache

    [root@server2 ~]# rm -rf /var/lib/iscsi/send_targets/*

   
If you have any problem to follow above steps, Please Click Here to watch video.

8 comments:

  1. Hi,
    Thanks for a well descriptive tutorial. I followed it from start to finish but keep on getting the error message below when I try to connect from the client side any ideas?

    "Logging in to [iface: default, target: iqn.2015-05.com.domain:tg1, portal: 10.211.55.13,3260] (multiple)
    iscsiadm: Could not login to [iface: default, target: iqn.2015-05.com.domain:tg1, portal: 10.211.55.13,3260].
    iscsiadm: initiator reported error (24 - iSCSI login failed due to authorization failure)
    iscsiadm: Could not log into all portals"

    ReplyDelete
  2. when i create this
    /iscsi> create iqn.2014-10.com.example.server1:iscsi-1 it shows one error as

    WWN not valid as: iqn, naa, eui

    ReplyDelete
    Replies
    1. Had same issue, try
      create iqn.2014-10.com.example.server1:iscsi1
      Looks like special characters not allowed

      Delete
  3. @Gopi, You have problem with the resolution of the server1.example.com. targetcli won't create such portal

    ReplyDelete
  4. Very helpful thankyou. One helpful addition (if it possible) how do you temporarily disable an iscsi export to allow for example the backing store LV to be set inactive to allow resizing.

    ReplyDelete
  5. Wonderful article

    thanks for share us

    ReplyDelete
  6. This comment has been removed by the author.

    ReplyDelete