What is iSCSI ?
iSCSI (internet Small Computer System Interface) is a very popular and reliable SAN(Storage Area Network) solution. It works over TCP, so iSCSI command can be sent over LAN , WAN or internet.
In this tutorial, We have a server machine with CentOS 7.3 installed in it. We will configure this machine so it can provide access to iSCSI storage. the server that provides iscsi access is called iSCSI target. On the other hand, the server that access this target is called iSCSI initiator.
iSCSI Target Configuration:
We have a CentOS machine with a second 8GB disk attached to it. We are going to configure this with LVM . Then it will be used as a backend storage device for iSCSI .
We can check the disk exists(In our case it is the sdb device) via “lsblk” command.
Step 1: Prepare LVM
We will Configure this into a volume group called vgsan then create a lvm logical volume named “lvsan” form it.
[root@localhost ~]# vgcreate vgsan /dev/sdb Physical volume "/dev/sdb" successfully created Volume group "vgsan" successfully created [root@localhost ~]# lvcreate -n lvsan -l 100%VG /dev/vgsan Logical volume "lvsan" created. [root@localhost ~]# lvs LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert root centos -wi-ao---- 6.67g swap centos -wi-ao---- 820.00m lvsan vgsan -wi-a----- 8.00g
Step 2 : Install software
In centOS, iscsi target is managed via “targetcli” . Lets install targetcli first.
yum -y install targetcli.
To enter the targetcli interface just type “targetcli”
Once inside the targetcli prompt, use ‘ls’ command to get a picture of what we are going configure. Its a long directory structure, but don’t worry we are going to configure it step by step so it does not become complicated.
Step 3.1: Configure backstores
First thing is to configure backstorage device. we will configure the previously configured LVM volume and an image file to used as backstorage.
Move to the backstore section of targetcli configuration.
/> cd backstores
First thing is to configure a backstorage device from our previously configured lvm volume. We wil also create a empty file with 1Gb size to used as storage option.
/backstores> block/ create block1 /dev/vgsan/lvsan Created block storage object block1 using /dev/vgsan/lvsan. /backstores> fileio/ create file1 /root/filestorage 1G Created fileio file1 with size 1073741824
Step 3.2 :Configure IQN
IQN is the unique identifier of each iSCSI-target. IQN follows strict naming convention. It is in iqn.YY-MM.[inverse-DNS]:[target name] format. We have to make to sure to follow this convention, otherwise iqn creation will fail. To create iqn, move to the iscsi section.
/backstores> cd /iscsi /iscsi> create iqn.2017-09.com.example:rock Created target iqn.2017-09.com.example:rock. Created TPG 1. Global pref auto_add_default_portal=true Created default portal listening on all IPs (0.0.0.0), port 3260.
Use the ls command to see the newly created iqn. Notice that it automatically created the target portal group tpg1.
Step 3.3 : Create ACL
Now we will create the acLs to allow access to this iqn. The following command will create an ACL to allow “client1” to access this target. If we have multiple client , we will need acls for each of them. This client name has to match the initiator name on the client (More details on that later).
/iscsi/iqn.20....example:rock> tpg1/acls/ create iqn.2017-09.com.example:client1 Created Node ACL for iqn.2017-09.com.example:client1
Step 3.4 : Create LUN
Next step is to create lun(logical unit number) . Luns assign a block device to a specific tpg. We need two luns to assign our previously created block devices to tpg1.
/iscsi/iqn.20....example:rock> tpg1/luns/ create /backstores/block/block1 Created LUN 0. Created LUN 0->0 mapping in node ACL iqn.2017-09.com.example:client1 /iscsi/iqn.20....example:rock> tpg1/luns/ create /backstores/fileio/file1 Created LUN 1. Created LUN 1->1 mapping in node ACL iqn.2017-09.com.example:client1
Now we will go back to targetcli root to get a whole picture of what we created so far.
This completes the iscsi setup. Enter the command “exit” to come out of the targetcli prompt. this also saves the configuration.
/> exit Global pref auto_save_on_exit=true Last 10 configs saved in /etc/target/backup. Configuration saved to /etc/target/saveconfig.json
Now our target is ready .
Step 4: Service Configuration
Now we will start the iscsi target and enable it so it will still be operational after a system reboot.
[root@localhost ~]# systemctl start target
[root@localhost ~]# systemctl enable target
Created symlink from /etc/systemd/system/multi-user.target.wants/target.service to /usr/lib/systemd/system/target.service.
Now will configure the firewall so that it does not block the iscsi-service port .
[root@localhost ~]# firewall-cmd --add-service=iscsi-target --permanent success [root@localhost ~]# firewall-cmd --reload success
We will configure the initiator in the next part of this tutorial.