How Install and Configure iSCSI Storage server on CentOS 7

koromicha
|
Last Updated:
|
Storage, iSCSI
|
1 Comment

In this tutorial, you will learn how to install and configure iSCSI storage server on CentOS 7 and other RHEL derivatives. iSCSI (Internet Small Computer System Interface) is an IP based storage networking standard that allows block-level access to data storage over a network. It enables data storage to be consolidated, shared, and centrally managed across a network, making it an effective solution for businesses with large amounts of data and multiple users who need access to that data.

How to Configure iSCSI Storage server on CentOS 7

Key Concepts in iSCSI

Below are key concepts used in iSCSI network storage;

  • iSCSI Initiator: The client-side software that enables a device to connect to an iSCSI storage target and use its resources.
  • iSCSI Target: The server-side software that presents the storage resources to the initiator as if they were local disks.
  • LUN (Logical Unit Number): A unique identifier that represents a specific logical volume or portion of a physical disk on the iSCSI target.
  • iSCSI Portal: The IP address and TCP port number combination that the iSCSI initiator uses to connect to the iSCSI target.
  • Initiator IQN (iSCSI Qualified Name): The unique identifier assigned to the iSCSI initiator to establish a connection with the iSCSI target.
  • CHAP (Challenge-Handshake Authentication Protocol): A security mechanism used for authentication between the iSCSI initiator and target to ensure that only authorized initiators can access the storage.
  • SCSI (Small Computer System Interface): A standard protocol used by the operating system to communicate with storage devices, including iSCSI storage.
  • MPIO (Multipath I/O): A technique used to create redundant paths between the initiator and target to ensure high availability and load balancing.
  • Jumbo Frames: A technique used to increase the packet size in iSCSI networks to improve performance.
  • Portal: A portal is a network interface on a target that listens for iSCSI initiator connection requests.
  • TPG (Target Portal Group): a group of portals on the target side that share the same target portal group tag (TPGT). By grouping portals into a TPG, the target can present a single iSCSI target to initiators, even if there are multiple interfaces or network paths to the target. TPGs can be used to provide load balancing, failover, and increased throughput.
  • ACL: Access Control List that lists iSCSI clients to be granted access to the storage device.

Read more on man targetcli.

Deployment Architecture

To use iSCSI, the target storage device must support iSCSI and be connected to the network.

In this deployment, we will be using two CentOS 7 servers, one acting as the iSCSI target while the other functions as the iSCSI initiator.

Host DetailsiSCSI TargetiSCSI Initiator
Hostnametarget.kifarunix-demo.compoc.kifarunix-demo.com
IP Address192.168.57.45192.168.57.63

Install iSCSI Required Packages

To set up an iSCSI target, we need to install an administration tool called targetcli which provides the default interface for managing the target.

yum install targetcli -y

Configure iSCSI Target

After installing targetcli, let us configure iSCSI target.

Create the backend storage devices

In our storage server, we have attached two disks and created two logical volumes;

lsblk

NAME             MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
sda                8:0    0    8G  0 disk 
├─sda1             8:1    0    1G  0 part /boot
└─sda2             8:2    0    7G  0 part 
  ├─centos-root  253:0    0  6.2G  0 lvm  /
  └─centos-swap  253:1    0  820M  0 lvm  [SWAP]
sdb                8:16   0    4G  0 disk 
└─vol01-lv_san01 253:2    0    4G  0 lvm  
sdc                8:32   0   15G  0 disk 
└─vol02-lv_san02 253:3    0   15G  0 lvm

Create iSCSI Backstore/Block Storage

iSCSI backstore is a virtual disk or LUN (Logical Unit Number) that represents the storage space that is exported to the iSCSI initiators. There are several types of backstores that can be used in iSCSI, such as file-based backstores like iSCSI target files, or block-based backstores like LVM volumes or physical disks.

To create iSCSI target backstore, launch the targetcli utility by typing targetcli on terminal

targetcli

This will open an interactive prompt;


targetcli shell version 2.1.53
Copyright 2011-2013 by Datera, Inc and others.
For help on commands, type 'help'.

/>

Next, create new backstore for the iSCSI disk using logical volumes created above as the backend storage device.

/backstores/block create iscsi_disk_01 /dev/vol01/lv_san01
/backstores/block create iscsi_disk_02 /dev/vol02/lv_san02

If you run ls command, you should now be able to see created block storage;

ls

o- / ......................................................................................................................... [...]
  o- backstores .............................................................................................................. [...]
  | o- block .................................................................................................. [Storage Objects: 2]
  | | o- iscsi_disk_01 ....................................................... [/dev/vol01/lv_san01 (4.0GiB) write-thru deactivated]
  | | | o- alua ................................................................................................... [ALUA Groups: 1]
  | | |   o- default_tg_pt_gp ....................................................................... [ALUA state: Active/optimized]
  | | o- iscsi_disk_02 ...................................................... [/dev/vol02/lv_san02 (15.0GiB) write-thru deactivated]
  | |   o- alua ................................................................................................... [ALUA Groups: 1]
  | |     o- default_tg_pt_gp ....................................................................... [ALUA state: Active/optimized]
  | o- fileio ................................................................................................. [Storage Objects: 0]
  | o- pscsi .................................................................................................. [Storage Objects: 0]
  | o- ramdisk ................................................................................................ [Storage Objects: 0]
  o- iscsi ............................................................................................................ [Targets: 0]
  o- loopback ......................................................................................................... [Targets: 0]

NB iscsi_disk_nn is the name of the backing storage device. You can call it a name of your choice.

Create iSCSI File-based Backstore

If you want, you can also create a file-backed block device. To do this, navigate to fileio directory and create for example, a 1GiB sized file residing on the home directory. 

/backstores/fileio create iscsi_file01 /home/disk_file 1GiB
ls /backstores/fileio

o- fileio ..................................................................................................... [Storage Objects: 1]
  o- iscsi_file01 ................................................................ [/home/disk_file (1.0GiB) write-back deactivated]
    o- alua ....................................................................................................... [ALUA Groups: 1]
      o- default_tg_pt_gp ........................................................................... [ALUA state: Active/optimized]
/>

Create an IQN for the iSCSI target

Next, you need to create an IQN for the iSCSI targets.

/iscsi create iqn.2023-05.com.kifarunix-demo:target00

When IQN is created, by default a Target Portal Group will be created.

Created target iqn.2023-05.com.kifarunix-demo:target00.
Created TPG 1.
Global pref auto_add_default_portal=true
Created default portal listening on all IPs (0.0.0.0), port 3260.

As you can see, iSCSI target creates a portal that listens on all interfaces on port 3260/tcp.

Configure ACLs for the TPG

Target Portal Group (TPG) Access Control List (ACL) defines which initiators are allowed to access the storage resources exposed by the target. The TPG ACL is used to provide access control at the Target level. It specifies the initiator names that are allowed or denied access to the target.

When a new session is established, the initiator’s name is checked against the TPG ACL. If the initiator name is found in the ACL, access is granted, and the session is established. If the initiator name is not found in the ACL, access is denied, and the session is terminated.

To create an ACL for the TPG1 above;

/iscsi/iqn.2023-05.com.kifarunix-demo:target00/tpg1/acls create iqn.2023-05.com.kifarunix-demo:poc

This creates a node ACL that allows poc server to access the target’s IQN just created.

If you want to add multiple clients, specify them comma separated;

/iscsi/iqn.2023-05.com.kifarunix-demo:target00/tpg1/acls create iqn.2023-05.com.kifarunix-demo:poc,iqn.2023-05.com.kifarunix-demo:another-server

If you want to use IPs instead;

/iscsi/iqn.2023-05.com.kifarunix-demo:target00/tpg1/acls create 192.168.1.100,192.168.1.101

Configure CHAP Authentication

Configure CHAP Authentication by creating initiators’ users, that will be allowed to access backend storage, and their passwords.

/iscsi/iqn.2023-05.com.kifarunix-demo:target00/tpg1/acls/iqn.2023-05.com.kifarunix-demo:poc set auth userid=kifarunix-admin
/iscsi/iqn.2023-05.com.kifarunix-demo:target00/tpg1/acls/iqn.2023-05.com.kifarunix-demo:poc set auth password=password

Create LUNs for the iSCSI disk

Create the LUNs needed to associate a block device with a specific TPG. For our case, we will use iscsi_disk_01 block and iscsi_file01 file created above to create a LUN.

Any new LUN created will be mapped to each ACL that is associated with the TPG.

/iscsi/iqn.2023-05.com.kifarunix-demo:target00/tpg1/luns create /backstores/block/iscsi_disk_01

Output;

Created LUN 0.
Created LUN 0->0 mapping in node ACL iqn.2023-05.com.kifarunix-demo:poc

File based LUN;

/iscsi/iqn.2023-05.com.kifarunix-demo:target00/tpg1/luns create /backstores/fileio/iscsi_file01

Create iSCSI Target Portal

Optionally, to configure a target to offer services on specific address, create a portal for that address. Remember the IP address used must be fixed. To do this, Navigate to portals and create it.

/iscsi/iqn.2023-05.com.kifarunix-demo:target00/tpg1/portals create 192.168.57.45

If you get the error, Could not create NetworkPortal in configFS, it is because you already have portal that listens on all IPs;

/iscsi/iqn.2023-05.com.kifarunix-demo:target00/tpg1/portals ls
o- portals ............................................................................................................ [Portals: 1]
  o- 0.0.0.0:3260 ............................................................................................................. [OK]
/>

Thus, to change this, delete the portal;

/iscsi/iqn.2023-05.com.kifarunix-demo:target00/tpg1/portals delete 0.0.0.0 3260

And re-create the portal;

/iscsi/iqn.2023-05.com.kifarunix-demo:target00/tpg1/portals create 192.168.57.45

Output;

Using default IP port 3260
Created network portal 192.168.57.45:3260.

Open iSCSI Portal on Firewall

Exit the targetcli utility

/> exit
Global pref auto_save_on_exit=true
Configuration saved to /etc/target/saveconfig.json

check whether port 3260 is listening;

ss -altnp | grep 3260
LISTEN     0      256    192.168.57.45:3260                     *:*

Open iSCSI portal on firewalld;

firewall-cmd --add-port=3260/tcp --permanent
firewall-cmd --reload

Running iSCSI Target Service

Start iSCSI target and enable it to run when the system boots.

systemctl enable --now target

Check status;

systemctl status target

Configure the iSCSI Initiator

Follow these simple steps to configure an iSCSI Initiator.

Install iSCSI Initiator Utilities

Run the command, install iSCSI Initiator utilities

yum install -y iscsi-initiator-utils

Set the iSCSI Initiator Name

Edit the file /etc/iscsi/initiatorname.iscsi configuration and add the name of the initiator;

vim /etc/iscsi/initiatorname.iscsi
InitiatorName=iqn.2023-05.com.kifarunix-demo:poc

Save and exit the file

Configure Authentication

Open the /etc/iscsi/iscsid.conf config and update the iSCSI credentials created before, under CHAP settings section;

vim /etc/iscsi/iscsid.conf

# *************
# CHAP Settings
# *************

# To enable CHAP authentication set node.session.auth.authmethod
# to CHAP. The default is None.
#node.session.auth.authmethod = CHAP

# To configure which CHAP algorithms to enable set
# node.session.auth.chap_algs to a comma seperated list.
# The algorithms should be listen with most prefered first.
# Valid values are MD5, SHA1, SHA256
# The default is MD5.
#node.session.auth.chap_algs = SHA256,SHA1,MD5

# To set a CHAP username and password for initiator
# authentication by the target(s), uncomment the following lines:
node.session.auth.username = kifarunix-admin
node.session.auth.password = password

Save the file and exit.

Restart the iscsid service

systemctl restart iscsid

Perform iSCSI Target Discovery

You can discover available targets using the iscsiadm command. When iscsiadm is operating on discovery mode, three arguments are passed:

  • sendtargets type — specifies how to find the targets.
  • portal — tells the iscsiadm the IP address and port to address so as to perform discovery. Default port is 3260.
  • discover — tells the iscsid service to perform a discovery. 
sudo iscsiadm -m discovery -t st -p [IP address of the iSCSI server]

So, to perform an iSCSI discovery, from the initiator run the command:

iscsiadm -m discovery -t sendtargets -p 192.168.57.45

Sample output;

192.168.57.45:3260,1 iqn.2023-05.com.kifarunix-demo:target00

View iSCSI Target Details

To view the iSCSI target details, run the following command:

sudo iscsiadm -m node -T [target IQN] -p [IP address of the iSCSI server] --login

Replace [target IQN] with the IQN of the target and [IP address of the iSCSI server] with the IP address of the iSCSI server.

iscsiadm -m node -T iqn.2023-05.com.kifarunix-demo:target00 -p 192.168.57.45 --login
Logging in to [iface: default, target: iqn.2023-05.com.kifarunix-demo:target00, portal: 192.168.57.45,3260] (multiple)
Login to [iface: default, target: iqn.2023-05.com.kifarunix-demo:target00, portal: 192.168.57.45,3260] successful.

Once the connection is established, both session and node details can be checked as follows.

iscsiadm -m session -o show

Output;

tcp: [1] 192.168.57.45:3260,1 iqn.2023-05.com.kifarunix-demo:target00 (non-flash)
iscsiadm --mode node -P 1
Target: iqn.2023-05.com.kifarunix-demo:target00
	Portal: 192.168.57.45:3260,1
		Iface Name: default

Mounting the iSCSI Devices

List the available iSCSI devices using the lsscsi command;

lsscsi
...
[3:0:0:0]    disk    LIO-ORG  iscsi_disk_01    4.0   /dev/sdb 
[3:0:0:1]    disk    LIO-ORG  iscsi_file01     4.0   /dev/sdc

Our iSCSI device is denoted by /dev/sdb, /dev/sdc.

Create Filesystem on iSCSI Disk

Create an xfs filesystem on the new iSCSI disk.

mkfs.xfs /dev/sdb

meta-data=/dev/sdb               isize=512    agcount=4, agsize=261888 blks
         =                       sectsz=512   attr=2, projid32bit=1
         =                       crc=1        finobt=0, sparse=0
data     =                       bsize=4096   blocks=1047552, imaxpct=25
         =                       sunit=0      swidth=0 blks
naming   =version 2              bsize=4096   ascii-ci=0 ftype=1
log      =internal log           bsize=4096   blocks=2560, version=2
         =                       sectsz=512   sunit=0 blks, lazy-count=1
realtime =none                   extsz=4096   blocks=0, rtextents=0

Mount iSCSI Disk on Client

Create a mount point say at /mnt/ directory.

mkdir /mnt/iscsi_disk

Mount the backstore;

mount -t xfs /dev/sdb /mnt/iscsi_disk/
df -hT -P /dev/sdb
Filesystem     Type  Size  Used Avail Use% Mounted on
/dev/sdb       xfs   4.0G   33M  4.0G   1% /mnt/iscsi_disk

To be able to mount it on boot, add this entry on /etc/fstab.

echo "/dev/sdb /mnt/iscsi_disk xfs _netdev  0 2"  >> /etc/fstab

Big up! You have successfully configured an iSCSI target (server) and shared  a block device to an iSCSI client.

That concludes our guide on how to install and configure iSCSI storage server on CentOS.

Read more on managing storage devices.

Other Tutorials

How to Reduce or Shrink Physical Volume in Linux

Install and Setup Ceph Storage Cluster on Ubuntu 22.04

SUPPORT US VIA A VIRTUAL CUP OF COFFEE

We're passionate about sharing our knowledge and experiences with you through our blog. If you appreciate our efforts, consider buying us a virtual coffee. Your support keeps us motivated and enables us to continually improve, ensuring that we can provide you with the best content possible. Thank you for being a coffee-fueled champion of our work!

Photo of author
koromicha
I am the Co-founder of Kifarunix.com, Linux and the whole FOSS enthusiast, Linux System Admin and a Blue Teamer who loves to share technological tips and hacks with others as a way of sharing knowledge as: "In vain have you acquired knowledge if you have not imparted it to others".

Related Posts

Create LVM Logical Volumes in Linux

Shrink KVM Virtual Machine LVM Partitioned Disk

Provision Block Storage for Kubernetes on Rook Ceph Cluster

Install Nextcloud with Nginx and SSL/TLS Certificates on CentOS 8

Install and Configure NFS Server on RHEL/CentOS

How to Deploy Ceph Storage Cluster on AlmaLinux

1 thought on “How Install and Configure iSCSI Storage server on CentOS 7”

Leave a Comment

© 2024 kifarunix.com

Home Advertise with us Privacy Policy