In our previous tutorial, we covered how to install and configure iSCSI storage server on Ubuntu 18.04 and in this tutorial, we are going to learn how to implement the same on CentOS 7 and other RHEL derivatives.
In this deployment, we will be using two CentOS 7 servers, one acting as the iSCSI target while the other functions as the iSCSI initiator.
iSCSI target:
Hostaname: server1.example.com
IP Address: 192.168.122.10
iSCSI initiator:
Hostaname: server2.example.com
IP Address: 192.168.122.110
Setting Up the iSCSI Target
To set up an iSCSI target, we need to install an administration tool called targetcli which provides the default interface for managing the target.
# yum install targetcli -y
After installing targetcli, let us configure iSCSI.
- Create the backend storage devices
We will create two logical volumes each of 200MB to provide the backend storage for setting up the iSCSI target. Ensure that you have enough space on the volume group to be used. In my case, my volume group is dev/centos.
# lvcreate -L 200M -n lvsan1 /dev/centos # lvcreate -L 200M -n lvsan2 /dev/centos
Launch the targetcli utility by typing targetcli and you are welcomed by targetcli interactive prompt.
# targetcli targetcli shell version 2.1.fb41 Copyright 2011-2013 by Datera, Inc and others. For help on commands, type 'help'. />
Navigate to backstore directory under targetcli and assign the created logical volumes as the backend storage device.
/> cd backstores/ /backstores> block/ create iscsi_disk /dev/centos/san1 Created block storage object iscsi_disk using /dev/centos/san1.
NB iscsi_disk is the name of the backing storage device. You can call it a name of your choice.
We can also create a file-backed block device. To do this, navigate to fileio directory and create a 200MiB sized file residing on the home directory.
/backstores> cd fileio /backstores/fileio> create iscsi_file /home/disk_file 200MiB Created fileio iscsi_file with size 209715200
- Create an IQN for the iSCSI target
This will by default create a Target Portal Group. Navigate to iscsi directory and create it.
/backstores/fileio> cd / /> cd iscsi/ /iscsi> create iqn.2017-01.com.example:target00 Created target iqn.2017-01.com.example:target00. Created TPG 1. Default portal not created, TPGs within a target cannot share ip:port.
- Configure ACLs for the TPG.
Navigate to ACL directory of the IQN created above, which is under the default TPG directory under created IQN.
/iscsi> cd iqn.2017-01.com.example.com:target00/tpg1/acls /iscsi/iqn.20...t00/tpg1/acls> create iqn.2017-01.com.example:server2 Created Node ACL for iqn.2017-01.com.example:server2
This creates a node ACL that allows server2 to access the target’s IQN just created.
Configure CHAP Authentication by creating initiators’ users, that will be allowed to access backend storage, and their passwords.
/iscsi/iqn.20...t00/tpg1/acls> cd iqn.2017-01.com.example:server2 /iscsi/iqn.20...ample:server2> set auth userid=amos Parameter userid is now 'amos'. /iscsi/iqn.20...ample:server2> set auth password=password Parameter password is now 'password'.
- Create the LUNs needed to associate a block device with a specific TPG. For our case, we will use iscsi_diskk block and iscsi_file file created above to create a LUN. Any new LUN created will be mapped to each ACL that is associated with the TPG. Navigate to luns directory under TPG directory.
/iscsi/iqn.20...ample:server2> cd ../../ /iscsi/iqn.20...target00/tpg1> cd luns /iscsi/iqn.20...t00/tpg1/luns> create /backstores/block/iscsi_disk Created LUN 0. Created LUN 0->0 mapping in node ACL iqn.2017-01.com.example:server2 /iscsi/iqn.20...t00/tpg1/luns> create /backstores/fileio/iscsi_file Created LUN 1. Created LUN 1->1 mapping in node ACL iqn.2017-01.com.example:server2
- Optionally, to configure a target to offer services on specific address, create a portal for that address. Remember the IP address used must be fixed. To do this, Navigate to portals and create it.
/iscsi/iqn.20...target00/tpg1> cd portals /iscsi/iqn.20.../tpg1/portals> create 192.168.122.10 Using default IP port 3260 Created network portal 192.168.122.10:3260
- Exit the targetcli utility and check whether port 3260 is open.
# ss -na | grep 3260 tcp LISTEN 0 256 *:3260 *:*
- Configure the iSCSI target to be accessed through firewall;
# firewall-cmd --add-port=3260/tcp --permanent # firewall-cmd --reload
- Start iSCSI target and enable it to run when the system boots.
# systemctl enable target # systemctl start target
Setting Up the iSCSI Initiator.
Follow these simple steps to configure an iSCSI Initiator.
- Install iSCSI Initiator utilities.
# yum install -y iscsi-initiator-utils
Edit the file /etc/iscsi/initiatorname.iscsi and add the name of the initiator and restart the iscsid service
# vim /etc/iscsi/initiatorname.iscsi InitiatorName=iqn.2017-01.com.example:server2 # systemctl restart iscsid
Configure authentication
# vim /etc/iscsi/iscsid.conf ... #Uncomment the following line node.session.auth.authmethod = CHAP ... # Uncomment these lines and specify the username and password set on the iSCSI target server node.session.auth.username = <username> node.session.auth.password = <strong-password>
Save the file and exit.
- Discover available targets using the iscsiadm command. When iscsiadm is operating on discovery mode, three arguments are passed:
- sendtargets type — specifies how to find the targets.
- portal — tells the iscsiadm the IP address and port to address so as to perform discovery. Default port is 3260.
- discover — tells the iscsid service to perform a discovery.
So, to perform an iSCSI discovery, run the command:
# iscsiadm --m discovery -t sendtargets --p 192.168.122.10 --discover 192.168.122.10:3260,1 iqn.2017-01.com.example.com:target00
- Log into the target using the iscsiadm command.
# iscsiadm -m node --login Logging in to [iface: default, target: iqn.2017-01.com.example.com:target00, portal: 192.168.122.10,3260] (multiple) Login to [iface: default, target: iqn.2017-01.com.example.com:target00, portal: 192.168.122.10,3260] successful.
- Once the connection is established, both session and node details can be checked as follows.
# iscsiadm -m session -o show tcp: [1] 192.168.122.10:3260,1 iqn.2017-01.com.example:target00 (non-flash) # iscsiadm --mode node -P 1 Target: iqn.2017-01.com.example.com:target00 Portal: 192.168.122.10:3260,1 Iface Name: default
- Mounting the iSCSI Devices
List the available iSCSI devices using the lsscsi command
# lsscsi [0:0:0:0] cd/dvd QEMU QEMU DVD-ROM 2.5+ /dev/sr0 [2:0:0:0] disk LIO-ORG sanblock1 4.0 /dev/sda [2:0:0:1] disk LIO-ORG sanblock2 4.0 /dev/sdb [2:0:0:2] disk LIO-ORG sanfile1 4.0 /dev/sdc [3:0:0:0] disk LIO-ORG iscsi_disk 4.0 /dev/sdd [3:0:0:1] disk LIO-ORG iscsi_file 4.0 /dev/sde
Our iSCSI device is denoted by /dev/sdd. Create an xfs filesystem on the new iSCSI disk.
# mkfs.xfs /dev/sdd meta-data=/dev/sdd isize=256 agcount=4, agsize=12800 blks = sectsz=512 attr=2, projid32bit=1 = crc=0 finobt=0 data = bsize=4096 blocks=51200, imaxpct=25 = sunit=0 swidth=0 blks naming =version 2 bsize=4096 ascii-ci=0 ftype=0 log =internal log bsize=4096 blocks=853, version=2 = sectsz=512 sunit=0 blks, lazy-count=1 realtime =none extsz=4096 blocks=0, rtextents=0
Create a mount point say at /mnt/ directory.
# mkdir /mnt/iscsi_disk
Use the command blkid to obtain the UUID for the device so we can use in /etc/fstab for mounting.
# blkid /dev/sdd /dev/sdd: UUID="cd65bc73-ef75-41fe-ac78-e5dab9cdc102" TYPE="xfs"
Edit the /etc/fstab/ file and add the following line
UUID=cd65bc73-ef75-41fe-ac78-e5dab9cdc102 /mnt/iscsi_disk xfs _netdev 0 2
Mount all devices and verify.
# mount -a # df -hT Filesystem Type Size Used Avail Use% Mounted on /dev/mapper/centos-root xfs 7.6G 1.1G 6.6G 14% / devtmpfs devtmpfs 487M 0 487M 0% /dev tmpfs tmpfs 497M 0 497M 0% /dev/shm tmpfs tmpfs 497M 13M 484M 3% /run tmpfs tmpfs 497M 0 497M 0% /sys/fs/cgroup /dev/vda1 xfs 497M 125M 373M 26% /boot server1.example.com:/home nfs4 7.6G 1.4G 6.3G 18% /home tmpfs tmpfs 100M 0 100M 0% /run/user/0 /dev/sdd xfs 197M 11M 187M 6% /mnt/iscsi_disk
iSCSI device, /dev/sdd is mounted at our mount point, /mnt/iscsi_disk
Big up, you have successfully configured an iSCSI target (server) and shared a block device to an iSCSI client.
In our next article, we will cover how to automount an iSCSI storage during every boot
Unable to Start
systemctl enable target
Failed to enable unit: Unit file target.service does not exist.