How to Install and Configure iSCSI Storage Server on Ubuntu 18.04

|
Last Updated:
|
|

In this tutorial we are going to learn how to install and configure iSCSI storage server on Ubuntu 18.04. Well, iSCSI, an acronym for Internet Small Computer System Interface, is a Storage Area Network protocol that is used by the organizations to facilitate online storage management. It relies on TCP/IP networks to send SCSI commands between the initiator (client) and the target (server) that provide block-level access to the storage devices which can either be LVM logical volumes, complete disks, files or partitions.

Install and Configure iSCSI Storage Server on Ubuntu

Key Concepts in iSCSI

Below are key concepts used in iSCSI network storage;

  • iSCSI Initiator: The client-side software that enables a device to connect to an iSCSI storage target and use its resources.
  • iSCSI Target: The server-side software that presents the storage resources to the initiator as if they were local disks.
  • LUN (Logical Unit Number): A unique identifier that represents a specific logical volume or portion of a physical disk on the iSCSI target.
  • iSCSI Portal: The IP address and TCP port number combination that the iSCSI initiator uses to connect to the iSCSI target.
  • Initiator IQN (iSCSI Qualified Name): The unique identifier assigned to the iSCSI initiator to establish a connection with the iSCSI target.
  • CHAP (Challenge-Handshake Authentication Protocol): A security mechanism used for authentication between the iSCSI initiator and target to ensure that only authorized initiators can access the storage.
  • SCSI (Small Computer System Interface): A standard protocol used by the operating system to communicate with storage devices, including iSCSI storage.
  • MPIO (Multipath I/O): A technique used to create redundant paths between the initiator and target to ensure high availability and load balancing.
  • Jumbo Frames: A technique used to increase the packet size in iSCSI networks to improve performance.
  • Portal: A portal is a network interface on a target that listens for iSCSI initiator connection requests.
  • TPG (Target Portal Group): a group of portals on the target side that share the same target portal group tag (TPGT). By grouping portals into a TPG, the target can present a single iSCSI target to initiators, even if there are multiple interfaces or network paths to the target. TPGs can be used to provide load balancing, failover, and increased throughput.
  • ACL: Access Control List that lists iSCSI clients to be granted access to the storage device.

Read more on man targetcli.

In our deployment, we will be using Ubuntu 18.04 server as the iSCSI target and Ubuntu 18.04 Desktop as the iSCSI initiator.

Install iSCSI Required Packages

To set up an iSCSI target, we need to install an administration tool called targetcli which provides the default interface for managing the target.

apt -y install targetcli-fb

Configure iSCSI Target on Ubuntu

After installing targetcli, let us configure iSCSI target.

Create the backend storage devices

In our storage server, we have attached two disks and created two logical volumes;

lsblk

NAME             MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
...
sdb                8:16   0    4G  0 disk 
└─vol01-lv_san01 253:2    0    4G  0 lvm  
sdc                8:32   0   15G  0 disk 
└─vol02-lv_san02 253:3    0   15G  0 lvm

Create iSCSI Backstore/Block Storage

iSCSI backstore is a virtual disk or LUN (Logical Unit Number) that represents the storage space that is exported to the iSCSI initiators. There are several types of backstores that can be used in iSCSI, such as file-based backstores like iSCSI target files, or block-based backstores like LVM volumes or physical disks.

To create iSCSI target backstore, launch the targetcli utility by typing targetcli on terminal

targetcli

This will open an interactive prompt;


targetcli shell version 2.1.53
Copyright 2011-2013 by Datera, Inc and others.
For help on commands, type 'help'.

/>

Next, create new backstore for the iSCSI disk using logical volumes created above as the backend storage device.

/backstores/block create iscsi_disk_01 /dev/vol01/lv_san01
/backstores/block create iscsi_disk_02 /dev/vol02/lv_san02

If you run ls command, you should now be able to see created block storage;

ls

o- / ......................................................................................................................... [...]
  o- backstores .............................................................................................................. [...]
  | o- block .................................................................................................. [Storage Objects: 2]
  | | o- iscsi_disk_01 ....................................................... [/dev/vol01/lv_san01 (4.0GiB) write-thru deactivated]
  | | | o- alua ................................................................................................... [ALUA Groups: 1]
  | | |   o- default_tg_pt_gp ....................................................................... [ALUA state: Active/optimized]
  | | o- iscsi_disk_02 ...................................................... [/dev/vol02/lv_san02 (15.0GiB) write-thru deactivated]
  | |   o- alua ................................................................................................... [ALUA Groups: 1]
  | |     o- default_tg_pt_gp ....................................................................... [ALUA state: Active/optimized]
  | o- fileio ................................................................................................. [Storage Objects: 0]
  | o- pscsi .................................................................................................. [Storage Objects: 0]
  | o- ramdisk ................................................................................................ [Storage Objects: 0]
  o- iscsi ............................................................................................................ [Targets: 0]
  o- loopback ......................................................................................................... [Targets: 0]

NB iscsi_disk_nn is the name of the backing storage device. You can call it a name of your choice.

Create iSCSI File-based Backstore

If you want, you can also create a file-backed block device. To do this, navigate to fileio directory and create for example, a 1GiB sized file residing on the home directory.

/backstores/fileio create iscsi_file01 /home/disk_file 1GiB
ls /backstores/fileio

o- fileio ..................................................................................................... [Storage Objects: 1]
  o- iscsi_file01 ................................................................ [/home/disk_file (1.0GiB) write-back deactivated]
    o- alua ....................................................................................................... [ALUA Groups: 1]
      o- default_tg_pt_gp ........................................................................... [ALUA state: Active/optimized]
/>

Create an IQN for the iSCSI target

Next, you need to create an IQN for the iSCSI targets.

/iscsi create iqn.2023-05.com.kifarunix-demo:target00

When IQN is created, by default a Target Portal Group will be created.

Created target iqn.2023-05.com.kifarunix-demo:target00.
Created TPG 1.
Global pref auto_add_default_portal=true
Created default portal listening on all IPs (0.0.0.0), port 3260.

As you can see, iSCSI target creates a portal that listens on all interfaces on port 3260/tcp.

Configure ACLs for the TPG

Target Portal Group (TPG) Access Control List (ACL) defines which initiators are allowed to access the storage resources exposed by the target. The TPG ACL is used to provide access control at the Target level. It specifies the initiator names that are allowed or denied access to the target.

When a new session is established, the initiator’s name is checked against the TPG ACL. If the initiator name is found in the ACL, access is granted, and the session is established. If the initiator name is not found in the ACL, access is denied, and the session is terminated.

To create an ACL for the TPG1 above;

/iscsi/iqn.2023-05.com.kifarunix-demo:target00/tpg1/acls create iqn.2023-05.com.kifarunix-demo:poc

This creates a node ACL that allows poc server to access the target’s IQN just created.

If you want to add multiple clients, specify them comma separated;

/iscsi/iqn.2023-05.com.kifarunix-demo:target00/tpg1/acls create iqn.2023-05.com.kifarunix-demo:poc,iqn.2023-05.com.kifarunix-demo:another-server

If you want to use IPs instead;

/iscsi/iqn.2023-05.com.kifarunix-demo:target00/tpg1/acls create 192.168.1.100,192.168.1.101

Configure CHAP Authentication

Configure CHAP Authentication by creating initiators’ users, that will be allowed to access backend storage, and their passwords.

/iscsi/iqn.2023-05.com.kifarunix-demo:target00/tpg1/acls/iqn.2023-05.com.kifarunix-demo:poc set auth userid=kifarunix-admin
/iscsi/iqn.2023-05.com.kifarunix-demo:target00/tpg1/acls/iqn.2023-05.com.kifarunix-demo:poc set auth password=password

Create LUNs for the iSCSI disk

Create the LUNs needed to associate a block device with a specific TPG. For our case, we will use iscsi_disk_01 block and iscsi_file01 file created above to create a LUN.

Any new LUN created will be mapped to each ACL that is associated with the TPG.

/iscsi/iqn.2023-05.com.kifarunix-demo:target00/tpg1/luns create /backstores/block/iscsi_disk_01

Output;

Created LUN 0.
Created LUN 0->0 mapping in node ACL iqn.2023-05.com.kifarunix-demo:poc

File based LUN;

/iscsi/iqn.2023-05.com.kifarunix-demo:target00/tpg1/luns create /backstores/fileio/iscsi_file01

Create iSCSI Target Portal

Optionally, to configure a target to offer services on specific address, create a portal for that address. Remember the IP address used must be fixed. To do this, Navigate to portals and create it.

/iscsi/iqn.2023-05.com.kifarunix-demo:target00/tpg1/portals create 192.168.57.45

If you get the error, Could not create NetworkPortal in configFS, it is because you already have portal that listens on all IPs;

/iscsi/iqn.2023-05.com.kifarunix-demo:target00/tpg1/portals ls
o- portals ............................................................................................................ [Portals: 1]
  o- 0.0.0.0:3260 ............................................................................................................. [OK]
/>

Thus, to change this, delete the portal;

/iscsi/iqn.2023-05.com.kifarunix-demo:target00/tpg1/portals delete 0.0.0.0 3260

And re-create the portal;

/iscsi/iqn.2023-05.com.kifarunix-demo:target00/tpg1/portals create 192.168.57.45

Output;

Using default IP port 3260
Created network portal 192.168.57.45:3260.

Open iSCSI Portal on Firewall

Exit the targetcli utility

/> exit
Global pref auto_save_on_exit=true
Configuration saved to /etc/target/saveconfig.json

check whether port 3260 is listening;

ss -altnp | grep 3260
LISTEN     0      256    192.168.57.45:3260                     *:*

Open iSCSI portal on firewall;

ufw allow 3260/tcp

Running iSCSI Target Service

Start iSCSI target and enable it to run when the system boots.

systemctl enable --now target

Check status;

systemctl status target

Configure the iSCSI Initiator

Follow these simple steps to configure an iSCSI Initiator.

Install iSCSI Initiator Utilities

Run the command, install iSCSI Initiator utilities

apt -y install open-iscsi

Set the iSCSI Initiator Name

Edit the file /etc/iscsi/initiatorname.iscsi configuration and add the name of the initiator;

vim /etc/iscsi/initiatorname.iscsi
InitiatorName=iqn.2023-05.com.kifarunix-demo:poc

Save and exit the file

Configure Authentication

Open the /etc/iscsi/iscsid.conf config and update the iSCSI credentials created before, under CHAP settings section;

vim /etc/iscsi/iscsid.conf

# *************
# CHAP Settings
# *************

# To enable CHAP authentication set node.session.auth.authmethod
# to CHAP. The default is None.
node.session.auth.authmethod = CHAP

# To configure which CHAP algorithms to enable set
# node.session.auth.chap_algs to a comma seperated list.
# The algorithms should be listen with most prefered first.
# Valid values are MD5, SHA1, SHA256
# The default is MD5.
#node.session.auth.chap_algs = SHA256,SHA1,MD5

# To set a CHAP username and password for initiator
# authentication by the target(s), uncomment the following lines:
node.session.auth.username = kifarunix-admin
node.session.auth.password = password

Save the file and exit.

Restart the iscsid service

systemctl restart iscsid open-iscsi

Perform iSCSI Target Discovery

You can discover available targets using the iscsiadm command. When iscsiadm is operating on discovery mode, three arguments are passed:

  • sendtargets type — specifies how to find the targets.
  • portal — tells the iscsiadm the IP address and port to address so as to perform discovery. Default port is 3260.
  • discover — tells the iscsid service to perform a discovery.
sudo iscsiadm -m discovery -t st -p [IP address of the iSCSI server]

So, to perform an iSCSI discovery, from the initiator run the command:

iscsiadm -m discovery -t sendtargets -p 192.168.57.45

Sample output;

192.168.57.45:3260,1 iqn.2023-05.com.kifarunix-demo:target00

View iSCSI Target Details

To view the iSCSI target details, run the following command:

sudo iscsiadm -m node -T [target IQN] -p [IP address of the iSCSI server] --login

Replace [target IQN] with the IQN of the target and [IP address of the iSCSI server] with the IP address of the iSCSI server.

iscsiadm -m node -T iqn.2023-05.com.kifarunix-demo:target00 -p 192.168.57.45 --login
Logging in to [iface: default, target: iqn.2023-05.com.kifarunix-demo:target00, portal: 192.168.57.45,3260] (multiple)
Login to [iface: default, target: iqn.2023-05.com.kifarunix-demo:target00, portal: 192.168.57.45,3260] successful.

Once the connection is established, both session and node details can be checked as follows.

iscsiadm -m session -o show

Output;

tcp: [1] 192.168.57.45:3260,1 iqn.2023-05.com.kifarunix-demo:target00 (non-flash)
iscsiadm --mode node -P 1
Target: iqn.2023-05.com.kifarunix-demo:target00
	Portal: 192.168.57.45:3260,1
		Iface Name: default

Mounting the iSCSI Devices

List the available iSCSI devices using the lsscsi command;

lsscsi
...
[3:0:0:0]    disk    LIO-ORG  iscsi_disk_01    4.0   /dev/sdb 
[3:0:0:1]    disk    LIO-ORG  iscsi_file01     4.0   /dev/sdc

Our iSCSI device is denoted by /dev/sdb, /dev/sdc.

Create Filesystem on iSCSI Disk

As you can see that the that the block device and fileio targets shared are now available to the initiator as sdb and sdc respectively and can now be used as if they were locally mounted.

To make these devices usable, we need to partition them, create filesystems on them and mount them.
To partition the devices, you can use any partitioning system you are comfortable with. In our case we used parted in a scripted format as shown below.

parted -s /dev/sdb "mklabel msdos"
parted -s /dev/sdb "mkpart primary 0% 100%" 

Create an EXT4 filesystem on the new iSCSI disk.

mkfs.ext4 /dev/sdb1

Mount iSCSI Disk on Client

Create a mount point say at /mnt/ directory.

mkdir /mnt/iscsi_disk

Mount the backstore;

mount -t ext4 /dev/sdb1 /mnt/iscsi_disk/
df -hT -P /dev/sdb1
Filesystem     Type  Size  Used Avail Use% Mounted on
/dev/sdb1       ext4   4.0G   33M  4.0G   1% /mnt/iscsi_disk

To be able to mount it on boot, add this entry on /etc/fstab.

echo "/dev/sdb1 /mnt/iscsi_disk ext4 _netdev  0 2"  >> /etc/fstab

Big up! You have successfully configured an iSCSI target (server) and shared  a block device to an iSCSI client.

That concludes our guide on how to install and configure iSCSI storage server on Ubuntu.

More information on;

Other Tutorials

Setup Replicated GlusterFS Volume on Ubuntu

How Install and Configure iSCSI Storage server on CentOS

SUPPORT US VIA A VIRTUAL CUP OF COFFEE

We're passionate about sharing our knowledge and experiences with you through our blog. If you appreciate our efforts, consider buying us a virtual coffee. Your support keeps us motivated and enables us to continually improve, ensuring that we can provide you with the best content possible. Thank you for being a coffee-fueled champion of our work!

Photo of author
koromicha
I am the Co-founder of Kifarunix.com, Linux and the whole FOSS enthusiast, Linux System Admin and a Blue Teamer who loves to share technological tips and hacks with others as a way of sharing knowledge as: "In vain have you acquired knowledge if you have not imparted it to others".

1 thought on “How to Install and Configure iSCSI Storage Server on Ubuntu 18.04”

  1. why does iscsiadm say “(non-flash)”? I have exported a ssd but it says non-flash! how do you make it say “flash” ?!

    Reply

Leave a Comment