In this tutorial we are going to learn how to install and configure iSCSI storage server on Ubuntu 18.04. Well, iSCSI, an acronym for Internet Small Computer System Interface, is a Storage Area Network protocol that is used by the organizations to facilitate online storage management. It relies on TCP/IP networks to send SCSI commands between the initiator (client) and the target (server) that provide block-level access to the storage devices which can either be LVM logical volumes, complete disks, files or partitions.
Installing iSCSI Storage Server on Ubuntu
Key Concepts in iSCSI
Below are key concepts used in iSCSI network storage;
iSCSI Initiator: The client-side software that enables a device to connect to an iSCSI storage target and use its resources.iSCSI Target: The server-side software that presents the storage resources to the initiator as if they were local disks.LUN (Logical Unit Number): A unique identifier that represents a specific logical volume or portion of a physical disk on the iSCSI target.iSCSI Portal: The IP address and TCP port number combination that the iSCSI initiator uses to connect to the iSCSI target.Initiator IQN (iSCSI Qualified Name): The unique identifier assigned to the iSCSI initiator to establish a connection with the iSCSI target.CHAP (Challenge-Handshake Authentication Protocol): A security mechanism used for authentication between the iSCSI initiator and target to ensure that only authorized initiators can access the storage.SCSI (Small Computer System Interface): A standard protocol used by the operating system to communicate with storage devices, including iSCSI storage.MPIO (Multipath I/O): A technique used to create redundant paths between the initiator and target to ensure high availability and load balancing.Jumbo Frames: A technique used to increase the packet size in iSCSI networks to improve performance.Portal: A portal is a network interface on a target that listens for iSCSI initiator connection requests.TPG (Target Portal Group): a group of portals on the target side that share the same target portal group tag (TPGT). By grouping portals into a TPG, the target can present a single iSCSI target to initiators, even if there are multiple interfaces or network paths to the target. TPGs can be used to provide load balancing, failover, and increased throughput.- ACL: Access Control List that lists iSCSI clients to be granted access to the storage device.
Read more on man targetcli.
In our deployment, we will be using Ubuntu 18.04 server as the iSCSI target and Ubuntu 18.04 Desktop as the iSCSI initiator.
Install iSCSI Required Packages
To set up an iSCSI target, we need to install an administration tool called targetcli which provides the default interface for managing the target.
apt -y install targetcli-fbConfigure iSCSI Target on Ubuntu
After installing targetcli, let us configure iSCSI target.
Create the backend storage devices
In our storage server, we have attached two disks and created two logical volumes;
lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
...
sdb 8:16 0 4G 0 disk
└─vol01-lv_san01 253:2 0 4G 0 lvm
sdc 8:32 0 15G 0 disk
└─vol02-lv_san02 253:3 0 15G 0 lvm
Create iSCSI Backstore/Block Storage
iSCSI backstore is a virtual disk or LUN (Logical Unit Number) that represents the storage space that is exported to the iSCSI initiators. There are several types of backstores that can be used in iSCSI, such as file-based backstores like iSCSI target files, or block-based backstores like LVM volumes or physical disks.
To create iSCSI target backstore, launch the targetcli utility by typing targetcli on terminal
targetcliThis will open an interactive prompt;
targetcli shell version 2.1.53
Copyright 2011-2013 by Datera, Inc and others.
For help on commands, type 'help'.
/>
Next, create new backstore for the iSCSI disk using logical volumes created above as the backend storage device.
/backstores/block create iscsi_disk_01 /dev/vol01/lv_san01/backstores/block create iscsi_disk_02 /dev/vol02/lv_san02If you run ls command, you should now be able to see created block storage;
ls
o- / ......................................................................................................................... [...]
o- backstores .............................................................................................................. [...]
| o- block .................................................................................................. [Storage Objects: 2]
| | o- iscsi_disk_01 ....................................................... [/dev/vol01/lv_san01 (4.0GiB) write-thru deactivated]
| | | o- alua ................................................................................................... [ALUA Groups: 1]
| | | o- default_tg_pt_gp ....................................................................... [ALUA state: Active/optimized]
| | o- iscsi_disk_02 ...................................................... [/dev/vol02/lv_san02 (15.0GiB) write-thru deactivated]
| | o- alua ................................................................................................... [ALUA Groups: 1]
| | o- default_tg_pt_gp ....................................................................... [ALUA state: Active/optimized]
| o- fileio ................................................................................................. [Storage Objects: 0]
| o- pscsi .................................................................................................. [Storage Objects: 0]
| o- ramdisk ................................................................................................ [Storage Objects: 0]
o- iscsi ............................................................................................................ [Targets: 0]
o- loopback ......................................................................................................... [Targets: 0]
NB iscsi_disk_nn is the name of the backing storage device. You can call it a name of your choice.
Create iSCSI File-based Backstore
If you want, you can also create a file-backed block device. To do this, navigate to fileio directory and create for example, a 1GiB sized file residing on the home directory.
/backstores/fileio create iscsi_file01 /home/disk_file 1GiBls /backstores/fileio
o- fileio ..................................................................................................... [Storage Objects: 1]
o- iscsi_file01 ................................................................ [/home/disk_file (1.0GiB) write-back deactivated]
o- alua ....................................................................................................... [ALUA Groups: 1]
o- default_tg_pt_gp ........................................................................... [ALUA state: Active/optimized]
/>
Create an IQN for the iSCSI target
Next, you need to create an IQN for the iSCSI targets.
/iscsi create iqn.2023-05.com.kifarunix-demo:target00When IQN is created, by default a Target Portal Group will be created.
Created target iqn.2023-05.com.kifarunix-demo:target00.
Created TPG 1.
Global pref auto_add_default_portal=true
Created default portal listening on all IPs (0.0.0.0), port 3260.As you can see, iSCSI target creates a portal that listens on all interfaces on port 3260/tcp.
Configure ACLs for the TPG
Target Portal Group (TPG) Access Control List (ACL) defines which initiators are allowed to access the storage resources exposed by the target. The TPG ACL is used to provide access control at the Target level. It specifies the initiator names that are allowed or denied access to the target.
When a new session is established, the initiator’s name is checked against the TPG ACL. If the initiator name is found in the ACL, access is granted, and the session is established. If the initiator name is not found in the ACL, access is denied, and the session is terminated.
To create an ACL for the TPG1 above;
/iscsi/iqn.2023-05.com.kifarunix-demo:target00/tpg1/acls create iqn.2023-05.com.kifarunix-demo:pocThis creates a node ACL that allows poc server to access the target’s IQN just created.
If you want to add multiple clients, specify them comma separated;
/iscsi/iqn.2023-05.com.kifarunix-demo:target00/tpg1/acls create iqn.2023-05.com.kifarunix-demo:poc,iqn.2023-05.com.kifarunix-demo:another-serverIf you want to use IPs instead;
/iscsi/iqn.2023-05.com.kifarunix-demo:target00/tpg1/acls create 192.168.1.100,192.168.1.101Configure CHAP Authentication
Configure CHAP Authentication by creating initiators’ users, that will be allowed to access backend storage, and their passwords.
/iscsi/iqn.2023-05.com.kifarunix-demo:target00/tpg1/acls/iqn.2023-05.com.kifarunix-demo:poc set auth userid=kifarunix-admin/iscsi/iqn.2023-05.com.kifarunix-demo:target00/tpg1/acls/iqn.2023-05.com.kifarunix-demo:poc set auth password=passwordCreate LUNs for the iSCSI disk
Create the LUNs needed to associate a block device with a specific TPG. For our case, we will use iscsi_disk_01 block and iscsi_file01 file created above to create a LUN.
Any new LUN created will be mapped to each ACL that is associated with the TPG.
/iscsi/iqn.2023-05.com.kifarunix-demo:target00/tpg1/luns create /backstores/block/iscsi_disk_01Output;
Created LUN 0.
Created LUN 0->0 mapping in node ACL iqn.2023-05.com.kifarunix-demo:pocFile based LUN;
/iscsi/iqn.2023-05.com.kifarunix-demo:target00/tpg1/luns create /backstores/fileio/iscsi_file01Create iSCSI Target Portal
Optionally, to configure a target to offer services on specific address, create a portal for that address. Remember the IP address used must be fixed. To do this, Navigate to portals and create it.
/iscsi/iqn.2023-05.com.kifarunix-demo:target00/tpg1/portals create 192.168.57.45If you get the error, Could not create NetworkPortal in configFS, it is because you already have portal that listens on all IPs;
/iscsi/iqn.2023-05.com.kifarunix-demo:target00/tpg1/portals lso- portals ............................................................................................................ [Portals: 1]
o- 0.0.0.0:3260 ............................................................................................................. [OK]
/>Thus, to change this, delete the portal;
/iscsi/iqn.2023-05.com.kifarunix-demo:target00/tpg1/portals delete 0.0.0.0 3260And re-create the portal;
/iscsi/iqn.2023-05.com.kifarunix-demo:target00/tpg1/portals create 192.168.57.45Output;
Using default IP port 3260
Created network portal 192.168.57.45:3260.Open iSCSI Portal on Firewall
Exit the targetcli utility
/> exit
Global pref auto_save_on_exit=true
Configuration saved to /etc/target/saveconfig.jsoncheck whether port 3260 is listening;
ss -altnp | grep 3260LISTEN 0 256 192.168.57.45:3260 *:*Open iSCSI portal on firewall;
ufw allow 3260/tcpRunning iSCSI Target Service
Start iSCSI target and enable it to run when the system boots.
systemctl enable --now targetCheck status;
systemctl status targetConfigure the iSCSI Initiator
Follow these simple steps to configure an iSCSI Initiator.
Install iSCSI Initiator Utilities
Run the command, install iSCSI Initiator utilities
apt -y install open-iscsiSet the iSCSI Initiator Name
Edit the file /etc/iscsi/initiatorname.iscsi configuration and add the name of the initiator;
vim /etc/iscsi/initiatorname.iscsiInitiatorName=iqn.2023-05.com.kifarunix-demo:pocSave and exit the file
Configure Authentication
Open the /etc/iscsi/iscsid.conf config and update the iSCSI credentials created before, under CHAP settings section;
vim /etc/iscsi/iscsid.conf
# *************
# CHAP Settings
# *************
# To enable CHAP authentication set node.session.auth.authmethod
# to CHAP. The default is None.
node.session.auth.authmethod = CHAP
# To configure which CHAP algorithms to enable set
# node.session.auth.chap_algs to a comma seperated list.
# The algorithms should be listen with most prefered first.
# Valid values are MD5, SHA1, SHA256
# The default is MD5.
#node.session.auth.chap_algs = SHA256,SHA1,MD5
# To set a CHAP username and password for initiator
# authentication by the target(s), uncomment the following lines:
node.session.auth.username = kifarunix-admin
node.session.auth.password = password
Save the file and exit.
Restart the iscsid service
systemctl restart iscsid open-iscsiPerform iSCSI Target Discovery
You can discover available targets using the iscsiadm command. When iscsiadm is operating on discovery mode, three arguments are passed:
- sendtargets type — specifies how to find the targets.
- portal — tells the iscsiadm the IP address and port to address so as to perform discovery. Default port is 3260.
- discover — tells the iscsid service to perform a discovery.
sudo iscsiadm -m discovery -t st -p [IP address of the iSCSI server]So, to perform an iSCSI discovery, from the initiator run the command:
iscsiadm -m discovery -t sendtargets -p 192.168.57.45Sample output;
192.168.57.45:3260,1 iqn.2023-05.com.kifarunix-demo:target00View iSCSI Target Details
To view the iSCSI target details, run the following command:
sudo iscsiadm -m node -T [target IQN] -p [IP address of the iSCSI server] --loginReplace [target IQN] with the IQN of the target and [IP address of the iSCSI server] with the IP address of the iSCSI server.
iscsiadm -m node -T iqn.2023-05.com.kifarunix-demo:target00 -p 192.168.57.45 --loginLogging in to [iface: default, target: iqn.2023-05.com.kifarunix-demo:target00, portal: 192.168.57.45,3260] (multiple)
Login to [iface: default, target: iqn.2023-05.com.kifarunix-demo:target00, portal: 192.168.57.45,3260] successful.Once the connection is established, both session and node details can be checked as follows.
iscsiadm -m session -o showOutput;
tcp: [1] 192.168.57.45:3260,1 iqn.2023-05.com.kifarunix-demo:target00 (non-flash)iscsiadm --mode node -P 1Target: iqn.2023-05.com.kifarunix-demo:target00
Portal: 192.168.57.45:3260,1
Iface Name: defaultMounting the iSCSI Devices
List the available iSCSI devices using the lsscsi command;
lsscsi...
[3:0:0:0] disk LIO-ORG iscsi_disk_01 4.0 /dev/sdb
[3:0:0:1] disk LIO-ORG iscsi_file01 4.0 /dev/sdcOur iSCSI device is denoted by /dev/sdb, /dev/sdc.
Create Filesystem on iSCSI Disk
As you can see that the that the block device and fileio targets shared are now available to the initiator as sdb and sdc respectively and can now be used as if they were locally mounted.
To make these devices usable, we need to partition them, create filesystems on them and mount them.
To partition the devices, you can use any partitioning system you are comfortable with. In our case we used parted in a scripted format as shown below.
parted -s /dev/sdb "mklabel msdos"
parted -s /dev/sdb "mkpart primary 0% 100%" Create an EXT4 filesystem on the new iSCSI disk.
mkfs.ext4 /dev/sdb1Mount iSCSI Disk on Client
Create a mount point say at /mnt/ directory.
mkdir /mnt/iscsi_diskMount the backstore;
mount -t ext4 /dev/sdb1 /mnt/iscsi_disk/df -hT -P /dev/sdb1Filesystem Type Size Used Avail Use% Mounted on
/dev/sdb1 ext4 4.0G 33M 4.0G 1% /mnt/iscsi_diskTo be able to mount it on boot, add this entry on /etc/fstab.
echo "/dev/sdb1 /mnt/iscsi_disk ext4 _netdev 0 2" >> /etc/fstabBig up! You have successfully configured an iSCSI target (server) and shared a block device to an iSCSI client.
That concludes our guide on how to installing and configuring iSCSI storage server on Ubuntu.
More information on;
- man iscsiadm
- man iscsi-target
why does iscsiadm say “(non-flash)”? I have exported a ssd but it says non-flash! how do you make it say “flash” ?!