LCFS – Configuring iSCSI Storage on Linux

Jarret B

Well-Known Member
Staff member
Joined
May 22, 2017
Messages
372
Reaction score
432
Credits
13,798
iSCSI is a TCP/IP protocol that allows the use of iSCSI disks on a network. The Internet Small Computer System Interface (iSCSI) is a server-based target and client initiator. When installed, the initiator is part of the Linux kernel. The iSCSI driver starts a connection between the client and the target.

The disks can be any Logical Volume (LVM) on a Linux system. In our example, we will use ‘sdb12’, if you have been following along with the articles. If you have not been following along, then just replace your partition with the ‘sdb12’ partition I mention.

Keep in mind that sharing a network drive allows remote access to files at the file level. The share on an iSCSI drive is at a block level since the accessed partition or drive acts as if the drive were local and not remote.

Install iSCSI

Installation is easy on both CentOS and Ubuntu.

For CentOS, the command is:

Code:
sudo yum install targetd targetcli

In Ubuntu, there is only one package:

Code:
sudo apt install tgt

Start and enable the service (targetd or tgt).

Remember that you need to update the system and get the repositories and packages updated before you run the above command for your distro.

Setting Up the Firewall

You may not have a firewall enabled on your server if it is not being accessed from the Internet. If you do, you need to open Port 3260 for iSCSI.

NOTE: After a clean install, CentOS installs the firewall and Ubuntu does not. For Ubuntu, use the command ‘sudo apt install firewalld’. Then start and enable the ‘firewalld’ service or restart the system.

To verify installation, you can use the command:

Code:
sudo firewall-cmd --list-services

The response on either distro should be ‘ssh dhcpv6-client’. These are the ports that are open by the firewall.

So, we need to open the iSCSI port (3260) so the client (initiator) can access the server (target). The following command adds the entry in the firewall configuration:

Code:
sudo firewall-cmd --add-service=iscsi-target --permanent

NOTE: If any errors occur, be sure you enable all the services and start both the iSCSI and Firewall (if needed).

You can force the reload of the new configuration with the command:

Code:
firewall-cmd --reload

Once the system loads the configuration changes, you can list the services again and see that the ‘iscsi-arget’ is now present on the list.

Create LVM for iSCSI

To set up an iSCSI connection between two systems, we need a Logical Volume to use as the iSCSI drive. We covered Logical Volumes in ‘LFCS – Logical Volumes’. I will still cover the basic commands with fewer details of the commands since you can just look over that article.

We can create the Physical Volume for ‘sdb12’ with the command:

Code:
sudo pvcreate /dev/sdb12

You may need to verify the addition of the partition to ‘vgroup’, just answer ‘y’.

We can add the Volume Group and extend the Logical Volume with the following command:

Code:
sudo pvcreate /dev/sdb12
sudo vgextend vgroup /dev/sdb12
sudo lvextend -L +500m /dev/vgroup/logvol

We should have extended the volume by half a terabyte. So we can now create an iSCSI drive. Even though we have the space, we will just allocate 256MB of space for it.

Before we set it up, we need some network information, since this is a TCP/IP protocol.

For my CentOS system, the following is the IP configuration:

Hostname: Server1
FQDN: Server1.centos.linux.org
IP: 192.168.1.104

For Ubuntu, the following is the IP configuration:

Hostname: Server1
FQDN: Server1.ubuntu.linux.org
IP: 192.168.1.101

For CentOS, we will create an iSCSI drive named ‘c-scsi’ and for Ubuntu, it will be ‘u-scsi’.

We need to enter the command interface for iscsi by entering on a CentOS system:

Code:
target-cli

You should see the output of the starting program that shows the version number. At the prompt, you can get a listing of the iSCSI system by entering ‘ls’.

In ‘backstores/block’ we will create the block device in the iSCSI system:

Code:
backstores/block create c-scsi /dev/vgroup/logvol

If an error occurs, unmount the logical volume:

Code:
sudo umount /dev/vgroup/logvol

If you perform ‘ls’, see the iSCSI device ‘c-scsi’ listed in ‘backstores’.

The command is:

Code:
iscsi/ create iqn.2024-10.org.linux.centos.server1:c-scsi

It should now listen on Port 3260, which the command ‘netstat -lnt’ shows. Performing the ‘ls’ command now shows the ‘iscsi’ device.

We can now enter the device we created with:

Code:
cd iscsi/iqn.2024-10.org.linux.centos.server1:c-scsi/tpg1/luns

Now, we can create the Logical Unit Number (LUN) as used in actual SCSI devices.

Code:
create /backstores/block/c-scsi

It should create ‘LUN 0’. Performing an ‘ls’ will show ‘lun0’ in ‘luns’.

Enter the command to go back one level:

Code:
cd ..

There should be the ‘acls’ folder listed here that we can use to set permissions. To set up the permissions for ‘Server2’ for the iSCSI block drive:

Code:
cd acls
create iqn.2024-10.org.linux.centos.Server2:c-scsi
exit

You should be back at a normal terminal prompt, and the program saves the information.

We need to look at Server2 to make sure it is on the same network and in the same domain. The information is for the CentOS Server2:

Hostname: Server2
FQDN: Server2.centos.linux.org
IP: 192.168.1.126

NOTE: If your FQDN is not the same as the other system, go into and add the line for your system in ‘/etc/hosts’ and make sure the format is ‘IP FQDN HOSTNAME’. There is no need to restart the system. You can ping each system from the other one to verify connectivity. If you are using VirtualBox, you can change each system to a Bridged Network Interface.

For Ubuntu, the configuration is different. You need to edit the file ‘/etc/tgt/conf.d/iscsi.conf’ and place the following into it:

Code:
<target iqn.2024-10.server1.ubuntu.linux.org:lun0>
backing-store /dev/vgroup/logvol
initiator-address 192.168.1.205
incominguser iscsi-user password
outgoinguser iscsi-target secretpass
</target>

Save the file and restart the service:

Code:
systemctl restart tgt

Setting up the Initiator

On Server2, we need to install the client side software to connect to the iSCSI target.

On CentOS, perform the command:

Code:
sudo yum install iscsi-initiator-utils

After you install the packages, you need to edit the file ‘/etc/iscsi/initiator-iscsi’ and change the line to match your FQDN for Server2.

Code:
InitiatorName=iqn.2024-10.org.linux.centos.Server2:c-scsi

Save the file and run:

Code:
iscsiadm --mode discovery --type sendtargets --portal server1.centos.linux.org:c-scsi –discover
iscsiadm --mode node --targetname iqn.2024-10.org.linux.centos.server1:c-scsi --portal server1.centos.linux.org --login

If you get any errors, check the case of the alphabetic characters in the two commands since it is case-sensitive. It should connect and if you run ‘lsblk’, then you should have a new drive, which is the iSCSI drive on Server1.

For Ubuntu, perform the following on Server2:

Code:
sudo apt install open-iscsi
sudo iscsiadm -m discovery -t st -p 192.168.1.101
nano /etc/iscsi/initiatorname.iscsi

Now that the editor opens, enter the following line:

Code:
InitiatorName=iqn.2024-10.org.linux.ubuntu.server1:u-scsi

Save the file and run the command to configure more settings:

Code:
cd /etc/iscsi/nodes/iqn.2024-10.server1.ubuntu.linux.org:lun0/192.168.1.101,3260,1
nano default

Be sure to change the IP Address as needed for Server1 and add the following lines to the ‘default’ file at the end:

Code:
node.session.auth.authmethod = CHAP  
node.session.auth.username = iscsi-user
node.session.auth.password = password          
node.session.auth.username_in = iscsi-target
node.session.auth.password_in = secretpass         
node.startup = automatic

Save the file then restart the ‘iscsi’ service by:

Code:
sudo systemctl restart open-iscsi iscsid

Back at the terminal, you can enter the following and you should see the result of the name for Server1 and the LUN:

Code:
iscsiadm -m session -o show

This should connect to the iSCSI drive, but on Ubuntu there seem to be kernel issues to get this to work, and it causes ‘Segmentation Faults’. If you perform the commands after running ‘sudo su’, there aren’t errors, but no connection is made.

Unfortunately, I have not tried this with a newer kernel.

Conclusion

Using iSCSI as a block device is faster than using a share at file level.

Give this a try, but use CentOS since it works and is a little easier to manage.
 

Members online


Latest posts

Top