How to configure iscsi target using Red Hat Linux

by
Before starting with the configuration let us understand some basics on iSCSI.
Starting with the abbreviation iSCSI stands for Internet Small Computer System Interface which is a block level protocol for sharing your storage devices over an IP network. iSCSI can be used to transmit data over local area networks (LANs), wide area networks (WANs), or the Internet, and can enable location-independent data storage and retrieval.
 

How is the iSCSI data transfer secure over network?

This question can be arised since the data is getting transferred over IP network there might be a probability the this data can be compromised so to overcome this data in iSCSI is encapsulated at several layers of OS layer.
The encapsulation architecture looks something like below

 

  • SCSI payload consists of read write data that gets sent to and from disks.
  • Then first layer of encapsulation is provided. iSCSI works at the session layer of the OSI model and encapsulates SCSI payloads into iSCSI PDU i.e. Protocol Data Unit
  • As the iSCSI PDU passes down the layers of the network stack it gets further and further encapsulated at each layer
  • into TCP segments of the network layer
  • into IP packets at network layer
  • into Ethernet frames at data link layer

When it arrives at the other side of the network at the destination each of its layer is then ripped of one by one untill we are left with our original scsi payload.

iSCSI Initiator is considered as the client and iSCSI traget as the server. There can be multiple targets available and owns the storage. The storage is divided into multiple LUNs(Logical Unit Number) and is mapped into iSCSI target which then is used by the client using iscsi initiator.

 

Configure iSCSI target (server)

# yum install scsi-target-utils -y

Start the iscsi related service 

# service tgtd start
# chkconfig tgtd on

 

Creating LUN

Let us create a new logical volume
I have added a new hard disk to my virtual machine on which I will create a new logical volume.

# fdisk /dev/sdb
WARNING: DOS-compatible mode is deprecated. It's strongly recommended to
switch off the mode (command 'c') and change display units to
sectors (command 'u').
Command (m for help): n
Command action
e   extended
p   primary partition (1-4)
p
Partition number (1-4): 1
First cylinder (1-1305, default 1):1
Using default value 1
Last cylinder, +cylinders or +size{K,M,G} (1-1305, default 1305):[Press Enter]
Using default value 1305
Command (m for help): p
Disk /dev/sdb: 10.7 GB, 10737418240 bytes
255 heads, 63 sectors/track, 1305 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x398d6cc3
Device Boot      Start         End      Blocks   Id  System
/dev/sdb1               1        1305    10482381   83  Linux
Command (m for help): t
Selected partition 1
Hex code (type L to list codes): 8e
Changed system type of partition 1 to 8e (Linux LVM)
Command (m for help): w
The partition table has been altered!
Calling ioctl() to re-read partition table.
Syncing disks.
# partprobe /dev/sdb
# pvcreate /dev/sdb1
  Physical volume "/dev/sdb1" successfully created
# vgcreate VolGroup1 /dev/sdb1
  Volume group "VolGroup1" successfully created
# lvcreate -L 5G VolGroup1 -n work
  Logical volume "work" created

So here I have create a new Logical Volume by the name of work. So next is to add this path as LUN to my iSCSI target

# vi /etc/tgt/targets.conf
## search for "default-driver iscsi" and add a next line as shown below
<target iqn.2014-09.com.example:target1>
    backing-store /dev/VolGroup1/work
</target>

Here backing-store <path> defines a logical unit (LUN) exported by the target. This may specify either a regular file, or a block device.

# /etc/init.d/tgtd restart
Stopping SCSI target daemon:                               [  OK  ]
Starting SCSI target daemon:                               [  OK  ]

To view the configure iscsi targets and LUN

# tgtadm --mode target --op show
Target 1: iqn.2014-09.com.example:target1
    System information:
        Driver: iscsi
        State: ready
    I_T nexus information:
    LUN information:
LUN: 0
            Type: controller
            SCSI ID: IET     00010000
            SCSI SN: beaf10
            Size: 0 MB, Block size: 1
            Online: Yes
            Removable media: No
            Prevent removal: No
            Readonly: No
            Backing store type: null
            Backing store path: None
            Backing store flags:
LUN: 1
Type: disk
            SCSI ID: IET     00010001
            SCSI SN: beaf11
            Size: 5369 MB, Block size: 512
            Online: Yes
            Removable media: No
            Prevent removal: No
            Readonly: No
            Backing store type: rdwr
            Backing store path: /dev/VolGroup1/work
            Backing store flags:
    Account information:
    ACL information:
        ALL

As you see two LUNs are visible when we had created only one. If you see nicely LUN 0 is a controller LUn that acts as an interface to the controller.
LUN 1 is the disk type with the LVM which we just created.
 

iptables rule on server

# iptables -I INPUT -m state --state NEW -p tcp --dport 3260 -j ACCEPT
# service iptables save

 

On Client

# yum -y install iscsi-initiator-utils

Discover the iscsi target from your server

# iscsiadm --mode discovery --type sendtargets --portal 192.168.1.11 --discover
Starting iscsid:                                           [  OK  ]
192.168.1.11:3260,1 iqn.2014-09.com.example:target1

Now lets confirm the status of our newly discovered target

# iscsiadm --mode node --op show | less
# BEGIN RECORD 6.2.0-873.10.el6
node.name = iqn.2014-09.com.example:target1
node.tpgt = 1
node.startup = automatic
node.leading_login = No
iface.hwaddress =
iface.ipaddress =
iface.iscsi_ifacename = default
iface.net_ifacename =
iface.transport_name = tcp
iface.initiatorname =
iface.bootproto =
iface.subnet_mask =
iface.gateway =
iface.ipv6_autocfg =
iface.linklocal_autocfg =
iface.router_autocfg =
iface.ipv6_linklocal =
iface.ipv6_router =
iface.state =
iface.vlan_id = 0
iface.vlan_priority = 0
iface.vlan_state =
iface.iface_num = 0
iface.mtu = 0
iface.port = 0
node.discovery_address = 192.168.1.11
node.discovery_port = 3260
node.discovery_type = send_targets
node.session.initial_cmdsn = 0
node.session.initial_login_retry_max = 8
node.session.xmit_thread_priority = -20
node.session.cmds_max = 128
node.session.queue_depth = 32
node.session.nr_sessions = 1
node.session.auth.authmethod = None
node.session.auth.username =
node.session.auth.password =
node.session.auth.username_in =
node.session.auth.password_in =
node.session.timeo.replacement_timeout = 120
node.session.err_timeo.abort_timeout = 15
node.session.err_timeo.lu_reset_timeout = 30
node.session.err_timeo.tgt_reset_timeout = 30
node.session.err_timeo.host_reset_timeout = 60
node.session.iscsi.FastAbort = Yes
node.session.iscsi.InitialR2T = No
node.session.iscsi.ImmediateData = Yes
node.session.iscsi.FirstBurstLength = 262144
node.session.iscsi.MaxBurstLength = 16776192
node.session.iscsi.DefaultTime2Retain = 0
node.session.iscsi.DefaultTime2Wait = 2
node.session.iscsi.MaxConnections = 1
node.session.iscsi.MaxOutstandingR2T = 1
node.session.iscsi.ERL = 0
node.conn[0].address = 192.168.1.11
node.conn[0].port = 3260
node.conn[0].startup = manual
node.conn[0].tcp.window_size = 524288
node.conn[0].tcp.type_of_service = 0
node.conn[0].timeo.logout_timeout = 15
node.conn[0].timeo.login_timeout = 15
node.conn[0].timeo.auth_timeout = 45
node.conn[0].timeo.noop_out_interval = 5
node.conn[0].timeo.noop_out_timeout = 5
node.conn[0].iscsi.MaxXmitDataSegmentLength = 0
node.conn[0].iscsi.MaxRecvDataSegmentLength = 262144
node.conn[0].iscsi.HeaderDigest = None
node.conn[0].iscsi.IFMarker = No
node.conn[0].iscsi.OFMarker = No
# END RECORD

In our last steps we just discovered new targets but they are still not added to our server so lets go ahead and add them locally. But before that let us verify the block devices available on our system so that we can be check the differences

# ls -l /dev/ | grep sd
brw-rw----  1 root disk      8,   0 Aug 25 16:21 sda
brw-rw----  1 root disk      8,   1 Aug 25 16:21 sda1
brw-rw----  1 root disk      8,   2 Aug 25 16:21 sda2
# iscsiadm --mode node --targetname iqn.2014-09.com.example:target1 --portal 192.168.1.11 --login
Logging in to [iface: default, target: iqn.2014-09.com.example:target1, portal: 192.168.1.11,3260] (multiple)
Login to [iface: default, target: iqn.2014-09.com.example:target1, portal: 192.168.1.11,3260] successful.

As you see we have successfully logged in as we hadn't configured any sort of CHAP authentication so it didn't prompted for any user authentication details.
Next lets recheck the list of block devices connected to the system

# ls -l /dev/ | grep sd
brw-rw----  1 root disk      8,   0 Aug 25 16:21 sda
brw-rw----  1 root disk      8,   1 Aug 25 16:21 sda1
brw-rw----  1 root disk      8,   2 Aug 25 16:21 sda2
brw-rw----  1 root disk      8,  16 Aug 25 18:34 sdb

So as you see a new block device sdb has been added to the system.
Make sure iscsi services are set to start on reboot

# chkconfig --list iscsi
iscsi           0:off   1:off   2:off   3:on    4:on    5:on    6:off

 
Related Articles:
Disk Attachment Technology FC vs SAS vs iSCSI
Configuring iSCSI storage using openfiler