08 June 2011

Configuring iSCSI Targets in Solaris

While reviewing potential ideas for several environments, I started
looking into the use iSCSI as a means of providing remote storage.
With that in mind, this is part 1 of my iSCSI notes, detailing the
configuration of a test Solaris iSCSI target node which would provide
storage to client hosts.  Configuration of an iSCSI initiator node (client
host) will be detailed part 2.  Our host details for the target notes are:
        HOSTS:          sunspot (target node), sunbeam (initiator node)
        PROMPT:         host [0]
        OS:             Solaris 10 10/09 (u8)
To begin, you will need to have the following packages installed on the
target node:
        SUNWiscsitgtu
        SUNWiscsitgtr
        SUNWiscsir
We will also need the iSCSI target daemon ('iscsitgtd') running so enable
it with 'svcadm' and verify with 'svcs':
        sunspot [0] /usr/sbin/svcadm enable svc:/system/iscsitgt:default
        sunspot [0] svcs svc:/system/iscsitgt:default
        STATE          STIME    FMRI
        online          0:29:44 svc:/system/iscsitgt:default
Once 'itscsitgtd' is running, we can use 'iscsitadm' to administrate
our targets.  The following simply shows that we currently have no iSCSI
administrative information configured:
        sunspot [0] /usr/sbin/iscsitadm show admin
        iscsitadm:
            Base Directory: Not set
            CHAP Name: Not set
            RADIUS Access: Not set
            RADIUS Server: Not set
            iSNS Access: Not set
            iSNS Server: Not set
            iSNS Server Status: Not applicable
            Fast Write ACK: Not set
For the purpose of configuration testing, I had already created a ZFS
storage pool named "storage".  I've added to this ZPool 2 x 100 MB
volumes and a filesystem, as seen below.  Both volumes will be used as
iSCSI targets and the filesystem (storage/targets) will contain file
based targets.  Additionally, using 'iscsitadm modify admin -d', I've
set the base directory to "/storage/targets" which will contain data
files representing the individual target LUNs:
        sunspot [0] /usr/sbin/zpool list
        NAME      SIZE   USED  AVAIL    CAP  HEALTH  ALTROOT
        storage   496M   108K   496M     0%  ONLINE  -
        sunspot [0] /usr/sbin/zfs list
        NAME      USED  AVAIL  REFER  MOUNTPOINT
        storage    72K   464M    21K  /storage
        sunspot [0] /usr/sbin/zfs create -V 100m storage/zvol0
        sunspot [0] /usr/sbin/zfs create -V 100m storage/zvol1
        sunspot [0] /usr/sbin/zfs create -o quota=263m storage/targets
        sunspot [0] /usr/sbin/zfs list
        NAME              USED  AVAIL  REFER  MOUNTPOINT
        storage           200M   264M    21K  /storage
        storage/targets    21K   263M    21K  /storage/targets
        storage/zvol0     100M   364M    16K  -
        storage/zvol1     100M   364M    16K  -
        sunspot [0] /usr/sbin/iscsitadm modify admin -d /storage/targets
By default, the iSCSI target daemon (iscsitgtd) will listen on all
interfaces for connections from client nodes.  To help restrict which
interfaces targets are available on, I've created a "TargetPortGroupTag"
(TPGT) via 'iscsitadm create tpgt'.  The TPGT restricts target
availability to specified IP addresses on our target node.  After creating
the TPGT, a check of 'ifconfig' gets us our IP address on our storage
network (10.0.136.12):
        sunspot [0] /usr/sbin/iscsitadm create tpgt 45
        sunspot [0] /usr/sbin/ifconfig -a
        lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
                inet 127.0.0.1 netmask ff000000
        e1000g0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
                inet 192.168.56.10 netmask ffffff00 broadcast 192.168.56.255
                ether 8:0:27:50:42:6b
        e1000g1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 3
                inet 10.0.136.12 netmask ffffff00 broadcast 10.0.136.255
                ether 8:0:27:24:47:d9
        sunspot [0] /usr/sbin/iscsitadm modify tpgt -i 10.0.136.12 45
        sunspot [0] /usr/sbin/iscsitadm list tpgt
        TPGT: 45
            IP Address count: 1
        sunspot [0] /usr/sbin/iscsitadm list tpgt -v
        TPGT: 45
            IP Address: 10.0.136.12
After creating TPGT "45" above, I've associated "10.0.136.12" with the
TPGT via 'iscsitadm modify tpgt' and verified the configuration with
'iscsitadm list tpgt'.  As an aside, if you need to delete an IP address
from a TPGT, use:
        sunspot [0] iscsitadm delete tpgt -i 10.0.68.10 45
        sunspot [0]
To delete an entire TPGT and its IP address associations:
        sunspot [0] iscsitadm delete tpgt -A 45
        sunspot [0]
It's time now for some targets.  The first two 'iscsitadm' commands
below create LUNs 0 and 1 using our ZPool volumes (zvol0 / zvol1) as
their respective backing stores.  Both LUNs are associated with local
target name "sunbeam0".  The next 'iscsitadm' command creates LUN 2 for
target "sunbeam0", creating and using a file under "/storage/targets"
as its backing store.  The final 'iscsitadm' command is a repeat of the
previous, except that it creates LUN 0 for target "sunbeam1":
        sunspot [0] /usr/sbin/iscsitadm create target --lun 0 -b /dev/zvol/dsk/storage/zvol0 sunbeam0
        sunspot [0] /usr/sbin/iscsitadm create target --lun 1 -b /dev/zvol/dsk/storage/zvol1 sunbeam0
        sunspot [0] /usr/sbin/iscsitadm create target --lun 2 -z 100m --type disk sunbeam0
        sunspot [0] /usr/sbin/iscsitadm create target -z 100m --type disk sunbeam1
After target creation, 'iscsitadm list target' will display the configured
targets and the current number of client connections to them:
        sunspot [0] /usr/sbin/iscsitadm list target
        Target: sunbeam0
            iSCSI Name: iqn.1986-03.com.sun:02:7dcf7ffc-5126-6d65-8a25-e0d52fbf97f8.sunbeam0
            Connections: 0
        Target: sunbeam1
            iSCSI Name: iqn.1986-03.com.sun:02:6abaa85a-bd22-4c4a-daa5-e568f0971673.sunbeam1
            Connections: 0
To get information about a specific target, such as "sunbeam0" and its
associated LUNs, append '-v TARGETNAME' to the previous 'iscsitadm'
command:
        sunspot [0] /usr/sbin/iscsitadm list target -v sunbeam0
        Target: sunbeam0
            iSCSI Name: iqn.1986-03.com.sun:02:7dcf7ffc-5126-6d65-8a25-e0d52fbf97f8.sunbeam0
            Connections: 0
            ACL list:
            TPGT list:
            LUN information:
                LUN: 0
                    GUID: 0
                    VID: SUN
                    PID: SOLARIS
                    Type: disk
                    Size:  100M
                    Backing store: /dev/zvol/dsk/storage/zvol0
                    Status: online
                LUN: 1
                    GUID: 0
                    VID: SUN
                    PID: SOLARIS
                    Type: disk
                    Size:  100M
                    Backing store: /dev/zvol/dsk/storage/zvol1
                    Status: online
                LUN: 2
                    GUID: 600144f04def04df0008002750426b00
                    VID: SUN
                    PID: SOLARIS
                    Type: disk
                    Size:  100M
                    Status: unknown
        sunspot [0] /usr/sbin/iscsitadm list target -v sunbeam1
        Target: sunbeam1
            iSCSI Name: iqn.1986-03.com.sun:02:6abaa85a-bd22-4c4a-daa5-e568f0971673.sunbeam1
            Connections: 0
            ACL list:
            TPGT list:
            LUN information:
                LUN: 0
                    GUID: 600144f04def04e50008002750426b00
                    VID: SUN
                    PID: SOLARIS
                    Type: disk
                    Size:  100M
                    Status: unknown
Earlier, I set the iSCSI base directory to "/storage/targets".  A review
of it via 'ls -l' shows the contents to include the local target names
(sunbeam0 / sunbeam1) to be links back to their respective iSCSI names,
which are directories containing the data files representing the LUNs
relative to that target:
        sunspot [0] /bin/ls /storage/targets
        iqn.1986-03.com.sun:02:6abaa85a-bd22-4c4a-daa5-e568f0971673.sunbeam1
        iqn.1986-03.com.sun:02:7dcf7ffc-5126-6d65-8a25-e0d52fbf97f8.sunbeam0
        sunbeam0
        sunbeam1
        sunspot [0] /bin/ls -l /storage/targets
        total 10
        drwxr-xr-x   2 root   sys       3 Jun  8 01:13 \
          iqn.1986-03.com.sun:02:6abaa85a-bd22-4c4a-daa5-e568f0971673.sunbeam1
        drwxr-xr-x   2 root   sys       5 Jun  8 01:13 \
          iqn.1986-03.com.sun:02:7dcf7ffc-5126-6d65-8a25-e0d52fbf97f8.sunbeam0
        lrwxrwxrwx   1 root   sys      85 Jun  8 01:12 sunbeam0 -> \
          /storage/targets/iqn.1986-03.com.sun:02:7dcf7ffc-5126-6d65-8a25-e0d52fbf97f8.sunbeam0
        lrwxrwxrwx   1 root   sys      85 Jun  8 01:13 sunbeam1 -> \
          /storage/targets/iqn.1986-03.com.sun:02:6abaa85a-bd22-4c4a-daa5-e568f0971673.sunbeam1
        sunspot [0] /bin/ls /storage/targets/sunbeam0
        lun.0  lun.1  lun.2
        sunspot [0] /bin/ls -l /storage/targets/sunbeam0/
        total 204851
        lrwxrwxrwx   1 root   sys      27 Jun  8 01:12 lun.0 -> /dev/zvol/dsk/storage/zvol0
        lrwxrwxrwx   1 root   sys      27 Jun  8 01:12 lun.1 -> /dev/zvol/dsk/storage/zvol1
        -rw-------   1 root   sys   104857600 Jun  8 01:13 lun.2
        sunspot [0] /bin/ls /storage/targets/sunbeam1
        lun.0
Seen above, if the LUNs in question are supported by a device-based
backing store, the LUN is a link to that device, otherwise it is an
actual file sized accordingly from the 'iscsitadm create target' command
earlier.  With the targets created, I've set both targets to TPGT "45"
using 'iscsitadm modify target'.  The reason for this is to restrict
presentation of these targets only on IP addresses configured to TPGT
"45".  In the subsequent 'iscsitadm list target', we can see this update:
        sunspot [0] /usr/sbin/iscsitadm modify target -p 45 sunbeam0
        sunspot [0] /usr/sbin/iscsitadm modify target -p 45 sunbeam1
        sunspot [0] /usr/sbin/iscsitadm list target -v sunbeam1
        Target: sunbeam1
            iSCSI Name: iqn.1986-03.com.sun:02:6abaa85a-bd22-4c4a-daa5-e568f0971673.sunbeam1
            Connections: 0
            ACL list:
            TPGT list:
                TPGT: 45
            LUN information:
                LUN: 0
                    GUID: 600144f04def04e50008002750426b00
                    VID: SUN
                    PID: SOLARIS
                    Type: disk
                    Size:  100M
                    Status: unknown
To further restrict access to the targets we've created, we can add
the initiator node name (INN) to a target's access list.  To do so, we
need to retrieve the INN from the client host (sunbeam) via 'iscsiadm':
        sunbeam [0] /usr/sbin/iscsiadm list initiator-node
        Initiator node name: iqn.1986-03.com.sun:01:2ae5bff5ffff.4dedb2cd
        Initiator node alias: -
                Login Parameters (Default/Configured):
                        Header Digest: NONE/-
                        Data Digest: NONE/-
                Authentication Type: NONE
                RADIUS Server: NONE
                RADIUS access: unknown
                Configured Sessions: 1
Back on our target node (sunspot), I've created an initiator alias of
"sunbeam" to INN "iqn.1986-03.com.sun:01:2ae5bff5ffff.4dedb2cd" via
'iscsitadm create initiator'.  This allows us to simply refer to the
initiator by the alias rather than remembering the full INN.  Next,
I've modified the ACL of targets "sunbeam0" and "sunbeam1" to restrict
access to only the initiator referred to by alias "sunbeam":
        sunspot [0] /usr/sbin/iscsitadm create initiator -n \
          iqn.1986-03.com.sun:01:2ae5bff5ffff.4dedb2cd sunbeam
        sunspot [0] /usr/sbin/iscsitadm modify target -l sunbeam sunbeam0
        sunspot [0] /usr/sbin/iscsitadm modify target -l sunbeam sunbeam1
        sunspot [0] /usr/sbin/iscsitadm list initiator
        Initiator: sunbeam
            iSCSI Name: iqn.1986-03.com.sun:01:2ae5bff5ffff.4dedb2cd
            CHAP Name: Not set
        sunspot [0] /usr/sbin/iscsitadm list target -v sunbeam0
        Target: sunbeam0
            iSCSI Name: iqn.1986-03.com.sun:02:7dcf7ffc-5126-6d65-8a25-e0d52fbf97f8.sunbeam0
            Connections: 0
            ACL list:
                Initiator: sunbeam
            TPGT list:
                TPGT: 45
            LUN information:
                LUN: 0
                    GUID: 0
                    VID: SUN
                    PID: SOLARIS
                    Type: disk
                    Size:  100M
                    Backing store: /dev/zvol/dsk/storage/zvol0
                    Status: online
                LUN: 1
                    GUID: 0
                    VID: SUN
                    PID: SOLARIS
                    Type: disk
                    Size:  100M
                    Backing store: /dev/zvol/dsk/storage/zvol1
                    Status: online
                LUN: 2
                    GUID: 600144f04def04df0008002750426b00
                    VID: SUN
                    PID: SOLARIS
                    Type: disk
                    Size:  100M
                    Status: unknown
        sunspot [0]
The subsequent listings above show our new alias in place and our alias in
the ACL for target "sunbeam0".  At this point, our target node "sunspot"
has been configured for client access from initiator node "sunbeam".
The only thing we need to do now is configure the initiator node, which
will be part 2.

see also:

    Part 2: Configuring iSCSI Initiators in Solaris
    Configuring iSCSI Targets in Linux
    Configuring Oracle Solaris iSCSI Targets and Initiators (Oracle.com)

No comments: