Tuesday, November 18, 2008

Low budget SAN: iSCSI on Linux

Shared storage is an important part of cluster. SAN vs NAS is an endless discussion. That will be another chapter.

iSCSI become popular latest year and to setup targets and initiator on Linux take less than 5-10 minutes. Initiator also supported in many OS including Windows.

Scenario:
  1. Our iSCSI Targets server has IP 192.168.0.10
  2. Our iSCSI Initiator server has IP 192.168.0.100
  3. Our domain name is internal.example.com and OS is CentOS 5
Steps:
  1. Create block device on Targets server (eg. /dev/sda5)
  2. Create new iSCSI target (eg. tid=1)
  3. Associate block devices to target on lun (eg. lun=1)
  4. Export target to Initiator server
  5. Discover and use it
Details:
iSCSI Targets
  1. Use fdisk or other tools to create a partition or a block device, /dev/sda5 in our example
  2. Install scsi-target-utils
  3. Make sure tgtd configured at boot up: chkconfig tgtd on
  4. Create a new target, iSCSI target naming is "iqn...:
    # tgtadm --lld iscsi --op new --mode target --tid 1 -T iqn.2008-11.com.example.internal:disk1
  5. Export a block device to target
    # tgtadm --lld iscsi --op new --mode logicalunit --tid 1 --lun 1 -b /dev/sda5
  6. Export target to destination 192.168.0.100
    # tgtadm --lld iscsi --op bind --mode target --tid 1 -I 192.168.0.100
iSCSI Initator
  1. Install iscsi-initiator-utils
  2. Start the initiator service
    # service iscsi start; chkconfig iscsi on
  3. Discover available targets
    # iscsiadm -m discovery -t sendtargets -p 192.168.0.10:3260
    Command will give you output
    192.168.0.10:3260,1 iqn.2008-11.com.example.internal:disk1
  4. Login to targets
    # iscsiadm -m node -T iqn.2008-11.com.example.internal:disk1 -p 192.168.0.10:3260 -l
  5. Now you should see your block device by using fdisk -l, propebly /dev/sdc or something like that.
Important parameter
  • On iSCSI Targets, put all tgtadm commands to /etc/rc.local. Otherwise all disapears after a reboot.
  • Security: use Two-way authentication CHAP. Configure it from Targets.
  • Security: use VLAN or/and VPN to isolate and encrypt the data
  • Logout a target with
    # iscsiadm -m node -T iqn.2008-11.com.example.internal:disk1 -p 192.168.0.10:3260 -u
  • If you want to mount iSCSI device from fstab, make sure you put _netdev in option field.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)