Saturday, May 30, 2009

iSCSI under Linux

This week I had a project on my workplace to test a SUN x4540 what we will use as a storage box, so I had to learn iSCSI.

What is iSCSI?


It's an Internet Protocol (IP)-based storage networking standard for linking data storage facilities. By carrying SCSI commands over IP networks.

How to install it?


From now I am talking about Ubuntu 9.04, but this could be the same on other Debian based distributions, and it's based on other documentations.:)

On the server you have to install the iscsitarget package, and the iscsitarget-source what should provide the kernel drivers and install it with the m-a a-i iscsitarget command, but the second isn't compiles... so instead of it you have to grab the source from SVN from the page http://developer.berlios.de/svn/?group_id=5404 and then install it with make & make install-kernel.

On the client side you have to install the open-iscsi package.

To define your first target (it's the iSCSI name of the disk you provide to the client). You have to edit the /etc/ietd.conf on the server and add for example the following lines:

Target iqn.2009-05.com.mystorage:storage.disk1
  Lun 0 Path=/dev/md2,Type=fileio
  #IncomingUser stone secret

This defines that the /dev/md2 RAID disc will shared with the name iqn.2009-05.com.example:storage.disk1, for more about the naming converntions see the documentations. You can see that the IncomingUser directive is commented out for now, it's because we will take care about the authentication later.

On the cilent side you can discover the targets with the folloving command

iscsiadm -m discovery -t sendtargets -p mystorage

where mytorage is your server's hostname. This command will list the targets for you and put them into a database.

No you can login to the target with

iscsiadm -m node -T iqn.2009-05.com.mystorage:storage.disk1 --login

from now you have a new block device, whom name you can check with dmesg for example. You can make filesystems on it and you can mount it.

You can logout from the target with

iscsiadm -m node -T iqn.2009-05.com.mystorage:storage.disk1 --logout


Now you can use iSCSI without authentication. So let's see how we can can make it more secure.

Authentication


On the server side let's comment in the IncomingUser line, this will be the username and password to use.

On the client side under the /etc/iscsi/nodes directory there are the targets and there you can find a default named file for each. In the file just add

node.session.auth.authmethod = CHAP
node.session.auth.username = stone
node.session.auth.password = secret

Let's restart both the server daemon with /etc/init.d/scsitarget restart and the client daemon with /etc/init.d/open-iscsi restart and try log in in again, it must succeed.

How to make it start automatically?


You have to edit the default file again and set the node.startup variable to automatic. From now it will be logged in at startup.

Posted by Stone at 8:34 AM 0 comments Links to this post

Labels: , , , , ,

Subscribe to: Posts (Atom)