Differences

This shows you the differences between two versions of the page.

--- linux_config_iscsi [2019/10/30 13:21] – created andonovj
+++ linux_config_iscsi [2019/11/07 00:25] (current) – external edit 127.0.0.1
@@ Line 17: / Line 17: @@
 =====iSCSI Target=====
-The iSCSI target is usually configured via wizard or manually, that depends on the server. I will not go into details here but here is a picture of how it is configured on ASUSTORE NAS - AS202TE
+As everything, configuration depends on the OS, different wizards, utilities and methods depending on the OS, are used to configure the iSCSI target:
+====Linux====
+You can list the configured LUNs using the following command on Linux:
+<sxh bash>
+tgt-admin -s
+Target 1: iqn.2015-01.new.target:disk1
+    System information:
+        Driver: iscsi
+        State: ready
+</sxh>
+====Asustor====
+I will not go into details here but here is a picture of how it is configured on ASUSTORE NAS - AS202TE
 It is important to note, that the iSCSI target is just the pointer to the LUN (Logical Unit Number).
@@ Line 26: / Line 41: @@
 So the connection will be initiated by the iSCSI initiator (on the client machine) -> iSCSI Target (on the server machine, over Internet) -> LUN (at the storage level)
+====Windows====
+In Windows server, you can create it via the wizzard in the Server Manager and it should be something like this at the end:
+{{ :iscsitargerwindows.jpg?400 |}}
 =====iSCSI Initiator=====
@@ Line 34: / Line 58: @@
 The wizzard is pretty straight forward, you have to specify the iSCSI target server and it will discover the targets for you. Then you can just connect and map the device. Given no authentication is required.
-{{ :iscsiinitiator_win.jpg?400 |}}
+{{ :iscsiinitiator_win.jpg?300 |}}
 The configuration for windows is so trivial via the wizard that I don't think I should even discuss it.
@@ Line 68: / Line 92: @@
 This will show us the exposed iSCSI targets.
 In our case we have iscsi target which is on port: 3260 and with name: "iqn.1991-05.com.microsoft:taurus-taurus-orabackup-target"
+===CHAP===
+Chap protection might or might not be enabled on the target server. If CHAP is configured on the iSCSI target, we have to configure it in the initiator.
+**BE CAREFUL TO CONFIGURE ONLY THE INITIATOR PART OR YOU WILL HAVE this error: "The challenge was incorrect."
+**
+The configuration is done in the:
+/etc/iscsi/iscsid.conf
+<sxh bash>
+# *************
+# CHAP Settings
+# *************
+# To enable CHAP authentication set node.session.auth.authmethod
+# to CHAP. The default is None.
+node.session.auth.authmethod = CHAP
+# To set a CHAP username and password for initiator
+# authentication by the target(s), uncomment the following lines:
+node.session.auth.username = username
+node.session.auth.password = pass
+# To set a CHAP username and password for target(s)
+# authentication by the initiator, uncomment the following lines:
+#node.session.auth.username_in = username
+#node.session.auth.password_in = pass
+# To enable CHAP authentication for a discovery session to the target
+# set discovery.sendtargets.auth.authmethod to CHAP. The default is None.
+#discovery.sendtargets.auth.authmethod = CHAP
+# To set a discovery session CHAP username and password for the initiator
+# authentication by the target(s), uncomment the following lines:
+#discovery.sendtargets.auth.username = username
+#discovery.sendtargets.auth.password = pass
+# To set a discovery session CHAP username and password for target(s)
+# authentication by the initiator, uncomment the following lines:
+#discovery.sendtargets.auth.username_in = username
+#discovery.sendtargets.auth.password_in = pass
+</sxh>
+Restart the iscsi deamon:
+<sxh bash>
+[root@matar /]# service iscsid restart
+Redirecting to /bin/systemctl restart  iscsid.service
+[root@matar /]#
+</sxh>
+===Login===
+We can login to the iSCSI target and start a session as follows:
+<sxh bash>
+[root@client_host /]#  iscsiadm --mode node --targetname iqn.1991-05.com.microsoft:taurus-taurus-orabackup-target --portal 10.200.15.30:3260 --login
+Logging in to [iface: default, target: iqn.1991-05.com.microsoft:taurus-taurus-orabackup-target, portal: IP,3260] (multiple)
+Login to [iface: default, target: iqn.1991-05.com.microsoft:taurus-taurus-orabackup-target, portal: IP,3260] successful.
+</sxh>
+You can also list the current setting for the initiator and target as follows:
+<sxh bash>
+[root@client_host /]#  iscsiadm --mode node --targetname iqn.1991-05.com.microsoft:taurus-taurus-orabackup-target --portal iscsi_target_server_ip:3260
+# BEGIN RECORD 6.2.0.873-30
+node.name = iqn.1991-05.com.microsoft:taurus-taurus-orabackup-target
+node.tpgt = 1
+node.startup = automatic
+node.leading_login = No
+iface.hwaddress = <empty>
+iface.ipaddress = <empty>
+iface.iscsi_ifacename = default
+iface.net_ifacename = <empty>
+iface.transport_name = tcp
+iface.initiatorname = <empty>
+iface.state = <empty>
+iface.vlan_id = 0
+iface.vlan_priority = 0
+iface.vlan_state = <empty>
+iface.iface_num = 0
+iface.mtu = 0
+iface.port = 0
+iface.bootproto = <empty>
+iface.subnet_mask = <empty>
+iface.gateway = <empty>
+iface.dhcp_alt_client_id_state = <empty>
+iface.dhcp_alt_client_id = <empty>
+iface.dhcp_dns = <empty>
+iface.dhcp_learn_iqn = <empty>
+iface.dhcp_req_vendor_id_state = <empty>
+iface.dhcp_vendor_id_state = <empty>
+iface.dhcp_vendor_id = <empty>
+iface.dhcp_slp_da = <empty>
+iface.fragmentation = <empty>
+iface.gratuitous_arp = <empty>
+iface.incoming_forwarding = <empty>
+iface.tos_state = <empty>
+iface.tos = 0
+iface.ttl = 0
+iface.delayed_ack = <empty>
+iface.tcp_nagle = <empty>
+iface.tcp_wsf_state = <empty>
+iface.tcp_wsf = 0
+iface.tcp_timer_scale = 0
+iface.tcp_timestamp = <empty>
+iface.redirect = <empty>
+iface.def_task_mgmt_timeout = 0
+iface.header_digest = <empty>
+iface.data_digest = <empty>
+iface.immediate_data = <empty>
+iface.initial_r2t = <empty>
+iface.data_seq_inorder = <empty>
+iface.data_pdu_inorder = <empty>
+iface.erl = 0
+iface.max_receive_data_len = 0
+iface.first_burst_len = 0
+iface.max_outstanding_r2t = 0
+iface.max_burst_len = 0
+iface.chap_auth = <empty>
+iface.bidi_chap = <empty>
+iface.strict_login_compliance = <empty>
+iface.discovery_auth = <empty>
+iface.discovery_logout = <empty>
+node.discovery_address = iscsi_target_server_ip
+node.discovery_port = 3260
+node.discovery_type = send_targets
+node.session.initial_cmdsn = 0
+node.session.initial_login_retry_max = 8
+node.session.xmit_thread_priority = -20
+node.session.cmds_max = 128
+node.session.queue_depth = 32
+node.session.nr_sessions = 1
+node.session.auth.authmethod = CHAP
+node.session.auth.username = izoladbbackup
+node.session.auth.password = ********
+node.session.auth.username_in = <empty>
+node.session.auth.password_in = <empty>
+node.session.timeo.replacement_timeout = 120
+node.session.err_timeo.abort_timeout = 15
+node.session.err_timeo.lu_reset_timeout = 30
+node.session.err_timeo.tgt_reset_timeout = 30
+node.session.err_timeo.host_reset_timeout = 60
+node.session.iscsi.FastAbort = Yes
+node.session.iscsi.InitialR2T = No
+node.session.iscsi.ImmediateData = Yes
+node.session.iscsi.FirstBurstLength = 262144
+node.session.iscsi.MaxBurstLength = 16776192
+node.session.iscsi.DefaultTime2Retain = 0
+node.session.iscsi.DefaultTime2Wait = 2
+node.session.iscsi.MaxConnections = 1
+node.session.iscsi.MaxOutstandingR2T = 1
+node.session.iscsi.ERL = 0
+node.conn[0].address = iscsi_target_server_ip
+node.conn[0].port = 3260
+node.conn[0].startup = manual
+node.conn[0].tcp.window_size = 524288
+node.conn[0].tcp.type_of_service = 0
+node.conn[0].timeo.logout_timeout = 15
+node.conn[0].timeo.login_timeout = 15
+node.conn[0].timeo.auth_timeout = 45
+node.conn[0].timeo.noop_out_interval = 5
+node.conn[0].timeo.noop_out_timeout = 5
+node.conn[0].iscsi.MaxXmitDataSegmentLength = 0
+node.conn[0].iscsi.MaxRecvDataSegmentLength = 262144
+node.conn[0].iscsi.HeaderDigest = None
+node.conn[0].iscsi.IFMarker = No
+node.conn[0].iscsi.OFMarker = No
+# END RECORD
+</sxh>
+That information is also available on:
+/var/lib/iscsi/nodes/iqn
+<sxh bash>
+[root@matar 10.200.15.30,3260,1]# pwd
+/var/lib/iscsi/nodes/iqn.1991-05.com.microsoft:taurus-taurus-orabackup-target/10.200.15.30,3260,1
+[root@matar 10.200.15.30,3260,1]# ls -lart
+total 4
+-rw------- 1 root root 2155 Nov  1 12:40 default
+drw------- 3 root root   32 Nov  1 12:40 ..
+drw------- 2 root root   20 Nov  1 12:40 .
+[root@matar 10.200.15.30,3260,1]#
+</sxh>
+Once the Login was successfully, we can check where the OS mounted the device:
+<sxh bash>
+[root@matar 10.200.15.30,3260,1]# lsblk --scsi|grep LIO
+sdf  3:0:0:0    disk LIO-ORG  block1   4.0  iscsi
+</sxh>
+Or you can just grep in the /var/log/messages
+<sxh bash>
+[root@oraback log]# grep " Attached scsi disk" /var/log/messages
+Nov  6 16:49:22 oraback kernel: sd 4:0:0:0: Attached scsi disk sdf
+[root@oraback log]#
+</sxh>
+Then we can create the file system:
+<sxh bash>
+[root@matar 10.200.15.30,3260,1]# mkfs.ext4 -m0 /dev/sdf
+[root@matar 10.200.15.30,3260,1]# blkid | grep sdf
+/dev/sdf: UUID="6a1c44d0-3e2f-49fc-85ba-ced3e44bb5b0" TYPE="ext4"
+</sxh>
+Add the following to the /etc/fstab:
+<sxh bash>
+[root@matar 10.200.15.30,3260,1]# mkdir -p /mnt/block1
+[root@matar 10.200.15.30,3260,1]# echo "UUID=6a1c44d0-3e2f-49fc-85ba-ced3e44bb5b0 /mnt/block1 ext4 _netdev 0 0" >> /etc/fstab
+</sxh>
+And then we can mount the file system:
+<sxh bash>
+[root@matar 10.200.15.30,3260,1]# mount /mnt/block1
+[root@matar 10.200.15.30,3260,1]# df -h | grep block1
+UUID=6a1c44d0-3e2f-49fc-85ba-ced3e44bb5b0   10.0G  9.9G  0.1G  1% /mnt/block1
+</sxh>
+===Logout===
+You can decide to abort a session and disconnect as follows:
+<sxh bash>
+[root@matar dev]# iscsiadm --mode node --targetname iqn.1991-05.com.microsoft:taurus-taurus-orabackup-target --portal 10.200.15.30:3260 --logout
+Logging out of session [sid: 16, target: iqn.1991-05.com.microsoft:taurus-taurus-orabackup-target, portal: iscsi_target_server_ip,3260]
+Logout of [sid: 16, target: iqn.1991-05.com.microsoft:taurus-taurus-orabackup-target, portal: iscsi_target_server_ip,3260] successful.
+</sxh>
+===Delete configuration===
+To deleting a configuration, we need to:
+  - Disconnect/Logout
+  - Ensure that the driver won't try to re-connect
+==Logout==
+<sxh bash>
+[root@matar ~]# iscsiadm --mode node --targetname iqn.1991-05.com.microsoft:taurus-taurus-orabackup-target --portal 10.200.15.30:3260 --logout
+Logging out of session [sid: 20, target: iqn.1991-05.com.microsoft:taurus-taurus-orabackup-target, portal: 10.200.15.30,3260]
+</sxh>
+==Delete==
+<sxh bash>
+[root@matar ~]# iscsiadm -m node -o delete -T iqn.1991-05.com.microsoft:taurus-taurus-orabackup-target
+[root@matar ~]# iscsiadm -m session
+iscsiadm: No active sessions.
+</sxh>
+=====Performance=====
+I've found that iSCSI isn't particulary fast. I've found that my environment isn't so much loaded. That can be because the clients aren't using Jumbo frames so that might be the reson.
+<sxh bash>
+[root@server Logs]# ip link show | grep mtu
+: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT
+: eno16780032: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT qlen 1000
+: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT
+: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN mode DEFAULT qlen 500
+[root@server Logs]# ls -lart
+</sxh>
+Here is a good article of how to speed up the performance of the iSCSI:
+https://www.monperrus.net/martin/performance+of+read-write+throughput+with+iscsi