This article discusses an example of configuring iSCSI on a SAN for external storage and cluster nodes running on AlmaLinux 8. For other operating systems the configuration procedure may be different.

The order of SAN configuration before creating a network LVM storage:

  1. Configure the external storage as an iSCSI target.
  2. Configure the VMmanager cluster nodes as initiators (iSCSI initiator).
  3. Install the LVM2 software on the cluster nodes.

Key terms

  • initiator (iSCSI initiator) – the client device that sends the connection request to the target. In this example, VMmanager cluster nodes act as initiators;
  • target (iSCSI target) – a program or device that emulates a disk and handles initiator connection requests. The target can be logically divided into LUNs;
  • LUN (Logical Unit Number) – a part of the target, the address of the storage device. An equivalent of a disk partition or a separate logical volume;
  • TPG (Target Portal Group) – a group of targets united by a common functional feature. As a rule, targets on the same device are combined into one TPG;
  • IQN (iSCSI Qualified Name) – the unique identifier of the initiator or target;
  • ACL (Access Control List) — this list specifies which initiators can connect to the target and their authentication data.

External storage configuration

Connect to the server via SSH with a superuser account and perform the following steps:

  1. Make sure that you are using the latest version of the software packages:

    AlmaLinux

    dnf update
    CODE

    Astra Linux

    apt update
    CODE

  2.  Install the target management shell:

    AlmaLinux

    dnf -y install targetcli
    CODE

    Astra Linux

    apt -y install targetcli-fb
    CODE

  3. Check the amount of free space on the disk:

    df -hT
    CODE

    We recommend that you use a separate partition or a physical disk to create a target.

  4. Create a directory for the target. For example, /var/targetdisk01:

    mkdir /var/targetdisk01
    CODE

  5.  Launch the targetcli console:

    targetcli
    CODE

  6. Create a file for the target:

    cd /backstores/fileio
    CODE 
    create <target name> <path> <size>
    CODE

    <target name> — name of the target. For example, targetdisk1.

    <path> — path to the target file. For example, /var/targetdisk01/targetdisk1.img.

    <size> — file size; For example, 5G is for a 5GB file.

  7. Set the IQN for the target:

    cd /iscsi
    CODE 
    create iqn.<year>-<month>.<reverse domain>:<name>
    CODE

    <year> — current year

    <month> — current month

    <reverse domain> — reverse domain name. For example, for the domain example.com, specify com.example

    <name> — discretionary name

    The response will contain the number of the created TPG.

  8. Create a LUN:

    cd <iqn>/<tpg>/luns
    CODE

    <iqn> — target IQN. For example, iqn.2020-02.com.example:MyTarget1

    <tpg> — portal group name. For example, tpg1

    create /backstores/fileio/<target name>
    CODE

    <target name> — target name set in item 6

    The response will contain the number of the created LUN.

  9. Configure ACL for the target:

    1. Set the initiator's IQN:

      cd /iscsi/<iqn>/<tpg>/acls
      CODE

      <iqn> — target IQN. For example, iqn.2020-02.com.example:MyTarget1

      <tpg> — portal group name. For example, tpg1

      create iqn.<year>-<month>.<reverse domain>:<initiator name>
      CODE

      <year> — current year

      <month> — current month

      <reverse domain> — reverse domain name. For example, for the domain example.com, specify com.example

      <initiator name> — initiator name

    2. Set the user id and the initiator password:

      cd iqn.<year>-<month>.<reverse domain>:<initiator name>
      CODE 
      set auth userid=<id>
      CODE 
      set auth password=<pass>
      CODE

      <year> — current year

      <reverse domain> — reverse domain name. For example, for the domain example.com, specify com.example

      <initiator name> — initiator name

      <id> — initiator user id. For example, initiator1.

      <pass> — initiator password

    3. Enable authorization for the initiator: 

      set attribute authentication=1
      CODE

  10. Make sure that all settings have been successfully created:

    ls /iscsi/
    CODE

    An example of the command output

    o- iscsi .......................................................... [Targets: 1]
  o- iqn.2020-03.com.example:mytarget1 ............................... [TPGs: 1]
    o- tpg1 ............................................. [no-gen-acls, no-auth]
      o- acls ........................................................ [ACLs: 1]
      | o- iqn.2020-03.com.domain>:initiator1 ................. [Mapped LUNs: 1]
      |   o- mapped_lun0 ........................ [lun0 fileio/targetdisk1 (rw)]
      o- luns ........................................................ [LUNs: 1]
      | o- lun0  [fileio/targetdisk1 (/var/targetdisk01/targetdisk1.img) (default_tg_pt_gp)]
      o- portals .................................................. [Portals: 1]
        o- 0.0.0.0:3260 ................................................... [OK]
    CODE

  11. To save the settings, exit the targetcli console:

    exit
    CODE

  12. Add the target service to the autorun:

    systemctl enable target
    CODE

  13.  If you are using firewalld, set the necessary permissions and restart the service:

    firewall-cmd --add-service=iscsi-target --permanent
    CODE 
    firewall-cmd --reload
    CODE

Configuration of cluster nodes

Connect to the cluster nodes via SSH with a superuser account and perform the following steps:

  1. Install the required software:

    AlmaLinux

    dnf -y install iscsi-initiator-utils
    CODE

    Astra Linux

    apt install -y open-iscsi
    CODE

  2. Specify the previously created initiator IQN in the InitiatorName parameter of /etc/iscsi/initiatorname.iscsi file:

    InitiatorName=iqn.<year>-<month>.<reverse domain>:<initiator name>
    CODE

    <year> — current year

    <month> — current month

    <reverse domain> — reverse domain name. For example, for the domain example.com, specify com.example

    <initiator name> — initiator name

  3. Edit the /etc/iscsi/iscsid.conf file:

    1. Uncomment the strings:

      node.session.auth.authmethod = CHAP
      CODE

    2. Uncomment the node.session.auth.username, node.session.auth.password parameters. Specify the user id and password set in the ACL settings for the target:

      node.session.auth.username = <id>
node.session.auth.password = <pass>
      CODE

      <id> — initiator user id

      <pass> — initiator password

  4. Check access to the target:

    iscsiadm -m discovery -t sendtargets -p <target ip>
    CODE

    <target ip> — IP address of the server with target

    An example of a successful execution of command

    192.0.2.123:3260,1
iqn.2020-02.example.com:MyTarget1
    CODE

  5. Connect to the target:

    iscsiadm -m node --login
    CODE 
    iscsiadm --mode node --target <target name> --portal <target ip> --logout
    CODE

    <target name> — name of the target

    <target ip> — IP address of the server with target

    iscsiadm -m node --login
    CODE

  6. Make sure the target is connected as a block device:

    lsblk
    CODE

    Обратите внимание!

    To make the connection settings not depend on block device names, you can connect the target via UUID or WWID. See the official Red Hat documentation for details.

Installing the LVM2 software

For VMmanager to be able to connect network LVM storage to the cluster nodes, install the LVM2 software on all nodes:

AlmaLinux

dnf -y install lvm2
CODE

Astra Linux

apt install -y lvm2
CODE

When you add a storage to VMmanager, the platform will automatically make the necessary settings on the block device: it will create PV and VG.

If VMmanager detects a VG created by other software on the block device when adding storage, the storage will not be connected.

Useful tips

Related topics: