Open-iSCSI: Difference between revisions

Latest revision as of 17:39, 20 June 2023

This article describes how to access an iSCSI target with the Open-iSCSI initiator.

Note: iSCSI is not encrypted. Transmitting data over an unsecured channel is not recommended.

Installation

Note: An older initiator, Linux-iSCSI, was merged with Open-iSCSI in April 2005. This should not be confused with linux-iscsi.org, the website for the LIO target.

Overview

The following diagram shows how the Components work together. A more detailed version can be found here: Open-iSCSI modules (Outdated)

 +--------------------------------------------------------+             
 | Targets & Sessions configuration files and directories |             
 +--------------------------------------------------------+             
                                                                       
 +--------------------------+     +----------------------------------+ 
 | iscsiadm                 |     | iscsid: iSCSI daemon             | 
 |                          |     |                                  | 
 |  * Command line tool     |<--->|  * Implements Session management | 
 |  * Manages database of   |     |  * Communicates with iscsiadm    | 
 |    sessions and targets  |     |    and iscsi kernel modules      | 
 +--------------------------+     +---------------+------------------+ 
                                                  |                    
 User space                                       |                    
- - - - - - - - - - - - - - - - - - - - - - - - - | - - - - - - - - - -
 Kernel                                           v                    
         +-----------------------------------------------------------+ 
         | kernel modules: scsi_transport_iscsi, iscsi_tcp, libiscsi | 
         +-----------------------------------------------------------+

From the Open-iSCSI README:

Persistent configuration is implemented as a tree of files and directories, which are contained in two directories:

Note: The database home changed from /etc/iscsi/ to /var/lib/iscsi/ in open-iscsi 2.1.9-2. The migration is not done automatically. Please disconnect targets, stop the service, migrate and connect again. Also verify filesystem permissions.

/etc/iscsi/ should only contain initiatorname.iscsi and iscsid.conf

Discovery directory /var/lib/iscsi/send_targets which has directories named after target addresses.
Node directory /var/lib/iscsi/nodes which has directories named after IQN (ISCSI Unique Name) of particular device.

Configuration

Start the Service

iscsid is managed by a systemd Unit.

Start iscsid.service or iscsid.socket.

ISCSI Qualified Name (IQN)

IQN is used for identifying every device.

Open-ISCSI stores its initiator IQN in the /etc/iscsi/initiatorname.iscsi file with a format InitiatorName=iqn

During installation the initial IQN will be generated. If you wish to generate new IQN the iscsi-iname utility can be used which prints out new IQN.

Authentication

If the ISCSI target requires authentication by the initiator, the configuration file /etc/iscsi/iscsid.conf may need to be updated.

The following parameters are used for authenticating a login session of an initiator to a target:

node.session.auth.authmethod = CHAP
node.session.auth.username = initiators_username
node.session.auth.password = initiators_password

If your target has two-way authentication enabled then those lines also need to be edited:

node.session.auth.username_in = targets_username
node.session.auth.password_in = targets_password

If your target requires authentication to get the list of its nodes (most will not) then following lines should be edited:

discovery.sendtargets.auth.authmethod = CHAP
discovery.sendtargets.auth.username = initiators_username
discovery.sendtargets.auth.password = initiators_password

If your target has two-way authentication enabled then those lines also need to be edited:

discovery.sendtargets.auth.username_in = targets_username
discovery.sendtargets.auth.password_in = targets_password

Warning: No two passwords may be the same. This means that you need four unique passwords in the configuration above.

Note: The authentication data is saved in per-node configuration files. To update them, edit /var/lib/iscsi/nodes/iqn.node-name/node-ip-address,port,1/default and add/adjust the options as necessary.[1]

Target discovery

Request the target its nodes.

# iscsiadm --mode discovery --portal target_ip --type sendtargets

On success information about nodes and target will be saved on your initiator.

Add target manually

# iscsiadm -m node --target targetname --portal target_ip -o new

A possible scenario to use this is when server does not allow discovery.

Delete obsolete targets

# iscsiadm -m discovery -p target_ip -o delete

Login to available targets

# iscsiadm -m node -L all

or login to specific target

# iscsiadm -m node --targetname=targetname --login

logout:

# iscsiadm -m node -U all

Info

For running session

# iscsiadm -m session -P 3

The last line of the above command will show the name of the attached device e.g

Attached scsi disk sdd State: running

For the known nodes

# iscsiadm -m node

Online resize of volumes

If the iscsi blockdevice contains a partitiontable, you will not be able to do an online resize. In this case you have to unmount the filesystem and alter the size of the affected partition.

Rescan active nodes in current session
```
# iscsiadm -m node -R
```
If you use multipath, you also have to rescan multipath volume information.
```
# multipathd -k"resize map sdx"
```
Finally resize the filesystem.
```
# resize2fs /dev/sdx
```

Tips and tricks

Check for attached iSCSI devices

You can also check where the attached iSCSI devices are located in the /dev/ tree with:

$ ls -l /dev/disk/by-path/ip-*

Login to targets on boot

To log in to a target during boot, enable iscsi.service and make sure the nodes have node.startup = automatic in their configuration (/var/lib/iscsi/nodes/iqn.node-name/node-ip-address,port).

Note: The systemd unit name is iscsi.service not iscsid.service.[2]

Troubleshooting

Client IQN

At the server (target) you might need to include the client IQN from /etc/iscsi/initiatorname.iscsi in the account configuration.

Debugging the iSCSI daemon

To run the iSCSI daemon in debug mode (make sure you stopped iscsid.service before)

# iscsid -d 8 -c /etc/iscsi/iscsid.conf -i /etc/iscsi/initiatorname.iscsi -f

@@ Line 1: / Line 1: @@
 [[Category:Storage]]
 [[Category:Networking]]
-{{Related articles start}}
+[[ja:Open-iSCSI]]
-{{Related|iSCSI Target}}
+[[zh-hans:Open-iSCSI]]
-{{Related|iSCSI Boot}}
+This article describes how to access an [[iSCSI]] target with the [https://github.com/open-iscsi/open-iscsi Open-iSCSI] initiator.
-{{Related articles end}}
-With [[Wikipedia:iSCSI]] you can access storage over an IP-based network.
+{{Note|iSCSI is '''not''' encrypted. Transmitting data over an unsecured channel is not recommended.}}
-The exported storage entity is the '''[[iSCSI Target|target]]''' and the importing entity is the '''initiator'''.
+== Installation ==
+[[Install]] the {{Pkg|open-iscsi}} package.
-This article describes how to access an iSCSI target with the [http://open-iscsi.org/ Open-iSCSI] initiator.
+{{Note|An older initiator, [https://sourceforge.net/projects/linux-iscsi/ Linux-iSCSI], was merged with Open-iSCSI in April 2005. This should not be confused with [http://linux-iscsi.org/ linux-iscsi.org], the website for the LIO [[iSCSI Target|target]].}}
-== Installation ==
+== Overview ==
-[[pacman|Install]] the {{Pkg|open-iscsi}} package from the [[official repositories]].
-{{Note|An older initiator, [http://sourceforge.net/projects/linux-iscsi/ Linux-iSCSI], was merged with Open-iSCSI in April 2005.
+The following diagram shows how the Components work together. A more detailed version can be found here: [https://archive.is/HHYKR/90a7a1c178a2c069a7cbc0b578b6fb5854f827fa.jpg Open-iSCSI modules (Outdated)]
-This should not be confused with [http://linux-iscsi.org/ linux-iscsi.org], the website for the LIO [[iSCSI Target|target]].}}
-== Overview ==
+{{Text art|<nowiki>
-The following diagram shows how the Components work together. A more detailed version can be found here: [http://www.open-iscsi.org/docs/open-iscsi-0.jpg Open-iSCSI modules]
+  +--------------------------------------------------------+
-{{bc|<nowiki>
+  | Targets & Sessions configuration files and directories |
-  +-------------------------------------------------------+
+  +--------------------------------------------------------+
-  | Targets & Sessions configuration Database (DBM based) |
-  +-------------------------------------------------------+
   +--------------------------+     +----------------------------------+
@@ Line 41: / Line 38: @@
 </nowiki>}}
-From the Open-iSCSI [http://www.open-iscsi.org/docs/README README]:
+From the Open-iSCSI [https://github.com/open-iscsi/open-iscsi README]:
+Persistent configuration is implemented as a tree of files and directories, which are contained in two directories:
+{{Note|The database home changed from {{ic|/etc/iscsi/}} to {{ic|/var/lib/iscsi/}} in {{Pkg|open-iscsi}} 2.1.9-2. The migration is not done automatically. Please disconnect targets, [[stop]] the service, migrate and connect again. Also verify filesystem permissions.
+{{ic|/etc/iscsi/}} should only contain {{ic|initiatorname.iscsi}} and {{ic|iscsid.conf}}
+}}
-Persistent configuration is implemented as a DBM database, which contains two tables:
+* Discovery directory {{ic|/var/lib/iscsi/send_targets}} which has directories named after target addresses.
-* Discovery table (/etc/iscsi/send_targets)
+* Node directory {{ic|/var/lib/iscsi/nodes}} which has directories named after IQN (ISCSI Unique Name) of particular device.
-* Node table (/etc/iscsi/nodes)
 == Configuration ==
 === Start the Service ===
 {{ic|iscsid}} is managed by a systemd Unit.
-Start {{ic|open-iscsi.service}} [[systemd#Using units|using systemd]].
+[[Start]] {{ic|iscsid.service}} or {{ic|iscsid.socket}}.
-{{Out of date|The following advice about /etc/conf.d/open-iscsi might be out of date, see discussion page}}
+=== ISCSI Qualified Name (IQN) ===
-You only have to include the IP of the [[iSCSI Target|target]] as {{ic|SERVER}} in {{ic|/etc/conf.d/open-iscsi}} at the client.
+IQN is used for identifying every device.
+Open-ISCSI stores its initiator IQN in the {{ic|/etc/iscsi/initiatorname.iscsi}} file with a format {{ic|1=InitiatorName=''iqn''}}
+During installation the initial IQN will be generated. If you wish to generate new IQN the {{ic|iscsi-iname}} utility can be used which prints out new IQN.
+=== Authentication ===
+If the ISCSI target requires authentication by the initiator, the configuration file {{ic|/etc/iscsi/iscsid.conf}} may need to be updated.
+The following parameters are used for authenticating a login session of an initiator to a target:
+ node.session.auth.authmethod = CHAP
+ node.session.auth.username = ''initiators_username''
+ node.session.auth.password = ''initiators_password''
+If your target has two-way authentication enabled then those lines also need to be edited:
+ node.session.auth.username_in = ''targets_username''
+ node.session.auth.password_in = ''targets_password''
+If your target requires authentication to get the list of its nodes (most will not) then following lines should be edited:
+ discovery.sendtargets.auth.authmethod = CHAP
+ discovery.sendtargets.auth.username = ''initiators_username''
+ discovery.sendtargets.auth.password = ''initiators_password''
+If your target has two-way authentication enabled then those lines also need to be edited:
+ discovery.sendtargets.auth.username_in = ''targets_username''
+ discovery.sendtargets.auth.password_in = ''targets_password''
+{{Warning|No two passwords may be the same. This means that you need four unique passwords in the configuration above.}}
+{{Note|The authentication data is saved in per-node configuration files. To update them, edit {{ic|/var/lib/iscsi/nodes/iqn.''node-name''/''node-ip-address'',''port'',1/default}} and add/adjust the options as necessary.[https://serverfault.com/a/790835]}}
 === Target discovery ===
-{{bc|# iscsiadm -m discovery -t sendtargets -p <portalip>}}
+Request the target its nodes.
+ # iscsiadm --mode discovery --portal ''target_ip'' --type sendtargets
+On success information about nodes and target will be saved on your initiator.
+=== Add target manually ===
+ # iscsiadm -m node --target ''targetname'' --portal ''target_ip'' -o new
+A possible scenario to use this is when server does not allow discovery.
 === Delete obsolete targets ===
-{{bc|# iscsiadm -m discovery -p <portalip> -o delete}}
+ # iscsiadm -m discovery -p ''target_ip'' -o delete
 === Login to available targets ===
-{{bc|# iscsiadm -m node -L all}}
+ # iscsiadm -m node -L all
 or login to specific target
-{{bc|<nowiki># iscsiadm -m node --targetname=<targetname> --login</nowiki>}}
+ # iscsiadm -m node --targetname=''targetname'' --login
 logout:
-{{bc|# iscsiadm -m node -U all}}
+ # iscsiadm -m node -U all
 === Info ===
 For running session
-{{bc|# iscsiadm -m session -P 3}}
-The last line of the above command will show the name of the attached dev e.g
+ # iscsiadm -m session -P 3
-{{bc|Attached scsi disk '''sdd''' State: running}}
+The last line of the above command will show the name of the attached device e.g
+ Attached scsi disk '''sdd''' State: running
 For the known nodes
-{{bc|# iscsiadm -m node}}
+ # iscsiadm -m node
 === Online resize of volumes ===
 If the iscsi blockdevice contains a partitiontable, you will not be able to do an online resize. In this case you have to unmount the filesystem and alter the size of the affected partition.
 # Rescan active nodes in current session {{bc|# iscsiadm -m node -R}}
 # If you use multipath, you also have to rescan multipath volume information. {{bc|# multipathd -k"resize map sdx"}}
 # Finally resize the filesystem. {{bc|# resize2fs /dev/sdx}}
-== Tips & Troubleshooting ==
+== Tips and tricks ==
-You can also check where the attached iSCSI devices are located in the /dev tree with {{ic|ls -lh /dev/disk/by-path/* | grep ip}}.
+=== Check for attached iSCSI devices ===
+You can also check where the attached iSCSI devices are located in the {{ic|/dev/}} tree with:
+ $ ls -l /dev/disk/by-path/ip-*
+=== Login to targets on boot ===
+To log in to a target during boot, [[enable]] {{ic|iscsi.service}} and make sure the nodes have {{ic|1=node.startup = automatic}} in their configuration ({{ic|/var/lib/iscsi/nodes/iqn.''node-name''/''node-ip-address'',''port''}}).
+{{Note|1=The systemd unit name  is {{ic|iscsi.service}} not {{ic|iscsi'''d'''.service}}.[https://bbs.archlinux.org/viewtopic.php?pid=1961776#p1961776]}}
+== Troubleshooting ==
+=== Client IQN ===
+At the server (target) you might need to include the client IQN from {{ic|/etc/iscsi/initiatorname.iscsi}} in the account configuration.
-At the server (target) you might need to include the client iqn from {{ic|/etc/iscsi/initiatorname.iscsi}} in the acl configuration.
+=== Debugging the iSCSI daemon ===
-Many of the {{ic|iscsiadm}} operations require that the iSCSI daemon {{ic|iscsid}} is running. To verify that this is the case,
+To run the iSCSI daemon in debug mode (make sure you stopped {{ic|iscsid.service}} before)
-[[systemd#Using units|check the status]] of the {{ic|open-iscsi.service}}.
-== See also ==
+ # iscsid -d 8 -c /etc/iscsi/iscsid.conf -i /etc/iscsi/initiatorname.iscsi -f
-* [[iSCSI Boot]] Booting Arch Linux with / on an iSCSI target.