A slide show for Linuxfest Northwest 2019. Using openSUSE/SLES as an example, this shows how to set up targets (disc and tape) and initiators, and touches on some advanced subjects.
Diamond Application Development Crafting Solutions with Precision
Using iSCSI LFNW
1. Lee Duncan
SUSE Labs iSCSI Hacker
lduncan@suse.com
Using iSCSI to share Disc and Tape
SAN for Dummies (or non-SAN Administrators)
2. 2
Learning about iSCSI on Linux
● My Background
– SCSI and iSCSI experience
– Worked for SUN, HP, GE, AT&T, now SUSE
– Co-maintainer of open-iscsi initiator
– Co-maintainer of Linux kernel initiator code
– Maintainer of targets and initiator for SUSE
– Other github projects (gonzoleeman)
3. 3
Learning about iSCSI on Linux
● Talking about today:
– What is iSCSI?
– What is the value of iSCSI?
– iSCSI Basics: Initiators, Targets, and Sessions
– iSCSI Tape
– iSCSI Services and systemd
– Advanced iSCSI topics
● iSNS, tcmu-runner, ...
4. 4
What is iSCSI?
● iSCSI is just SCSI over a transport, e.g. TCP/IP
– RFC3270: Initial IETF Request for Comment
– RFC3721/RFC3980/etc: Naming, etc
– RFC7143/RFC7144: Updates/replaces 3270 and friends
– Encapsulates SCSI commands and responses for
transport
● We get remote storage using non-storage transport
5. 5
What is SCSI?
● SCSI is just a way that a computer and disc can talk
– The Computer makes requests: this client initiates all
communication
– The Disc responds: it’s target serves disc data to the
computer
– All modern SCSI Discs and Tape speak SCSI-2/SCSI-3
● ATA is a subset of SCSI
6. 6
What is the Value of iSCSI?
● Free and open software
● Cheap: you do not need special hardware, other than
your network
● Well used: it is generally reliable/mature
● Well maintained
– New stuff still being added (e.g. tcmu_runner)
● Can be building block for larger storage systems
7. 7
iSCSI Basics: Initiators, Targets and Sessions
● iSCSi uses initiators, targets, and sessions
● Initiators and Targets have unique names
– iSCSI Qualified Name
● iqn.YYYY-MM.name-athority:unique-name
● A Session is an Initiator/Target connection
– Logs on, Logs off
● Packages to use:
– Use open-iscsi for our initiator (client)
– Use targetcli-fb for our target (server)
9. 9
iSCSI Basics: Setting up the Target
● We need a target for the initiator to connect to
– Can be disc, partition, file, SCSI device, ...
● Things we care about for our target:
– Storage Where’s the bits?
– Name An IQN
– Access ACL, Location
10. 10
iSCSI Basics: Setting up the Target (cont)
● Two parts to a target (must be connected)
– Backstore
● Where the bits actually live
● Several different types (file, disc, tape, ...)
– Target front-end
● Our Name iqn.*
● Portal(s) Address(es) (IP:Port)
● LU(s) Points to backstore
● ACL(s) Initiator IQN(s)
11. 11
iSCSI Basics: Setting up the Target (cont)
● Let’s use the targetcli(1) command to configure out
target
– Use the “free branch” version
– Can be interactive or batch mode
– Must be root
– Shell-like
● Has a node hierarchy: root, directories, ...
● Commands depend on where you are in tree
12. 12
iSCSI Basics: Setting up the Target (cont)
iscsi vhost
/
loopbackbackstores xen-pvscsi
block fileio pscsi ramdisc rbd
An empty
targetcli tree
tcm_loop for kvm
guests
XEN
ParaVirt
SCSI
13. 13
iSCSI Basics: Setting up the Target (cont)
So how does that look on the command line?
Let’s look at an empty target subsystem …
15. 15
iSCSI Basics: Setting up the Target (cont)
● Let’s create the backstore first
● Use fileio – Size 10M
– Use backstore directory /alt/bs/
– Use/create backstore file bs.img
● Let’s let targetcli create the backstore
– It defaults to sparse files
16. 16
iSCSI Basics: Setting up the Target (cont)
● Then we will create the front-end
– We want the iscsi front end
– We will pick our own IQN (iscsi target name)
– We will allow connection from any initiator
– We will allow connection from any portal
22. 22
iSCSI Basics: Setting up the Target (cont)
● Now to configure the front end
– Set iSCSI attribute for demo mode
– Set iSCSI attribute for read-write demo mode
– Then create our Logical Unit (LU)
● The connect to the backend
30. 30
iSCSI Basics: Setting up the Initiator
Now that we have a target disc, how to use it?
Perhaps we need an initiator
31. 31
iSCSI Basics: Setting up the Initiator
● The initiator uses the open-iscsi package
– Installed and enabled by default
● Can be configured using
– Command line: iscsiadm(1)
32. 32
iSCSI Basics: Setting up the Initiator (cont)
● Initiator uses two phases to connect:
– Discovery: find target(s) at IP:Port
– Login: connect to discovered target(s)
● Creates Sessions
● Command line
– iscsiadm(1)
33. 33
iSCSI Basics: Setting up the Initiator (cont)
● Using iscsiadm(1)
– First, we will enter the Discovery phase
– We will use the iSCSI protocol command SendTargets
– We will build up a database of Nodes found
– We can then use that database to establish session(s)
45. 45
iSCSI: Sharing a Tape Drive
● Very similar to sharing a disc
● We use pscsi (Pass-through SCSI) back-end
● The front-end stays the same
● We will set up the tape Target, then the Initiator
52. 52
iSCSI: Sharing a Tape Drive (cont)
● Now the Target is Set Up
● Let’s set up the Initiator
– Just like before, but on different host (no tape drive)
58. 58
iSCSI Services: Using systemd
● These days you have to understand/use systemd
● Systemd manages services
– iSCSI initiator Service(s)
– iSCSI target Service(s)
● Examples based on SUSE Linux
– other distros similar
59. 59
iSCSI Services: Using systemd (cont)
● Target (targetcli-fb) uses targetcli.service
● Does not really control a daemon
● Mostly just manages storing/recovering state
61. 61
iSCSI Services: Using systemd (cont)
● Initiator uses three services
– The iscsid service manages the daemon
– The iscsi service manages sessions
● requires iscsid service
– The iscsiuio service manages CNA daemon
● For some Hardware-assisted iSCSI adapters
– The two daemon services are socket-activated
● This starts the service automatically, when needed!
64. 64
iSCSI Services: Using systemd (cont)
● Initiator has to modify the node database
– Only needed if we wish connection to persist across reboots
– Set the node connection startup value to automatic
69. 69
iSCSI: Advanced Topics
● Now that we have the basics down, what else is there?
– Access Control/Security
– iSNS – the iSCSI Directory Service
– YaST (mentioned for reference)
– tcmu-runner
70. 70
iSCSI: Advanced Topics (cont)
● Access Controls (i.e. security?)
– Different types
● Access (ACLs)
● Discovery
● Session/Login
– ACLs: Can control which IQNs (initiators) connect
– Discovery: Can set name/password for each target
– Session: Can set name/password for each target
● MUST be different than the Discovery set!
– Assumes a secure network!
71. 71
iSCSI: Advanced Topics (cont)
●
iSNS: iSCSI Directory Services
– See RFC 4171
– Answers the question: how do I find my iSCSI Storage
– Also provices Asynch Notification!
– Replaces need for knowing IQN and IP of target
– Now you just need IP/name of iSNS server
– Targets and Initiators register
– Initiators query to find Targets
– Uses open-isns and target-isns packages
72. 72
iSCSI: Advanced Topics (cont)
● What is tcmu-runner?
– TCM is another name for LIO
– tcm-user is another back end
– tcm-runner runs plugs in userspace
● Let’s look at the LIO/TCM Linux Target Architecture
– But just a tease ...
74. 74
iSCSI: That’s It!
● iSCSI is easy to set up on Linux
● Don’t be afraid of the command line
● You can roll your own SAN!
75. 75
iSCSI: For More Information
● https://www.open-iscsi.com
● https://github.com/open-iscsi/targetcli-fb
● https://github.com/open-iscsi/open-isns
● https://github.com/open-iscsi/target-isns
● https://github.com/open-iscsi/tcmu-runner
● https://build.opensuse.org – Open Build Service
● https://www.slideshare.net/LeeDuncan16/using-iscsi-lfnw
76. Join Us at www.opensuse.org
76
● Contact:
lduncan@suse.com
77. License
This slide deck is licensed under the Creative Commons Attribution-ShareAlike 4.0 International
license.
It can be shared and adapted for any purpose (even commercially) as long as Attribution is given and
any derivative work is distributed under the same license.
Details can be found at https://creativecommons.org/licenses/by-sa/4.0/
General Disclaimer
This document is not to be construed as a promise by any participating organisation to develop,
deliver, or market a product. It is not a commitment to deliver any material, code, or functionality, and
should not be relied upon in making purchasing decisions. openSUSE makes no representations or
warranties with respect to the contents of this document, and specifically disclaims any express or
implied warranties of merchantability or fitness for any particular purpose. The development, release,
and timing of features or functionality described for openSUSE products remains at the sole discretion
of openSUSE. Further, openSUSE reserves the right to revise this document and to make changes to
its content, at any time, without obligation to notify any person or entity of such revisions or changes.
All openSUSE marks referenced in this presentation are trademarks or registered trademarks of
SUSE LLC, in the United States and other countries. All third-party trademarks are the property of
their respective owners.
Credits
Template
Richard Brown
rbrown@opensuse.org
Design & Inspiration
openSUSE Design Team
http://opensuse.github.io/branding-guidelines/
77