Monday, February 8, 2010

Setup OpenSolaris ISCSI server for Solaris and Linux Client

Setup ISCSI server in Opensolaris 2009.06 and configure Opensolaris/Centos 5.2 client to connect to ISCSI server

Simple ISCSI setup without access-list

####ISCSI Server
##enable iscsi service
svcadm enable iscsi/target iscsitgt

## Create zpool on whole disk ( XXp0 is whole disk convention for i86 arch, SPARC arch use XXs2)
zpool create data c8t1d0p0
##create volume on the zpool
zfs create -V 1G data/iscsi

##Create ISCSI target filera.dbvol, the name is arbitrary, it doesn't need to be volume name

[Server]$iscsitadm create target -b /dev/zvol/dsk/data/iscsi filera.dbvol

[Server]$iscsitadm list target -v
Target: filera.dbvol
iSCSI Name:
Connections: 0
ACL list:
TPGT list:
LUN information:
LUN: 0
Type: disk
Size: 1.0G
Backing store: /dev/zvol/dsk/data/iscsi
Status: online

Command "zfs set shareiscsi=on data/iscsi " can also create target, but the target name wil be volume name

## if ISCSI server has multiple NICS, the target will be exposed on all NICS, following is to limit the target to the desired NIC
[Server]$iscsitadm create tpgt 1
[Server]$iscsitadm modify tpgt -i 1
[Server]$iscsitadm modify target -p 1 filera.dbvol

####Client: Solaris
Client-Solaris]$svcadm enable iscsi_initiator
[Client-Solaris]$iscsiadm list initiator-node
Initiator node name:
##Change the long name to a short friendly name
[Client-Solaris]$iscsiadm modify initiator-node -N
#add the server address to discover
[Client-Solaris]$iscsiadm modify discovery -t enable
[Client-Solaris]$iscsiadm add discovery-address
[Client-Solaris]$iscsiadm list target -v
#check new disk discovered
[Client-Solaris]$echo format

####Client: Linux
##assign a friendy name to client
[Client-Linux]$ cat /etc/iscsi/initiatorname.iscsi
[Client-Linux]$service iscsi start
[Client-Linux]$iscsiadm --mode discovery --type sendtargets --portal
##login to ISCSI discovered in previous step
[Client-Linux]$iscsiadm -m node --targetname " " --portal "" --login
##Check the new discovered disk
[Client-Linux]$fidsk -l

ISCSI access list and CHAP authentication

Access list is a must for security reason, it is just like LUN mapping in SAN. If you need additional security, add chap-name and chap-secret, Access list alone works fine without chap initialized

##On Server, Set up CHAP information for Linux client

##Create mapping of initiator ISCSI name to an arbitrary name

[Server]$iscsitadm create initiator --iqn   centos01
[Server]$iscsitadm modify initiator --chap-name user_centos01 centos01
[Server]$iscsitadm modify initiator --chap-secret centos01
[Server]$iscsitadm modify target --acl centos1 filera.dbvol

##On Server, Set up CHAP information for Solaris client

[Server]$iscsitadm create initiator --iqn   opensolaris01
[Server]$iscsitadm modify initiator --chap-name user_opensolaris01 opensolaris01
[Server]$iscsitadm modify initiator --chap-secret opensolaris01
[Server]$iscsitadm modify target --acl opensolaris01 filera.dbvol

##On Linux Client, use the CHAP info to login

[Client-Linux]$iscsiadm -m node --targetname "" --portal "" --op=update --name node.session.auth.authmethod --value=CHAP
[Client-Linux]$iscsiadm -m node --targetname "" --portal "" --op=update --name node.session.auth.username --value=user_centos01
[Client-Linux]$iscsiadm -m node --targetname "" --portal "" --op=update --name node.session.auth.password --value=Password0Password0
[Client-Linux]$iscsiadm -m node --targetname "" --portal "" --login

##On Solaris Client, use the CHAP info to login

[Client-Solaris]$ iscsiadm modify initiator-node --authentication CHAP
[Client-Solaris]$ iscsiadm modify initiator-node --CHAP-name user_opensolaris01
[Client-Solaris]$ iscsiadm modify initiator-node --CHAP-secret
Enter secret :
Re - enter secret :

No comments:

Post a Comment