SANs on a budget: iSCSI under Ubuntu

Posted:

«iSCSI has become the storage connectivity of choice for small business, with applications such as VMware VI3, Exchange, and MS SQL certified on it. It runs on standard Ethernet networks.»

Green Pages

iSCSI is a network protocol that allows remote disks to appear as local devices to computer. At a very high level, this schema falls under the rubric of Storage Area Network. The difference between iSCSI and NAS protocols that deliver file systems like NFS or Samba, is that that the shared iSCSI resources look like local devices to the system using them. This has some interesting consequences for diskless terminals and the like.

iSCSI is a client-server system. The server presents iSCSI targets (hard drives or files that pretend to be hard drives) clients that can use these resources. The clients are called initiators since they start the protocol. That is, servers with targets do not broadcast their services. iSCSI targets must be discovered by initiators.

When a client finds a desired target, it asks for authorization to use the resource via a login command. If that succeeds, a new SCSI devices appears on the client system that’s read for partitioning and provisioning. If the disk as already been initialized, then the resouce can be mounted like any other filesystem.

It turns out, configuring iSCSI on Ubuntu (and other linux distros) is pretty straight-forward. Let’s first set up a system that offers iSCSI targets. In this example, the target will be a file rather than a physical device.

Log into your Ubuntu machine. Become root (sudo su -) of you aren’t. Create a disk image (dd if=/dev/zero of=/iscsi.disk count=0 obs=1 seek=2G). In this case, a empty 2GB file is created at the root of the filesystem. Install the iscsitarget package (apt-get install iscsitarget). Define the new target in /etc/ietd.conf. Edit the file so that it looks something like:

Target iqn.2010-filer.network.local:iscsi.lun1
   Lun 0 Path=/iscsi.disk,Type=fileio

The name of the target is pretty arbitrary, but you must have a unique naming convention for resources across your network of iSCSI targets. For more on this, see the Wikipedia article cited above. Since this target is the first one list, it gets Lun 0. This is analogous to how the first disk in a SCSI chain is listed by hardware.

Now, we need to twiddle some permissions. By default, iSCSI targets are not published and allow no initiators. To enable targets to be discovered, edit /etc/default/iscsitarget and set the ENABLE flag to “true”. Now allow initiators to discover your targets by editing /etc/initiators.allow. Add a the following line to the bottom of the file ALL ALL.

Finally, we’re ready to start the target daemon. This is the process that initiators talk to. To start (or restart it), type /etc/init.d/iscsitarget restart.

Now we’re ready to configure the initiator. Simple install the following utilities: apt-get install open-iscsi open-iscsi-utils. Now, discover the targets. In this example, assume that the target machine is called filer.network.local.

iscsiadm -m discovery -t sendtargets -p filer.network.local

You should see a list of available targets offered by the filer. Select one (e.g. “iqn.2010-filer.network.local:iscsi.lun1”) and get authorized to use it:

iscsiadm -m node -p filer.network.local \
   --targetname "iqn.2010-filer.network.local:iscsi.lun1" --login

Please note that I merely split the line for display purposes. If all has gone well, you should be able to see the new device through fdisk: fdisk -l. You may see a new and empty device called /dev/sdb (if you already have one SCSI disk). This disk is ready for partitioning with fdisk, provisioning with mkfs and mounting on your root filesystem.

When you reboot, your iSCSI disks should be available without using the iscsiadm tool. The daemon processed that do this are controlled by the /etc/init.d/open-iscsi script.

What I presented here is fine for local, trusted networks. There is zero security in this configuration. There are all sorts of authentication schemes for targets and encryption options for the iSCSI traffic. Also, using a fake disk (i.e. a file) as a target will not give you very good performance on the host. I leave all of these enhancements as an exercise for the reader.

UPDATE: Here a link to the Microsoft iSCSI initiator for Windows XP and above.