Iscsi with ZFS on Solaris 10

Setting up ISCSI on Solaris 10 with ZFS

In the iscsi – world the iicsi – Server is the TARGET and the client is the INITIATOR.

Initiator = marconi22, 192.168.1.22
Target = marconi-t, 192.168.1.100
0. create the zfs (raw) volume
# mkfile 200m /file1
# zpool create mypool1 /file1

Now create a (raw) emulated Volume:
# zfs create -V 100m mypool1/testvolume

1. Enable the iscsi – Target (=server)
# svcadm enable svc:/system/iscsitgt:default

# ps -ef|grep isc
root 3017 1 0 22:08:10 ? 0:00 /usr/sbin/iscsitgtd

Note: the default port number is 3260.

# zfs set shareiscsi=on mypool1/testvolume

Check:
# zfs get shareiscsi mypool1/testvolume

NOTE: only supported from a Global Zone

Check the iscsi – parameters:
# iscsitadm list target -v
Target: mypool1/testvolume iSCSI Name: iqn.1986-03.com.sun:02:d2478b8e-0da5-ceaa-f93b-c141fb31ec0c Alias: mypool1/testvolume

2. Setup the Initiator (=Client)
# svcadm enable svc:/network/iscsi_initiator:default
Note:
root 3073 1 0 22:18:46 ? 0:00 /lib/svc/method/iscsid

# iscsiadm modify initiator-node -A marconi22
(here the hostname is the client’s own hostname, do not use IP)
(if necessary change the order..)

# iscsiadm list initiator-node

# iscsiadm add discovery-address 192.168.1.100
This IS is the IP of the server.
Now check the target – connection:

First check to see whether the server is visible:
# iscsiadm list discovery-address -v 192.168.1.100

(If necessary remove the address:
# iscsiadm remove discovery-address 192.168.1.100)

Enable the discovery
# iscsiadm modify discovery -t enable
Check with:

# iscsiadm list discovery
Discovery: Static: disabled Send Targets: enabled iSNS: disabled

# iscsiadm list target
This should show some iscsi – device

This should show you the target’s zfs – iscsi Volume(s).

Recognize the new iscsi – devices..
# devfsadm -c iscsi

3. Using the iscsi – devices
# format..
AVAILABLE DISK SELECTIONS: 0. c1d0 /pci@0,0/pci-ide@7/ide@0/cmdk@0,0 1. c2d0 /pci@0,0/pci-ide@7/ide@1/cmdk@0,0 2. c3t010000E0815EA33B00002A0049469A6Ed0 /scsi_vhci/disk@g010000e0815ea33b00002a0049469a6e

# zpool create mypool-iscsi 3t010000E0815EA33B00002A0049469A6Ed0

4. Optional: configure iscsi with CHAP authentication on the target (=Server)

Here we configure UNI-directional CHAP authentication where the target will authtenticate the initiator.
On the target (=server):
First find out the iscsi – name of the initiator:

# iscsitadm list target -v
[…]
Initiator: iSCSI Name: iqn.1986-03.com.sun:01:fa1808f0ffff.494304ff Alias: marconi21

Note the iSCSI Name here, which we will use to create alias marconi22:
# iscsitadm create initiator -n iqn.1986-03.com.sun:02:d2478b8e-0da5-ceaa-f93b-c141fb31ec0c marconi22

And check:
# iscsitadm list initiator
Initiator: marconi22
iSCSI Name: iqn.1986-03.com.sun:02:d2478b8e-0da5-ceaa-f93b-c141fb31ec0c
CHAP Name: Not set

Now set the initiator – chap name “chapname” that will be used by the initiator “marconi22” to authenticate to the target:
# iscsitadm modify initiator -H chapname123 marconi22

And check:
# iscsitadm list initiator
Initiator: marconi22 iSCSI Name: iqn.1986-03.com.sun:02:d2478b8e-0da5-ceaa-f93b-c141fb31ec0c
CHAP Name: chapname123

And set the password used for CHAP by initiator marconi22:
# iscsitadm modify initiator -C marconi22
Enter secret: xxxxxxxxxxxx
Re-enter secret: xxxxxxxxxxxx

Note: the minimum password length is 12 characters..

5. Configure iscsi with CHAP authentication on the initiator (=client)
On the Initiator: (=client)
# iscsiadm modify initiator-node -H chapname123

And set the password for “chapname123”:
# iscsiadm modify initiator-node -C
Enter secret: xxxxxxxxxxxx
Re-enter secret: xxxxxxxxxxxx

And enable CHAP as the authentication method:
# iscsiadm modify initiator-node -a CHAP

Check:
# iscsiadm list initiator-node Initiator node name: iqn.1986-03.com.sun:01:fa1808f0ffff.49428646 Initiator node alias: marconi22 Login Parameters (Default/Configured): Header Digest: NONE/- Data Digest: NONE/-
Authentication Type: CHAP
CHAP Name: chapname123
RADIUS Server: NONE RADIUS access: unknown Configured Sessions: 1

Test: export your previously created zpool and import it again.

In order to prove that chap – authentication really works: set the password to an incorrect value on the initiator with # iscsiadm modify initiator-node -C

Then, restart the svc:/system/iscsitgt:default – service on the initiator, and try to import the pool again on the initiator. It should fail.

This entry was posted in Solaris / linux, Technical. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *