Pre-configuring SAN

This article discusses an example of configuring iSCSI on a SAN for external storage and cluster nodes running on AlmaLinux 8. For other operating systems the configuration procedure may be different.

The order of SAN configuration before creating a network LVM storage:

Configure the external storage as an iSCSI target.
Configure the VMmanager cluster nodes as initiators (iSCSI initiator).
Install the LVM2 software on the cluster nodes.

Key terms

initiator (iSCSI initiator) – the client device that sends the connection request to the target. In this example, VMmanager cluster nodes act as initiators;
target (iSCSI target) – a program or device that emulates a disk and handles initiator connection requests. The target can be logically divided into LUNs;
LUN (Logical Unit Number) – a part of the target, the address of the storage device. An equivalent of a disk partition or a separate logical volume;
TPG (Target Portal Group) – a group of targets united by a common functional feature. As a rule, targets on the same device are combined into one TPG;
IQN (iSCSI Qualified Name) – the unique identifier of the initiator or target;
ACL (Access Control List) — this list specifies which initiators can connect to the target and their authentication data.

External storage configuration

Connect to the server via SSH with a superuser account and perform the following steps:

ake sure that you are using the latest version of the software packages:
AlmaLinux
```
dnf update
```
Astra Linux
```
apt update
```
Install the target management shell:
AlmaLinux
```
dnf -y install targetcli
```
Astra Linux
```
apt -y install targetcli-fb
```
Check the amount of free space on the disk:
```
df -hT
```
We recommend that you use a separate partition or a physical disk to create a target.
Create a directory for the target. For example, /var/targetdisk01:
```
mkdir /var/targetdisk01
```
Launch the targetcli console:
```
targetcli
```
Create a file for the target:
```
cd /backstores/fileio
```
```
create <target name> <path> <size> 
```
Comments to the command

<target name> — name of the target. For example, targetdisk1.
<path> — path to the target file. For example, /var/targetdisk01/targetdisk1.img.
<size> — file size; For example, 5G is for a 5GB file.
Set the IQN for the target:
```
cd /iscsi
```
```
create iqn.<year>-<month>.<reverse domain>:<name> 
```
Comments to the command

<year> — current year
<month> — current month
<reverse domain> — reverse domain name. For example, for the domain example.com, specify com.example
<name> — discretionary name

The response will contain the number of the created TPG.
Create a LUN:
```
cd <iqn>/<tpg>/luns
```
Comments to the command

<iqn> — target IQN. For example, iqn.2020-02.com.example:MyTarget1
<tpg> — portal group name. For example, tpg1
```
create /backstores/fileio/<target name>
```
Comments to the command
<target name> — target name set in item 6
The response will contain the number of the created LUN.
Configure ACL for the target:
1. Set the initiator's IQN:
```
cd /iscsi/<iqn>/<tpg>/acls
```
  Comments to the command
  
  <iqn> — target IQN. For example, iqn.2020-02.com.example:MyTarget1
  <tpg> — portal group name. For example, tpg1
```
create iqn.<year>-<month>.<reverse domain>:<initiator name> 
```
  Comments to the command
  
  <year> — current year
  <month> — current month
  <reverse domain> — reverse domain name. For example, for the domain example.com, specify com.example
  <initiator name> — initiator name
2. For each initiator, set the user id and the initiator password:
```
cd iqn.<year>-<month>.<reverse domain>:<initiator name> 
```
```
set auth userid=<id>
```
```
set auth password=<pass>
```
  Comments to commands
  
  <year> — current year
  <reverse domain> — reverse domain name. For example, for the domain example.com, specify com.example
  <initiator name> — initiator name
  <id> — initiator user id. For example, initiator1.
  <pass> — initiator password
3. Go to the portal group directory:
```
cd /iscsi/<iqn>/<tpg>
```
  Comments to the command
  
  <iqn> — target IQN. For example, iqn.2020-02.com.example:MyTarget1
  <tpg> — portal group name. For example, tpg1
4. Enable authorization for the initiator:
```
set attribute authentication=1
```

Make sure that all settings have been successfully created:

ls /iscsi/

An example of the command output

o- iscsi .......................................................... [Targets: 1]
  o- iqn.2020-03.com.example:mytarget1 ............................... [TPGs: 1]
    o- tpg1 ............................................. [no-gen-acls, no-auth]
      o- acls ........................................................ [ACLs: 1]
      | o- iqn.2020-03.com.domain>:initiator1 ................. [Mapped LUNs: 1]
      |   o- mapped_lun0 ........................ [lun0 fileio/targetdisk1 (rw)]
      o- luns ........................................................ [LUNs: 1]
      | o- lun0  [fileio/targetdisk1 (/var/targetdisk01/targetdisk1.img) (default_tg_pt_gp)]
      o- portals .................................................. [Portals: 1]
        o- 0.0.0.0:3260 ................................................... [OK]

To save the settings, exit the targetcli console:
```
exit
```
Add the target service to the autorun:
```
systemctl enable target
```
If you are using firewalld, set the necessary permissions and restart the service:
```
firewall-cmd --add-service=iscsi-target --permanent
```
```
firewall-cmd --reload
```

Configuration of cluster nodes

Connect to the cluster nodes via SSH with a superuser account and perform the following steps:

Install the required software:

AlmaLinux

dnf -y install iscsi-initiator-utils

Astra Linux

apt install -y open-iscsi

Specify the previously created initiator IQN in the InitiatorName parameter of /etc/iscsi/initiatorname.iscsi file:
```
InitiatorName=iqn.<year>-<month>.<reverse domain>:<initiator name>
```
Comments

<year> — current year
<month> — current month
<reverse domain> — reverse domain name. For example, for the domain example.com, specify com.example
<initiator name> — initiator name
Edit the /etc/iscsi/iscsid.conf file:
1. Uncomment the strings:
```
node.session.auth.authmethod = CHAP
```
2. Uncomment the node.session.auth.username, node.session.auth.password parameters. Specify the user id and password set in the ACL settings for the target:
```
node.session.auth.username = <id>
node.session.auth.password = <pass>
```
  Comments
  
  <id> — initiator user id
  <pass> — initiator password
Check access to the target:
```
iscsiadm -m discovery -t sendtargets -p <target ip>
```
Comments to the command
<target ip> — IP address of the server with target
An example of a successful execution of command
```
192.0.2.123:3260,1
iqn.2020-02.example.com:MyTarget1
```
Connect to the target:
```
iscsiadm -m node --login
```
```
iscsiadm --mode node --target <target name> --portal <target ip> --logout
```
Comments to the command

<target name> — name of the target
<target ip> — IP address of the server with target
```
iscsiadm -m node --login
```
Make sure the target is connected as a block device:
```
lsblk
```
Обратите внимание!
To make the connection settings not depend on block device names, you can connect the target via UUID or WWID. See the official Red Hat documentation for details.

Installing the LVM2 software

For VMmanager to be able to connect network LVM storage to the cluster nodes, install the LVM2 software on all nodes:

AlmaLinux

dnf -y install lvm2

Astra Linux

apt install -y lvm2

When you add a storage to VMmanager, the platform will automatically make the necessary settings on the block device: it will create PV and VG.

If VMmanager detects a VG created by other software on the block device when adding storage, the storage will not be connected.

Useful tips