Connecting Disks¶
Glossary¶
iSCSI portal - a server that provides access to the storage system via the iSCSI protocol and is identified by name or IP address. Each storage type uses own group of iSCSI portals.
IQN - is an identifier format used to identify both iSCSI Target
(aka storage server) and iSCSI Initiator
(aka client)
iqn.<year-4-digits>-<month-2-digits>.<domain-name-in-reverse-order>:<optional-identifier>
IQN examples
An example of valid identifiers:
iqn.2003-01.com.ibm:00.fcd0ab21.shark128
iqn.2020-01.io.icdc.LOC:iscsi-ssd
iSCSI target - logical point of connection of the portal.
Target IQN
Target IQN depends on location name (LOC
) and storage type provided in location, e.g. for nvme
storage type it looks like:
iqn.2020-01.io.icdc.LOC:iscsi-ssd
iSCSI client or iSCSI initiator - is a client machine, each identified by the unique client ID in the same format as the iSCSI target.
Many operating systems generate iSCSI IDs themselves during installation.
For example, CentOS and RedHat generate an identifier in the format iqn.1994-05.com.redhat:fbb1b3344d99
, where the last 12 digits are the MAC address of the network interface. When configuring the client, you can use the generated identifier, you can create your own. For an iSCSI client to connect to an iSCSI target, it must be registered with the iSCSI target with a list of disks that it can use.
The same client can be simultaneously connected to one or several targets of the same or different portals. The same iSCSI disk can be connected to multiple clients. The client software is responsible for the integrity of the data.
Connecting iSCSI drives on Windows 10¶
-
Launch the iSCSI initiator program:
Start
->Search
->iSCSI Initiator
-
When connecting a disk for the first time, the following dialog will appear:
Click
Yes
. -
When the program window opens, select the
Configuration
tab, and selectChange
to configure the client ID. In the dialog box that opens, enter the name of the client added to the iSCSI Storage UI.Or you can go the opposite way: first, open the iSCSI Initiator, find out the default machine ID, and then add a client with that name to the UI.
-
Select the
Discovery
tab: -
Select
Discover portal
. -
In the dialog that opens, enter the hostname or IP address of the portal corresponding to selected storage type. and click
OK
:Target IQN
For Storage V1: portal IPs in the iSCSI Storage UI above the
Disks
andClients
tabs next to the quotas.
For Storage V2: portal IPs are displayed inQuotas
section.
If there no portal IP in Storage UI, use predefined target IQN (replaceLOC
with current location name):
iqn.2020-01.io.icdc.LOC:iscsi-ssd
-
Make sure the portal was added successfully:
-
Go to the
Targets
tab, select a single target from the list, and selectConnect
: -
In the appeared dialog, select
Advanced
: -
In the
Advanced
window enableEnable CHAP on log on
, enter the username and password, clickOK
and thenOK
in theConnect to Target
window: -
Make sure, that the target is in the
Connected
state: -
You can view the connected drives by selecting
Devices
: -
Further, you can work with the disk as with another regular hard disk. Go to
Control Panel
->Administrative tools
->Computer Management
->Storage
->Disk Management
, and initialize the disk, partition, format, etc.
Connecting via command line on Windows¶
There is quick commands which allows to connect disk on Windows system via command line util iscsicli
. Add target, e.g. for ssd
storage type:
Login using iSCSI client's username and password (CHAP authorization):
Multi-Path support¶
Multi-Path technology is the creation of more than one connection between the client and the server for the smooth operation of the service when a problem occurs with one of the connections. If more than one iSCSI portal is configured in the iSCSI Storage service, then the service can operate using multi-path technology, establishing connections to all ports.
Multipath technology can operate in several modes. The only supported mode in iSCSI Storage is the Fail Over
mode, in which only one connection works constantly, and the second is enabled only when the first is disabled.
Info
Multi-path connection is possible on the Windows platform starting from Windows-2016 and on the Linux platform.
Connecting iSCSI disks with Multi-Path support on Windows-2016¶
- Using the ServerManager application, install the
Multipath I/O
component. -
Enable multi-path support for iSCSI devices:
OpenControl Panel
->MPIO
, then proceed toDiscover Multi-Paths
, selectAdd support for iSCSI devices
, pressAdd
, and restart the system. -
After restarting, set the
Fail Over
mode for all connected devices.
Then openCommand Prompt
and run commandmpclaim -l -m 1
.
Make sure that the Fail Over mode is activated using the commandmpclaim-s -m
: -
Follow the instructions for connecting ISCSI disks on Windows 10, except in the
Connect to Target
dialog, before clickingOK
, check toEnable multi-path
:
Connecting iSCSI disks on Linux (CentOS 7)¶
iSCSI client is configured with multipath support, for failover in case one of the iSCSI servers crashes.
-
Install packages:
-
Next:
-
Add file
/etc/multipath.conf.d/storage.conf
which configures multipath for iSCSI devices provided by Storage service: -
Next:
-
Get client's IQN from:
-
Set in
/etc/iscsi/iscsi.conf
parametersnode.session.auth.authmethod, node.session.auth.username, node.session.auth.password
for CHAP authorization:/etc/iscsci/iscsci.conf# To enable CHAP authentication set node.session.auth.authmethod # to CHAP. The default is None. node.session.auth.authmethod = CHAP # To set a CHAP username and password for initiator # authentication by the target(s), uncomment the following lines: node.session.auth.username = username node.session.auth.password = password123
-
Start a search for targets, specifying the address of any of the configured iSCSI servers:
-
Connect:
Terminal$ iscsiadm -m node -T iqn.2020-01.io.icdc.LOC:iscsi-ssd -l Logging in to [iface: default, target: iqn.2020-01.io.icdc.LOC:iscsi-ssd, portal: 198.18.0.2,3260] (multiple) Logging in to [iface: default, target: iqn.2020-01.io.icdc.LOC:iscsi-ssd, portal: 198.18.0.3,3260] (multiple) Login to [iface: default, target: iqn.2020-01.io.icdc.LOC:iscsi-ssd, portal: 198.18.0.2,3260] successful. Login to [iface: default, target: iqn.2020-01.io.icdc.LOC:iscsi-ssd, portal: 198.18.0.3,3260] successful.
-
Check multipath:
Terminal$ multipath -ll 36001405c05ae6fc87834550abf4fb426 dm-6 LIO-ORG ,TCMU device size=1.0G features='1 queue_if_no_path' hwhandler='1 alua' wp=rw |-+- policy='queue-length 0' prio=50 status=active | `- 5:0:0:0 sda 8:0 active ready running `-+- policy='queue-length 0' prio=10 status=enabled `- 4:0:0:0 sdb 8:16 active ready running
-
Work with
/dev/mapper/36001405c05ae6fc87834550abf4fb426
as with a regular disk:Terminal$ fdisk -l /dev/mapper/36001405c05ae6fc87834550abf4fb426 Disk /dev/mapper/36001405c05ae6fc87834550abf4fb426: 1073 MiB, 1073741824 bytes, 2097152 sectors Units = sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 4194304 bytes $ mkfs -t ext4 /dev/mapper/36001405c05ae6fc87834550abf4fb426 ...
If the file system located on the iSCSI disk will be added to /etc/fstab, then do not forget to specify _netdev
in the mount options.
Info
For connecting iSCSI drives to other operating systems, see the official documentation for the respective operating system.
Connect disk outside of VPC networks¶
In some cases (such as data migration) it may be required to connect an iSCSI block device to the host placed outside account's VPC. Connection options are VPN Gateway
or DirectConnect
.
Note
This should be considered only as a temporary setup as such connections can have poor performance because of network delays. Also this configuration can be disabled in a specific VPC. If the following configuration did not.
If host is connected via VPN Gateway
then make sure that one of the routing options to iSCSI Gateway
is configured:
- Direct routing
- NAT mapping
VPN direct routing to iSCSI Gateway¶
-
Add VPC's special
VirtualService
subnet (198.18.0.0/26
by default) into Wireguard client config to list of allowed IP subnets: -
Reconnect VPN and try accessing
iSCSI Gateway
by direct IP from the host:
VPN NAT mapping to iSCSI Gateway¶
- Configure a NAT subnet that does not exist on the connecting host or in the account's VPC.
- Add NAT IP record for
iSCSI Gateway
(198.18.0.2
by default) to theVPN Gateway
. -
Use NAT IP (e.g.
10.0.0.2
) to validate the connection toiSVSI Gateway
:
Connecting via DirectConnect¶
Connection via DirectConnect requires deploying of NAT Gateway
instance, currently deploye upon request to Operator Team
.
Use NAT Gateway
IP address as iSCSI Portal.
Unfortunately, iSCSI discovering returns original portal IP address from 198.18.0.0/16 subnet, which may not be accessible via DirectConnect connection.
Warning
The recommended method on Windows is to add iSCSI target directly via iscsicli QAddTarget
.
Do not use adding via iSCSI Initiator
UI, as it discovers wrong IP addresses.