There are two widely used network file systems for virtual machines: iSCSI and NFS. As far as which is better you will find various flame wars throughout the web akin to Ford vs. Chevy. For small environments like ours they server the same purpose. One can make the argument that some network switches are optimized for iSCSI traffic, but in my experience their performance is similar. There some underlying file locking and read/write differences at the block level between the two file systems, but we will dive into those later. This page will walk through how to create an ISCSI target and assign it to an LVM disk image so that a hypervisor can mount it and start using it as a block device. As with all my home lab configs, I keep SELinux disabled (which is scorned by purists, but it is a complication in small environments — mainly because I have not taken the time to learn its intricacies — yet :)).
Start by installing the scsi-target-utils package.
# yum install scsi-target-utils
Make sure that port 3260 is open for incoming connections. This can be done by manually modifying iptables, or running system-config-firewall. Make sure to restart iptables after the change.
Start the scsi target tools and make sure that they start on boot.
# service tgtd start # chkconfig tgtd on
Three baby steps to walking
1. Create a new target device
# tgtadm -lld iscsi --mode target --op new --tid=1 --targetname iqn.2013-05.lab.home:storage.punisher
2. Assign to a logical unit (you can assign to a disk partition, a whole disk, an LVM logical volume, or a file). In our case, we will assign to an LVM logical partition, and it will be to LUN (logical unit number) #1.
# tgtadm --lld iscsi --mode logicalunit --op new --tid 1 --lun 1 -b /dev/vg_iscsi_share/punisher
3. Assign password or subnet permissions
# tgtadm --lld iscsi --mode target --op bind --tid 1 -I 10.0.0.0/24 ### permit anyone on the 10.0.0.0/24 subnet to connect freely # tgtadm --lld iscsi --mode account --op new --user ''iscsipunisher'' --password ''punisher4san'' ### permit specific CHAP requirements # tgtadm --lld iscsi --mode account --op bind --tid 1 --user ''iscsipunisher'' ### assign iscsipunisher account to target ID #1
Once the above is activated, the iSCSI initiator should be able to connect to the target. This will create the following table in the /etc/tgt/targets.conf file:
target iqn.2013-05.lab.home:storage.punisher backing-store /dev/vg_iscsi_share/punisher initiator-address 10.0.0.0/24 /target
The steps to actually connect to the target will be listed in the steps of firing up the Punisher virtual machine.
View the Output
To view what targets are presently active at any time, run the command tgtadm –mode target –op show, which in my case returns:
[root@Phoenix ~]# tgtadm --mode target --op show Target 1: iqn.2013-05.lab.home:storage.punisher System information: Driver: iscsi State: ready I_T nexus information: I_T nexus: 3 Initiator: iqn.1998-01.com.vmware:localhost-62d21772 Connection: 0 IP Address: 10.0.0.5 LUN information: LUN: 0 Type: controller SCSI ID: IET 00010000 SCSI SN: beaf10 Size: 0 MB, Block size: 1 Online: Yes Removable media: No Prevent removal: No Readonly: No Backing store type: null Backing store path: None Backing store flags: LUN: 1 Type: disk SCSI ID: IET 00010001 SCSI SN: beaf11 Size: 85899 MB, Block size: 512 Online: Yes Removable media: No Prevent removal: No Readonly: No Backing store type: rdwr Backing store path: /dev/vg_iscsi_share/punisher Backing store flags: Account information: ACL information: 10.0.0.0/24