こんにちは、キクです。
本記事は、僕が自己学習で学んだことをブログでアウトプットするシリーズになります。
今回は『iSCSI基本操作』について書いていこうと思います。
というのも、今回扱うtargetcliコマンドやiscsiadmコマンドなどは最近になって業務内で触れる機会が増えました。
しかし、正直なところ内部的にどのような設定や処理が行われているのかをちゃんと学んだことがなかったというのが学習の背景になります。
それでは、よろしくお願いします。
構成概要
Initiator側操作
1. iscsi-initiator-utilsインストール
[root@Initiator-ServerX ~]# yum install iscsi-initiator-utils
2. iSCSIイニシエータとして必要なサービスの起動設定
《 iscsid 》
[root@Initiator-ServerX ~]# systemctl status iscsid.service
● iscsid.service - Open-iSCSI
Loaded: loaded (/usr/lib/systemd/system/iscsid.service; disabled; vendor preset: disabled)
Active: inactive (dead)
Docs: man:iscsid(8)
man:iscsiuio(8)
man:iscsiadm(8)
[root@Initiator-ServerX ~]# systemctl enable iscsid.service
Created symlink from /etc/systemd/system/multi-user.target.wants/iscsid.service to /usr/lib/systemd/system/iscsid.service.
[root@Initiator-ServerX ~]# systemctl start iscsid.service
[root@Initiator-ServerX ~]# systemctl status iscsid.service
● iscsid.service - Open-iSCSI
Loaded: loaded (/usr/lib/systemd/system/iscsid.service; enabled; vendor preset: disabled)
Active: active (running) since 月 2024-06-24 14:39:47 JST; 20s ago
Docs: man:iscsid(8)
man:iscsiuio(8)
man:iscsiadm(8)
Main PID: 43781 (iscsid)
Status: "Ready to process requests"
CGroup: /system.slice/iscsid.service
mq43781 /sbin/iscsid -f
6月 24 14:39:47 Initiator-ServerX systemd[1]: Starting Open-iSCSI...
6月 24 14:39:47 Initiator-ServerX systemd[1]: Started Open-iSCSI.
《 iscsi 》
[root@Initiator-ServerX ~]# systemctl status iscsi
● iscsi.service - Login and scanning of iSCSI devices
Loaded: loaded (/usr/lib/systemd/system/iscsi.service; enabled; vendor preset: disabled)
Active: inactive (dead)
Docs: man:iscsiadm(8)
man:iscsid(8)
最初から「enable」なので不要
また、参考手順にも含まれていないように現段階で「start」しようとしたら以下の状態で失敗となったので、不要と思われる
[root@Initiator-ServerX ~]# systemctl status iscsi
● iscsi.service - Login and scanning of iSCSI devices
Loaded: loaded (/usr/lib/systemd/system/iscsi.service; enabled; vendor preset: disabled)
Active: inactive (dead)
Condition: start condition failed at 月 2024-06-24 14:43:36 JST; 2s ago
ConditionDirectoryNotEmpty=/var/lib/iscsi/nodes was not met
Docs: man:iscsiadm(8)
man:iscsid(8)
3. ACL設定で使用するIQN確認
[root@Initiator-Server1 ~]# cat /etc/iscsi/initiatorname.iscsi
InitiatorName=iqn.1994-05.com.redhat:6ae8b5db70cd
[root@Initiator-Server2 ~]# cat /etc/iscsi/initiatorname.iscsi
InitiatorName=iqn.1994-05.com.redhat:62e042697378
Target側操作
1. targetcliインストール
[root@Target-Server ~]# yum update
[root@Target-Server ~]# yum install targetcli
2. 初期状態の確認
[root@Target-Server ~]# targetcli ls
Warning: Could not load preferences file /root/.targetcli/prefs.bin.
o- / ......................................................................................................................... [...]
o- backstores .............................................................................................................. [...]
| o- block .................................................................................................. [Storage Objects: 0]
| o- fileio ................................................................................................. [Storage Objects: 0]
| o- pscsi .................................................................................................. [Storage Objects: 0]
| o- ramdisk ................................................................................................ [Storage Objects: 0]
o- iscsi ............................................................................................................ [Targets: 0]
o- loopback ......................................................................................................... [Targets: 0]
3. デバイス確認
/dev/sdbと/dev/sdcをiSCSIデバイスとして提供する想定
[root@Target-Server ~]# fdisk -l
Disk /dev/sdb: 2147 MB, 2147483648 bytes, 4194304 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O サイズ (最小 / 推奨): 512 バイト / 512 バイト
Disk /dev/sdc: 2147 MB, 2147483648 bytes, 4194304 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O サイズ (最小 / 推奨): 512 バイト / 512 バイト
Disk /dev/sda: 21.5 GB, 21474836480 bytes, 41943040 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O サイズ (最小 / 推奨): 512 バイト / 512 バイト
Disk label type: dos
ディスク識別子: 0x000544e1
デバイス ブート 始点 終点 ブロック Id システム
/dev/sda1 * 2048 2099199 1048576 83 Linux
/dev/sda2 2099200 41943039 19921920 8e Linux LVM
Disk /dev/mapper/centos-root: 18.2 GB, 18249416704 bytes, 35643392 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O サイズ (最小 / 推奨): 512 バイト / 512 バイト
Disk /dev/mapper/centos-swap: 2147 MB, 2147483648 bytes, 4194304 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O サイズ (最小 / 推奨): 512 バイト / 512 バイト
4. backstore定義
targetcliコマンドで/backstoresディレクトリに移動してbackstoreの定義作業を行う
引数なしでtargetcliコマンドを実行するとプロンプトが「/>」に変更される
[root@Target-Server ~]# targetcli
targetcli shell version 2.1.53
Copyright 2011-2013 by Datera, Inc and others.
For help on commands, type 'help'.
/>
/> cd /backstores/block
/backstores/block>
《 /dev/sdb 》
/backstores/block> create name=test_iscsi_sdb dev=/dev/sdb
Created block storage object test_iscsi_sdb using /dev/sdb.
/backstores/block>
/backstores/block> ls
o- block ...................................................................................................... [Storage Objects: 1]
o- test_iscsi_sdb ..................................................................... [/dev/sdb (2.0GiB) write-thru deactivated]
o- alua ....................................................................................................... [ALUA Groups: 1]
o- default_tg_pt_gp ........................................................................... [ALUA state: Active/optimized]
《 /dev/sdc 》
/backstores/block> create name=test_iscsi_sdc dev=/dev/sdc
Created block storage object test_iscsi_sdc using /dev/sdc.
/backstores/block>
/backstores/block> ls
o- block ...................................................................................................... [Storage Objects: 2]
o- test_iscsi_sdb ..................................................................... [/dev/sdb (2.0GiB) write-thru deactivated]
| o- alua ....................................................................................................... [ALUA Groups: 1]
| o- default_tg_pt_gp ........................................................................... [ALUA state: Active/optimized]
o- test_iscsi_sdc ..................................................................... [/dev/sdc (2.0GiB) write-thru deactivated]
o- alua ....................................................................................................... [ALUA Groups: 1]
o- default_tg_pt_gp ........................................................................... [ALUA state: Active/optimized]
5. ターゲット情報の作成
/backstores/block> cd /iscsi
/iscsi>
/iscsi> ls
o- iscsi .............................................................................................................. [Targets: 0]
/iscsi>
《 /dev/sdb 》
/iscsi> create iqn.2024-06.local.myhost:test-iscsi-sdb-target
Created target iqn.2024-06.local.myhost:test-iscsi-sdb-target.
Created TPG 1.
Global pref auto_add_default_portal=true
Created default portal listening on all IPs (0.0.0.0), port 3260.
/iscsi> ls
o- iscsi .............................................................................................................. [Targets: 1]
o- iqn.2024-06.local.myhost:test-iscsi-sdc-target ...................................................................... [TPGs: 1]
o- tpg1 ................................................................................................. [no-gen-acls, no-auth]
o- acls ............................................................................................................ [ACLs: 0]
o- luns ............................................................................................................ [LUNs: 0]
o- portals ...................................................................................................... [Portals: 1]
o- 0.0.0.0:3260 ....................................................................................................... [OK]
《 /dev/sdc 》
/iscsi> create iqn.2024-06.local.myhost:test-iscsi-sdc-target
Created target iqn.2024-06.local.myhost:test-iscsi-sdc-target.
Created TPG 1.
Global pref auto_add_default_portal=true
Created default portal listening on all IPs (0.0.0.0), port 3260.
/iscsi> ls
o- iscsi .............................................................................................................. [Targets: 2]
o- iqn.2024-06.local.myhost:test-iscsi-sdb-target ...................................................................... [TPGs: 1]
| o- tpg1 ................................................................................................. [no-gen-acls, no-auth]
| o- acls ............................................................................................................ [ACLs: 0]
| o- luns ............................................................................................................ [LUNs: 0]
| o- portals ...................................................................................................... [Portals: 1]
| o- 0.0.0.0:3260 ....................................................................................................... [OK]
o- iqn.2024-06.local.myhost:test-iscsi-sdc-target ...................................................................... [TPGs: 1]
o- tpg1 ................................................................................................. [no-gen-acls, no-auth]
o- acls ............................................................................................................ [ACLs: 0]
o- luns ............................................................................................................ [LUNs: 0]
o- portals ...................................................................................................... [Portals: 1]
o- 0.0.0.0:3260 ....................................................................................................... [OK]
6. backstoreとターゲットの紐付け
本作業を実施することでTarget-Server上の「/dev/sdb」および「/dev/sdc」をブロックデバイスとして提供できる状態になる
《 /dev/sdb》
/iscsi> cd iqn.2024-06.local.myhost:test-iscsi-sdb-target/tpg1/luns
/iscsi/iqn.20...get/tpg1/luns>
/iscsi/iqn.20...get/tpg1/luns> create /backstores/block/test_iscsi_sdb
Created LUN 0.
/iscsi/iqn.20...get/tpg1/luns>
/iscsi/iqn.20...get/tpg1/luns> ls
o- luns .................................................................................................................. [LUNs: 1]
o- lun0 ..................................................................... [block/test_iscsi_sdb (/dev/sdb) (default_tg_pt_gp)]
《 /dev/sdc 》
/iscsi/iqn.20...get/tpg1/luns> cd /iscsi/iqn.2024-06.local.myhost:test-iscsi-sdc-target/tpg1/luns
/iscsi/iqn.20...get/tpg1/luns>
/iscsi/iqn.20...get/tpg1/luns> create /backstores/block/test_iscsi_sdc
Created LUN 0.
/iscsi/iqn.20...get/tpg1/luns>
/iscsi/iqn.20...get/tpg1/luns> ls
o- luns .................................................................................................................. [LUNs: 1]
o- lun0 ..................................................................... [block/test_iscsi_sdc (/dev/sdc) (default_tg_pt_gp)]
/iscsi/iqn.20...get/tpg1/luns>
7. 現状確認
/> ls
o- / ......................................................................................................................... [...]
o- backstores .............................................................................................................. [...]
| o- block .................................................................................................. [Storage Objects: 2]
| | o- test_iscsi_sdb ................................................................... [/dev/sdb (2.0GiB) write-thru activated]
| | | o- alua ................................................................................................... [ALUA Groups: 1]
| | | o- default_tg_pt_gp ....................................................................... [ALUA state: Active/optimized]
| | o- test_iscsi_sdc ................................................................... [/dev/sdc (2.0GiB) write-thru activated]
| | o- alua ................................................................................................... [ALUA Groups: 1]
| | o- default_tg_pt_gp ....................................................................... [ALUA state: Active/optimized]
| o- fileio ................................................................................................. [Storage Objects: 0]
| o- pscsi .................................................................................................. [Storage Objects: 0]
| o- ramdisk ................................................................................................ [Storage Objects: 0]
o- iscsi ............................................................................................................ [Targets: 2]
| o- iqn.2024-06.local.myhost:test-iscsi-sdb-target .................................................................... [TPGs: 1]
| | o- tpg1 ............................................................................................... [no-gen-acls, no-auth]
| | o- acls .......................................................................................................... [ACLs: 0]
| | o- luns .......................................................................................................... [LUNs: 1]
| | | o- lun0 ............................................................. [block/test_iscsi_sdb (/dev/sdb) (default_tg_pt_gp)]
| | o- portals .................................................................................................... [Portals: 1]
| | o- 0.0.0.0:3260 ..................................................................................................... [OK]
| o- iqn.2024-06.local.myhost:test-iscsi-sdc-target .................................................................... [TPGs: 1]
| o- tpg1 ............................................................................................... [no-gen-acls, no-auth]
| o- acls .......................................................................................................... [ACLs: 0]
| o- luns .......................................................................................................... [LUNs: 1]
| | o- lun0 ............................................................. [block/test_iscsi_sdc (/dev/sdc) (default_tg_pt_gp)]
| o- portals .................................................................................................... [Portals: 1]
| o- 0.0.0.0:3260 ..................................................................................................... [OK]
o- loopback ......................................................................................................... [Targets: 0]
/>
8. ACL設定
想定としては以下のようにアクセス制御を行う。
- sdb:Initiator-Server1およびInitiator-Server2のどちらからも接続できる
- sdc:Initiator-Server1のみ接続できる
/> cd /iscsi/iqn.2024-06.local.myhost:test-iscsi-sdc-target/tpg1/acls
/iscsi/iqn.20...get/tpg1/acls>
/iscsi/iqn.20...get/tpg1/acls> create iqn.1994-05.com.redhat:6ae8b5db70cd
Created Node ACL for iqn.1994-05.com.redhat:6ae8b5db70cd
Created mapped LUN 0.
/iscsi/iqn.20...get/tpg1/acls> cd /iscsi/iqn.2024-06.local.myhost:test-iscsi-sdc-target/
/iscsi/iqn.20...si-sdc-target> ls
o- iqn.2024-06.local.myhost:test-iscsi-sdc-target ........................................................................ [TPGs: 1]
o- tpg1 ................................................................................................... [no-gen-acls, no-auth]
o- acls .............................................................................................................. [ACLs: 1]
| o- iqn.1994-05.com.redhat:6ae8b5db70cd ...................................................................... [Mapped LUNs: 1]
| o- mapped_lun0 ............................................................................ [lun0 block/test_iscsi_sdc (rw)]
o- luns .............................................................................................................. [LUNs: 1]
| o- lun0 ................................................................. [block/test_iscsi_sdc (/dev/sdc) (default_tg_pt_gp)]
o- portals ........................................................................................................ [Portals: 1]
o- 0.0.0.0:3260 ......................................................................................................... [OK]
9. 設定の保存
/iscsi/iqn.20...si-sdc-target> cd /
/>
/> saveconfig
Last 10 configs saved in /etc/target/backup/.
Configuration saved to /etc/target/saveconfig.json
/> exit
Global pref auto_save_on_exit=true
Last 10 configs saved in /etc/target/backup/.
Configuration saved to /etc/target/saveconfig.json
[root@Target-Server ~]#
10. ターゲット起動
[root@Target-Server ~]# systemctl status target.service
● target.service - Restore LIO kernel target configuration
Loaded: loaded (/usr/lib/systemd/system/target.service; disabled; vendor preset: disabled)
Active: inactive (dead)
[root@Target-Server ~]# systemctl enable target.service
Created symlink from /etc/systemd/system/multi-user.target.wants/target.service to /usr/lib/systemd/system/target.service.
[root@Target-Server ~]# systemctl start target.service
[root@Target-Server ~]# systemctl status target.service
● target.service - Restore LIO kernel target configuration
Loaded: loaded (/usr/lib/systemd/system/target.service; enabled; vendor preset: disabled)
Active: active (exited) since 月 2024-06-24 15:49:28 JST; 2s ago
Process: 44076 ExecStart=/usr/bin/targetctl restore (code=exited, status=0/SUCCESS)
Main PID: 44076 (code=exited, status=0/SUCCESS)
6月 24 15:49:28 Target-Server systemd[1]: Starting Restore LIO kernel target configuration...
6月 24 15:49:28 Target-Server systemd[1]: Started Restore LIO kernel target configuration.
※面倒なのでファイアウォール機能は無効化した
動作確認
1. iSCSIターゲット検索
《 Initiator-Server1 》
[root@Initiator-Server1 ~]# iscsiadm -m node
iscsiadm: No records found
[root@Initiator-Server1 ~]# iscsiadm -m discovery -t st -p 192.168.40.138:3260
192.168.40.138:3260,1 iqn.2024-06.local.myhost:test-iscsi-sdc-target
192.168.40.138:3260,1 iqn.2024-06.local.myhost:test-iscsi-sdb-target
[root@Initiator-Server1 ~]# iscsiadm -m node
192.168.40.138:3260,1 iqn.2024-06.local.myhost:test-iscsi-sdc-target
192.168.40.138:3260,1 iqn.2024-06.local.myhost:test-iscsi-sdb-target
《 Initiator-Server2 》
[root@Initiator-Server2 ~]# iscsiadm -m node
iscsiadm: No records found
[root@Initiator-Server2 ~]# iscsiadm -m discovery -t st -p 192.168.40.138:3260
192.168.40.138:3260,1 iqn.2024-06.local.myhost:test-iscsi-sdc-target
192.168.40.138:3260,1 iqn.2024-06.local.myhost:test-iscsi-sdb-target
[root@Initiator-Server2 ~]# iscsiadm -m node
192.168.40.138:3260,1 iqn.2024-06.local.myhost:test-iscsi-sdc-target
192.168.40.138:3260,1 iqn.2024-06.local.myhost:test-iscsi-sdb-target
2. iSCSIターゲットへの接続(Initiator-Server1)
[root@Initiator-Server1 ~]# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 20G 0 disk
└ sda1 8:1 0 1G 0 part /boot
└ sda2 8:2 0 19G 0 part
└ centos-root 253:0 0 17G 0 lvm /
└ centos-swap 253:1 0 2G 0 lvm [SWAP]
sdb 8:16 0 2G 0 disk
sr0 11:0 1 4.4G 0 rom
[root@Initiator-Server1 ~]# iscsiadm -m session -P3
iSCSI Transport Class version 2.0-870
version 6.2.0.874-22
iscsiadm: No active sessions.
[root@Initiator-Server1 ~]# iscsiadm -m node --login -T iqn.2024-06.local.myhost:test-iscsi-sdb-target
Logging in to [iface: default, target: iqn.2024-06.local.myhost:test-iscsi-sdb-target, portal: 192.168.40.138,3260] (multiple)
iscsiadm: Could not login to [iface: default, target: iqn.2024-06.local.myhost:test-iscsi-sdb-target, portal: 192.168.40.138,3260].
iscsiadm: initiator reported error (24 - iSCSI login failed due to authorization failure)
iscsiadm: Could not log into all portals
-> 失敗
[root@Initiator-Server1 ~]# iscsiadm -m node --login -T iqn.2024-06.local.myhost:test-iscsi-sdb-target -p 192.168.40.138:3260
Logging in to [iface: default, target: iqn.2024-06.local.myhost:test-iscsi-sdb-target, portal: 192.168.40.138,3260] (multiple)
iscsiadm: Could not login to [iface: default, target: iqn.2024-06.local.myhost:test-iscsi-sdb-target, portal: 192.168.40.138,3260].
iscsiadm: initiator reported error (24 - iSCSI login failed due to authorization failure)
iscsiadm: Could not log into all portals
-> 失敗
下記サイトを参考にすると、ACLが間違っている(今回の場合はsdbには未設定)というのが原因っぽい
試しにACLで許可済みのsdcに接続してみる
[root@Initiator-Server1 ~]# iscsiadm -m node --login -T iqn.2024-06.local.myhost:test-iscsi-sdc-target
Logging in to [iface: default, target: iqn.2024-06.local.myhost:test-iscsi-sdc-target, portal: 192.168.40.138,3260] (multiple)
Login to [iface: default, target: iqn.2024-06.local.myhost:test-iscsi-sdc-target, portal: 192.168.40.138,3260] successful.
[root@Initiator-Server1 ~]# iscsiadm -m session -P3
iSCSI Transport Class version 2.0-870
version 6.2.0.874-22
Target: iqn.2024-06.local.myhost:test-iscsi-sdc-target (non-flash)
Current Portal: 192.168.40.138:3260,1
Persistent Portal: 192.168.40.138:3260,1
**********
Interface:
**********
Iface Name: default
Iface Transport: tcp
Iface Initiatorname: iqn.1994-05.com.redhat:6ae8b5db70cd
Iface IPaddress: 192.168.40.160
Iface HWaddress: <empty>
Iface Netdev: <empty>
SID: 4
iSCSI Connection State: LOGGED IN
iSCSI Session State: LOGGED_IN
Internal iscsid Session State: NO CHANGE
*********
Timeouts:
*********
Recovery Timeout: 120
Target Reset Timeout: 30
LUN Reset Timeout: 30
Abort Timeout: 15
*****
CHAP:
*****
username: <empty>
password: ********
username_in: <empty>
password_in: ********
************************
Negotiated iSCSI params:
************************
HeaderDigest: None
DataDigest: None
MaxRecvDataSegmentLength: 262144
MaxXmitDataSegmentLength: 262144
FirstBurstLength: 65536
MaxBurstLength: 262144
ImmediateData: Yes
InitialR2T: Yes
MaxOutstandingR2T: 1
************************
Attached SCSI devices:
************************
Host Number: 6 State: running
scsi6 Channel 00 Id 0 Lun: 0
Attached scsi disk sdb State: running
[root@Initiator-Server1 ~]# iscsiadm -m session -P3 | egrep '(iqn|Attached)'
Target: iqn.2024-06.local.myhost:test-iscsi-sdc-target (non-flash)
Iface Initiatorname: iqn.1994-05.com.redhat:6ae8b5db70cd
Attached SCSI devices:
Attached scsi disk sdb State: running
[root@Initiator-Server1 ~]# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 20G 0 disk
└ sda1 8:1 0 1G 0 part /boot
└ sda2 8:2 0 19G 0 part
└ centos-root 253:0 0 17G 0 lvm /
└ centos-swap 253:1 0 2G 0 lvm [SWAP]
sdb 8:16 0 2G 0 disk
sr0 11:0 1 4.4G 0 rom
-> 成功
3. iSCSIターゲットの切断(Initiator-Server1)
[root@Initiator-Server1 ~]# iscsiadm -m node -u -T iqn.2024-06.local.myhost:test-iscsi-sdc-target
Logging out of session [sid: 4, target: iqn.2024-06.local.myhost:test-iscsi-sdc-target, portal: 192.168.40.138,3260]
Logout of [sid: 4, target: iqn.2024-06.local.myhost:test-iscsi-sdc-target, portal: 192.168.40.138,3260] successful.
[root@Initiator-Server1 ~]# iscsiadm -m session -P3 | egrep '(iqn|Attached)'
iscsiadm: No active sessions.
[root@Initiator-Server1 ~]# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 20G 0 disk
└ sda1 8:1 0 1G 0 part /boot
└ sda2 8:2 0 19G 0 part
└ centos-root 253:0 0 17G 0 lvm /
└ centos-swap 253:1 0 2G 0 lvm [SWAP]
sr0 11:0 1 4.4G 0 rom
4. iSCSIターゲットへの接続(Initiator-Server2)
[root@Initiator-Server2 ~]# iscsiadm -m node --login -T iqn.2024-06.local.myhost:test-iscsi-sdb-target
Logging in to [iface: default, target: iqn.2024-06.local.myhost:test-iscsi-sdb-target, portal: 192.168.40.138,3260] (multiple)
iscsiadm: Could not login to [iface: default, target: iqn.2024-06.local.myhost:test-iscsi-sdb-target, portal: 192.168.40.138,3260].
iscsiadm: initiator reported error (24 - iSCSI login failed due to authorization failure)
iscsiadm: Could not log into all portals
[root@Initiator-Server2 ~]# iscsiadm -m node --login -T iqn.2024-06.local.myhost:test-iscsi-sdc-target
Logging in to [iface: default, target: iqn.2024-06.local.myhost:test-iscsi-sdc-target, portal: 192.168.40.138,3260] (multiple)
iscsiadm: Could not login to [iface: default, target: iqn.2024-06.local.myhost:test-iscsi-sdc-target, portal: 192.168.40.138,3260].
iscsiadm: initiator reported error (24 - iSCSI login failed due to authorization failure)
iscsiadm: Could not log into all portals
先述の「ACL未設定では接続できない」を踏まえると、どちらも接続できない状態は「想定通り」となる
Target-Server側でsdbに対するInitiator-Server2からの接続を許可するACLを設定してみる
[root@Target-Server ~]# targetcli
targetcli shell version 2.1.53
Copyright 2011-2013 by Datera, Inc and others.
For help on commands, type 'help'.
/> cd /iscsi/iqn.2024-06.local.myhost:test-iscsi-sdb-target/tpg1/acls
/iscsi/iqn.20...get/tpg1/acls>
/iscsi/iqn.20...get/tpg1/acls> create iqn.1994-05.com.redhat:62e042697378
Created Node ACL for iqn.1994-05.com.redhat:62e042697378
Created mapped LUN 0.
/iscsi/iqn.20...get/tpg1/acls> cd /
/>
/> ls
o- / ......................................................................................................................... [...]
o- backstores .............................................................................................................. [...]
| o- block .................................................................................................. [Storage Objects: 2]
| | o- test_iscsi_sdb ................................................................... [/dev/sdb (2.0GiB) write-thru activated]
| | | o- alua ................................................................................................... [ALUA Groups: 1]
| | | o- default_tg_pt_gp ....................................................................... [ALUA state: Active/optimized]
| | o- test_iscsi_sdc ................................................................... [/dev/sdc (2.0GiB) write-thru activated]
| | o- alua ................................................................................................... [ALUA Groups: 1]
| | o- default_tg_pt_gp ....................................................................... [ALUA state: Active/optimized]
| o- fileio ................................................................................................. [Storage Objects: 0]
| o- pscsi .................................................................................................. [Storage Objects: 0]
| o- ramdisk ................................................................................................ [Storage Objects: 0]
o- iscsi ............................................................................................................ [Targets: 2]
| o- iqn.2024-06.local.myhost:test-iscsi-sdb-target .................................................................... [TPGs: 1]
| | o- tpg1 ............................................................................................... [no-gen-acls, no-auth]
| | o- acls .......................................................................................................... [ACLs: 1]
| | | o- iqn.1994-05.com.redhat:62e042697378 .................................................................. [Mapped LUNs: 1]
| | | o- mapped_lun0 ........................................................................ [lun0 block/test_iscsi_sdb (rw)]
| | o- luns .......................................................................................................... [LUNs: 1]
| | | o- lun0 ............................................................. [block/test_iscsi_sdb (/dev/sdb) (default_tg_pt_gp)]
| | o- portals .................................................................................................... [Portals: 1]
| | o- 0.0.0.0:3260 ..................................................................................................... [OK]
| o- iqn.2024-06.local.myhost:test-iscsi-sdc-target .................................................................... [TPGs: 1]
| o- tpg1 ............................................................................................... [no-gen-acls, no-auth]
| o- acls .......................................................................................................... [ACLs: 1]
| | o- iqn.1994-05.com.redhat:6ae8b5db70cd .................................................................. [Mapped LUNs: 1]
| | o- mapped_lun0 ........................................................................ [lun0 block/test_iscsi_sdc (rw)]
| o- luns .......................................................................................................... [LUNs: 1]
| | o- lun0 ............................................................. [block/test_iscsi_sdc (/dev/sdc) (default_tg_pt_gp)]
| o- portals .................................................................................................... [Portals: 1]
| o- 0.0.0.0:3260 ..................................................................................................... [OK]
o- loopback ......................................................................................................... [Targets: 0]
この状態で再度sdbへの接続を試みる
[root@Initiator-Server2 ~]# iscsiadm -m node --login -T iqn.2024-06.local.myhost:test-iscsi-sdb-target
Logging in to [iface: default, target: iqn.2024-06.local.myhost:test-iscsi-sdb-target, portal: 192.168.40.138,3260] (multiple)
Login to [iface: default, target: iqn.2024-06.local.myhost:test-iscsi-sdb-target, portal: 192.168.40.138,3260] successful.
[root@Initiator-Server2 ~]# iscsiadm -m session -P3
iSCSI Transport Class version 2.0-870
version 6.2.0.874-22
Target: iqn.2024-06.local.myhost:test-iscsi-sdb-target (non-flash)
Current Portal: 192.168.40.138:3260,1
Persistent Portal: 192.168.40.138:3260,1
**********
Interface:
**********
Iface Name: default
Iface Transport: tcp
Iface Initiatorname: iqn.1994-05.com.redhat:62e042697378
Iface IPaddress: 192.168.40.161
Iface HWaddress: <empty>
Iface Netdev: <empty>
SID: 3
iSCSI Connection State: LOGGED IN
iSCSI Session State: LOGGED_IN
Internal iscsid Session State: NO CHANGE
*********
Timeouts:
*********
Recovery Timeout: 120
Target Reset Timeout: 30
LUN Reset Timeout: 30
Abort Timeout: 15
*****
CHAP:
*****
username: <empty>
password: ********
username_in: <empty>
password_in: ********
************************
Negotiated iSCSI params:
************************
HeaderDigest: None
DataDigest: None
MaxRecvDataSegmentLength: 262144
MaxXmitDataSegmentLength: 262144
FirstBurstLength: 65536
MaxBurstLength: 262144
ImmediateData: Yes
InitialR2T: Yes
MaxOutstandingR2T: 1
************************
Attached SCSI devices:
************************
Host Number: 5 State: running
scsi5 Channel 00 Id 0 Lun: 0
Attached scsi disk sdb State: running
[root@Initiator-Server2 ~]# iscsiadm -m session -P3 | egrep '(iqn|Attached)'
Target: iqn.2024-06.local.myhost:test-iscsi-sdb-target (non-flash)
Iface Initiatorname: iqn.1994-05.com.redhat:62e042697378
Attached SCSI devices:
Attached scsi disk sdb State: running
[root@Initiator-Server2 ~]# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 20G 0 disk
└ sda1 8:1 0 1G 0 part /boot
└ sda2 8:2 0 19G 0 part
└ centos-root 253:0 0 17G 0 lvm /
└ centos-swap 253:1 0 2G 0 lvm [SWAP]
sdb 8:16 0 2G 0 disk
sr0 11:0 1 1024M 0 rom
-> 成功
5. iSCSIターゲットの切断(Initiator-Server2)
[root@Initiator-Server2 ~]# iscsiadm -m node -u -T iqn.2024-06.local.myhost:test-iscsi-sdb-target
Logging out of session [sid: 3, target: iqn.2024-06.local.myhost:test-iscsi-sdb-target, portal: 192.168.40.138,3260]
Logout of [sid: 3, target: iqn.2024-06.local.myhost:test-iscsi-sdb-target, portal: 192.168.40.138,3260] successful.
[root@Initiator-Server2 ~]# iscsiadm -m session -P3 | egrep '(iqn|Attached)'
iscsiadm: No active sessions.
[root@Initiator-Server2 ~]# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 20G 0 disk
└ sda1 8:1 0 1G 0 part /boot
└ sda2 8:2 0 19G 0 part
└ centos-root 253:0 0 17G 0 lvm /
└ centos-swap 253:1 0 2G 0 lvm [SWAP]
sr0 11:0 1 1024M 0 rom
補足確認
今回ターゲット側のportalsでは「0.0.0.0:3260」としているが、その場合には以下のような状態となる
[root@Target-Server ~]# ss -an |grep 3260
tcp LISTEN 0 256 *:3260 *:*
Initiator-Sever2からターゲットに対してログイン中だと、以下のような状態となる
[root@Target-Server ~]# ss -an |grep 3260
tcp LISTEN 0 256 *:3260 *:*
tcp ESTAB 0 0 192.168.40.138:3260 192.168.40.140:55660
小話
勤務先環境だと表示上は「ACL」に何も入っていないのに接続できている
よくよく確認するとtargetcli lsで表示される「/iscsi/iqn~」の右側に以下のような表示がある
今回sdbについては両イニシエータから接続できる想定だったが、結果的にACL未設定では接続ができなかった
それに関与していたのが上記の「gen-acls または no-gen-acls」だったと理解
ChatGPTによると以下の違いがある
gen-acls:
- このオプションを使用すると、新しいターゲットポートグループ(TPG)を作成した際に、自動的にACLエントリが生成されます。ACLは、特定のイニシエータ(iSCSIクライアント)に対するアクセス許可を管理するために使用されます。
- デフォルトでは、gen-aclsが有効になっています。これにより、各イニシエータがアクセスできるように自動的にACLが設定されるため、手動で設定する必要がありません。
no-gen-acls:
- このオプションを使用すると、TPGを作成した際に自動的にACLエントリが生成されません。
- これにより、管理者が手動で必要なACLエントリを設定する必要があります。イニシエータのアクセスを細かく制御したい場合や、特定のアクセス制御ポリシーを実装したい場合に使用されます。
学習環境ではなぜか「no-gen-acls」が設定されていたため、手動でACLを設定しないとターゲットにログインできなかったものと思われる
※その他の「tpg-auth」「1-way auth」については認証方式の指定のため今回は割愛
関連調査メモ
targetcliについて
管理者がローカルストレージリソースをエクスポートできるコマンドラインインターフェイスです。 ローカルストレージリソースは、ファイル、ボリューム、ローカル SCSI デバイス、または RAM ディスクのいずれかによってバッキングされます。
今回はTarget-Server上のローカルストレージリソースである「/dev/sdb」と「/dev/sdc」をブロックストレージとしてエクスポートした形となる
iscsi-initiator-utilsについて
LinuxシステムがiSCSIプロトコルを使用してリモートストレージデバイスに接続するためのソフトウェアパッケージ
主にRHELやその派生ディストリビュージョンで使用されるiSCSIイニシエータ
主なコマンドは「iscsiadm」であり、iSCSIターゲットのディスカバリーや接続、管理を行うことができる
参考情報
参考:iSCSIターゲット構築・ある程度解説 CentOS7.1
参考:CentOS 7.3でiSCSIイニシエータを構成
参考:9.6.3 iSCSI ターゲットの設定削除
参考:9.8. iSCSI ポータルの作成