5.1. Exporting Storage via iSCSI

Virtuozzo Infrastructure Platform allows you to export cluster disk space to external operating systems and third-party virtualization solutions in the form of LUN block devices over iSCSI in a SAN-like manner.

In Virtuozzo Infrastructure Platform, you can create groups of redundant targets running on different storage nodes. To each target group you can attach multiple storage volumes with their own redundancy provided by the storage layer. These volumes are exported by targets as LUNs.

Each node in a target group can host a single target for that group if Ethernet is used or one target per FC port if Fibre Channel is used. If one of the nodes in a target group fails along with its target(s), healthy targets from the same group continue to provide access to the LUNs previously serviced by the failed target(s).

You can create multiple target groups on same nodes. A volume, however, may only be attached to one target group at any moment of time.

The figure below shows a typical setup for exporting Virtuozzo Infrastructure Platform disk space via iSCSI.

../_images/stor_image34_1.png

The figure shows two volumes located on redundant storage provided by Virtuozzo Infrastructure Platform. The volumes are attached as LUNs to a group of two targets running on Virtuozzo Infrastructure Platform nodes. Each target has two portals, one per network interface with the iSCSI traffic type, which makes a total of four discoverable endpoints with different IP addresses. Each target provides access to all LUNs attached to the group. Targets work in the ALUA mode, so one path to the volume is preferred and considered Active/Optimized while the other is Standby. Network interfaces eth0 and eth1 on each node are connected to different switches for redundancy. The initiator, e.g., VMware ESXi, is connected to both switches as well and provides volumes as iSCSI disks 1 and 2 to a VM via different network paths. If the Active/Optimized path becomes unavailable for some reason (e.g., the node with the target or network switch fails), the Standby path through the other target will be used instead to connect to the volume. When the Active/Optimized path is restored, it will be used again.

5.1.1. iSCSI Workflow Overview

The typical workflow of exporting volumes via iSCSI is as follows:

  1. Assign the network with the traffic type iSCSI to a network interface on each node that you will add to a target group. See Managing Networks and Traffic Types.
  2. Create a target group on chosen nodes. See Creating Target Groups.
  3. Create volumes and attach them to the target group as LUNs. Typically you do this while creating the target group. However, you can also do this later as described in Managing Volumes.
  4. Optionally, enable CHAP and ACL authorization for the target group: create CHAP accounts and assign them to the target group, populate group’s access control list. Typically, you do this while creating the target group. However, you can also do this later as described in Restricting Access to Target Groups.
  5. Connect initiators to targets using standard tools of your operating system or product (consult the User’s Guide). To view target IQNs, click the target group name.

5.1.2. Managing Target Groups

This section explains how to create and manage groups of iSCSI targets.

5.1.2.1. Creating Target Groups

Before you create any target groups, assign the network with the iSCSI traffic type to a network interface on each node that you will add to a target group.

To create a target group, open STORAGE SERVICES > Block storage > TARGET GROUPS and click Create target group. A wizard will open where you need to do the following:

  1. On Name and type, enter a target group name and select a type: iSCSI or Fibre Channel.

    ../_images/stor_image107_vz.png
  2. On Nodes, select nodes to add to the target group. On these nodes, iSCSI targets will run. You can only choose nodes with network interfaces that are assigned the iSCSI traffic type. It is recommended to have at least two nodes in the target group to achieve high availability. If you plan to use multiple iSCSI initiators, you should have as many nodes in the target group.

    The optimal way is to create a single target per node if you use the iSCSI protocol and one target per FC port if you use the FC protocol.

    If node network interfaces are not configured, click the cogwheel icon, select networks as required, and click Apply.

    ../_images/stor_image108_vz.png
  3. On Targets, select iSCSI interfaces to add to the target group. You can choose from a list of network interfaces that are assigned the iSCSI traffic type. If you plan to use multiple iSCSI initiators, you should select as many interfaces per node. One interface can be added to multiple target groups, although it may reduce performance.

    ../_images/stor_image109_vz.png
  4. On Volumes, select volumes to attach to target group LUNs. You can choose from a list of volumes that are not attached to any target groups. If no volumes are available, you can create them on this step so they are attached to the target group automatically or later and attach them manually.

    ../_images/stor_image110_vz.png
  5. On Access control, configure access to the target group. It is recommended to use CHAP or ACL in untrusted public networks. Without access control, any connections to the target group are allowed. For more information, see Restricting Access to Target Groups.

    ../_images/stor_image111_vz.png
  6. On Summary, review the target group details. You can go back to change them if necessary. Click Create.

The created target group will appear on the TARGET GROUPS tab. Its targets will start automatically.

5.1.2.2. Adding Targets

To add a target to a target group, do the following:

  1. Open STORAGE SERVICES > Block storage > TARGET GROUPS, click the name of the desired target group to open it.

    ../_images/stor_image112_vz.png
  2. On the TARGETS tab, click Add target. The Create target wizard will open.

  3. On Nodes, select nodes to add to the target group. On these nodes, iSCSI targets will run. You can only choose nodes with network interfaces that are assigned the iSCSI traffic type. It is recommended to have at least two nodes in the target group to achieve high availability. If you plan to use multiple iSCSI initiators, you should have as many nodes in the target group.

    The optimal way is to create a single target per node if you use the iSCSI protocol and one target per FC port if you use the FC protocol.

    If node network interfaces are not configured, click the cogwheel icon, select networks as required, and click Apply.

    ../_images/stor_image113_vz.png
  4. On Targets, select iSCSI interfaces to add to the target group. You can choose from a list of network interfaces that are assigned the iSCSI traffic type. If you plan to use multiple iSCSI initiators, you should select as many interfaces per node. One interface can be added to multiple target groups, although it may reduce performance.

    ../_images/stor_image114_vz.png
  5. On Summary, review the target details. You can go back to change them if necessary. Click Next.

The created target will appear on the Targets tab.

5.1.2.3. Starting and Stopping Targets

To start or stop all targets in a target group, open STORAGE SERVICES > Block storage > TARGET GROUPS, click the ellipsis icon of the desired target group, and click Start targets or Stop targets, respectively.

../_images/stor_image115_vz.png

5.1.2.4. Deleting Targets

To delete a target from a target group, do the following:

  1. Open STORAGE SERVICES > Block storage > TARGET GROUPS, click the name of the desired target group to open it.

    ../_images/stor_image112_vz.png
  2. On the Targets tab, click the ellipsis button of the desired target then click Delete.

    ../_images/stor_image116_vz.png
  3. Click Delete in the confirmation window. Check the Force box to delete a target with active connections.

If you delete a target on the Active/Optimized path (indicated in LUN details), said path will switch to another target.

5.1.2.5. Deleting Target Groups

To delete a target group, open STORAGE SERVICES > Block storage > TARGET GROUPS, click the ellipsis icon of the desired target group, and click Delete.

../_images/stor_image117_vz.png

Click Delete in the confirmation window. Check the Force box to delete a target group with active connections.

5.1.3. Managing Volumes

This section describes how to create and manage volumes to be exported via iSCSI.

5.1.3.1. Creating Volumes

While it is convenient to create desired volumes while creating a target group, you can also do this at any time afterwards:

  1. Open STORAGE SERVICES > Block storage > VOLUMES and click Create volume. A wizard will open.

  2. On Name and size, enter a volume name and specify a size in gigabytes. Note that volumes can be extended later but not shrunk.

    ../_images/stor_image118_vz.png
  3. On Storage policy, select a redundancy mode, a storage tier, and a failure domain. To benefit from high availability, select a mode other than No redundancy and failure domain other than Disk.

    ../_images/stor_image119_vz.png
  4. On Summary, review the volume details. You can go back to change them if necessary. Click Create.

5.1.3.2. Attaching Volumes to Target Groups

To add a volume as a LUN to a target group, do the following:

  1. Open STORAGE SERVICES > Block storage > TARGET GROUPS, click the ellipsis icon of the desired target group, and click Add LUNs.

    ../_images/stor_image120_vz.png
  2. In the Attach window that opens, select volumes to attach to the target group (create them if needed) and click Attach.

    ../_images/stor_image121_vz.png

Alternatively, you can do the same on the VOLUMES tab:

  1. Click the ellipsis icon of the desired volume then click Attach.

    ../_images/stor_image122_vz.png
  2. In the Attach window that opens, select a target group and click Attach.

    ../_images/stor_image123_vz.png

5.1.3.3. Setting LUN Limits

To set a read/write limit for a volume attached to a target group as a LUN, do the following:

  1. Open STORAGE SERVICES > Block storage > TARGET GROUPS, click the name of the desired target group to open it, and switch to LUNs.

    ../_images/stor_image112_vz.png
  2. Click the desired LUN to open its details, then click the Limits pencil icon.

    ../_images/stor_image124_vz.png
  3. In the Set LUN limit window that opens, enter limit values and click Save.

    ../_images/stor_image125_vz.png

Set limits will be shown in LUN details.

5.1.3.4. Detaching Volumes

To detach a volume from a target group, do the following:

  1. Open STORAGE SERVICES > Block storage > TARGET GROUPS, click the name of the desired target group to open it, and switch to LUNs.

    ../_images/stor_image112_vz.png
  2. Click the ellipsis button of the desired LUN then click Detach.

    ../_images/stor_image126_vz.png

Alternatively, you can open STORAGE SERVICES > Block storage > VOLUMES, click the ellipsis icon of the desired volume, and click Detach.

../_images/stor_image127_vz.png

5.1.3.5. Deleting Volumes

To delete a volume that is not attached to a target group, open STORAGE SERVICES > Block storage > VOLUMES, click the ellipsis icon of the desired volume, and click Delete.

../_images/stor_image128_vz.png

5.1.4. Restricting Access to Target Groups

You can restrict access to entire target groups (and all volumes attached to them) by way of ACL-based authorization as well as password-based authentication (CHAP).

5.1.4.1. Managing Access Control Lists

An access control list (ACL) limits access to chosen LUNs for specific initiators. Initiators not on the list have access to all LUNs in iSCSI target groups. Volumes exported via Fibre Channel target groups, however, can only be accessed by initiators that are added to group ACL.

To add an initiator to a target group’s ACL, do the following:

  1. Open STORAGE SERVICES > Block storage > TARGET GROUPS and click the desired target group in the list (anywhere except group’s name).

  2. In group details that open, click Access control and then click the pencil icon.

    ../_images/stor_image129_vz.png
  3. In the Access control window that opens, check the ACL box and click Add.

    ../_images/stor_image130_vz.png
  4. In the window that opens, specify initiator’s IQN, enter an alias, select LUNs that it will be able to access. Click Add. The initiator will appear in the ACL.

    ../_images/stor_image131_vz.png
  5. Having populated the ACL with initiators, click Save.

To edit or delete initiators in the ACL, click the pencil icon in target group details. In the Access control window that opens, click the pencil icon of the desired initiator then click Edit or Delete. Having changed the ACL, click Save.

5.1.4.2. Managing CHAP Users

The Challenge-Handshake Authentication Protocol (CHAP) provides a way to restrict access to targets and their LUNs by requiring a user name and a password from the initiator. CHAP accounts apply to entire target groups. Fibre Channel target groups do not use CHAP.

To restrict access to a target group to a specific CHAP user, do the following:

  1. Open STORAGE SERVICES > Block storage > TARGET GROUPS and click the desired target group in the list (anywhere except group’s name).

  2. In group details that open, click Access control and then click the pencil icon.

    ../_images/stor_image129_vz.png
  3. In the Access control window that opens, check the CHAP box and click Create user.

    ../_images/stor_image132_vz.png
  4. In the Create CHAP user window that opens, enter a user name and a password (12 to 16 characters long). Click Create.

    ../_images/stor_image133_vz.png
  5. Back on the Access control screen, select the desired CHAP user and click Save.

    ../_images/stor_image134_vz.png

To change the password of a CHAP user, open STORAGE SERVICES > Block storage > CHAP USERS, click a user to open details, and click the pencil icon. In the Edit CHAP user window that opens, specify a new password and click Apply.

../_images/stor_image135_vz.png

To delete a CHAP user that is not added to any ACLs, open STORAGE SERVICES > Block storage > CHAP USERS, click the ellipsis icon of the user, and click Delete.

../_images/stor_image136_vz.png