ISCSI

iSCSI is the protocol that allows SCSI commands to be sent over the network. In the case of the CSL, Linux servers use the open-iscsi software to connect to the storage arrays, which actually store the data. Solaris servers use the Solaris software iSCSI implementation. This data is sent over the SAN, not the production network.

= Definitions =

Initiator - the iscsi client that access the data

Target - the iscsi server that hosts the data

Node - an initiator or target

Initiator name - a unique identifier for an iSCSI node (see Naming configuration below)

CHAP (Challenge-handshake authentication protocol) - used for authenticating iSCSI; as this is insecure, all iSCSI data should travel over a separate network, in our case, the [SAN].

LUN (Logical Unit Number) - the number assigned to a logical unit, in the case of iSCSI, the storage "partitions"

= Naming = All iSCSI nodes must be given a unique identifying initiator name. This is of the form. iqn stands for iSCSI qualified name, and yyyy-mm is the date of the first full month for which the domain name was registered. For the CSL, our initiator names are of the form, for initiators, and  , for storage servers.

= CHAP = This is an iSCSI authentication method. On the CSL SAN, it is currently unidirectional and not used for Send Targets.

= Send Targets = This is a method for initiators to scan for LUNs on a target. It is currently the method used on the CSL SAN.

= Configuration of open-iscsi =

initiatorname.iscsi
This file stores the node's initiator name. See Naming above.

iscsid.conf
This file stores the server's iSCSI global configuration. An example is given below.

node.active_cnx = 1 node.startup = automatic node.session.auth.username = [A CHAP username] node.session.auth.password = [A CHAP password] node.session.timeo.replacement_timeout = 120 node.session.err_timeo.abort_timeout = 10 node.session.err_timeo.reset_timeout = 30 node.session.iscsi.InitialR2T = No node.session.iscsi.ImmediateData = Yes node.session.iscsi.FirstBurstLength = 262144 node.session.iscsi.MaxBurstLength = 16776192 node.session.iscsi.DefaultTime2Wait = 0 node.session.iscsi.DefaultTime2Retain = 0 node.session.iscsi.MaxConnections = 0 node.conn[0].iscsi.HeaderDigest = None node.conn[0].iscsi.DataDigest = None node.conn[0].iscsi.MaxRecvDataSegmentLength = 65536
 * 1) attach to storage automatically when started?
 * 1) the CHAP username
 * 1) the CHAP password
 * 1) the timeout values for an iSCSI session
 * 1) other configuration
 * 1) network configuration
 * 1) if we used CHAP for discovery
 * 2) discovery.sendtargets.auth.authmethod = CHAP
 * 3) discovery.sendtargets.auth.username = [A CHAP username]
 * 4) discovery.sendtargets.auth.password = [A CHAP password]

iscsiadm
iscsiadm is the main open-iscsi configuration tool.

Discovering storage resources:  In our case, the storage gateway is one of the two storage IP addresses on each storage array. Logging into the storage array: iscsiadm -m node -T storage initiator -p iSCSI gateway -l

These commands only need to be done once. After they have been run, configuration files are created under /etc/iscsi/ based off of the global configuration file. If  is set to , then the iSCSI LUNs will be reconnected the next time open-iscsi starts.

= Configuration of Solaris iSCSI =

Nagle's algorithm
Without going into what it is, it's worth mentioning the following: See http://bugs.opensolaris.org/bugdatabase/view_bug.do?bug_id=6621560.
 * Nagle's is ON by default for iSCSI in Solaris 10
 * Nagle's is OFF by default in OpenSolaris
 * For iSCSI, Nagle's being OFF is better!
 * To disable it, add  to /kernel/drv/iscsi.conf.

iscsiadm
iscsiadm is used to configure the Solaris iSCSI initiator.

The iSCSI initiator name can be set using.

Multipath
device-type-scsi-options-list = "ACME   MSU", "enable-option", "XYZ    ABC", "enable-option"; enable-option = 0x1000000; For our Promise VTraks: device-type-scsi-options-list = "Promise VTrak M310i", "enable-option"; enable-option = 0x1000000;
 * To configure the number of allowed sessions per target (for instance, if you wanted to configure multipath, but possibly could be used for other purposes, too), use.
 * Solaris has a built-in list of known iSCSI targets that support multipath. If using a target device (such as the Promise VTrak arrays that currently comprise the primary SAN) that isn't part of this built-in list, Solaris will not use multipath with it by default.  To enable multipath for these devices, edit /kernel/drv/scsi_vhci.conf.  This is the example provided in the online Sun docs  (where ACME and XYZ are vendor IDs and MSU and ABC are product IDs):
 * After editing the file, run, which will require an immediate reboot.

CHAP

 * To enable CHAP, run.
 * To set the CHAP username to something other than the default, run .  Currently, the short hostname (that is, hostname without the domain part) is used for the CHAP username.
 * To set the CHAP secret, run .  This will launch an interactive prompt.  Note that, for whatever reason, Sun's iSCSI currently has a limit of 16 characters for the CHAP secret (minimum 12).

Send Targets

 * To enable Send Targets as a discovery method, run.
 * Add target addresses to scan for LUNs using .  Add multiple IP addresses one at a time.
 * NOTE: It's recommended that static configuration be used in the long run since, in the event the discovery-address added is unreachable, Solaris can take forever (an hour or more) to timeout trying to contact the target. Boot times will be extremely slow, and certain other operations may never time out (e.g. trying to zfs list when one of the zpools contains the missing iSCSI target).  However, Send Targets may be useful for discovering the information needed for a static configuration.  See http://storagefoo.blogspot.com/2007/10/solaris-10-iscsi-configured-with.html.  The easiest workaround is similar to method 2 listed there; just temporarily give something (anything, like another server) the IPs, which should cause Solaris to stop trying since it will have reached a host that has no targets to offer.

iscsitadm
iscsitadm is used to configure Solaris iSCSI targets.