.. _Exporting Storage via iSCSI: Exporting Storage via iSCSI --------------------------- .. include:: /includes/exporting-data-via-iscsi-part1.inc .. _iSCSI Workflow Overview: iSCSI Workflow Overview ~~~~~~~~~~~~~~~~~~~~~~~ The typical workflow of exporting volumes via iSCSI is as follows: #. Assign the network with the traffic type **iSCSI** to a network interface on each node that you will add to a target group. See :ref:`Managing Networks and Traffic Types`. #. Create a target group on chosen nodes. See :ref:`Creating Target Groups`. #. Create volumes and attach them to the target group as LUNs. Typically you do this while creating the target group. However, you can also do this later as described in :ref:`Managing iSCSI Volumes`. #. Optionally, enable CHAP and ACL authorization for the target group: create CHAP accounts and assign them to the target group, populate group's access control list. Typically, you do this while creating the target group. However, you can also do this later as described in :ref:`Restricting Access to Target Groups`. #. Connect initiators to targets using standard tools of your operating system or product. To view target IQNs, click the target group name. .. _Managing Target Groups: Managing Target Groups ~~~~~~~~~~~~~~~~~~~~~~ .. include:: /includes/exporting-data-via-iscsi-part2.inc .. _Creating Target Groups: Creating Target Groups ********************** .. include:: /includes/exporting-data-via-iscsi-part3.inc To create a target group, open **STORAGE SERVICES** > **Block storage** > **Target groups** and click **Create target group**. A wizard will open where you need to do the following: #. On **Name and type**, enter a target group name and select a type: iSCSI or Fibre Channel. .. only:: ac .. image:: /images/stor_image107_ac.png :align: center :class: align-center .. only:: vz .. image:: /images/stor_image107_vz.png :align: center :class: align-center #. .. include:: /includes/exporting-data-via-iscsi-part6.inc .. include:: /includes/exporting-data-via-iscsi-part5.inc .. include:: /includes/managing-compute-clusters-part4.inc .. only:: ac .. image:: /images/stor_image108_ac.png :align: center :class: align-center .. only:: vz .. image:: /images/stor_image108_vz.png :align: center :class: align-center #. .. include:: /includes/exporting-data-via-iscsi-part7.inc .. only:: ac .. image:: /images/stor_image109_ac.png :align: center :class: align-center .. only:: vz .. image:: /images/stor_image109_vz.png :align: center :class: align-center #. On **Volumes**, select volumes to attach to target group LUNs. You can choose from a list of volumes that are not attached to any target groups. If no volumes are available, you can create them on this step so they are attached to the target group automatically or later and attach them manually. .. only:: ac .. image:: /images/stor_image110_ac.png :align: center :class: align-center .. only:: vz .. image:: /images/stor_image110_vz.png :align: center :class: align-center #. On **Access control**, configure access to the target group. It is recommended to use CHAP or ACL in untrusted public networks. Without access control, any connections to the target group are allowed. For more information, see :ref:`Restricting Access to Target Groups`. .. only:: ac .. image:: /images/stor_image111_ac.png :align: center :class: align-center .. only:: vz .. image:: /images/stor_image111_vz.png :align: center :class: align-center #. On **Summary**, review the target group details. You can go back to change them if necessary. Click **Create**. The created target group will appear on the **TARGET GROUPS** tab. Its targets will start automatically. .. _Adding Targets: Adding Targets ************** To add a target to a target group, do the following: #. Open **STORAGE SERVICES** > **Block storage** > **TARGET GROUPS**, click the name of the desired target group to open it. .. only:: ac .. image:: /images/stor_image112_ac.png :align: center :class: align-center .. only:: vz .. image:: /images/stor_image112_vz.png :align: center :class: align-center #. On the **Targets** tab, click **Add target**. The **Create target** wizard will open. #. .. include:: /includes/exporting-data-via-iscsi-part6.inc .. include:: /includes/exporting-data-via-iscsi-part5.inc .. include:: /includes/managing-compute-clusters-part4.inc .. only:: ac .. image:: /images/stor_image113_ac.png :align: center :class: align-center .. only:: vz .. image:: /images/stor_image113_vz.png :align: center :class: align-center #. .. include:: /includes/exporting-data-via-iscsi-part7.inc .. only:: ac .. image:: /images/stor_image114_ac.png :align: center :class: align-center .. only:: vz .. image:: /images/stor_image114_vz.png :align: center :class: align-center #. On **Summary**, review the target details. You can go back to change them if necessary. Click **Next**. The created target will appear on the **Targets** tab. .. _Starting and Stopping Targets: Starting and Stopping Targets ***************************** To start or stop all targets in a target group, open **STORAGE SERVICES** > **Block storage** > **TARGET GROUPS**, click the ellipsis icon of the desired target group, and click **Start targets** or **Stop targets**, respectively. .. only:: ac .. image:: /images/stor_image115_ac.png :align: center :class: align-center .. only:: vz .. image:: /images/stor_image115_vz.png :align: center :class: align-center .. _Deleting Targets: Deleting Targets **************** To delete a target from a target group, do the following: #. Open **STORAGE SERVICES** > **Block storage** > **TARGET GROUPS**, click the name of the desired target group to open it. .. only:: ac .. image:: /images/stor_image112_ac.png :align: center :class: align-center .. only:: vz .. image:: /images/stor_image112_vz.png :align: center :class: align-center #. On the **Targets** tab, click the ellipsis button of the desired target then click **Delete**. .. only:: ac .. image:: /images/stor_image116_ac.png :align: center :class: align-center .. only:: vz .. image:: /images/stor_image116_vz.png :align: center :class: align-center If you delete a target on the Active/Optimized path (indicated in LUN details), said path will switch to another target. .. _Deleting Target Groups: Deleting Target Groups ********************** To delete a target group, open **STORAGE SERVICES** > **Block storage** > **TARGET GROUPS**, click the ellipsis icon of the desired target group, and click **Delete**. .. only:: ac .. image:: /images/stor_image117_ac.png :align: center :class: align-center .. only:: vz .. image:: /images/stor_image117_vz.png :align: center :class: align-center .. _Managing iSCSI Volumes: Managing Volumes ~~~~~~~~~~~~~~~~ .. include:: /includes/exporting-data-via-iscsi-part4.inc .. _Creating Volumes: Creating Volumes **************** While it is convenient to create desired volumes while creating a target group, you can also do this at any time afterwards: #. Open **STORAGE SERVICES** > **Block storage** > **VOLUMES** and click **Create volume**. A corresponding wizard will open. #. On **Name and size**, enter a volume name and specify a size in gigabytes. Note that volumes can be extended later but not shrunk. .. only:: ac .. image:: /images/stor_image118_ac.png :align: center :class: align-center .. only:: vz .. image:: /images/stor_image118_vz.png :align: center :class: align-center #. On **Storage policy**, select a redundancy mode, a storage tier, and a failure domain. To benefit from high availability, select a mode other than **No redundancy** and failure domain other than **Disk**. .. only:: ac .. image:: /images/stor_image119_ac.png :align: center :class: align-center .. only:: vz .. image:: /images/stor_image119_vz.png :align: center :class: align-center #. On **Summary**, review the volume details. You can go back to change them if necessary. Click **Create**. .. _Attaching Volumes to Target Groups: Attaching Volumes to Target Groups ********************************** To add a volume as a LUN to a target group, do the following: #. Open **STORAGE SERVICES** > **Block storage** > **TARGET GROUPS**, click the ellipsis icon of the desired target group, and click **Add LUNs**. .. only:: ac .. image:: /images/stor_image120_ac.png :align: center :class: align-center .. only:: vz .. image:: /images/stor_image120_vz.png :align: center :class: align-center #. In the **Attach** window that opens, select volumes to attach to the target group (create them if needed) and click **Attach**. .. only:: ac .. image:: /images/stor_image121_ac.png :align: center :class: align-center .. only:: vz .. image:: /images/stor_image121_vz.png :align: center :class: align-center Alternatively, you can do the same on the **VOLUMES** tab: #. Click the ellipsis icon of the desired volume then click **Attach**. .. only:: ac .. image:: /images/stor_image122_ac.png :align: center :class: align-center .. only:: vz .. image:: /images/stor_image122_vz.png :align: center :class: align-center #. In the **Attach** window that opens, select a target group and click **Attach**. .. only:: ac .. image:: /images/stor_image123_ac.png :align: center :class: align-center .. only:: vz .. image:: /images/stor_image123_vz.png :align: center :class: align-center .. _Setting LUN Limits: Setting LUN Limits ****************** To set a read/write limit for a volume attached to a target group as a LUN, do the following: #. Open **STORAGE SERVICES** > **Block storage** > **TARGET GROUPS**, click the name of the desired target group to open it, and switch to **LUNs**. .. only:: ac .. image:: /images/stor_image112_ac.png :align: center :class: align-center .. only:: vz .. image:: /images/stor_image112_vz.png :align: center :class: align-center #. Click the desired LUN to open its details, then click the **Limits** pencil icon. .. only:: ac .. image:: /images/stor_image124_ac.png :align: center :class: align-center .. only:: vz .. image:: /images/stor_image124_vz.png :align: center :class: align-center #. In the **Set LUN limit** window that opens, enter limit values and click **Save**. .. only:: ac .. image:: /images/stor_image125_ac.png :align: center :class: align-center .. only:: vz .. image:: /images/stor_image125_vz.png :align: center :class: align-center Set limits will be shown in LUN details. .. _Detaching Volumes: Detaching Volumes ***************** To detach a volume from a target group, do the following: #. Open **STORAGE SERVICES** > **Block storage** > **TARGET GROUPS**, click the name of the desired target group to open it, and switch to **LUNs**. .. only:: ac .. image:: /images/stor_image112_ac.png :align: center :class: align-center .. only:: vz .. image:: /images/stor_image112_vz.png :align: center :class: align-center #. Click the ellipsis button of the desired LUN then click **Detach**. .. only:: ac .. image:: /images/stor_image126_ac.png :align: center :class: align-center .. only:: vz .. image:: /images/stor_image126_vz.png :align: center :class: align-center Alternatively, you can open **STORAGE SERVICES** > **Block storage** > **VOLUMES**, click the ellipsis icon of the desired volume, and click **Detach**. .. only:: ac .. image:: /images/stor_image127_ac.png :align: center :class: align-center .. only:: vz .. image:: /images/stor_image127_vz.png :align: center :class: align-center .. _Deleting Volumes: Deleting Volumes **************** To delete a volume that is not attached to a target group, open **STORAGE SERVICES** > **Block storage** > **VOLUMES**, click the ellipsis icon of the desired volume, and click **Delete**. .. only:: ac .. image:: /images/stor_image128_ac.png :align: center :class: align-center .. only:: vz .. image:: /images/stor_image128_vz.png :align: center :class: align-center .. _Restricting Access to Target Groups: Restricting Access to Target Groups ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ You can restrict access to entire target groups (and all volumes attached to them) by way of ACL-based authorization as well as password-based authentication (CHAP). .. _Managing Access Control Lists: Managing Access Control Lists ***************************** An access control list (ACL) limits access to chosen LUNs for specific initiators. Initiators not on the list have access to all LUNs in iSCSI target groups. Volumes exported via Fibre Channel target groups, however, can only be accessed by initiators that are added to group ACL. To add an initiator to a target group's ACL, do the following: #. Open **STORAGE SERVICES** > **Block storage** > **TARGET GROUPS** and click the desired target group in the list (anywhere except group's name). #. In group details that open, click **Access control** and then click the pencil icon. .. only:: ac .. image:: /images/stor_image129_ac.png :align: center :class: align-center .. only:: vz .. image:: /images/stor_image129_vz.png :align: center :class: align-center #. In the **Access control** window that opens, check the **ACL** box and click **Add**. .. only:: ac .. image:: /images/stor_image130_ac.png :align: center :class: align-center .. only:: vz .. image:: /images/stor_image130_vz.png :align: center :class: align-center #. In the window that opens, specify initiator's IQN, enter an alias, select LUNs that it will be able to access. Click **Add**. The initiator will appear in the ACL. .. only:: ac .. image:: /images/stor_image131_ac.png :align: center :class: align-center .. only:: vz .. image:: /images/stor_image131_vz.png :align: center :class: align-center #. Having populated the ACL with initiators, click **Save**. To edit or delete initiators in the ACL, click the pencil icon in target group details. In the **Access control** window that opens, click the pencil icon of the desired initiator then click **Edit** or **Delete**. Having changed the ACL, click **Save**. .. _Managing CHAP Users: Managing CHAP Users ******************* The Challenge-Handshake Authentication Protocol (CHAP) provides a way to restrict access to targets and their LUNs by requiring a user name and a password from the initiator. CHAP accounts apply to entire target groups. Fibre Channel target groups do not use CHAP. To restrict access to a target group to a specific CHAP user, do the following: #. Open **STORAGE SERVICES** > **Block storage** > **TARGET GROUPS** and click the desired target group in the list (anywhere except group's name). #. In group details that open, click **Access control** and then click the pencil icon. .. only:: ac .. image:: /images/stor_image129_ac.png :align: center :class: align-center .. only:: vz .. image:: /images/stor_image129_vz.png :align: center :class: align-center #. In the **Access control** window that opens, check the **CHAP** box and click **Create user**. .. only:: ac .. image:: /images/stor_image132_ac.png :align: center :class: align-center .. only:: vz .. image:: /images/stor_image132_vz.png :align: center :class: align-center #. In the **Create CHAP user** window that opens, enter a user name and a password (12 to 16 characters long). Click **Create**. .. only:: ac .. image:: /images/stor_image133_ac.png :align: center :class: align-center .. only:: vz .. image:: /images/stor_image133_vz.png :align: center :class: align-center #. Back on the **Access control** screen, select the desired CHAP user and click **Save**. .. only:: ac .. image:: /images/stor_image134_ac.png :align: center :class: align-center .. only:: vz .. image:: /images/stor_image134_vz.png :align: center :class: align-center To change the password of a CHAP user, open **STORAGE SERVICES** > **Block storage** > **CHAP USERS**, click a user to open details, and click the pencil icon. In the **Edit CHAP user** window that opens, specify a new password and click **Apply**. .. only:: ac .. image:: /images/stor_image135_ac.png :align: center :class: align-center .. only:: vz .. image:: /images/stor_image135_vz.png :align: center :class: align-center To delete a CHAP user that is not added to any ACLs, open **STORAGE SERVICES** > **Block storage** > **CHAP USERS**, click the ellipsis icon of the user, and click **Delete**. .. only:: ac .. image:: /images/stor_image136_ac.png :align: center :class: align-center .. only:: vz .. image:: /images/stor_image136_vz.png :align: center :class: align-center