Using COMSTAR and ZFS to Configure a Virtualized Storage Environment

In Oracle Solaris 11.1

by Alexandre BorgesOracle ACE

How to use COMSTAR to provide local iSCSI storage for any service that runs in Windows, Linux, or Mac OS. It also shows you how to configure authentication using the Challenge Handshake Authentication Protocol (CHAP) to secure the iSCSI storage against forbidden access. Part 1 of a series about ZFS.

Published February 2014


right arrow Part 1 - Using COMSTAR and ZFS to Configure a Virtualized Storage Environment
right arrow Part 2 - Playing with Swap Monitoring and Increasing Swap Space Using ZFS Volumes
right arrow Part 3 - Playing with ZFS Shadow Migration
right arrow Part 4 - Delegating a ZFS Dataset to a Non-Global Zone
right arrow Part 5 - Playing with ZFS Encryption
right arrow Part 6 - Playing with ZFS Snapshots

Want to comment on this article? Post the link on Facebook's OTN Garage page.  Have a similar article to share? Bring it up on Facebook or Twitter and let's discuss.

Introduction

To perform the examples shown in this series of articles, download and install Oracle Solaris 11.1 for x86. Throughout the articles, I've used the host names solaris11-1 (server) and solaris11-2 (client). Both the client and the server can be installed in virtual machines using Oracle VM VirtualBox with 4 GB of RAM for each, and using the virtual machine's main disk for the Oracle Solaris 11.1 guest operation system installation with 80 GB for each virtual machine. I configured the first virtual machine (solaris11-1) with five 4-GB virtual disks, but the number of disks will be increased during the examples.

About ZFS and COMSTAR

ZFS, which was introduced in Oracle Solaris 10 and changed the way data is administered, is a 128-bit file system that can accommodate up to 256 trillion directories and an unlimited number of files. It ensures end-to-end data integrity and, since the release of Oracle Solaris 11, it offers many new features that make life easier for system administrators. We'll explore many of them in this series of articles.

ZFS is part of the Oracle Solaris 11 operating system, but there are other Oracle storage technologies that are related to ZFS; for example, Oracle ZFS Storage Appliance, which offers seamless features such as ZFS compression; deduplication; the ability to create ZFS pools in striped, mirrored, and RAID-Z configurations; and the ability to access the storage using network features such as IP multipathing and Link Aggregation Control Protocol (LACP). Furthermore, it supports several protocols: HTTP, iSCSI, HTTPS, NFS, SMB, and others. Another technology that is related to ZFS is Oracle cloud computing because with Infrastructure as a Service (IaaS), the storage requirements might be provided using the ZFS architecture.

Oracle Solaris 11 introduced a framework named Common Multiprotocol SCSI TARget (COMSTAR) that supports the iSCSI protocol, making it possible to turn any Oracle Solaris 11 host into an iSCSI target, which offers storage to other machines, or an iSCSI initiator, which uses software that functions like a host bus adapter (HBA) to access the storage offered by an iSCSI target. This capability is a real advantage, because any storage offered through the iSCSI protocol is available to an iSCSI initiator as local storage, without the need to use expensive technologies such as Fibre Channel (FC). In addition, COMSTAR supports protocols such as FC and Fibre Channel over Ethernet (FCoE) without the need for an HBA.

The two main cautions to be aware of when configuring iSCSI targets through COMSTAR are that an iSCSI disk can't be used as a dedicated dump device and iSCSI data might eventually overload the network.

Configuring COMSTAR

Important: This section provides a step-by-step recipe for configuring COMSTAR, but first I need warn you that you need to pay close attention to the system prompts: solaris11-1 is our server and solaris11-2 is our client.

  1. First, we must list the available disks on the system:

    root@solaris11-1:~# format
    Searching for disks...done
    AVAILABLE DISK SELECTIONS:
           0. c8t0d0 <VBOX-HARDDISK-1.0-80.00GB>
              /pci@0,0/pci1000,8000@14/sd@0,0
           1. c8t1d0 <VBOX-HARDDISK-1.0-16.00GB>
              /pci@0,0/pci1000,8000@14/sd@1,0
           2. c8t2d0 <VBOX-HARDDISK-1.0 cyl 2046 alt 2 hd 128 sec 32>
              /pci@0,0/pci1000,8000@14/sd@2,0
           3. c8t3d0 <VBOX-HARDDISK-1.0 cyl 2046 alt 2 hd 128 sec 32>
              /pci@0,0/pci1000,8000@14/sd@3,0
           4. c8t4d0 <VBOX-HARDDISK-1.0 cyl 2046 alt 2 hd 128 sec 32>
              /pci@0,0/pci1000,8000@14/sd@4,0
           5. c8t5d0 <VBOX-HARDDISK-1.0 cyl 2046 alt 2 hd 128 sec 32>
              /pci@0,0/pci1000,8000@14/sd@5,0
           6. c8t6d0 <VBOX-HARDDISK-1.0 cyl 2046 alt 2 hd 128 sec 32>
              /pci@0,0/pci1000,8000@14/sd@6,0
    Specify disk (enter its number): ^D
    

    There are five available disks on the system: c8t2d0 to c8t6d0. That's enough for now.

  2. Next, if it hasn't been installed already, we need to install the COMSTAR storage-server package on the server, because it contains the binary files that are necessary for configuring and creating iSCSI targets:

    root@solaris11-1:~# pkg search storage-server            
    INDEX       ACTION VALUE                                PACKAGE
    incorporate depend pkg:/storage-server@0.1,5.11-0.133   pkg:/consolidation/osnet/osnet-incorporation@0.5.11-0.175.1.0.0.24.2
    pkg.fmri    set    solaris/storage-server               pkg:/storage-server@0.1-0.133
    pkg.fmri    set    solaris/storage/storage-server       pkg:/storage/storage-server@0.1-0.173.0.0.0.1.0
    pkg.fmri    set    solaris/group/feature/storage-server pkg:/group/feature/storage-server@0.5.11-0.175.1.0.0.24.2
    
    root@solaris11-1:~# pkg install storage-server
    
               Packages to install:  22
           Create boot environment:  No
    Create backup boot environment: Yes
                Services to change:   1
    
    DOWNLOAD                                PKGS         FILES    XFER (MB)   SPEED
    Completed                              22/22     1035/1035    54.5/54.5  393k/s
    
    PHASE                                          ITEMS
    Installing new actions                     1901/1901
    Updating package state database                 Done
    Updating image state                            Done
    Creating fast lookup database                   Done
    
    root@solaris11-1:~# pkg info storage-server
    
              Name: group/feature/storage-server
           Summary: Multi protocol storage server group package
          Category: Drivers/Storage (org.opensolaris.category.2008)
                    Meta Packages/Group Packages (org.opensolaris.category.2008)
             State: Installed
         Publisher: solaris
           Version: 0.5.11
     Build Release: 5.11
            Branch: 0.175.1.0.0.24.2
    Packaging Date: Wed Sep 19 18:44:09 2012
              Size: 5.46 kB
              FMRI: pkg://solaris/group/feature/storage-server@0.5.11,5.11-0.175.1.0.0.24.2:20120919T184409Z
    
    root@solaris11-1:~# pkg list storage-server
    
    NAME (PUBLISHER)                                  VERSION                    IFO
    group/feature/storage-server                      0.5.11-0.175.1.0.0.24.2    i—
    
  3. Now we need to enable the stmf service, which is responsible for iSCSI LUNs and provides the iSCSI target functionality:

    root@solaris11-1:~# svcs -a | grep stmf
    disabled        6:40:04 svc:/system/stmf:default
    
    root@solaris11-1:~# svcs -l svc:/system/stmf:default
    fmri         svc:/system/stmf:default
    name         STMF
    enabled      false
    state        disabled
    next_state   none
    state_time   Tue Nov 26 06:40:04 2013
    restarter    svc:/system/svc/restarter:default
    manifest     /lib/svc/manifest/system/stmf.xml
    dependency   require_all/none svc:/system/filesystem/local:default (online)
    
    root@solaris11-1:~# svcadm enable svc:/system/stmf:default
    
    root@solaris11-1:~# svcs -a | grep stmf
    online          6:55:44 svc:/system/stmf:default
    
  4. Create a pool for holding the iSCSI volume (and LUN):

    root@solaris11-1:~# zpool create iscsi_pool c8t2d0
    root@solaris11-1:~# zpool status iscsi_pool
    
      pool: iscsi_pool
     state: ONLINE
      scan: none requested
    config:
    
          NAME        STATE     READ WRITE CKSUM
          iscsi_pool  ONLINE       0     0     0
          c8t2d0      ONLINE       0     0     0
    
    errors: No known data errors
    
  5. Create a volume (iscsi_volume) that it will be used to create a LUN in the next step:

    root@solaris11-1:~# zfs create -V 1Gb iscsi_pool/iscsi_volume
    root@solaris11-1:~# zfs list iscsi_pool/iscsi_volume
    
    NAME                      USED  AVAIL  REFER  MOUNTPOINT
    iscsi_pool/iscsi_volume  1.03G  3.91G    16K  -
    
  6. Make a LUN from iscsi_volume:

    root@solaris11-1:~# stmfadm create-lu /dev/zvol/rdsk/iscsi_pool/iscsi_volume
    Logical unit created: 600144F0991C8E0000005294663C0001
    
    root@solaris11-1:~# stmfadm list-lu
    LU Name: 600144F0991C8E0000005294663C0001
    
  7. Make the LUN that was created in the previous step viewable from any host:

    root@solaris11-1:~# stmfadm add-view 600144F0991C8E0000005294663C0001
    
    root@solaris11-1:~# stmfadm list-view -l 600144F0991C8E0000005294663C0001
    View Entry: 0
        Host group   : All
        Target Group : All
        LUN          : Auto
    

    Note: This LUN could be made viewable only to a specific host or hosts.

  8. The iSCSI target service is probably disabled, so we need to enable it:

    root@solaris11-1:~# svcs -a | grep target
    disabled        6:39:36 svc:/network/iscsi/target:default
    disabled        6:40:01 svc:/system/fcoe_target:default
    disabled        6:40:14 svc:/system/ibsrp/target:default
    
    root@solaris11-1:~# svcadm enable svc:/network/iscsi/target:default
    root@solaris11-1:~# svcs svc:/network/iscsi/target:default
    STATE          STIME    FMRI
    online          7:45:38 svc:/network/iscsi/target:default
    
    root@solaris11-1:~# svcs -l svc:/network/iscsi/target:default
    fmri         svc:/network/iscsi/target:default
    name         iscsi target
    enabled      true
    state        online
    next_state   none
    state_time   Tue Nov 26 07:45:38 2013
    logfile      /var/svc/log/network-iscsi-target:default.log
    restarter    svc:/system/svc/restarter:default
    manifest     /lib/svc/manifest/network/iscsi/iscsi-target.xml
    dependency   require_any/error svc:/milestone/network (online)
    dependency   require_all/none svc:/system/stmf:default (online)
    
  9. Now it's time to create a new iSCSI target:

    root@solaris11-1:~# itadm create-target
    Target iqn.1986-03.com.sun:02:d087ef4d-f821-e276-b120-f71995504ab4 successfully created
    
    root@solaris11-1:~# itadm list-target -v
    TARGET NAME                                                  STATE    SESSIONS
    iqn.1986-03.com.sun:02:d087ef4d-f821-e276-b120-f71995504ab4  online   0        
    	alias:              -
    	auth:               none (defaults)
    	targetchapuser:     -
    	targetchapsecret:   unset
    	tpg-tags:           default
    

    Note: Be aware that the iSCSI target was made using the following default iSCSI target properties:

    root@solaris11-1:~# itadm list-defaults
    iSCSI Target Default Properties:
    
    alias:         <none>
    auth:          <none>
    radiusserver:  <none>
    radiussecret:  unset
    isns:          disabled
    isnsserver:    <none>
    
  10. On the client (solaris11-2), verify that the network configuration is working:

    root@solaris11-2:~# ipadm show-addr
    ADDROBJ           TYPE     STATE        ADDR
    lo0/v4            static   ok           127.0.0.1/8
    net0/v4           dhcp     ok           192.168.1.111/24
    lo0/v6            static   ok           ::1/128
    net0/v6           addrconf ok           fe80::a00:27ff:fe27:6af9/10
    
    root@solaris11-2:~# ping solaris11-1
    solaris11-1 is alive
    
    root@solaris11-2:~# ping www.oracle.com
    www.oracle.com is alive
    
  11. On the client (solaris11-2), verify that the iSCSI initiator service is running. If it isn't, enable it:

    root@solaris11-2:~# svcs -a | grep initiator
    online          6:35:50 svc:/system/fcoe_initiator:default
    online          6:35:51 svc:/network/iscsi/initiator:default
    
    root@solaris11-2:~# svcs -l svc:/network/iscsi/initiator:default
    fmri         svc:/network/iscsi/initiator:default
    name         iSCSI initiator daemon
    enabled      true
    state        online
    next_state   none
    state_time   Tue Nov 26 06:35:51 2013
    logfile      /var/svc/log/network-iscsi-initiator:default.log
    restarter    svc:/system/svc/restarter:default
    contract_id  88
    manifest     /lib/svc/manifest/network/iscsi/iscsi-initiator.xml
    dependency   require_any/error svc:/milestone/network (online)
    dependency   require_all/none svc:/network/service (online)
    dependency   require_any/error svc:/network/loopback (online)
    
  12. Now we need to determine the iSCSI target identifier. To determine it, type the following commands on the server (solaris11-1):

    root@solaris11-1:~# itadm list-target
    TARGET NAME                                                  STATE    SESSIONS
    iqn.1986-03.com.sun:02:d087ef4d-f821-e276-b120-f71995504ab4  online   0        
    
    root@solaris11-1:~# itadm list-target -v
    TARGET NAME                                                  STATE    SESSIONS
    iqn.1986-03.com.sun:02:d087ef4d-f821-e276-b120-f71995504ab4  online   0        
         alias:              -
         auth:               none (defaults)
         targetchapuser:     -
         targetchapsecret:   unset
         tpg-tags:           default
    
  13. On the client (solaris11-2), configure the iSCSI initiator for static discovery of the iSCSI target on the server (solaris11-1):

    root@solaris11-2:~# iscsiadm add static-config iqn.1986-03.com.sun:02:d087ef4d-f821-e276-b120-f71995504ab4,192.168.1.107
    
    root@solaris11-2:~# iscsiadm list static-config
    Static Configuration Target: iqn.1986-03.com.sun:02:d087ef4d-f821-e276-b120-f71995504ab4,192.168.1.107:3260
    
  14. On the client, list the discovery method (static) and ensure it is enabled:

    root@solaris11-2:~# iscsiadm list discovery
    Discovery:
         Static: disabled
         Send Targets: disabled
         iSNS: disabled
    
    root@solaris11-2:~# iscsiadm modify discovery --static enable
    root@solaris11-2:~# iscsiadm list discovery
    Discovery:
         Static: enabled
         Send Targets: disabled
         iSNS: disabled
    root@solaris11-2:~#
    
  15. On the client, confirm that the new iSCSI target can be seen:

    root@solaris11-2:~# iscsiadm list target
    Target: iqn.1986-03.com.sun:02:d087ef4d-f821-e276-b120-f71995504ab4
         Alias: -
         TPGT: 1
         ISID: 4000002a0000
         Connections: 1
    
  16. Now that the iSCSI target can be accessed from the client, we have to find the new iSCSI disks using the devfsadm command and list them using the format command:

    root@solaris11-2:~# devfsadm
    root@solaris11-2:~# format
    Searching for disks...done
    
    AVAILABLE DISK SELECTIONS:
           0. c0t600144F0991C8E0000005294663C0001d0 <SUN-COMSTAR-1.0 cyl 1022 alt 2 hd 64 sec 32>
              /scsi_vhci/disk@g600144f0991c8e0000005294663c0001
           1. c8t0d0 <VBOX-HARDDISK-1.0-80.00GB>
              /pci@0,0/pci1000,8000@14/sd@0,0
           2. c8t1d0 <VBOX-HARDDISK-1.0-16.00GB>
              /pci@0,0/pci1000,8000@14/sd@1,0
           3. c8t2d0 <VBOX-HARDDISK-1.0 cyl 2046 alt 2 hd 128 sec 32>
              /pci@0,0/pci1000,8000@14/sd@2,0
           4. c8t3d0 <VBOX-HARDDISK-1.0 cyl 2046 alt 2 hd 128 sec 32>
              /pci@0,0/pci1000,8000@14/sd@3,0
           5. c8t4d0 <VBOX-HARDDISK-1.0 cyl 2046 alt 2 hd 128 sec 32>
              /pci@0,0/pci1000,8000@14/sd@4,0
           6. c8t5d0 <VBOX-HARDDISK-1.0 cyl 2046 alt 2 hd 128 sec 32>
              /pci@0,0/pci1000,8000@14/sd@5,0
           7. c8t6d0 <VBOX-HARDDISK-1.0 cyl 2046 alt 2 hd 128 sec 32>
              /pci@0,0/pci1000,8000@14/sd@6,0
    Specify disk (enter its number): ^C
    

    Notice the first disk in the output, which is highlighted in bold.

  17. Using the discovered iSCSI disk, create a new storage pool with a ZFS file system inside:

    root@solaris11-2:~# zpool create iscsi_pool c0t600144F0991C8E0000005294663C0001d0
    
    root@solaris11-2:~# zpool list
    NAME         SIZE  ALLOC   FREE  CAP  DEDUP  HEALTH  ALTROOT
    iscsi_pool  1008M   116K  1008M   0%  1.00x  ONLINE  -
    repo_pool   15.9G  7.64G  8.24G  48%  1.00x  ONLINE  -
    rpool       79.5G  28.2G  51.3G  35%  1.00x  ONLINE  -
    
    root@solaris11-2:~# zpool status iscsi_pool
      pool: iscsi_pool
     state: ONLINE
      scan: none requested
    config:
    
        NAME                                     STATE     READ WRITE CKSUM
        iscsi_pool                               ONLINE       0     0     0
          c0t600144F0991C8E0000005294663C0001d0  ONLINE       0     0     0
    
    errors: No known data errors
    
    root@solaris11-2:~# zfs create iscsi_pool/iscsi_filesystem
    root@solaris11-2:~# zfs list iscsi_pool/iscsi_filesystem
    NAME                         USED  AVAIL  REFER  MOUNTPOINT
    iscsi_pool/iscsi_filesystem   31K   976M    31K  /iscsi_pool/iscsi_filesystem
    

Using Another Discovery Method

Are we done? No; not yet! It would be nice to learn how to use another method of discovery such as sendtargets, which provides a dynamic way of finding iSCSI targets.

To accomplish this, let's unconfigure our iSCSI initiator client (solaris11-2) and reconfigure it using this new way:

root@solaris11-2:~# iscsiadm list static-config
Static Configuration Target: iqn.1986-03.com.sun:02:d087ef4d-f821-e276-b120-f71995504ab4,192.168.1.107:3260

root@solaris11-2:~# zpool destroy iscsi_pool

root@solaris11-2:~# iscsiadm remove static-config iqn.1986-03.com.sun:02:d087ef4d-f821-e276-b120-f71995504ab4,192.168.1.107:3260

root@solaris11-2:~# iscsiadm list target 	(NO OUTPUT)

root@solaris11-2:~# iscsiadm modify discovery --static disable
root@solaris11-2:~# iscsiadm modify discovery --sendtargets enable
root@solaris11-2:~# iscsiadm list discovery
Discovery:
    Static: disabled
    Send Targets: enabled
    iSNS: disabled

root@solaris11-2:~# iscsiadm add discovery-address 192.168.1.114
root@solaris11-2:~# iscsiadm list target
Target: iqn.1986-03.com.sun:02:d087ef4d-f821-e276-b120-f71995504ab4
    Alias: -
    TPGT: 1
    ISID: 4000002a0000
    Connections: 1

root@solaris11-2:~# devfsadm
root@solaris11-2:~# format
Searching for disks...done

AVAILABLE DISK SELECTIONS:
       0. c0t600144F0991C8E0000005294663C0001d0 <SUN-COMSTAR-1.0-1.00GB>           /scsi_vhci/disk@g600144f0991c8e0000005294663c0001
       1. c8t0d0 <VBOX-HARDDISK-1.0-80.00GB>
          /pci@0,0/pci1000,8000@14/sd@0,0
       2. c8t1d0 <VBOX-HARDDISK-1.0-16.00GB>
          /pci@0,0/pci1000,8000@14/sd@1,0
       3. c8t2d0 <VBOX-HARDDISK-1.0 cyl 2046 alt 2 hd 128 sec 32>
          /pci@0,0/pci1000,8000@14/sd@2,0
       4. c8t3d0 <VBOX-HARDDISK-1.0 cyl 2046 alt 2 hd 128 sec 32>
          /pci@0,0/pci1000,8000@14/sd@3,0
       5. c8t4d0 <VBOX-HARDDISK-1.0 cyl 2046 alt 2 hd 128 sec 32>
          /pci@0,0/pci1000,8000@14/sd@4,0
       6. c8t5d0 <VBOX-HARDDISK-1.0 cyl 2046 alt 2 hd 128 sec 32>
          /pci@0,0/pci1000,8000@14/sd@5,0
       7. c8t6d0 <VBOX-HARDDISK-1.0 cyl 2046 alt 2 hd 128 sec 32>
          /pci@0,0/pci1000,8000@14/sd@6,0

Nice!!! We've done the same initiator operation, but this time the iSCSI target disk was discovered using a dynamic method.

Adding Authentication

Are we finished now? Not quite. It would be cool to add some authentication to the configuration. For example, it's possible to configure iSCSI authentication using the CHAP method (unidirectional or bidirectional) or even RAIDIUS. For this example, we're going to use CHAP unidirectional, in which the client (initiator) does the login to the server (target) to access the iSCSI target devices.

  1. All configuration must start at the target, where we offer the ZFS volume through the iSCSI context. First, determine the iSCSI target:

    root@solaris11-1:~# itadm list-target
    TARGET NAME                                                  STATE    SESSIONS
    iqn.1986-03.com.sun:02:d087ef4d-f821-e276-b120-f71995504ab4  online   0     
    
  2. The iSCSI target we configured earlier doesn't use the CHAP method of authentication, so we must alter it:

    root@solaris11-1:~# itadm modify-target -a chap iqn.1986-03.com.sun:02:d087ef4d-f821-e276-b120-f71995504ab4
    Target iqn.1986-03.com.sun:02:d087ef4d-f821-e276-b120-f71995504ab4 successfully modified
    
  3. Once the authentication method has been changed, it's necessary to associate a password for authentication. In this case, we'll use the password oracle123456, because the CHAP password must have at least 12 characters:

    root@solaris11-1:~# itadm modify-target -s iqn.1986-03.com.sun:02:d087ef4d-f821-e276-b120-f71995504ab4
    Enter CHAP secret:
    Re-enter secret:
    Target iqn.1986-03.com.sun:02:d087ef4d-f821-e276-b120-f71995504ab4 successfully modified
    
  4. For the initiator to log in to the target, register the initiator using its initiator node. To do this, on the client, execute the following command:

    root@solaris11-2:~# iscsiadm list initiator-node
    Initiator node name: iqn.1986-03.com.sun:01:e00000000000.5250ac8e
    Initiator node alias: solaris11
       Login Parameters (Default/Configured):
           Header Digest: NONE/-
           Data Digest: NONE/-
           Max Connections: 65535/-
       Authentication Type: NONE
       RADIUS Server: NONE
       RADIUS Access: disabled
       Tunable Parameters (Default/Configured):
           Session Login Response Time: 60/-
           Maximum Connection Retry Time: 180/-
           Login Retry Time Interval: 60/-
       Configured Sessions: 1
    

    The initiator node name is listed on the first line of the output.

  5. Using the initiator node name determined in the previous step, register the initiator in the target host (server solaris11-1):
    root@solaris11-1:~# itadm create-initiator -s iqn.1986-03.com.sun:01:e00000000000.5250ac8e
    Enter CHAP secret:
    Re-enter secret:
    
    root@solaris11-1:~# itadm list-initiator
    INITIATOR NAME                                               CHAPUSER  SECRET
    iqn.1986-03.com.sun:01:e00000000000.5250ac8e                 <none>         set
    
  6. On the initiator machine, confirm that the client continues using iSCSI dynamic discovery (sendtargets):

    root@solaris11-2:~# iscsiadm list discovery
    Discovery:
       Static: disabled
       Send Targets: enabled
       iSNS: disabled
    
  7. (Optional) If you use DHCP on the iSCSI target (server solaris11-1) and the IP address has changed (because of DHCP renewal), it's possible to remove the old discovery address and add a new one:

    root@solaris11-2:~# iscsiadm remove discovery-address 192.168.1.114 
    root@solaris11-2:~# iscsiadm add discovery-address 192.168.1.107
    root@solaris11-2:~# iscsiadm list target
    Target: iqn.1986-03.com.sun:02:d087ef4d-f821-e276-b120-f71995504ab4
       Alias: -
       TPGT: 1
       ISID: 4000002a0000
       Connections: 0
    
  8. Now it's time to configure, in the client, the same CHAP password (oracle123456) we defined in the target (solaris11-1) and change the iSCSI client authentication method of the client to CHAP:

    root@solaris11-2:~# iscsiadm modify initiator-node --CHAP-secret
    Enter secret:
    Re-enter secret:
    
    root@solaris11-2:~# iscsiadm modify initiator-node --authentication CHAP
    
  9. Once more, list the targets and the initiator node in the client:

    root@solaris11-2:~# iscsiadm list target
    Target: iqn.1986-03.com.sun:02:d087ef4d-f821-e276-b120-f71995504ab4
       Alias: -
       TPGT: 1
       ISID: 4000002a0000
       Connections: 0
    
    root@solaris11-2:~# iscsiadm list initiator-node
    Initiator node name: iqn.1986-03.com.sun:01:e00000000000.5250ac8e
    Initiator node alias: solaris11
       Login Parameters (Default/Configured):
           Header Digest: NONE/-
           Data Digest: NONE/-
           Max Connections: 65535/-
       Authentication Type: CHAP
           CHAP Name: iqn.1986-03.com.sun:01:e00000000000.5250ac8e
       RADIUS Server: NONE
       RADIUS Access: disabled
       Tunable Parameters (Default/Configured):
           Session Login Response Time: 60/-
           Maximum Connection Retry Time: 180/-
           Login Retry Time Interval: 60/-
       Configured Sessions: 1
    
  10. We need to force the detection of new devices on the client and, if everything goes OK, list the available disks:

    root@solaris11-2:~# devfsadm
    root@solaris11-2:~# format
    Searching for disks...done
    
    AVAILABLE DISK SELECTIONS:
           0. c0t600144F0991C8E0000005294663C0001d0 <SUN-COMSTAR-1.0-1.00GB>           /scsi_vhci/disk@g600144f0991c8e0000005294663c0001
           1. c8t0d0 <VBOX-HARDDISK-1.0-80.00GB>
              /pci@0,0/pci1000,8000@14/sd@0,0
           2. c8t1d0 <VBOX-HARDDISK-1.0-16.00GB>
              /pci@0,0/pci1000,8000@14/sd@1,0
           3. c8t2d0 <VBOX-HARDDISK-1.0 cyl 2046 alt 2 hd 128 sec 32>
              /pci@0,0/pci1000,8000@14/sd@2,0
           4. c8t3d0 <VBOX-HARDDISK-1.0 cyl 2046 alt 2 hd 128 sec 32>
              /pci@0,0/pci1000,8000@14/sd@3,0
           5. c8t4d0 <VBOX-HARDDISK-1.0 cyl 2046 alt 2 hd 128 sec 32>
              /pci@0,0/pci1000,8000@14/sd@4,0
           6. c8t5d0 <VBOX-HARDDISK-1.0 cyl 2046 alt 2 hd 128 sec 32>
              /pci@0,0/pci1000,8000@14/sd@5,0
           7. c8t6d0 <VBOX-HARDDISK-1.0 cyl 2046 alt 2 hd 128 sec 32>
              /pci@0,0/pci1000,8000@14/sd@6,0
    Specify disk (enter its number): ^C
    
  11. It worked! To verify that the CHAP authentication happened, view the message log by executing the following command:

    root@solaris11-2:~# dmesg
    
    Nov 27 07:17:13 solaris11-2 iscsi: [ID 559844 kern.info] NOTICE: iscsi session(40) 
    iqn.1986-03.com.sun:02:d087ef4d-f821-e276-b120-f71995504ab4 online
    Nov 27 07:17:13 solaris11-2 scsi: [ID 583861 kern.info] sd9 at scsi_vhci0: unit-address 
    g600144f0991c8e0000005294663c0001: f_tpgs
    Nov 27 07:17:13 solaris11-2 genunix: [ID 936769 kern.info] sd9 is 
    /scsi_vhci/disk@g600144f0991c8e0000005294663c0001
    Nov 27 07:17:13 solaris11-2 genunix: [ID 408114 kern.info] 
    /scsi_vhci/disk@g600144f0991c8e0000005294663c0001 (sd9) online
    Nov 27 07:17:13 solaris11-2 genunix: [ID 483743 kern.info] 
    /scsi_vhci/disk@g600144f0991c8e0000005294663c0001 (sd9) multipath status: degraded: path 1 
    iscsi0/disk@0000iqn.1986-03.com.sun:02:d087ef4d-f821-e276-b120-f71995504ab40001,0 is online
    
  12. Another way to prove that the configuration worked is by typing the following command on the server:

    root@solaris11-1:~# itadm list-target
    TARGET NAME                                                  STATE    SESSIONS
    iqn.1986-03.com.sun:02:d087ef4d-f821-e276-b120-f71995504ab4  online   1       
    

    As you can see, there's a valid, established session on the server. Now, storage pools can be created in the same way we did previously.

See Also

If you want to see another and simpler example of iSCSI initiator use, I've written a tutorial about how to configure a free virtual tape library (VTL), and at the end of that document, I explain how to connect to the VTL from Oracle Solaris 11 using the iSCSI protocol.

In addition, here are some links to other things I've written:

And here are some Oracle Solaris 11 resources:

About the Author

Alexandre Borges is an Oracle ACE and who worked as an employee and contracted instructor at Sun Microsystems from 2001 to 2010 teaching Oracle Solaris, Oracle Solaris Cluster, Oracle Solaris security, Java EE, Sun hardware, and MySQL courses. Nowadays, he teaches classes for Symantec, Oracle partners, and EC-Council, and he teaches several very specialized classes about information security. In addition, he is a regular writer and columnist at Linux Magazine Brazil.

Revision 1.0, 02/25/2014

Follow us:
Blog | Facebook | Twitter | YouTube