iSCSI

Proxmox doc recommends:

iSCSI is a block level type storage, and provides no management interface. 
So it is usually best to export one big LUN, and setup LVM on top of that LUN. 
You can then use the LVM plugin to manage the storage on that iSCSI LUN.

iSCSI target/direct is capable to store only following content types

  • images
  • none

Options during adding iSCSI storage:

  • Use LUNs directly - use directly as VM disk without putting LVM volume on it.

Create LVM on iSCSI

  • add iSCSI device - do not select Use LUNs directly
  • add LVM
    • base storage: select just added iSCSI LUN

DRAFT

  Click 'Add LVM Group' on the Storage list
  As storage name use whatever you want but take care, this name cannot be changed later.
  For 'Base Storage', use the drop down menu to select the previously defined iSCSI target.
  For 'Base Volume' select a LUN
  For 'Volume Group Name' give a unique name (this name cannot be changed later).
  Enable shared use (recommended)
  Click save

DRAFT

NAS326 CHAP issue

NAS326 requires CHAP authentication and initiator user name. There are 2 options to use NAS326:

  • disable CHAP on NAS326
  • enable CHAP on Proxmox

Proxmox initiator name can be found in file: /etc/iscsi/initiatorname.iscsi

disable CHAP on NAS326

It exposes LUN to everybody in network. Use it only in separate LANs!!!

Disable Authentication http://linux-iscsi.org/wiki/ISCSI#Define_access_rights

It is possible to define common login information for all Endpoints in a TPG: TPG authentication

How to disable security on NAS326 (enable iSCSI demo mode)

  • create the LUN(s) and target via the webgui
  • login to your zyxel via ssh as root

  • targetcli ls
    targetcli /iscsi/iqn.2020-04.com.zyxel:nas326-iscsi-pve1-isos-target.tjlintux/tpg1/ get attribute
    targetcli /iscsi/iqn.2020-04.com.zyxel:nas326-iscsi-pve1-isos-target.tjlintux/tpg1/ set attribute authentication=0 demo_mode_write_protect=0 generate_node_acls=1 cache_dynamic_acls=1
    targetcli saveconfig

use CHAP on Proxmox

Logout and remove all failed trials to connect to NAS326. Especially if IPv6 was enabled on NAS326, proxmox detect two send_targets: one for IPv4 and one for IPv6 (not reachable). After disabling IPv6 on NAS326, please delete IPv6 target portal:

targetcli ls
targetcli /iscsi/iqn.2020-04.com.zyxel:nas326-iscsi-pve1-isos-target.tjlintux/tpg1/portals ls
targetcli /iscsi/iqn.2020-04.com.zyxel:nas326-iscsi-pve1-isos-target.tjlintux/tpg1/portals/ 'delete fd57::be99:11ff:fe06:18b0 3260'
targetcli saveconfig
ls /etc/iscsi/nodes
 
# logout
iscsiadm -m node -u -T "iqn.2020-04.com.zyxel:nas326-iscsi-pve1-isos-target.tjlintux" --portal 192.168.28.150
iscsiadm -m node -u -T "iqn.2020-04.com.zyxel:nas326-iscsi-pve1-isos-target.tjlintux" --portal fd57::be99:11ff:fe06:18b0
# remove
iscsiadm -m node -o delete -T "iqn.2020-04.com.zyxel:nas326-iscsi-pve1-isos-target.tjlintux" --portal 192.168.28.150
iscsiadm -m node -o delete -T "iqn.2020-04.com.zyxel:nas326-iscsi-pve1-isos-target.tjlintux" --portal fd57::be99:11ff:fe06:18b0

Uncomment and set following config lines:

| /etc/iscsi/iscsid.conf
node.session.auth.authmethod = CHAP
# get initiator name from /etc/iscsi/initiatorname.iscsi
node.session.auth.username = iqn.1993-08.org.debian:01:4dad9d97a329
node.session.auth.password = my_chap_password_for_NAS326

Now discovery should return only one IPv4 target:

# iscsiadm -m discovery -t sendtargets -p 192.168.28.150
192.168.28.150:3260,1 iqn.2020-04.com.zyxel:nas326-iscsi-pve1-isos-target.tjlintux
 
# list config options
iscsiadm -m node -o show
 
# login
iscsiadm -m node --login
Logging in to [iface: default, target: iqn.2020-04.com.zyxel:nas326-iscsi-pve1-isos-target.tjlintux, portal: 192.168.28.150,3260] (multiple)
Login to [iface: default, target: iqn.2020-04.com.zyxel:nas326-iscsi-pve1-isos-target.tjlintux, portal: 192.168.28.150,3260] successful.
 
# check new block device
cat /proc/partitions
 
iscsiadm -m node --logout

Now add iSCSI from webui.

iSCSI+LVM supports HA and Live Migration of VMs –> mark LVM storage as shared