ISCSI Infrastructure SOP
iscsi - SOP
Owner: Fedora Infrastructure Team
Contact: #fedora-admin, sysadmin-main
Purpose: Provides iscsi connectivity to our netapp.
iscsi allows one to share and mount block devices using the scsi protocol over a network. Fedora currently connects to a netapp that has an iscsi export.
The best uses for Fedora are for servers that are not part of a farm or live replicated. For example, we wouldn't put app1 on the iscsi share because we don't gain anything from it. Shutting down app1 to move it isn't an issue because app1 is part of our application server farm.
noc1, however, is not replicated. It's a stand alone box that, at best, would have a non-live failover. By placing this host on an iscsi share, we can make it more highly available as it allows us to move that box around our virtualization infrastructure without rebooting it or even taking it down.
- initiator means client
- target means server
- swab means mop
- deck means floor
iscsi's basic login / logout procedure is
- Notify your client that a new target is available (similar to editing /etc/fstab for a new nfs mount)
- Login to the iscsi target (similar to running "mount /my/nfs"
- Logout from the iscsi target (similar to running "umount /my/nfs"
- Delete the target from the client (similar to removing the nfs mount from /etc/fstab)
Most mounts are covered by puppet so this should be automatic. In the event that something goes wrong though, the best way to fix this is:
# Notify the client of the target iscsiadm --mode node --targetname iqn.1992-08.com.netapp:sn.101197194 --portal 10.8.34.17:3260 -o new # Log in to the new target iscsiadm --mode node --targetname iqn.1992-08.com.netapp:sn.101197194 --portal 10.8.34.17:3260 --login # Scan and activate lvm pvscan vgscan vgchange -ay xenGuests
Once this is done, one should be able to run "lvs" to see the logical volumes
Logging out isn't normally needed, for example rebooting a machine automatically logs the initiator out. Should a problem arise though here are the steps:
# Disable the logical volume: vgchange -an xenGuests # log out iscsiadm --mode node --targetname iqn.1992-08.com.netapp:sn.101197194 --portal 10.8.34.17:3260 --logout
Important note about creating new logical volumes
At present we do not have logical volume locking on the xen servers. This is dangerous and being worked on. Basically when you create a new volume on a host, you need to run:
pvscan vgscan lvscan
On the other virtualization servers.