1 =============================================================
2 Configuring the iSCSI Target using the Command Line Interface
3 =============================================================
5 The Ceph iSCSI gateway is the iSCSI target node and also a Ceph client
6 node. The Ceph iSCSI gateway can be a standalone node or be colocated on
7 a Ceph Object Store Disk (OSD) node. Completing the following steps will
8 install, and configure the Ceph iSCSI gateway for basic operation.
12 - A running Ceph Luminous or later storage cluster
14 - RHEL/CentOS 7.4; or Linux kernel v4.14 or newer
16 - The following packages must be installed from your Linux distribution's software repository:
18 - ``targetcli-2.1.fb47`` or newer package
20 - ``python-rtslib-2.1.fb64`` or newer package
22 - ``tcmu-runner-1.3.0`` or newer package
24 - ``ceph-iscsi-config-2.3`` or newer package
26 - ``ceph-iscsi-cli-2.5`` or newer package
29 If previous versions of these packages exist, then they must
30 be removed first before installing the newer versions.
32 Do the following steps on the Ceph iSCSI gateway node before proceeding
33 to the *Installing* section:
35 #. If the Ceph iSCSI gateway is not colocated on an OSD node, then copy
36 the Ceph configuration files, located in ``/etc/ceph/``, from a
37 running Ceph node in the storage cluster to the iSCSI Gateway node.
38 The Ceph configuration files must exist on the iSCSI gateway node
41 #. Install and configure the `Ceph Command-line
42 Interface <http://docs.ceph.com/docs/master/start/quick-rbd/#install-ceph>`_
44 #. If needed, open TCP ports 3260 and 5000 on the firewall.
46 #. Create a new or use an existing RADOS Block Device (RBD).
50 #. As ``root``, on all iSCSI gateway nodes, install the
51 ``ceph-iscsi-cli`` package:
55 # yum install ceph-iscsi-cli
57 #. As ``root``, on all iSCSI gateway nodes, install the ``tcmu-runner``
62 # yum install tcmu-runner
64 #. As ``root``, on a iSCSI gateway node, create a file named
65 ``iscsi-gateway.cfg`` in the ``/etc/ceph/`` directory:
69 # touch /etc/ceph/iscsi-gateway.cfg
71 #. Edit the ``iscsi-gateway.cfg`` file and add the following lines:
76 # Name of the Ceph storage cluster. A suitable Ceph configuration file allowing
77 # access to the Ceph storage cluster from the gateway node is required, if not
78 # colocated on an OSD node.
81 # Place a copy of the ceph cluster's admin keyring in the gateway's /etc/ceph
82 # drectory and reference the filename here
83 gateway_keyring = ceph.client.admin.keyring
87 # The API supports a number of options that allow you to tailor it to your
88 # local environment. If you want to run the API under https, you will need to
89 # create cert/key files that are compatible for each iSCSI gateway node, that is
90 # not locked to a specific node. SSL cert and key files *must* be called
91 # 'iscsi-gateway.crt' and 'iscsi-gateway.key' and placed in the '/etc/ceph/' directory
92 # on *each* gateway node. With the SSL files in place, you can use 'api_secure = true'
93 # to switch to https mode.
95 # To support the API, the bear minimum settings are:
98 # Additional API configuration options are as follows, defaults shown.
100 # api_password = admin
102 # trusted_ip_list = 192.168.0.10,192.168.0.11
105 The ``iscsi-gateway.cfg`` file must be identical on all iSCSI gateway nodes.
107 #. As ``root``, copy the ``iscsi-gateway.cfg`` file to all iSCSI
110 #. As ``root``, on all iSCSI gateway nodes, enable and start the API
115 # systemctl enable rbd-target-api
116 # systemctl start rbd-target-api
120 #. As ``root``, on a iSCSI gateway node, start the iSCSI gateway
121 command-line interface:
127 #. Creating the iSCSI gateways:
131 >/iscsi-target create iqn.2003-01.com.redhat.iscsi-gw:<target_name>
133 > create <iscsi_gw_name> <IP_addr_of_gw>
134 > create <iscsi_gw_name> <IP_addr_of_gw>
136 #. Adding a RADOS Block Device (RBD):
140 > cd /iscsi-target/iqn.2003-01.com.redhat.iscsi-gw:<target_name>/disks/
141 >/disks/ create pool=<pool_name> image=<image_name> size=<image_size>m|g|t
143 #. Creating a client:
148 > create iqn.1994-05.com.redhat:<client_name>
149 > auth chap=<user_name>/<password> | nochap
153 CHAP must always be configured. Without CHAP, the target will
154 reject any login requests.
156 #. Adding disks to a client:
160 >/iscsi-target..eph-igw/hosts> cd iqn.1994-05.com.redhat:<client_name>
161 > disk add <pool_name>.<image_name>
163 The next step is to configure the iSCSI initiators.