Das Blinken Lichten

I know I said that Part 5 would be my last LeftHand post for the time being but I couldn’t resist building a script to test out all of the scripting commands we just went through.  So I created two scripts that do the following.

Start.bat
-Creates a snapshot of a volume
-Assigns it to a server
-Attaches it to the server for access

End.bat
-Logs the ISCSI session off
-Un-assigns it from the server (removes the target portal)
-Deletes the snapshot

Take a look at it if you’d like, feel free to use any of the code yourself.  If you are going to use the entire batch file yourself, I ask that you leave the header in place that gives credit to this blog.  I’m contemplating making a CHAP version as well but I’ll have to find some time first.

DISCLAIMER
I, in no way, shape, or form guarantee this code to work.  It worked on my configuration but you might need to tweak it a little yourself.  I tried to document it as best as I could. Furthermore I am not claiming this as my own completely original work.  I used a lot of other concepts and examples that I found online to build the scripts.

In the last 4 posts I showed you how to configure a LeftHand VSA, create volumes, map them to servers, and then attach them to either a ESXi server or a physical Windows host.  Now we are going to learn how to do LeftHand scripting.  The scripting agent of the LeftHand SAN solution is pretty slick.  Alright, lets get right into it…

To start we need to ensure we have a few things in place.  I’m going to be working with a brand new physical server (doesn’t have to be) during this lab and the only item I need to install is the LeftHand CLIQ.  The LeftHand CLIQ is the LeftHand command line management utility.  To get it I suggest you contact your LeftHand support specialist and request it.  I’m not going to walk through the installation since its pretty straight forward but once you get it installed you’ll have access to the CLIQ interface at the command prompt.  In the next section I’m going to walk through a few commands that are of particular use in regards to the LeftHand SAN.  As an FYI you’ll need to enter your relevant info that is specified between the <> brackets.

Create a Snapshot of a volume
cliq createSnapshot volumeName=<volume name>  snapshotName=<snap shot name> login=<cluster IP address> userName=<username for the cluster> passWord=<password for the cluster>

Example – cliq createSnapshot volumeName=Volume1 snapshotName=BackupSnap login=10.20.30.111 userName=admin passWord=admin

Delete a Snapshot of a volume
cliq deleteSnapshot snapshotName=<snap shot name> login=<cluster IP address> userName=<username for the cluster> passWord=<password for the cluster> prompt=<True of False, if you want a prompt before you delete>

Example – cliq deleteSnapshot snapshotName=BackupSnap login=10.20.30.111 userName=admin passWord=admin prompt=false

Assign a snapshot/volume to a server
cliq assignVolume volumeName=<volume or snapshot name> initiator=<The ISCSI name of the host you want to attach to> login=<cluster IP address> userName=<username for cluster> passWord=<password for cluster>

Example – cliq assignVolume volumeName=Volume1 initiator=iqn.1991-05.com.microsoft:backupserver login=10.20.30.111 userName=admin passWord=admin

Unassign a snapshot/volume to a server
cliq unassignVolume volumeName=<volume or snapshot name> login=<cluster IP address> userName=<username for cluster> passWord=<password for cluster>

Example – cliq unassignVolume volumename=Volume1 login=10.20.30.111 username=admin pas
sword=admin

These are only 4 commands out of many more.  If you are interested I have attached a copy of the CLIQ user guide from LeftHand which walks through all of them.

Now that we know some basics of the CLIQ script interface let’s look at scripting with the MS ISCSI software initiator.  The MS scripting engine is installed by default when you install the initiator, all you have to do in order to access it is go to a command prompt and enter ‘iscsicli’ followed by the command of your choice.  Let’s walk through some of the basic commands.

Add a target portal 
iscsicli qaddtargetportal <Target’s IP address>

Example – iscsicli qaddtargetportal 10.20.30.111

Note: The full command here is addtargetportal.  The ‘q’ in front of the command specifies “quick” which means that you don’t have all of the available options for the command.  In this instance we only need to specify the Target’s IP address.  With the full command we can specify port number, CHAP user, CHAP Secret, etc…  If you need any of those options type in ‘iscsicli addtargetportal ?’ to get the full syntax.  In these examples I will not be using CHAP, rather I have specified the servers ISCSI IQN in the LeftHand CMC.

List the available volumes/targets
iscsicli listtargets

Example – iscsicli listtargets

Note: This will return all of the available targets or volumes that you can logon to.  I have found that sometimes I can’t simply add a new volume to the server in the LeftHand CMC and then have it appear when I list the targets.  Rather I have to remove the target portal and re-add it.  You’ll need the IQN value this command returns to use in the Logon command shown next.

Logon to volumes/targets
iscsicli qlogintarget <volume/target IQN>

Example – iscsicli qlogintarget iqn.2003-10.com.lefthandnetworks:mg1:54:volume2

Note: Once you run this command the volume should appear under My Computer provided that it is formatted NTFS.  If not, check the Disk Manager to see if it’s showing up at all.  While doing some testing earlier I found that I couldn’t get the disk to appear despite the fact that it was listed as “connected” in the initiator.  After investing too much time in troubleshooting I uninstalled the initiator, rebooted the server, reinstalled the initiator and everything started working fine again.

Report the mappings
iscsicli reporttargetmappsings

Example – iscsicle reporttargetmappsings

Note: Once you logon to the target this command shows you the details of the actual connection.  For instance it shows you the session ID which is required for the logout command shown next.

Logout of volumes/targets
iscsicli logouttarget <session ID>

Example – iscsicli logouttarget ffffffff8585d6d4-400001370000000a

Note: After you logout of the target the initiator will still show the target.  The next command shows you how to remove that.

Remove a target portal
iscsicli removetargetportal <Target IP Address> <Target port Number (Default 3260)>

Example – iscsicli removetargetportal 10.20.30.111 3260

Note: For some reason I can’t find a ‘q’ version of this command so you need to specify a port number.

Again I have only gone over a few out of the large number of possible commands.  If you are interested in more I have attached the MS document on the ISCSI initiator which, starting on page 113, describes more ISCSICLI commands.

Summary: So as you can see you can do almost anything through both utilities scripting interfaces.  If you put all it all together and work in some temp file scripting (to pull variables) you can make your own backup scripts for your SAN.  If you aren’t interested in building your own, contact your local LeftHand technical resource.  They were able to provide me with quite a few examples.  I don’t think I have seen any that are ‘perfect’ as of yet, but everyone’s environment is different.

Now that we have attached our ISCSI LUN to a ESXi server let’s look at connecting the LUN to a normal physical server.  We are going to attach the LUN to a Windows 2003 Server using Microsoft’s ISCSI software initiator.  I don’t think they included it by default so if you don’t have it you’ll need to go download it.  Check out the link below if you don’t have it installed and need to download it.

http://www.microsoft.com/downloads/details.aspx?familyid=12cb3c1a-15d6-4585-b385-befd1319f825&displaylang=en

What’s neat about adding a disk to a physical server using this method is since it will be NTFS any other server can read it without additional software.  So….  Let’s say I have a file server that has an attached LUN holding all of my company shares.  I can create a job on my backup server that takes a snapshot of the that LUN and mounts the snapshot to the backup server.  Then I can back up the snapshot, have the backup software detach the LUN, and then delete the snapshot. I can’t do this with VMware unless I have something on the backup server that can read VMFS.  No need to worry about backing up files that are currently in use since no one will be using the files in the snapshot.  Think of backing up Exchange and SQL this way……  I’ll cover the scripting in part 5.

A few things to keep in mind before we start…
-We won’t be able to boot from this LUN, it will only serve as “tack on” storage.  You can tell Windows to reattach it at boot but that’s about it.  In order to boot from SAN you would need a physical HBA that could be configured to find the LUN during the machines post process
-The ISCSI initiator can be used in XP and Vista as well, it’s not just reserved for server OS
-You can use CHAP Authentication or ISCSI name to attach the LUN.  During this walkthrough I’ll be using the same LUN I attached to ESXi in Part 3 so I will be using CHAP Authentication here as well.  I’m not going to walkthrough how to configure the LeftHand SAN to see this Windows Server 2003 system.  You’ll need to log into the LeftHand CMC and configure an additional server with the correct IP information.
-In a production environment you would probably want a separate NIC that was used just for ISCSI.  Since this is a test environment I’m running ISCSI on the data network. 
-Keep in mind that a LUN when initially provisioned has no file format.  When I added it to ESXi it had to format it VMFS, when I add it to the Windows Server in this walkthrough it will want to format it as NTFS.

OK, first thing to do is to open up the ISCSI initiator in Windows.  If it isn’t installed yet, click on the link above and download it.  Once it’s installed you should be able to open the initiator by going to the control panel.  It will be displayed as “iSCSI Initiator”.  Go ahead and double click to open it up.

The first page gives you your Node Name (Useful if you aren’t using CHAP), gives you the option to change it, lets you configure the CHAP secret for target authentication, and has an option for ISCIS and IPSec.  If you’ll recall when we configured the Server in the LeftHand CMC it required two passwords. 

One for the Target and one for the Initiator.  When configuring the Initiator we can use one or both.  If we want to use both passwords (which is called Mutual Authentication) we need to configure the Initiator Secret on the General tab of the ISCSI Initiator Properties.  What’s confusing here is that it seemed to me that the password I needed to use on the initiator side of things (the server) would be what I defined as the “Initiator Secret” in the LeftHand CMC.  In reality you need to use the “Target Secret”.  I just think of it as the Server is logging onto the target, so I need to use the “Target Secret”.  So click on the “Secret” button and enter in what you configured as the “Initiator Secret” in the LeftHand CMC when you defined the server. Then press OK and click on the “Discovery Tab” 

On the Discovery Tab we want to add a target, so press the “Add” button.

You’ll get a dialog prompting you to enter the IP address or DNS name of your portal.  Enter in the IP address of your LeftHand cluster.  (Just to beat the dead horse here… Cluster IP, not the Node IP).  Then click “Advanced…” 

On the Advanced window we want to check the “CHAP logon information” checkbox, enter in our username (It will default to the initiator name, just delete it), enter in the “Target Secret” that we entered in the LeftHand CMC, and check the box for “Perform mutual authentication”.  If you don’t check that box it only uses the username and secret from this page to authentication even if you entered a secret on the “General” tab.  Since we entered one, we’ll check this box.  Then press OK to save the settings on the Advanced Settings window and OK again on the Add Target Portal window.

If all goes well your Target should appear listed underneath “Target Portals”.  If it didn’t go well you’ll receive the error below.  If you get this error it usually means that there is a discrepancy between the logon information you entered in the LeftHand CMC and the ones you just entered.  Verify that you haven’t accidentally transposed the Target and Initiator Secret on either side of the connection.  The annoying part here is that I can’t find to seem a way to edit the target settings once you click ok.  If you get the error below you have to remove the target and re-add it from scratch.

If you did not receive an error and your target shows up under “Target Portals” you can move on.  Click on the “Targets” tab.  You should your LUN appearing under “Targets” and it should have a status of “Inactive”.  I always hit “Refresh” to make sure that its actually there.  Then press the “Log On…” button.

Once you press “Log On…” a “Log On to Target” window appears.  You are given two options.  One that allows you to reconnect the LUN at OS boot and the other to enable multi-path.  You would only use this if you had two pathways to the same LUN for redundancy.  If you had two pathways without multi-path the LUN would should up as two disks.  You would need some sort of Multi Pathing software that would allow the OS to realize that the LUNs were coming from the same place and present them to the logical disk manager as one logical drive.  In windows this is called MPIO(Multi Path In/Out).  Also for some reason the initiator doesn’t assume that the credentials you entered in earlier are for the volume you are attaching to as well.  So click the “Advanced” button and enter in the same CHAP Authentication information you did previously.  After you do that check the box that says “Automatically restore this connection when the system boots” and press OK

After you hit OK the status should change to “Connected” as shown below.  If you get the authentication error try the troubleshooting steps mentioned above.

After we see the connected status we can go to the server’s logical disk manager (In MS Server 2003 go to Administrative Tools, Computer Management, and select Disk management from the left hand side of the screen) and with any luck we will see the disk attached to the server. 

Right click, new partition, follow the wizard and you have your new SAN LUN fully attached and partitioned.  Test out rebooting the server and see if its still attached when it comes back online.

Summary – Its pretty easy to attach a ISCSI LUN to a server.  Doing it correctly in a production environment would mean taking different hardware then we did today but the same concepts should apply.  CHAP Authentication adds an extra layer of frustration but is mandated in some environments.  Try connecting the drive without using CHAP.  All you need to do is add the Initiator name from the general tab of the ISCSI initiator (Press “Change” to open a textbox so you can copy the name correctly) to the LeftHand CMC server configuration.  When you add the name, CHAP gets turned off automatically as you can only either define a name or configure CHAP.  Then when you add the LUN in the initiator on the server you just need to specify the cluster IP address.  It will see any LUNs you have mapped to that ISCSI name.  There are a lot more advanced features in the Microsoft Server ISCSI initiator.  We really only scratched the surface.  Perhaps in a later post we’ll talk more about MPIO.  In the next post in this series we will do a little scripting with LUNs and snapshots.

In the first two articles in this series I discussed the process of configuring the LeftHand VSA and preparing a volume for attachment to a VMWare server.  A few things should be noted here.
-I’m using ESXi 3.5 for this walk through
-The VSA is installed on the same ESXi server that I am attaching the server to
-Since I’m working in a test environment I am keeping the ISCSI traffic on the same subnet as the Virtual Machines.  The VMKernel is the interface in VMWare that needs to see the ISCSI traffic so to keep this simple I will leave everything on the same subnet.  Remember ESXi is different than ESX as far as the network configuration goes.  We really aren’t looking at performance right now, just trying to get the VSA up and running so we can play with it.

Alright let’s get right into it……

Since this is ESXi, I have already configured a VMKernel port for management of the ESXi host.  That being said my current network configuration looks like the image below.  Note the VSA is part of the VM Network already.  The hosts on the VM Network all have the same subnet of 10.20.30.X /24

So basically all I need to do at this point is enable the ISCSI software initiator in ESXi and give it the information it needs to find the ISCSI LUN we created.  Under configuration in your VI Client click on “Storage Adapters” and then scroll down in the right pane until you see “ISCSI Software Adapter”.  Select it by left clicking on it and then choose properties in the lower pane.   

On the properties click the “Configure…” button and check the box under status that says “Enabled”.  Note you cant insert your own ISCSI name at this point.  Once you press OK the system will think for a brief moment and the populate the “ISCSI Properties” section at the top of the Properties page.  Additionally if you click on “Configure…” again you are now able to edit the ISCSI name, however I wouldn’t recommend doing so unless you know what you are doing.

You can now continue configuring the ISCSI connection.  Select the “Dynamic Discovery” tab from the top of the Properties window.  Underneath “Dynamic Discovery” click the “Add…” button from the lower part of the screen.  On the “Add Send Targets Server” window enter the IP of your LeftHand cluster.  Please note here DON’T USE THE IP OF YOUR LEFTHAND NODE.  You have to use the cluster IP.  I know it doesn’t make a lot of sense since we are only working with one node but you have to think of situations where you would have more than one node in a cluster.  Leave the port value at its default setting of 3260.

Now click on the “CHAP Authentication” tab of the properties window.  If you prefer to not use CHAP you could very easily go back to the “General” tab, copy the ISCSI name, go back to the LeftHand CMC and change the server definition to “CHAP not required” and paste the name you copied in the “Initiator Node Name” text box.  We simply configured CHAP in the previous step because we didn’t know what the ESXi Initiator Name would be at that point of the configuration.  If you choose to do not use CHAP and make the above listed change disregard the next step where we configure the CHAP authentication.

Click the “Configure…” button and enter in the credentials you specified when you configured the server in the LeftHand CMC.  Once done press “OK”, and then close the Properties window.

After you press CLOSE, VMware will ask you if you want to “Rescan the Host”.  Choose “Yes”, this will rescan all the HBA (Host Bus Adapters) on the ESX server. 

With any luck after the HBA scan completes you should see the volume you created in the LeftHand CMC appear as an available LUN.  If you don’t see it verify the CHAP username and password you used and make sure you are matching the correct password that you defined in the LeftHand CMC.  You had to define a Target and an Initiator Secret which had to be different.  Ensure you are matching the  correct Secret and then try hitting the “Rescan…” button at the top of the Storage Adapters pane.  The Windows ISCSI Initiator lets you do mutual authentication which would use both the Initiator and Target Secrets.

Now if we select Storage from the “Hardware” area on the left hand side of the screen we can see our existing datastore.  To see the ISCSI datastore we are going to have to add it.  Select the “Add Storage…” link from the right side of the screen.

This should bring up the “Add Storage Wizard”.  Ensure that Disk/Lun is selected and press NEXT.

On the next screen you should see your ISCSI LUN, ensure its selected and press NEXT

The next screen warns you that the current Disk Layout will be destroyed.  Note in the below image that I had used this LUN for a quick test on a MS Server and formatted it as NTFS.  The wizard picks up on that and warns that the disk layout will be destroyed.  Press NEXT.

On the next screen give the datastore a name and then Press NEXT.

On the next screen choose how big you want to make the datastore. Most of the time I would just leave the option “Maximize Capacity” checked.  That will use all of the space on the LUN and is the default setting.  The other option on this screen is Maximum Block Size.  There are a couple different schools of thought on this and if you aren’t sure I would recommend the default settings.

On the last screen just verify your settings and press FINISH

After it finishes creating your VFMS Datastore, the new datastore will show up under storage where you can start treating it just like any other datastore.   That’s it!  You’ve successfully implemented a completely virtualized SAN solution!