You are currently browsing articles tagged LeftHand.

The LeftHand Backup Script

I know I said that Part 5 would be my last LeftHand post for the time being but I couldn’t resist building a script to test out all of the scripting commands we just went through.  So I created two scripts that do the following.

-Creates a snapshot of a volume
-Assigns it to a server
-Attaches it to the server for access

-Logs the ISCSI session off
-Un-assigns it from the server (removes the target portal)
-Deletes the snapshot

Take a look at it if you’d like, feel free to use any of the code yourself.  If you are going to use the entire batch file yourself, I ask that you leave the header in place that gives credit to this blog.  I’m contemplating making a CHAP version as well but I’ll have to find some time first.

I, in no way, shape, or form guarantee this code to work.  It worked on my configuration but you might need to tweak it a little yourself.  I tried to document it as best as I could. Furthermore I am not claiming this as my own completely original work.  I used a lot of other concepts and examples that I found online to build the scripts.

Tags: , ,

In the last 4 posts I showed you how to configure a LeftHand VSA, create volumes, map them to servers, and then attach them to either a ESXi server or a physical Windows host.  Now we are going to learn how to do LeftHand scripting.  The scripting agent of the LeftHand SAN solution is pretty slick.  Alright, lets get right into it…

To start we need to ensure we have a few things in place.  I’m going to be working with a brand new physical server (doesn’t have to be) during this lab and the only item I need to install is the LeftHand CLIQ.  The LeftHand CLIQ is the LeftHand command line management utility.  To get it I suggest you contact your LeftHand support specialist and request it.  I’m not going to walk through the installation since its pretty straight forward but once you get it installed you’ll have access to the CLIQ interface at the command prompt.  In the next section I’m going to walk through a few commands that are of particular use in regards to the LeftHand SAN.  As an FYI you’ll need to enter your relevant info that is specified between the <> brackets.

Create a Snapshot of a volume
cliq createSnapshot volumeName=<volume name>  snapshotName=<snap shot name> login=<cluster IP address> userName=<username for the cluster> passWord=<password for the cluster>

Example – cliq createSnapshot volumeName=Volume1 snapshotName=BackupSnap login= userName=admin passWord=admin

Delete a Snapshot of a volume
cliq deleteSnapshot snapshotName=<snap shot name> login=<cluster IP address> userName=<username for the cluster> passWord=<password for the cluster> prompt=<True of False, if you want a prompt before you delete>

Example – cliq deleteSnapshot snapshotName=BackupSnap login= userName=admin passWord=admin prompt=false

Assign a snapshot/volume to a server
cliq assignVolume volumeName=<volume or snapshot name> initiator=<The ISCSI name of the host you want to attach to> login=<cluster IP address> userName=<username for cluster> passWord=<password for cluster>

Example – cliq assignVolume volumeName=Volume1 initiator=iqn.1991-05.com.microsoft:backupserver login= userName=admin passWord=admin

Unassign a snapshot/volume to a server
cliq unassignVolume volumeName=<volume or snapshot name> login=<cluster IP address> userName=<username for cluster> passWord=<password for cluster>

Example – cliq unassignVolume volumename=Volume1 login= username=admin pas

These are only 4 commands out of many more.  If you are interested I have attached a copy of the CLIQ user guide from LeftHand which walks through all of them.

Now that we know some basics of the CLIQ script interface let’s look at scripting with the MS ISCSI software initiator.  The MS scripting engine is installed by default when you install the initiator, all you have to do in order to access it is go to a command prompt and enter ‘iscsicli’ followed by the command of your choice.  Let’s walk through some of the basic commands.

Add a target portal 
iscsicli qaddtargetportal <Target’s IP address>

Example – iscsicli qaddtargetportal

Note: The full command here is addtargetportal.  The ‘q’ in front of the command specifies “quick” which means that you don’t have all of the available options for the command.  In this instance we only need to specify the Target’s IP address.  With the full command we can specify port number, CHAP user, CHAP Secret, etc…  If you need any of those options type in ‘iscsicli addtargetportal ?’ to get the full syntax.  In these examples I will not be using CHAP, rather I have specified the servers ISCSI IQN in the LeftHand CMC.

List the available volumes/targets
iscsicli listtargets

Example – iscsicli listtargets

Note: This will return all of the available targets or volumes that you can logon to.  I have found that sometimes I can’t simply add a new volume to the server in the LeftHand CMC and then have it appear when I list the targets.  Rather I have to remove the target portal and re-add it.  You’ll need the IQN value this command returns to use in the Logon command shown next.

Logon to volumes/targets
iscsicli qlogintarget <volume/target IQN>

Example – iscsicli qlogintarget iqn.2003-10.com.lefthandnetworks:mg1:54:volume2

Note: Once you run this command the volume should appear under My Computer provided that it is formatted NTFS.  If not, check the Disk Manager to see if it’s showing up at all.  While doing some testing earlier I found that I couldn’t get the disk to appear despite the fact that it was listed as “connected” in the initiator.  After investing too much time in troubleshooting I uninstalled the initiator, rebooted the server, reinstalled the initiator and everything started working fine again.

Report the mappings
iscsicli reporttargetmappsings

Example – iscsicle reporttargetmappsings

Note: Once you logon to the target this command shows you the details of the actual connection.  For instance it shows you the session ID which is required for the logout command shown next.

Logout of volumes/targets
iscsicli logouttarget <session ID>

Example – iscsicli logouttarget ffffffff8585d6d4-400001370000000a

Note: After you logout of the target the initiator will still show the target.  The next command shows you how to remove that.

Remove a target portal
iscsicli removetargetportal <Target IP Address> <Target port Number (Default 3260)>

Example – iscsicli removetargetportal 3260

Note: For some reason I can’t find a ‘q’ version of this command so you need to specify a port number.

Again I have only gone over a few out of the large number of possible commands.  If you are interested in more I have attached the MS document on the ISCSI initiator which, starting on page 113, describes more ISCSICLI commands.

Summary: So as you can see you can do almost anything through both utilities scripting interfaces.  If you put all it all together and work in some temp file scripting (to pull variables) you can make your own backup scripts for your SAN.  If you aren’t interested in building your own, contact your local LeftHand technical resource.  They were able to provide me with quite a few examples.  I don’t think I have seen any that are ‘perfect’ as of yet, but everyone’s environment is different.

Tags: , ,

Now that we have attached our ISCSI LUN to a ESXi server let’s look at connecting the LUN to a normal physical server.  We are going to attach the LUN to a Windows 2003 Server using Microsoft’s ISCSI software initiator.  I don’t think they included it by default so if you don’t have it you’ll need to go download it.  Check out the link below if you don’t have it installed and need to download it.


What’s neat about adding a disk to a physical server using this method is since it will be NTFS any other server can read it without additional software.  So….  Let’s say I have a file server that has an attached LUN holding all of my company shares.  I can create a job on my backup server that takes a snapshot of the that LUN and mounts the snapshot to the backup server.  Then I can back up the snapshot, have the backup software detach the LUN, and then delete the snapshot. I can’t do this with VMware unless I have something on the backup server that can read VMFS.  No need to worry about backing up files that are currently in use since no one will be using the files in the snapshot.  Think of backing up Exchange and SQL this way……  I’ll cover the scripting in part 5.

A few things to keep in mind before we start…
-We won’t be able to boot from this LUN, it will only serve as “tack on” storage.  You can tell Windows to reattach it at boot but that’s about it.  In order to boot from SAN you would need a physical HBA that could be configured to find the LUN during the machines post process
-The ISCSI initiator can be used in XP and Vista as well, it’s not just reserved for server OS
-You can use CHAP Authentication or ISCSI name to attach the LUN.  During this walkthrough I’ll be using the same LUN I attached to ESXi in Part 3 so I will be using CHAP Authentication here as well.  I’m not going to walkthrough how to configure the LeftHand SAN to see this Windows Server 2003 system.  You’ll need to log into the LeftHand CMC and configure an additional server with the correct IP information.
-In a production environment you would probably want a separate NIC that was used just for ISCSI.  Since this is a test environment I’m running ISCSI on the data network. 
-Keep in mind that a LUN when initially provisioned has no file format.  When I added it to ESXi it had to format it VMFS, when I add it to the Windows Server in this walkthrough it will want to format it as NTFS.

OK, first thing to do is to open up the ISCSI initiator in Windows.  If it isn’t installed yet, click on the link above and download it.  Once it’s installed you should be able to open the initiator by going to the control panel.  It will be displayed as “iSCSI Initiator”.  Go ahead and double click to open it up.image

The first page gives you your Node Name (Useful if you aren’t using CHAP), gives you the option to change it, lets you configure the CHAP secret for target authentication, and has an option for ISCIS and IPSec.  If you’ll recall when we configured the Server in the LeftHand CMC it required two passwords.  image

One for the Target and one for the Initiator.  When configuring the Initiator we can use one or both.  If we want to use both passwords (which is called Mutual Authentication) we need to configure the Initiator Secret on the General tab of the ISCSI Initiator Properties.  What’s confusing here is that it seemed to me that the password I needed to use on the initiator side of things (the server) would be what I defined as the “Initiator Secret” in the LeftHand CMC.  In reality you need to use the “Target Secret”.  I just think of it as the Server is logging onto the target, so I need to use the “Target Secret”.  So click on the “Secret” button and enter in what you configured as the “Initiator Secret” in the LeftHand CMC when you defined the server. Then press OK and click on the “Discovery Tab”image 

On the Discovery Tab we want to add a target, so press the “Add” button.image

You’ll get a dialog prompting you to enter the IP address or DNS name of your portal.  Enter in the IP address of your LeftHand cluster.  (Just to beat the dead horse here… Cluster IP, not the Node IP).  Then click “Advanced…”image 

On the Advanced window we want to check the “CHAP logon information” checkbox, enter in our username (It will default to the initiator name, just delete it), enter in the “Target Secret” that we entered in the LeftHand CMC, and check the box for “Perform mutual authentication”.  If you don’t check that box it only uses the username and secret from this page to authentication even if you entered a secret on the “General” tab.  Since we entered one, we’ll check this box.  Then press OK to save the settings on the Advanced Settings window and OK again on the Add Target Portal window.image

If all goes well your Target should appear listed underneath “Target Portals”.  If it didn’t go well you’ll receive the error below.  If you get this error it usually means that there is a discrepancy between the logon information you entered in the LeftHand CMC and the ones you just entered.  Verify that you haven’t accidentally transposed the Target and Initiator Secret on either side of the connection.  The annoying part here is that I can’t find to seem a way to edit the target settings once you click ok.  If you get the error below you have to remove the target and re-add it from scratch.image

If you did not receive an error and your target shows up under “Target Portals” you can move on.  Click on the “Targets” tab.  You should your LUN appearing under “Targets” and it should have a status of “Inactive”.  I always hit “Refresh” to make sure that its actually there.  Then press the “Log On…” button.image

Once you press “Log On…” a “Log On to Target” window appears.  You are given two options.  One that allows you to reconnect the LUN at OS boot and the other to enable multi-path.  You would only use this if you had two pathways to the same LUN for redundancy.  If you had two pathways without multi-path the LUN would should up as two disks.  You would need some sort of Multi Pathing software that would allow the OS to realize that the LUNs were coming from the same place and present them to the logical disk manager as one logical drive.  In windows this is called MPIO(Multi Path In/Out).  Also for some reason the initiator doesn’t assume that the credentials you entered in earlier are for the volume you are attaching to as well.  So click the “Advanced” button and enter in the same CHAP Authentication information you did previously.  After you do that check the box that says “Automatically restore this connection when the system boots” and press OK image

After you hit OK the status should change to “Connected” as shown below.  If you get the authentication error try the troubleshooting steps mentioned above.image

After we see the connected status we can go to the server’s logical disk manager (In MS Server 2003 go to Administrative Tools, Computer Management, and select Disk management from the left hand side of the screen) and with any luck we will see the disk attached to the server.  image

Right click, new partition, follow the wizard and you have your new SAN LUN fully attached and partitioned.  Test out rebooting the server and see if its still attached when it comes back online.

Summary – Its pretty easy to attach a ISCSI LUN to a server.  Doing it correctly in a production environment would mean taking different hardware then we did today but the same concepts should apply.  CHAP Authentication adds an extra layer of frustration but is mandated in some environments.  Try connecting the drive without using CHAP.  All you need to do is add the Initiator name from the general tab of the ISCSI initiator (Press “Change” to open a textbox so you can copy the name correctly) to the LeftHand CMC server configuration.  When you add the name, CHAP gets turned off automatically as you can only either define a name or configure CHAP.  Then when you add the LUN in the initiator on the server you just need to specify the cluster IP address.  It will see any LUNs you have mapped to that ISCSI name.  There are a lot more advanced features in the Microsoft Server ISCSI initiator.  We really only scratched the surface.  Perhaps in a later post we’ll talk more about MPIO.  In the next post in this series we will do a little scripting with LUNs and snapshots.

Tags: , ,

« Older entries