For start, I wanted to try hosting VMWare images on iSCSI served from a FreeBSD machine. iSCSI is of course "IP SCSI" - a SAN technology that enables machine to export raw storage devices over IP networks to be used on the other end as simple disk drives. In the terminology of iSCSI the "server" - the machine exporting the storage, is a "target" and the "client" machine that uses the storage is an "initiator". I've written about using iSCSI with geli(8) to create an encrypted remote storage device earlier. Wikipedia has a nice illustration of SAN/NAS/DAS schemes:
It looks like the NetBSD original target driver (net/iscsi-target), while easy to setup, cannot be used with the VMWare ESXi initiator, so the alternative, net/istgt must be used. It is enabled by adding
istgt_enable="YES"
in /etc/rc.conf and copying the .sample files in /usr/local/etc/istgt to the "regular" config files without the .sample extension.
The istgt configuration is a bit more complicated. Its istgt.conf file, when fluff is removed, looks like this:
[Global]
Comment "Global section"
NodeBase "iqn.2007-09.jp.ne.peach.istgt"
PidFile /var/run/istgt.pid
AuthFile /usr/local/etc/istgt/auth.conf
MediaDirectory /tmp
LogFacility "local7"
Timeout 30
NopInInterval 20
DiscoveryAuthMethod Auto
MaxSessions 16
MaxConnections 4
FirstBurstLength 65536
MaxBurstLength 262144
MaxRecvDataSegmentLength 262144
[UnitControl]
Comment "Internal Logical Unit Controller"
AuthMethod Auto
Portal UC1 127.0.0.1:3261
Netmask 127.0.0.1
[PortalGroup1]
Comment "SINGLE PORT TEST"
#Portal DA1 [2001:03e0:06cf:0003:021b:21ff:fe04:f405]:3260
#Server IP
Portal DA1 10.0.0.44:3260
[InitiatorGroup1]
Comment "Initiator Group1"
InitiatorName "ALL"
#Client netmask
Netmask 10.0.0.0/24
[LogicalUnit1]
Comment "Hard Disk Sample"
TargetName disk1
TargetAlias "Data Disk1"
Mapping PortalGroup1 InitiatorGroup1
AuthMethod Auto
AuthGroup AuthGroup1
UnitType Disk
QueueDepth 32
LUN0 Storage /store/iscsi/target0 50GB
I think this configuration is close to minimal. For one thing, it doesn't address security (authentication), which is supported by istgt, and I don't really know what some of the settings in the "Global" section do since the documentation is a bit lacking, but most importantly - it works.
Note that istgt supports IPv6! It's nice how recently I find more and more utilities supporting IPv6. It looks like the final push might yet happen.
VMWare will happily accept the server for automatic discovery and will use the provided drive for VMFS storage. To be able to use iSCSI (and NFS), VMWare requires a separate "VMKernel" network port to be created (separate from the management port). Unfortunately this eats up one more IP address.
Other options could be:
- Importing the drives directly from inside the VM as iSCSI drives (using the guest's initiator)
- Importing the storage not via iSCSI but via NFS client from VMWare - looks messy on the first look but since the VM files are usually always the same size or grow seldomly, there is not much NFS protocol overhead here.
But I'll need some more time and machines to test these...
#1 Re: Fun with iSCSI and VMWare
Interesting, usually I'm checking into something only to find you've just done a post on it. Following the leader I guess.
Anyways, the auth part isn't too hard, just put something like:
[AuthGroup1]
Comment "Unit Controller Users"
Auth "user1" "secret123456" "mutualuser1" "secret123456"
Auth "user2" "secret123456"
In auth.conf
and your corresponding iscsi.conf entries:
authmethod = CHAP
chapIName = user1
chapSecret = secret123456
I'm using VirtuabolBox instead of VM-Ware though and the native FreeBSD initiator gives much better performance. I'm getting a bit over 40MB/s sequential write speed with native and less than 20 with Virtualbox built in initiator. It would be nice if the native FreeBSD initiator supported multiple connections.
I'm also using ZVOL backed storage which is IMO better than a standard image file for the main reason that eventually all the provisioned VM's utilizing this scheme will be deduplicated and a lot of other ZFS benefits.