IBM AIX iSCSI host attachment
You can use iSCSI Ethernet to attach an IBM® AIX® host to the system.
- Read the information about setting up the host server.
- Ensure that you are familiar with the command-line interface commands.
Configuring the AIX iSCSI software initiator
Ensure that you follow all the steps to set up the host server and configure the AIX iSCSI software initiator.
- To verify that the file set devices.iscsi_sw.rte is installed, use the lslpp -l command.
- If necessary, install the interim fix for the system Object Data Manager (ODM) stanzas.
- Select Devices.
- Select iSCSI and select iSCSI Protocol Device.
- Select Change / Show Characteristics of an iSCSI Protocol Device. Select the device that is associated with the software iSCSI initiator, such as iscsi0.
- Verify that the Initiator Name value is correct. The initiator name value
is used by the iSCSI target during login. The name must match the iSCSI name that was set for the
system host object that is associated with this host.Note: A default initiator name is assigned when the software is installed. You can change the initiator name to match the local network naming conventions.
- The Maximum Targets Allowed field corresponds to the maximum number of iSCSI targets that can be configured. If you reduce this number, you also reduce the amount of network memory that is preallocated for the iSCSI protocol driver during configuration.
Adding the iSCSI targets for AIX hosts
Add the iSCSI targets for AIX hosts so that they can be discovered through a properly configured network interface.
The system does not support Ethernet port aggregation. Therefore, host-based multipath driver support for system LUNs is necessary to provide active-active controller use. Operating systems such as Linux, Windows, and VMware can configure iSCSI with multiple paths to system LUNs by using iSCSI interconnects. However, AIX MPIO does not support multiple paths to system LUNs by using iSCSI interconnects.
This statement does not mean that LUN redundancy across controller failure is not supported over iSCSI for AIX hosts. If a controller fails, the surviving controller takes over all the IP addresses and the iSCSI target that is configured on the failing controller. The AIX host then reconnects with the failed over iSCSI targets on the surviving controller and continues with its IO operations. Therefore, controller failure does not disrupt operations when AIX hosts communicate to the system through iSCSI.
- Edit the /etc/iscsi/targets file to add the iSCSI target portal details for
all system nodes that the host must log on to.Each uncommented line in the file represents an iSCSI target and is in the following format.
192.168.1.7 3260 iqn.1986-03.com.ibm:2145.sahyadri.node1
Note: As part of the "no iSCSI MPIO" restriction, it is not valid to have the same target IQN multiple times in the targets file, even with different IP addresses. If the same target exists multiple times, comment out the duplicate targets in order for the process to run. - After you edit the /etc/iscsi/targets file, type the following
command:cfgmgr -v -l iscsi0
This command causes the driver to attempt to log on to each of the targets that are listed in the /etc/iscsi/targets file. It also defines a new hard disk (hdisk) for each LUN on the targets that are found.
- Review the discovered hard disks by entering the following
command:
lsdev -c disk
The system volumes appear in the output in the following format:hdisk2 Available IBM 2145 iSCSI Disk Drive
Note: If the appropriate disks are not discovered, review the configuration of the initiator, the target, and any iSCSI gateways to ensure that they are correct. Run the cfgmgr command again.
Configuring iSCSI host disk timeouts
To configure the iSCSI host disk timeouts for the system, use the chdev CLI command to set the value and then verify your changes.
- Set the value with the chdev command as shown in the following example for
each iSCSI device:
chdev -l hdisk10 -a rw_timeout=60
- Verify the changes by using the lsattr
command:
lsattr -E -l hdisk10 -a rw_timeout
Setting up authentication for AIX hosts
AIX hosts can be correctly set up for authentication on the system by following certain guidelines and tasks.
Although the system supports both one-way authentication and two-way authentication for iSCSI, the AIX software initiator currently supports only one-way authentication. The system target authenticates the initiator.
CHAP settings are defined in the /etc/iscsi/targets file on the host. The AIX initiator or host bus adapter (HBA) always uses its iSCSI qualified name (IQN) as the CHAP user name.
- Open the /etc/iscsi/targets file with any editor.
- For each line that contains a target definition, append the CHAP secret of the initiator in
quotation
marks:
192.168.1.7 3260 iqn.1986-03.com.ibm:2145.sahyadri.node1 "secret"
The CHAP secret value that you set here must match the value that was configured on the system for the host object that is associated with this host. Because the system authenticates on a per-initiator basis, the CHAP secret is the same for all the targets on a particular clustered system.
Note: When setting up authentication for two way chap username and password, thenode.session.auth.username_in
value must beclustername
. Theclustername
can be found by lssystem command.An example of CHAP settings for an AIX host for the /etc/iscsi/targets file is shown below.#ChapSecret = %x22*( any character ) %x22 # ; " " # ; ChapSecret is a string enclosed in double quotes. The # ; quotes are required, but are not part of the secret. # #EXAMPLE 1: iSCSI Target without CHAP(MD5) authentication # Assume the target is at address 192.168.3.2, # the valid port is 5003 # the name of the target is iqn.com.ibm-4125-23WTT26 #The target line would look like: #192.168.3.2 5003 iqn.com.ibm-4125-23WWT26 # #EXAMPLE 2: iSCSI Target with CHAP(MD5) authentication # Assume the target is at address 10.2.1.105, # the valid port is 3260 # the name of the target is iqn.com.ibm-K167-42.fc1a # the CHAP secret is "This is my password." #The target line would look like: #10.2.1.105 3260 iqn.com.ibm-K167-42.fc1a "This is my password." # #EXAMPLE 3: iSCSI Target with CHAP(MD5) authentication and line continuation # Assume the target is at address 10.2.1.106, # the valid port is 3260 # the name of the target is iqn.com.ibm:00.fcd0ab21.shark128 # the CHAP secret is "123ismysecretpassword.fc1b" #The target line would look like: #10.2.1.105 3260 iqn.2003-01.com.ibm:00.fcd0ab21.shark128 192.168.1.41 3260 iqn.1986-03.com.ibm:2145.pahar.dvt110702 192.168.2.43 3260 iqn.1986-03.com.ibm:2145.moscow.dvt110706 "svcchapsecret"
The two targets in the previous example are members of different clustered systems. One target is configured to authenticate the initiator, and the other target is not configured to authenticate the initiator.
Note: Before upgrading to 8.5.3.0, if the customer has configured two-way chap authentication, they must first switch to one-way chap and then back to two-way chap once the upgrade is complete. This is required becauseclustername
as a user name is not supported for two-way chap secret in earlier releases .
Updating ODM stanzas for system iSCSI devices
Updating the Object Data Manager (ODM) stanzas for the system iSCSI devices requires that you follow certain guidelines.
An interim fix is available to update the AIX ODM stanzas to recognize iSCSI system volumes. Ensure that you have installed the official PTFs. The following website provides information about the available PTFs: www.ibm.com/support
lsdev -C -1 hdisk1
. lsdev -C -l hdisk1
hdisk1 Available IBM 2145 iSCSI Disk Drive
# lsattr -E -l hdisk1
clr_q no Device CLEARS its Queue on error True
host_addr 9.71.43.106 Hostname or IP Address False
location Location Label True
lun_id 0x0 Logical Unit Number ID False
max_transfer 0x40000 Maximum TRANSFER Size True
port_num 0xcbc PORT Number False
pvid none Physical volume identifier False
q_err yes Use QERR bit True
q_type simple Queuing TYPE True
queue_depth 8 Queue DEPTH True
reassign_to 120 REASSIGN time out value True
reserve_policy no_reserve Reserve Policy True
rw_timeout 60 READ/WRITE time out value True
start_timeout 60 START unit time out value True
target_name iqn.1986-03.com.ibm:2145.china6.hlcn111890 Target NAME False
unique_id 352136005076801910296880000000000000204214503IBMiscsi Unique device
identifier False
lscfg -v -l hdisk1
hdisk1 IBM 2145 iSCSI Disk Drive
Manufacturer................IBM
Machine Type and Model......2145
ROS Level and ID............30303030
Serial Number...............
Device Specific.(Z0)........0000043268101002
Device Specific.(Z1)........
Device Specific.(Z2)........
Device Specific.(Z3)........