IBM AIX iSCSI host attachment

You can use iSCSI Ethernet to attach an IBM® AIX® host to the system.

Before you begin host attachment procedures:
  • Read the information about setting up the host server.
  • Ensure that you are familiar with the command-line interface commands.

Configuring the AIX iSCSI software initiator

Ensure that you follow all the steps to set up the host server and configure the AIX iSCSI software initiator.

Install the AIX software initiator on your AIX host if it is not already installed.
  1. To verify that the file set devices.iscsi_sw.rte is installed, use the lslpp -l command.
  2. If necessary, install the interim fix for the system Object Data Manager (ODM) stanzas.
The software initiator is configured by using the System Management Interface Tool (SMIT). To configure the software initiator, follow these steps:
  1. Select Devices.
  2. Select iSCSI and select iSCSI Protocol Device.
  3. Select Change / Show Characteristics of an iSCSI Protocol Device. Select the device that is associated with the software iSCSI initiator, such as iscsi0.
  4. Verify that the Initiator Name value is correct. The initiator name value is used by the iSCSI target during login. The name must match the iSCSI name that was set for the system host object that is associated with this host.
    Note: A default initiator name is assigned when the software is installed. You can change the initiator name to match the local network naming conventions.
  5. The Maximum Targets Allowed field corresponds to the maximum number of iSCSI targets that can be configured. If you reduce this number, you also reduce the amount of network memory that is preallocated for the iSCSI protocol driver during configuration.

Adding the iSCSI targets for AIX hosts

Add the iSCSI targets for AIX hosts so that they can be discovered through a properly configured network interface.

To add the iSCSI targets during the device configuration, follow these steps:
Note:

The system does not support Ethernet port aggregation. Therefore, host-based multipath driver support for system LUNs is necessary to provide active-active controller use. Operating systems such as Linux, Windows, and VMware can configure iSCSI with multiple paths to system LUNs by using iSCSI interconnects. However, AIX MPIO does not support multiple paths to system LUNs by using iSCSI interconnects.

This statement does not mean that LUN redundancy across controller failure is not supported over iSCSI for AIX hosts. If a controller fails, the surviving controller takes over all the IP addresses and the iSCSI target that is configured on the failing controller. The AIX host then reconnects with the failed over iSCSI targets on the surviving controller and continues with its IO operations. Therefore, controller failure does not disrupt operations when AIX hosts communicate to the system through iSCSI.

  1. Edit the /etc/iscsi/targets file to add the iSCSI target portal details for all system nodes that the host must log on to.
    Each uncommented line in the file represents an iSCSI target and is in the following format.
    192.168.1.7     3260      iqn.1986-03.com.ibm:2145.sahyadri.node1
    Note: As part of the "no iSCSI MPIO" restriction, it is not valid to have the same target IQN multiple times in the targets file, even with different IP addresses. If the same target exists multiple times, comment out the duplicate targets in order for the process to run.
  2. After you edit the /etc/iscsi/targets file, type the following command:cfgmgr -v -l iscsi0

    This command causes the driver to attempt to log on to each of the targets that are listed in the /etc/iscsi/targets file. It also defines a new hard disk (hdisk) for each LUN on the targets that are found.

  3. Review the discovered hard disks by entering the following command:
    lsdev -c disk
    The system volumes appear in the output in the following format:
    hdisk2   Available               IBM 2145 iSCSI Disk Drive
    Note: If the appropriate disks are not discovered, review the configuration of the initiator, the target, and any iSCSI gateways to ensure that they are correct. Run the cfgmgr command again.

Configuring iSCSI host disk timeouts

To configure the iSCSI host disk timeouts for the system, use the chdev CLI command to set the value and then verify your changes.

Use the value of 60 seconds for the rw_timeout attribute for the system iSCSI host disks. To set the value, complete the following steps:
  1. Set the value with the chdev command as shown in the following example for each iSCSI device:
    chdev -l hdisk10 -a rw_timeout=60
  2. Verify the changes by using the lsattr command:
    lsattr -E -l hdisk10 -a rw_timeout

Setting up authentication for AIX hosts

AIX hosts can be correctly set up for authentication on the system by following certain guidelines and tasks.

Although the system supports both one-way authentication and two-way authentication for iSCSI, the AIX software initiator currently supports only one-way authentication. The system target authenticates the initiator.

CHAP settings are defined in the /etc/iscsi/targets file on the host. The AIX initiator or host bus adapter (HBA) always uses its iSCSI qualified name (IQN) as the CHAP user name.

To set up authentication on an AIX host, complete the following steps:
  1. Open the /etc/iscsi/targets file with any editor.
  2. For each line that contains a target definition, append the CHAP secret of the initiator in quotation marks:
    192.168.1.7      3260     iqn.1986-03.com.ibm:2145.sahyadri.node1 "secret"

    The CHAP secret value that you set here must match the value that was configured on the system for the host object that is associated with this host. Because the system authenticates on a per-initiator basis, the CHAP secret is the same for all the targets on a particular clustered system.

    Note: When setting up authentication for two way chap username and password, the node.session.auth.username_in value must be clustername. The clustername can be found by lssystem command.
    An example of CHAP settings for an AIX host for the /etc/iscsi/targets file is shown below.
    #ChapSecret             = %x22*( any character ) %x22
    #                       ;   "                      "
    #                       ; ChapSecret is a string enclosed in double quotes. The
    #                       ; quotes are required, but are not part of the secret.
    #
    #EXAMPLE 1: iSCSI Target without CHAP(MD5) authentication
    #      Assume the target is at address 192.168.3.2,
    #      the valid port is 5003
    #      the name of the target is iqn.com.ibm-4125-23WTT26
    #The target line would look like:
    #192.168.3.2 5003 iqn.com.ibm-4125-23WWT26
    #
    #EXAMPLE 2: iSCSI Target with CHAP(MD5) authentication
    #      Assume the target is at address 10.2.1.105,
    #      the valid port is 3260
    #      the name of the target is iqn.com.ibm-K167-42.fc1a
    #      the CHAP secret is "This is my password."
    #The target line would look like:
    #10.2.1.105 3260 iqn.com.ibm-K167-42.fc1a "This is my password."
    #
    #EXAMPLE 3: iSCSI Target with CHAP(MD5) authentication and line continuation
    #      Assume the target is at address 10.2.1.106,
    #      the valid port is 3260
    #      the name of the target is iqn.com.ibm:00.fcd0ab21.shark128
    #      the CHAP secret is "123ismysecretpassword.fc1b"
    #The target line would look like:
    #10.2.1.105 3260 iqn.2003-01.com.ibm:00.fcd0ab21.shark128
    
    
    192.168.1.41 3260 iqn.1986-03.com.ibm:2145.pahar.dvt110702
    192.168.2.43 3260 iqn.1986-03.com.ibm:2145.moscow.dvt110706 "svcchapsecret"

    The two targets in the previous example are members of different clustered systems. One target is configured to authenticate the initiator, and the other target is not configured to authenticate the initiator.

    Note: Before upgrading to 8.5.3.0, if the customer has configured two-way chap authentication, they must first switch to one-way chap and then back to two-way chap once the upgrade is complete. This is required because clustername as a user name is not supported for two-way chap secret in earlier releases .

Updating ODM stanzas for system iSCSI devices

Updating the Object Data Manager (ODM) stanzas for the system iSCSI devices requires that you follow certain guidelines.

An interim fix is available to update the AIX ODM stanzas to recognize iSCSI system volumes. Ensure that you have installed the official PTFs. The following website provides information about the available PTFs: www.ibm.com/support

When you install the interim fix package, the AIX host can recognize iSCSI system volumes. The system volumes are shown in the below example with the following attributes for lsdev -C -1 hdisk1.
lsdev -C -l hdisk1

hdisk1     Available              IBM 2145 iSCSI Disk Drive


# lsattr -E -l hdisk1
clr_q          no                           Device CLEARS its Queue on error True
host_addr      9.71.43.106                  Hostname or IP Address           False
location                                    Location Label                   True
lun_id         0x0                          Logical Unit Number ID           False
max_transfer   0x40000                      Maximum TRANSFER Size            True
port_num       0xcbc                        PORT Number                      False
pvid           none                         Physical volume identifier       False
q_err          yes                          Use QERR bit                     True
q_type         simple                       Queuing TYPE                     True
queue_depth    8                            Queue DEPTH                      True
reassign_to    120                          REASSIGN time out value          True
reserve_policy no_reserve                   Reserve Policy                   True
rw_timeout     60                           READ/WRITE time out value        True
start_timeout  60                           START unit time out value        True
target_name    iqn.1986-03.com.ibm:2145.china6.hlcn111890   Target NAME      False
unique_id      352136005076801910296880000000000000204214503IBMiscsi Unique device
identifier      False

lscfg -v -l hdisk1


  hdisk1             IBM 2145 iSCSI Disk Drive

        Manufacturer................IBM
        Machine Type and Model......2145
        ROS Level and ID............30303030
        Serial Number...............
        Device Specific.(Z0)........0000043268101002
        Device Specific.(Z1)........
        Device Specific.(Z2)........
        Device Specific.(Z3)........