1 Reply Latest reply on Jan 22, 2015 6:44 AM by rhinomike

    Adding iSCSI target with multiple LUNs as a ELM storage

    mlev462251

      If you have ever tried to configure an ELM data storage connected via iSCSI you found out it's buggy and broken. So did I a few days ago. If you are interested in how to accomplish the goal set in the topic of this post, read on.

      Disclaimer: I'm in not an expert and can not be held liable for any results of following the procedures below, including losing your data, damaging or destroying your SIEM, burning down your house, or anything else.

       

      This example was configured on the all-in-one combo device. If you have separate ELM box some of the configuration should probably(?) done on the ELM box itself.

      This example uses IP address of iSCSI target 192.168.20.20 and target IQN iqn.1992-04.com.emc:cx.fcnmm121100125.a1.

       

      First: set up your storage

      Make sure your SIEM can communicate with the storage. Most typically TCP ports 860 and 3260 are used.

      Define iSCSI target and LUNs to be used by ELM. Note the IP and port of the iscsi portal.

      I strongly suggest using authentication even if this example doesn't.

      Allow initiator on your machine connect to the defined target. Find initiator name on the SIEM box in /etc/iscsi/initiatorname.iscsi

       

       

      Second: discover the target

      This is the part that mostly works even through GUI. It will however at least show wrong size if you use multiple LUNs.

      Login to terminal on the SIEM box as root.

      Run:

      # /usr/local/bin/IscsiDiscovery -n STORAGE001 -a 192.168.20.20 -p 3260

      Where STORAGE001 is the name you want to give to this storage, 192.168.20.20 IP address of the iSCSI target and 3260 TCP port where storage is listening. This should discover your target and with some luck log on to it and attach the devices. If you run:

      # lsscsi -t

      And see something like this:

      [1:0:0:0]    cd/dvd  ata:                            /dev/scd0

      [2:0:0:0]    disk    spi:0                           /dev/sda

      [3:0:0:0]    disk    iqn.1992-04.com.emc:cx.fcnmm121100125.a1,t,0x2  /dev/sdb

      [3:0:0:1]    disk    iqn.1992-04.com.emc:cx.fcnmm121100125.a1,t,0x2  /dev/sdc

      you can consider yourself lucky. The last two devices in example above are iSCSI LUNsYou can check what was discovered under /etc/NitroGuard/iscsi_discovered/* and /etc/iscsi/nodes/*

      Another tool to check the status is IscsiGetIQNStatus:

      # /usr/local/bin/IscsiGetIQNStatus -a 192.168.2.20 -p 3260 -i iqn.1992-04.com.emc:cx.fcnmm121100125.a1

      Aim for:

      ready

      ready

      Ok

       

       

      Third: get volumes ready

      If you are not logged to the terminal on the SIEM box as root yet, do it now.

      Get the status of the attached volumes:

      # /usr/local/bin/GetSanVolumes

      You should see all the devices (LUNs) that were attached in the previous step. The 'status' value will most probably be 'needs formating'.

      Create partitions and filesystems with:

      # /usr/local/bin/FormatSanVolume sdX

      Where sdX is the name of device. Repeat for each device that you want to use and is listed by GetSanVolumes.

       

       

      Fourth: make them storage devices

      You will have to create storage device config file now. For our example with two LUNs it should look like this (explanation follows):

      [clariion-a1-1]

      protocol=iscsi

      ip_address=192.168.20.20:3260

      iqn=iqn.1992-04.com.emc:cx.fcnmm121100125.a1

      mount=/elm_storage/pool1_20150112163744

      maxbytes=1041529569280

      elm=981C:FC49

      uuid=91ce97fc-7a78-45f0-934d-cf958c819458

       

      [clariion-a1-2]

      protocol=iscsi

      ip_address=192.168.20.20:3260

      iqn=iqn.1992-04.com.emc:cx.fcnmm121100125.a1

      mount=/elm_storage/pool1_20150112163745

      maxbytes=1041529569280

      elm=981C:FC49

      uuid=54c33caf-fcd3-4b54-8fa0-629a77dac2f6

       

      Within the square brackets is the name you want to give to your storage device.

      The 'mount' parameter is the mount point where device will be mounted. AFAIK it is arbitrary and will be created if it doesn't exist. Use /elm_storage/something.

      The 'maxbytes' parameter is maximum available space on the file system. Size in example is 970GB.

      The 'elm' parameter is identifier of your ELM. On the combo box you can find the value on the top of the /etc/NitroGuard/thirdparty.conf file as the value in the '# ESM:' line.

      The 'uuid' parameter is the uuid of the device. You can find it in the output of the GetSanVolumes command.

      After editing and double-checking save your storage_device_config file.

      Run the tool to configure your storage devices:

      # /usr/local/bin/SetStorageConf /yourpath/storage_device_config

      If command does not return an error you are done!

      When running

      # mount

      you should see something like

      /dev/sdc on /elm_storage/pool1_20150112163745 type ext4 (rw)

      /dev/sdb on /elm_storage/pool1_20150112163744 type ext4 (rw)

      in the output.

      Reboot your SIEM box to see if everything comes up ok.