December « 2006 « Cuddletech

Archive for December, 2006

Waiting to go back to the future…

Sunday, December 31st, 2006

I brick’ed my workstation about 3 weeks ago when BFU’ing to the December Crossbow Beta. Thanks to ZFS no data was harmed, just reinstall a fresh Solaris SX:CR and reimport the pool. I was busy and didn’t have time to reinstall Enlightenment, so I just put up with JDS. JDS sucks…. GNOME in general is just lame.

Tonight I built Enlightenment 16.8.5 (kwo is the man). I’ve been running DR17 for several months so I thought it was time to give DR16 a run again. It got me wanting to re-pimp my desktop. I started digging around for my old themes, PCF fonts, terminal settings, etc. It was fun going back down memory lane and pulling out some great themes for masters like my friend Pixelhead (seen in many places as “pixelmoose”).

The 21st Centry is, I’m starting to think, a fairly boring place. The 80′s and 90′s were filled with a growing desire to meet the future head on. We were reaching toward it, looking for it with open arms. I think Y2K was the big letdown because we were reminded that time is a human invention… cars didn’t start flying, we didn’t replace wood grains with steel plates, we didn’t see the final end of flannel. As a result retro came back with a rage. The 70′s came back into style in a big way… perhaps because we needed to go back to where we left off prior to this search for the future.

A lot of things that I really enjoyed have left the building. Style has gone retro. Electronic music has returned underground and in many genre’s (namely dark-roller and techstep) virtually vanished. Inflatable furnature has become obscure once again. Stylish and funky desktops are being replaced with boring Windows and OS X look alikes.

Orbital: gone. Future Sound of London: gave it up. Aphex Twin: Who knows. Reflex Records: idle. Squarepusher: Idling. Dieselboy just can’t pick up the slack and is idling.

I remember when sharing screenshots was all the rage. We all would spend hours making out desktops a thing of art and then boast for weeks about our kick ass screenshots. No more. I can’t remember the last time I went to a home page with screenshots prominantely displayed. I’m guilty I suppose, I removed them from my home page as well in favor of a more stylish design.

Not everything is a bust in this 21st centry. Metal has come back in a big way, which is good to see. A lot of it is still obscure but metal had all but died in the 90′s. Films still suck. SciFi films are scarse although at least Fantasy films have done alright. Anime trudges along as always…. just can’t keep the Japanesse down. And maybe there is a glimer of hope in the fact that the Japanesse never seem to cease reaching toward the future.

Wired Magazine sucks ass. ‘zines in general suck ass. The ‘zine revolution of the mid-90′s was a great time, and maybe the last great surge of the medium of paper prior to the internet revolution.

This blog entry has no point at all… maybe the next decade will glve up on retro bordom and return to a more optimistic view of the future where once again women all wear latex, we all sit on inflatable chairs, look forward to getting our next implant, elect Bruce Sterling president, proudly wear mirror shades and high-tops, listen to 300bpm music with breakbeats that cause small insects to implode and have desktops with interfaces kooler than the crap in movies. Here’s to the future that slipped through our fingers.

Posted in cuddletech | 17 Comments »

Ruby SVN on Solaris

Sunday, December 24th, 2006

Some very kool news found a Ruby-lang.org.

The new machine for svn.ruby-lang.org is provided by Sun Microsystems. We are using Solaris 10 on the new machine, and it works pretty well.

At Joyent we’ve got hundreds of Rail’s sites on OpenSolaris and we’re absolutely certain that there is no better platform for Rails deployment. Ruby and Sun are definately becoming an item.

Posted in Sun | 14 Comments »

The Solaris iSCSI Target Implementation: Concepts

Thursday, December 14th, 2006

Solaris and iSCSI are two technologies that share something in common: they are amazing technologies that have had to slug their way into the data center. Solaris puts insane amounts of power at your fingertips and iSCSI puts insane amounts of flexibility into your architecture. And so, I think its time that we start looking closely at the Solaris iSCSI Target and what it can do for you. We’ll start at the beginning and work our way forward.

The purpose of iSCSI is simple: make a block storage device, such as a disk or a volume, accessible over a conventional IP network. When iSCSI was introduced it looked neat and nifty but since 1Gbps Ethernet has become the standard baseline for network throughput across the board and 10Gbps Ethernet is a reality, iSCSI has been elevated from “interesting” to “koooooooool”. The immediate advantage of iSCSI is clear: no-cost/low-cost storage networking. However, once you get past the cost aspects you realize that the true advantage of iSCSI is the flexibility it provides as a product of the cost, systems that you would never have imagined putting a Fibre Channel HBA in are now prime candidates for iSCSI. When combined with Ethernet technologies like aggregation (“trunking”, “teaming”, etc) and JumboFrames, or storage technologies like thin provisioning or ZFS we create some unique and compelling options that were either impossible on Fibre Channel or just far too costly to be attainable by the masses.

Targets and Initiators: Old Concepts in a New World

iSCSI systems come in two varieties: Targets and Initiators. The relationship is similar to that of Server and Client. An iSCSI Target is a storage resource you wish to share. An iSCSI Initiator is an end-point that wishes to access an iSCSI Target to use that storage. This terminology comes straight from traditional SCSI. On a SCSI bus you have various targets (remember those old toggle switches on the back of SCSI devices to set the “id”?), each of those target devices (up to 15 typically) can have LUN’s, and the controller in your computer which the SCSI chain is attached to is known as the Initiator. Think of that and refer to the Solaris standard naming scheme:

c1t2d0s2 == controller 1, target 2, LUN 0, slice 2

Use this scheme to keep you grounded as you explore iSCSI. Things can seem strange and diffrent in this IP storage world, but we’re still using the same old tried and true concepts: some system acts as an initiator (instead of a SCSI controller card in a PCI slot), which connects to one or more iSCSI Targets (instead of target devices on 80 pin cable), which can have one or more LUN’s (sometimes disk arrays would present each drive as a LUN, where we get the “d0″ from for “disk”), which can be partitioned into some number of slices. Its really not that new a thing at all when you think about it, we’re just replacing things that used to be hardware with software and using ethernet to get from here to there.

Targets and Initiators can both be implemented in hardware or software. The most common hardware based solution is to buy an iSCSI Host Bus Adapter (HBA) such as those sold by QLogic. These HBA’s offer the ability to offload TCP and iSCSI processing, but surprisingly benchmarks comparing hardware vs software initiators have been shockingly close in performance, leaving the primary advantage of a $800 HBA the ability to boot an iSCSI target.

IQN’s: Knowing What is What

Fibre Channel devices are represented as World Wide Numbers (WWN), insanely long unique identifiers. In the iSCSI world we have the same concept, but instead of WWN’s we use iSCSI Qualified Names: IQN’s. These IQN’s are given to Targets and Initiators to uniquely identify each component in the storage architecture. Becuase we could potentially have thousands of targets and initiators on a single network, its important that each device is both descriptive and unique. IQN’s look something like this:

iqn.1986-03.com.sun:02:df204646-7956-e0a9-bfc1-c47759d0d93b
iqn.1986-03.com.sun:01:e00000000000.4505d02b
iqn.1997-06.com.cisco:01.54197b8ffa8

For more details on IQN’s and the format, please refer to this page.

Targets and LUN’s: Bundling Up

As we stated earlier, iSCSI Targets are network accessible block storage devices. Just like a traditional SCSI device, a target will provide one or more LUNs. The first LUN is “LUN 0″. Traditionally LUN’s allowed SCSI chains to grow beyond the limitations of the number of target devices on the chain, however today they provide a useful grouping mechanism. For instance, you might want to share 3 filesystems all of which are for Oracle databases (one for data, one for the binaries, another for backups), you could either create 3 targets or you could create a single target with 3 LUN’s. The advantage of using multiple LUN’s is that all 3 would only have a single Target IQN making management much easier.

ACL’s: For Your Eyes Only

iSCSI Targets can be assigned Access Control Lists (ACL’s). These ACL’s are nothing more than a list of IQN’s that are allowed to access a given target. ACL’s are one way to enable security in our iSCSI environment and ensure that only the initiators that should see a given target can. We’ll discuss more security techniques shortly.

Target Portal Group Tags: Chose a lane, any lane

iSCSI Targets can also be assigned to Target Portal Groups using a Target Portal Group Tag (TPGT). This sounds a lot more complicated and fancy than it is: quite simply a TPGT is a numeric representation of which IP addresses a target is allowed to bind on. Its a lot like the “Listen: 127.0.0.1″ paremeter in your web server or mail server configuration. Without defining a TPG initiators can connect to your server on any interface, which is fine if you only have 1, but if you have multiple NIC’s in a machine connected to multiple networks (a public and private for instance, or a private and a dedicated storage network) you might want to force that target to only be accessable on specific interfaces, this is what TPGT’s are for. Here’s an example:

[thumper3:/] root# /sbin/ifconfig -a
lo0: flags=2001000849 mtu 8232 index 1
        inet 127.0.0.1 netmask ff000000
aggr1: flags=201000843 mtu 1500 index 2
        inet 172.165.92.100 netmask ffff0000 broadcast 172.165.255.255
e1000g0: flags=201000843 mtu 1500 index 3
        inet 4.4.4.100 netmask ffffff00 broadcast 4.4.4.255
e1000g1: flags=201000843 mtu 1500 index 4
        inet 10.10.115.100 netmask ffff0000 broadcast 10.10.255.255

On the above system I have setup “aggr1″ as a 2Gbps aggregate as a dedicated storage network. When I create targets I don’t want them accessable on the public 4.x interface and I don’t want them congesting or competing with my other traffic on the slower 1Gbps 10.x network, therefore I’ll create a TPGT 0 with the IP address of the interface I want to restrict access to: 172.165.92.100. Now whenever I create a new iSCSI Target I assign it to TPGT 0 and life is good.

Target Portals: Your Gateway to Kickin’ Storage

An iSCSI Target Portal, or simply “a portal”, is an access point to one or more targets. Simply put its an IP address and port number to which you access targets. The TPGT’s that we just spoke about are ways to bind them together.

Backing Stores: The Real Deal

As we said earlier, iSCSI is all about making a block device (or what seems like one) accessable over the network. A Target is a way to put it out there, but its really just a connector between the initiator and some storage on the Target system. This storage is properly referred to as a “backing store”. Backing stores don’t have to be real block storage devices actually, in many cases the “backing store” is just a big pre-allocated file thats treated like a block storage device thanks to emulation in the target. This requires targets to have types.

The Solaris iSCSI Target Implementation currently has 4 types available, which are:

disk: This type emulates a disk device. Backing store can be a single pre-allocated file or a disk volume accessed by its raw device (/dev/rdsk/myvol). 99% of all iSCSI targets are this type.
tape: This type emulates a tape device. Backing store can be a single pre-allocated file, disk volume, etc. This type is handy for using as an iSCSI accessible virtual tape device.
osd: This type is for Object-Based Storage Devices (OSD). For now, just ignore it, its basically a place-holder for the future. Learn more about OSD here.
raw: This type might better be refered to as “pass-through”. This type does no emulation, it just passes SCSI commands to the backing store using the Solaris uscsi(7I) interface. This can only be used for real SCSI/FC disks. If your using volume managers, RAID, etc, you do not want this type.

Global Unique ID’s

As we stated earlier, each iSCSI Target can have one or more LUN’s. IQN’s are defined for Targets but not LUN’s, so how do we know which is which? On most implementations that I’ve seen this is simply done by specifying both the Target IQN and the LUN ID (iqn.1992-08.com.netapp:sn.33582139.0, where .0 represents the LUN). Solaris instead assigns each LUN a Global Unique ID, or GUID, which is guaranteed as unique. This GUID is composed of the Target Portal MAC address and a timestamp and looks like this: 010000144f20fd1a00002a00454329b. (0:14:4f:20:fd:1a + 00002a00454329b)

GUID’s are important for really only one reason: the GUID is used on the initiator side as the device identifier. Lets look at targets and what they look like on an initiator using the format command:

[thumper3:/] root# iscsitadm list target -v
Target: mytarget
    iSCSI Name: iqn.1986-03.com.sun:02:216a97f3-95fa-e064-f418-bd7c1309055f.mytarget
    Connections: 1
        Initiator:
            iSCSI Name: iqn.1986-03.com.sun:01:e00000000000.4505d02b
            Alias: atlantis
    ACL list:
    TPGT list:
    LUN information:
        LUN: 2
            GUID: 010000144f20fd1a00002a00457fd7ac
            VID: SUN
            PID: SOLARIS
            Type: disk
            Size: 1.0G
            Status: online
        LUN: 1
            GUID: 010000144f20fd1a00002a00457fd7a5
            VID: SUN
            PID: SOLARIS
            Type: disk
            Size: 1.0G
            Status: online
        LUN: 0
            GUID: 010000144f20fd1a00002a00457fd373
            VID: SUN
            PID: SOLARIS
            Type: disk
            Size: 1.0G
            Status: online

So here is a single target with no ACL’s defined, not TPGT’s associated, having 3 LUN’s. Each of those LUN’s are 1GB files using the “disk” type. You can see that “atlantis” has a connection to the target. Lets see what it looks like on that side:

[atlantis:/] root# format
Searching for disks...done

AVAILABLE DISK SELECTIONS:
       0. c0t2d0 
          /pci@0,0/pci1022,7450@2/pci1000,3060@3/sd@2,0
       1. c0t3d0 
          /pci@0,0/pci1022,7450@2/pci1000,3060@3/sd@3,0
       2. c4t010000144F20FD1A00002A00457FD7A5d0 
          /scsi_vhci/disk@g010000144f20fd1a00002a00457fd7a5
       3. c4t010000144F20FD1A00002A00457FD7ACd0 
          /scsi_vhci/disk@g010000144f20fd1a00002a00457fd7ac
       4. c4t010000144F20FD1A00002A00457FD373d0 
          /scsi_vhci/disk@g010000144f20fd1a00002a00457fd373
Specify disk (enter its number):

Okey, this is why GUID’s are important. Notice that long ass number used for the target number? Thats the GUID seen above in the target output and is defined by the target the first time its accessed (newly created unused targets may have a GUID of “0×0″, which will change the first time you use it). This solves an important problem for us: how do I know what is what? If you understand what GUID’s are and where to find them you can look at an iSCSI physical disk path on an initiator and know exactly what it is.

This also illustrates a shortfall in in the Solaris iSCSI Target Implementation. Notice that even though there is 1 target with 3 LUN’s, each LUN is represented as a separate target on the initiator side. If you look at the output of iscsiadm list target on the initiator you’ll only see 1 target, but using a disk command like format you’ll see 3. Whether this will change in the future or not I don’t know, but you definitely should be aware of it.

Summing Up

So, with any luck, if you’ve read all that above, the following output should make sense to you:

[thumper3:/] root# iscsitadm list tpgt -v
TPGT: 1
    IP Address: 172.16.165.100
[thumper3:/] root# iscsitadm list target -v
Target: mytarget
    iSCSI Name: iqn.1986-03.com.sun:02:216a97f3-95fa-e064-f418-bd7c1309055f.mytarget
    Connections: 1
        Initiator:
            iSCSI Name: iqn.1986-03.com.sun:01:e00000000000.4505d02b
            Alias: atlantis
    ACL list:
        Initiator: atlantis
    TPGT list:
        TPGT: 1
    LUN information:
        LUN: 2
            GUID: 010000144f20fd1a00002a00457fd7ac
            VID: SUN
            PID: SOLARIS
            Type: disk
            Size: 1.0G
            Status: online
        LUN: 1
            GUID: 010000144f20fd1a00002a00457fd7a5
            VID: SUN
            PID: SOLARIS
            Type: disk
            Size: 1.0G
            Status: online
        LUN: 0
            GUID: 010000144f20fd1a00002a00457fd373
            VID: SUN
            PID: SOLARIS
            Type: disk
            Size: 1.0G
            Status: online

Hopefully we’ve laid some foundation on which we can now build and learn. In future posts we’ll look at how to use these concepts to actually build targets, configure them, access them, secure them, and more.

Posted in OpenSolaris | 6 Comments »

Solaris Password Security

Wednesday, December 13th, 2006

Every so often you learn something that your surprised you didn’t already know. My ego says to hide that fact but my pragmatic side says I should help make sure others aren’t naive as well. In this case I refer to Solaris password security and namely the default crypt_unix(5) algorithm.

If you look at /etc/shadow on a Solaris system by default you’ll see lines like this:

cacti:mxqZuc0PXJ/gw:13453::::::

In this line “mxqZuc0PXJ/gw” is quickly recognized as a traditional salted crypt password. You probly know that this is the default out-of-the-box password format for Solaris, but you might not know that these passwords are limited to 8 characters in length. And even if you do realize this, you might have wrongly assumed, as I did, that the password “123456789″ wouldn’t be the same as password “12345678″… but in fact they are. If you have a stock Solaris system and you use a password greater than 8 chars try logging in with only the first 8 chars of the password and be amazed when it works. If I’d stopped to read the unix_crypt(5) man page I would have noticed:

Only the first eight characters of the key passed to crypt() are used with this algorithm; the rest are silently ignored.

So how do you fix this? Quite simply actually. Solaris provides 4 different password schemes which are defined in /etc/security/policy.conf. The lines of interest are the following:

CRYPT_ALGORITHMS_ALLOW=1,2a,md5
#CRYPT_ALGORITHMS_DEPRECATE=__unix__
CRYPT_DEFAULT=__unix__

The algorithms seen above, with the exception of “__unix__” which is the dreaded crypt_unix, are noted in /etc/security/crypt.conf and are:

1 (crypt_bsdmd5.so): One-way password hashing module for use with crypt(3C) that uses the MD5 message hash algorithm. The output is compatible with md5crypt on BSD and Linux systems. Password Limit: 255 chars
2a (crypt_bsdbf.so): One-way password hashing module for use with crypt(3C) that uses the Blowfish cryptographic algorithm. Password Limit: 255 chars
md5 (crypt_sunmd5.so): One-way password hashing module for use with crypt(3C) that uses the MD5 message hash algorithm. This module is designed to make it difficult to crack passwords that use brute force attacks based on high speed MD5 implementations that use code inlining, unrolled loops, and table lookup. Password Limit: 255 chars

To migrate to a better password scheme simply edit 2 lines in /etc/security/policy.conf: uncomment CRYPT_ALGORITHMS_DEPRECATE and change CRYPT_DEFAULT, like so:

CRYPT_ALGORITHMS_DEPRECATE=__unix__
CRYPT_DEFAULT=2a

You’ll now need to change your password using passwd. Even with crypt_unix deprecated these passwords will still be accepted. You can tell which format a password uses in /etc/shadow by the $type$ that proceeds the password, for instance:

moqZuc0PXJ/gw: Traditional UNIX password
$1$AR11mcp5$5wP5t99.kiHBiJ3qrg9jW1: Linux/BSD Compatible MD5
$2a$04$Q4m1iCDQWCl9l6h6yDFcC.agmbB21YXJxhrB1bmfnVOcrZwBBZUsm: Blowfish password
$md5$3UqYqndY$$6P.aaWOoucxxq.l00SS9k0: Sun MD5 password

I should note that I did notice that unless an algorithm is depreciated password changes will continue to use the existing password format. That is, if you make the default format Sun MD5, create a user and set his password, then change the default, changing the password will continue to use the existing Sun MD5 format. The point being, if your migrating all users from one format to another, make sure you deprecate the format you don’t want to use anymore to get the desired effect.

Posted in Solaris | 296 Comments »

Solaris 10 Update 3 Released

Tuesday, December 12th, 2006

Solaris 10 just gets more powerful all the time. Today Solaris 10 Update 3 (11/06) has been released. This brings a large number of features that have been in OpenSolaris for some time into the fully supported release. They include:

SNIA Multipath Management API Support
fsstat File-System Monitoring Tool (Very handy indeed!)
ZFS Command Improvements and Changes, including RAIDZ-2, Hot-Spares, Recursive Snapshots, Promotion of Clones, Compact NFSv4 ACL’s, Destroyed Pools Recovery, Error Clearing, ZFS integration with FMA, and much more.
Resource Pools now SMF’ized
Zone Renaming, Moving, Cloning, Import and Export
Logical Domains for sun4v
Solaris Trusted Extensions
Support for PCI Express
Sun Fire X4500 SATA Disk FMA
Adobe Flash Player Plugin for Solaris
Solaris Trusted Extensions Desktops
Solaris Flash Archives Improvements
Secure By Default Network Profile
ST Driver Support for Quantum LTO-2 and LTO-3 Tape Drives
IIIMF and Language Engines Improvements
… and much much more.

You can see the full Whats New on docs.sun.com and you can download it immediately from Sun.com.

Posted in Solaris | 47 Comments »

ZFS and iSCSI Integration: Two Great Powers Collide

Monday, December 11th, 2006

OpenSolaris Build 54 is now in the wild. As of Build 53 we have an amazing powerful new feature that will ultimately become a staple of the data center: ZFS and iSCSI Integration. Its now drop dead simple to start dishing out iSCSI Targets to your network, in a way that only ZFS can provide.

If you didn’t already know, ZFS brings the functions of a filesystem and a volume manager together into perfect harmony. Now, when people hear this they probly think about the underlying zpool on which filesystems are built, but it goes further. You can create zvols, a traditional allocated block device similar to a Veritas Volume Manager Volume or LVM Logical Volume, that coexists happily with your other ZFS file systems. Because iSCSI Target LUN’s are shared network accessible block storage devices they are built on top of these zvols. The advantage of these zvols is that they come with all that ZFS has to offer filesystems including snapshots, replication, compression, etc, but adds in something special for block storage: sparse volumes, commonly refered to as “thin provisioning”. Learn more about thin provisioning with ZFS in my blog entry entitled: ZFS and Thin Provisioning.

Prior to B53 you could share a zvol via iSCSI using iscsitadm, the administrative interface to the Solaris iSCSI Target. But thats all like tedious and involves a lot of typing, therefore we can now simplify the proccess. Simply create a zvol and enable iSCSI like so:

[thumper3:/] root# zfs create -s -V 150tb splash/uber_iscsitarget
[thumper3:/] root# zfs set shareiscsi=on splash/uber_iscsitarget

Presto! With these two commands I’ve created a thinly provisioned 150TB volume and then turned “shareiscsi” on. We’re done!

Don’t believe me? Just check:

[thumper3:/] root# svcs -a | grep -i iscsi
disabled        9:04:43 svc:/network/iscsi_initiator:default
online         22:21:01 svc:/system/iscsitgt:default
[thumper3:/] root# iscsitadm list target -v
Target: splash/uber_iscsitarget
    iSCSI Name: iqn.1986-03.com.sun:02:df204646-7956-e0a9-bfc1-c47759d0d93b
    Alias: splash/uber_iscsitarget
    Connections: 0
    ACL list:
    TPGT list:
    LUN information:
        LUN: 0
            GUID: 0x0
            VID: SUN
            PID: SOLARIS
            Type: disk
            Size:  150T
            Backing store: /dev/zvol/rdsk/splash/uber_iscsitarget
            Status: online
[thumper3:/] root# zfs get all splash/uber_iscsitarget
NAME                     PROPERTY       VALUE                  SOURCE
splash/uber_iscsitarget  type           volume                 -
splash/uber_iscsitarget  creation       Mon Dec 11  8:22 2006  -
splash/uber_iscsitarget  used           54.8K                  -
splash/uber_iscsitarget  available      15.9T                  -
splash/uber_iscsitarget  referenced     54.8K                  -
splash/uber_iscsitarget  compressratio  1.00x                  -
splash/uber_iscsitarget  reservation    none                   default
splash/uber_iscsitarget  volsize        150T                   -
splash/uber_iscsitarget  volblocksize   8K                     -
splash/uber_iscsitarget  shareiscsi     on                     local
splash/uber_iscsitarget  checksum       on                     default
splash/uber_iscsitarget  compression    off                    default
splash/uber_iscsitarget  readonly       off                    default

iSCSI really is that easy!

At this point we can go ahead and mount it on another system. In this case I’ll use a OpenSolaris B43 admin server:

[atlantis:/] root# iscsiadm list  discovery
Discovery:
        Static: disabled
        Send Targets: disabled
        iSNS: disabled
[atlantis:/] root# iscsiadm modify discovery --sendtargets enable
[atlantis:/] root# iscsiadm add discovery-address 10.10.10.10
[atlantis:/] root# svcadm enable network/iscsi_initiator
[atlantis:/] root# iscsiadm list target
Target: iqn.1986-03.com.sun:02:df204646-7956-e0a9-bfc1-c47759d0d93b
        Alias: splash/uber_iscsitarget
        TPGT: 1
        ISID: 4000002a0000
        Connections: 1
[atlantis:/] root# format
Searching for disks...done

c4t010000144F20FD1A00002A00457D16C8d0: configured with capacity of 153600.00GB

AVAILABLE DISK SELECTIONS:
...
       4. c4t010000144F20FD1A00002A00457D16C8d0 
          /scsi_vhci/disk@g010000144f20fd1a00002a00457d16c8
Specify disk (enter its number): ^D

See? Once the target is accessible from an initiator on your network simply use the disk like you world any local drive.

…but wait. We can make this even simpler by using ZFS property inheritance! By creating what I call a ZFS stub, we can turn on “shareiscsi” and then let volume created under that stub be automatically shared because they’ll inherit the “shareiscsi=on” properly. Lets go back to the begining and try this on a clean system:

[thumper3:/] root# zfs create splash/iscsi_luns
[thumper3:/] root# zfs set shareiscsi=on splash/iscsi_luns

[thumper3:/] root# iscsitadm list target
[thumper3:/] root#

[thumper3:/] root# zfs create -s -V 25g splash/iscsi_luns/vol001
[thumper3:/] root# zfs create -s -V 25g splash/iscsi_luns/vol002
[thumper3:/] root# zfs create -s -V 25g splash/iscsi_luns/vol003
[thumper3:/] root# zfs create -s -V 25g splash/iscsi_luns/vol004

[thumper3:/] root# iscsitadm list target
Target: splash/iscsi_luns/vol001
    iSCSI Name: iqn.1986-03.com.sun:02:736c2517-91e6-cf6c-d566-d48fb182e9f7
    Connections: 0
Target: splash/iscsi_luns/vol002
    iSCSI Name: iqn.1986-03.com.sun:02:78692333-1fb4-ee45-b547-ea49922ee538
    Connections: 0
Target: splash/iscsi_luns/vol003
    iSCSI Name: iqn.1986-03.com.sun:02:792505e0-a3fc-4ccf-f86d-b79f7baee006
    Connections: 0
Target: splash/iscsi_luns/vol004
    iSCSI Name: iqn.1986-03.com.sun:02:994ce0c3-d1fd-c0c9-ad8e-c4eeef462899
    Connections: 0

Now you can create iSCSI Targets by simply creating a volume. Simply brilliant.

Posted in OpenSolaris | 185 Comments »

cuddlecomics: no. 1

Friday, December 8th, 2006

Tamarah, Jason Hoffman, and I all attended a swanky Web 2.0 shin-dig courtasy of Hitachi Data Systems last night and several things became clear: people think that I (benr) am the gal at the top of the page (who is in fact my wife), and I’ve been depicted in cartoons/comics twice now (one private, one public) and done wrongly in both. So she, having artistic ability decided to take the challange of setting things straight in her mind. The result was this:

Now thats a comic I can appreciate being associated with. My wife rules.

If my nav bar is distorting it, see the image directly here.

Posted in cuddletech | 19 Comments »