Report a Documentation Bug

iSCSI Service

Deploying iSCSI

To deploy an iSCSI gateway, create a yaml file containing a service specification for iscsi:

service_type: iscsi
service_id: iscsi
placement:
  hosts:
    - host1
    - host2
spec:
  pool: mypool  # RADOS pool where ceph-iscsi config data is stored.
  trusted_ip_list: "IP_ADDRESS_1,IP_ADDRESS_2"
  api_port: ... # optional
  api_user: ... # optional
  api_password: ... # optional
  api_secure: true/false # optional
  ssl_cert: | # optional
    ...
  ssl_key: | # optional
    ...

For example:

service_type: iscsi
service_id: iscsi
placement:
  hosts:
  - [...]
spec:
  pool: iscsi_pool
  trusted_ip_list: "IP_ADDRESS_1,IP_ADDRESS_2,IP_ADDRESS_3,..."
  api_user: API_USERNAME
  api_password: API_PASSWORD
  ssl_cert: |
    -----BEGIN CERTIFICATE-----
    MIIDtTCCAp2gAwIBAgIYMC4xNzc1NDQxNjEzMzc2MjMyXzxvQ7EcMA0GCSqGSIb3
    DQEBCwUAMG0xCzAJBgNVBAYTAlVTMQ0wCwYDVQQIDARVdGFoMRcwFQYDVQQHDA5T
    [...]
    -----END CERTIFICATE-----
  ssl_key: |
    -----BEGIN PRIVATE KEY-----
    MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC5jdYbjtNTAKW4
    /CwQr/7wOiLGzVxChn3mmCIF3DwbL/qvTFTX2d8bDf6LjGwLYloXHscRfxszX/4h
    [...]
    -----END PRIVATE KEY-----

class ceph.deployment.service_spec.IscsiServiceSpec(service_type='iscsi', service_id=None, pool=None, trusted_ip_list=None, api_port=5000, api_user='admin', api_password='admin', api_secure=None, ssl_cert=None, ssl_key=None, placement=None, unmanaged=False, preview_only=False, config=None, networks=None, extra_container_args=None, extra_entrypoint_args=None, custom_configs=None)

api_password

api_password as defined in the iscsi-gateway.cfg

api_port

api_port as defined in the iscsi-gateway.cfg

api_secure

api_secure as defined in the iscsi-gateway.cfg

api_user

api_user as defined in the iscsi-gateway.cfg

pool

RADOS pool where ceph-iscsi config data is stored.

ssl_cert

SSL certificate

ssl_key

SSL private key

trusted_ip_list

list of trusted IP addresses

The specification can then be applied using:

ceph orch apply -i iscsi.yaml

See Daemon Placement for details of the placement specification.

See also: Service Specification.

Configuring iSCSI client

The containerized iscsi service can be used from any host by Configuring the iSCSI Initiators, which will use TCP/IP to send SCSI commands to the iSCSI target (gateway).

Further Reading

• Ceph iSCSI Overview: Ceph iSCSI Gateway