Re: Correct & Reliable way to stop access to an iS...

Michelle_Laveri · ‎05-01-2008

Guys,

I'm doing more work with iSCSI than have done in the past. Normally I worked with FC SAN either on my own kit at home, or customers site.

The iSCSI system I'm using is Lefthand Networks VP called VSA together with VMware iSCSI Software Initiator...

Anyway, sometimes I want to temporarily stop access to the target after the ESX host has connected to the target. You would think this would be an easy thing to do - through obivious methods such as:

disabling the iSCSI SW Initiator

removing the ESX host from the allowed list of iSCSI Initator

closing the firewall for 3260

BUT, even after doing this - when I do a rescan the LUN and VMFS is still there. It's a classic case that when you want something NOT to work it does!

Anyway, the ONLY reliable method I've found is by changing the IP address of the VMkernel port to be something bogus - and then force a rescan - this causes the LUN/VMFS to disappear.

Does anyone else have a reliable method - which would be less intrusive?

Regards

Mike

Regards
Michelle Laverick
@m_laverick
http://www.michellelaverick.com

Ken_Cline · ‎05-01-2008

Just a guess...but have you tried unloading the NIC driver?

- vmkload_mod -u

Ken Cline

Technical Director, Virtualization

Wells Landers

VMware Communities User Moderator

Ken Cline VMware vExpert 2009 VMware Communities User Moderator Blogging at: http://KensVirtualReality.wordpress.com/

sdd · ‎05-01-2008

I am not familiar with the Left Hand interface, but have you tried removing the masking from the IQN of that iSCSI intiator on the target? I have done this on other arrays and while you still have the ip of the target in ESX, a rescan should show the LUN/VMFS is gone.

Regards,

Scott

-Scott Disclaimer: I am an EMC Employee

kjb007 · ‎05-02-2008

I've had the same issue, and I used esxcfg-swiscsi -k, to remove the stack, but that did get rid of any active LUNs, and forced me to reconfig my target info.

-KjB

vExpert/VCP/VCAP vmwise.com / @vmwise -KjB

Michelle_Laveri · ‎05-02-2008

I've had the same issue, and I used esxcfg-swiscsi -k, to remove the stack, but that did get rid of any active LUNs, and forced me to reconfig my target info.

-KjB

Well, I would like to keep my configuration....

I've tried using LHN to stop access but that didn't seem to help. Seems to be a by-design issue with the iSCSI sw stack from VMware (err, make that Cisco). Perhaps its because the COS is responsible for the LUN Discovery/CHAP part of the process. I will try a load and unload of the nic driver when I next have time - although I have feeling I will have script that as it might disconnect me from the ESX Host...

Regards

Mike

Regards
Michelle Laverick
@m_laverick
http://www.michellelaverick.com

kjb007 · ‎05-02-2008

I tried a lot of stuff when I was setting up my environment with iSCSI. I believe I also tried unloading modules, but ultimately, in order to kill the connection, i had to unload the iscsi stack with the -k. Let me know if you find a better way.

-KjB

vExpert/VCP/VCAP vmwise.com / @vmwise -KjB

kjb007 · ‎05-06-2008

Just an FYI, I just ran this the below to remove access to a particular LUN. I have verified the config does not get removed, but the driver does stop, and the rescan removes access to an unavailable LUN.

Run esxcfg-swiscsi -k. Then rescan, esxcfg-swiscsi -s.

The LUN should be removed.

-KjB

vExpert/VCP/VCAP vmwise.com / @vmwise -KjB

Michelle_Laveri · ‎05-07-2008

Cool...

Thanks for testing that - I will give it a try at the next opportunity...

Regards

Mike

Regards
Michelle Laverick
@m_laverick
http://www.michellelaverick.com

Michelle_Laveri · ‎06-01-2008

In the end I found the easiest way to disable/enable access to an iSCSI Target using the SW initiator was to automate what I was doing from the GUI.

esxcfg-vswif -s vswif1

esxcfg-vmknic -D iSCSI

This stopped the networking stack required for SW iSCSI from communicating to the target

esxcfg-rescan vmhba32

refresh any storage information such mounted vmfs volumes under /vmfs/volumes

Then I re-enable it with reverse

esxcfg-vswif -e vswif1

esxcfg-vmknic -e iSCSI

esxcfg-rescan vmhba32

The nice thing about this method is that it doesn't touch the SW iSCSI stack at all..

Regards

Mike

Regards
Michelle Laverick
@m_laverick
http://www.michellelaverick.com

admin · ‎06-02-2008

Just an FYI, I just ran this the below to remove access to a particular LUN. I have verified the config does not get removed, but the driver does stop, and the rescan removes access to an unavailable LUN.
Run esxcfg-swiscsi -k. Then rescan, esxcfg-swiscsi -s.
The LUN should be removed.
-KjB

That's the way to do it, if you're using the S/W initiator anyway.

wila · ‎06-02-2008

Thanks Mike, it works perfectly.

I couldn't get the method KjB used to work for me, nor did my old method work as that stopped working.

One small note, the line:

esxcfg-vswif -s vswif1

is probably a typo and meant to be:

esxcfg-vswif -D vswif1

As the the -s does not exist and the -d deletes your vswif (which you probably don't want either), the -D does the opposite of what you are doing when enabling the iscsi storage again.

--

Wil

| Author of Vimalin. The virtual machine Backup app for VMware Fusion, VMware Workstation and Player |
| More info at vimalin.com | Twitter @wilva

Michelle_Laveri · ‎06-02-2008

Thanks Mike, it works perfectly.
I couldn't get the method KjB used to work for me, nor did my old method work as that stopped working.
One small note, the line:

esxcfg-vswif -s vswif1

is probably a typo and meant to be:

esxcfg-vswif -D vswif1

As the the -s does not exist and the -d deletes your vswif (which you probably don't want either), the -D does the opposite of what you are doing when enabling the iscsi storage again.
--
Wil

Yes, that's right a typo... on my behalf... I meant to temporary disable/enable the iSCSI-COS and iSCSI-VMK and then do the rescan...

Regards

Mike

Regards
Michelle Laverick
@m_laverick
http://www.michellelaverick.com

All

Correct & Reliable way to stop access to an iSCSI Target