Getting started

The debops.iscsi role depends heavily on the LVM support. It can be configured using debops.lvm role added to the playbook before the debops.iscsi role.

Before using debops.iscsi role, you should configure an iSCSI Target. It can be configured either on a dedicated SAN storage host, or using Linux packages like targetcli, tgt and others. You can use debops.tgt role to create a simple iSCSI Target server, however using targetcli to setup a LIO-based iSCSI Target might be easier.

The debops.unattended_upgrades role can be used with a provided list of blacklisted packages to prevent the unattended upgrade of the open-iscsi package, which might result in connection loss to the iSCSI Target and broken services.

Example inventory

To configure iSCSI Initiator to connect to remote storage, you should add a given host to [debops_service_iscsi] Ansible group:

[debops_service_iscsi]
hostname

Inventory variables

Before configuring the role, you should specify the IQN date and Naming Authority (by default, ansible_domain) to have consistent IQN naming scheme. It's best to use the registration date of your domain, you can check it using whois command:

iscsi__iqn_date: '1995-08'
iscsi__iqn_authority: '{{ ansible_domain }}'

Above variables will be used to create and store IQN base name, available as {{ iscsi__iqn }}. You can use it in your IQN strings, provided that the same scheme is used on your iSCSI Target hosts.

iSCSI storage should be configured on a separate internal network or VLAN to provide security. By default, debops.iscsi discovers iSCSI Targets on all configured interfaces. To change that, you can specify interface names to use:

iscsi__interfaces: [ 'eth1', 'vlan300' ]

You need to specify FQDN hostnames or IP addresses of hosts that provide the storage to discover iSCSI Targets:

iscsi__portals: [ 'storage.iscsi.{{ ansible_domain }}' ]

You will also want to configure iscsi__targets and iscsi__logical_volumes to specify what iSCSI Targets to connect to, as well as how to manage the storage volumes.

Default usernames and passwords for discovery and session authentication can be found in secret/ directory (see debops.secret role for more details). You can change them by modifying the created files and re-running the role.

Example playbook

Here's an example playbook which uses debops.iscsi role:

---

- name: Configure iSCSI Initiator
  hosts: [ 'debops_service_iscsi' ]
  become: True

  roles:

    - role: debops.unattended_upgrades
      tags: [ 'role::unattended_upgrades' ]
      unattended_upgrades__dependent_blacklist: '{{ iscsi__unattended_upgrades__dependent_blacklist }}'

    - role: debops.lvm
      tags: [ 'role::lvm' ]

    - role: debops.iscsi
      tags: [ 'role::iscsi' ]