iSCSI Commands and Information
Block volumes attached with the iSCSI attachment type use the iSCSI protocol to connect a volume to an instance. See Volume Attachment Types for more information about volume attachment options.
Once the volume is attached , you need to log on to the instance and use the iscsiadm
command-line tool to configure the iSCSI connection. After you configure the volume, you can mount it and use it like a normal hard drive.
To enhance security, Oracle enforces an iSCSI security protocol called CHAP that provides authentication between the instance and volume.
You do not need to run the iSCSI commands for attachments to volumes configured for the Ultra High Performance level. The Block Volume Management plugin runs the iSCSI commands to configure the iSCSI connection.
Accessing a Volume's iSCSI Information
When you successfully attach a volume to an instance, Block Volume provides a list of iSCSI information. You need the following information from the list when you connect the instance to the volume.
- IP addressNote
When an IP address is assigned to a volume attachment, it is a valid IP address and an iSCSI connection can be made to it. Block Volume does not guarantee the order the IP address is assigned. - Port
- CHAP user name and password (if enabled)
- IQN
The CHAP credentials are auto-generated by the system and cannot be changed. They are also unique to their assigned volume/instance pair and cannot be used to authenticated another volume/instance pair.
The Console provides this information on the details page of the volume's attached instance. Click the AttachVolume
API operation completes successfully. You can re-run the operation with the same parameter values to review the information.
See Attaching a Block Volume to an Instance and Connecting to a Block Volume for step-by-step instructions.
Recommended iSCSI Initiator Parameters for Linux-based Images
iSCSI attached volumes for Linux-based images are managed by the Linux iSCSI initiator service, iscsid. Oracle Cloud Infrastructure images use iSCSI default settings for the iscsid service's parameters, with the exception of the following parameters:
-
node.startup = automatic
-
node.session.timeo.replacement_timeout = 6000
-
node.conn[0].timeo.noop_out_interval = 0
-
node.conn[0].timeo.noop_out_timeout = 0
-
node.conn[0].iscsi.HeaderDigest = None
If you are using custom images, you should update the iscsid service configuration by modifying the /etc/iscsi/iscsid.conf
file.
Additional Reading
There is a wealth of information on the internet about iSCSI and CHAP. If you need more information on these topics, try the following pages: