When you have created an ESXi environment and want to work with features such as vMotion and High Availability you will need shared storage in your environment. Openfiler is a good choice to setup a storage appliance to provide shared storage with NFS or iSCSI.
In this article I will explain how to setup Openfiler. There is also an appliance available that you can download but the appliance is not always updated to the latest version and I had mixed results in the past with importing it into different environment. Therefor I have based the article on installation of the ISO-file you can download it at www.openfiler.com. I have used version 2.99 (openfileresa-2.99.1-x86_64-disc1.iso)
To get started you need to create a virtual machine (in ESXi or Workstation), attach the ISO-file and power on. The OS type to choose is Other Linux 64 bit.
The minimum disk requirement is 10GB so make sure to modify the hard disk size before you start the Openfiler installation. The full system requirements can be found here.
The installation procedure is also described on the Openfiler-website. But I have made a short installation guide below with the most important steps highlighted.
First install the operating system on a single hard disk and then after installation is ready add hard disks that will contain your NFS and iSCSI partitions. There is no need to power off the virtual machine to add the hard disks. You can add them while it's powered on in ESXi and Openfiler will also automatically detect the new disks.
When you boot the virtual machine with the installation ISO you will see the image below. Press Enter to start the graphical installer.
For the rest of the setup process I have only placed images in this article and added explanations for those parts that require it. Other steps such as selecting your keyboard or time zone are things you can figure out yourself.
During the setup you will initialize your empty drive and you will be able to automatically partition the disk for the operating system. You can see this in the image below. There is no need to partiiton the hard disk since you will add empty hard disks later that will hold your NFS and iSCSI data.
The default setting for your network adapter is that it will be configured for DHCP. If you want to configure a fixed IP address then you can do that later in the web based management UI or you can do it now as part of the installation process.
During installation you are asked to provide a password for the root user. Be aware that this password will not be the password that you will use to administer the appliance from the web based UI. As you will see later there is another default user name and password for that.
When the installation is finished you can reboot the virtual machine. Once it is rebooted you will see the URL you can use to manage the appliance on the console.
If you access the web based UI for the first time you will see a message that the certificate is un-trusted. Since the virtual machine was installed with a self signed certificate for HTTPS this is normal behavior and you can proceed anyway.
To login to the Openfiler web based management interface you use the following credentials:
default username: openfiler
default password: password
After you login for the first time change the administrator password for the virtual machine. This will require you to re-login with the new password.
The first task to perform is to enable the services you want to be using. In this article I will explain how to configure NFS and iSCSI for ESXi so those are the services I have enabled and started.
The second task is to configure from which hosts or networks your Openfiler installation can be accessed. You can provide individual IP-addresses for your servers or you can specify an entire network as I have done in the image below. With this configuration all hosts in network 192.168.1.0/24 will be able to access the storage.
At this time you should add the virtual hard disks to your virtual machine that you want to use to store the NFS and iSCSI data. You can do this while the virtual machine is powered on (on ESXi, not on Workstation) and Openfiler will detect them automatically.
Access the Volumes-tab and select Block Devices from the menu on the right to manage the partitions for your disks. We will start with the first one (/dev/sdb). Click the hyperlink for the device to add a partition.
The image blow shows the information needed to create a new volume on the disk. Perform this action for all the disks you want to use. (In this article the only other disk is /dev/sdc.)
The following step is to create a Volume Group. From this point onwards I will first create the entire NFS-configuration and when that is done I will create the iSCSI-disks and -configuration.
NFS Volume Configuration
In the Volumes-tab select Volume Groups from the menu on the right. Since there are no volume groups yet the only thing to do here is create a new one. For the name I have used NFS so that it's easy to identify what it's going to be used for later. And I have selected one of my two disks.
Next click the Add Volume link from the menu on the right. Specify a name for the volume, a description and select the amount of disk space from the partition to use. I find it most convenient to use a separate virtual disk with only partition and one volume for each type of access. The default file system type is uses here is XFS, you could also select ext4 or another type but since we are accessing the data via NFS it doesn't really matter.
We now have the NFS-volume configured and must create a share that we can make available to our ESXi-servers. Click the Shares-tab and click the link for the NFS-volume you have just created. Enter the name for the folder to create in the volume.
This folder you have just created will now become the share. Click the folder and click Make Share from the pop-up window.
The default for these shares is that hey are configured for Controlled Access. You could configure it for public access. But it's better to setup Controlled Access. You can clearly read on the share's configuration page that it will only be enabled when you setup a primary group for the share. This might not be necessary for NFS but it's better to always configure it this way.
As you can see in the image below you must configure a Primary Group and configure ReadWrite access for NFS for your servers or the entire subnet.
Your NFS-configuration on the Openfiler server is now done so it's time to connect from the ESXi-host to this new share. You can perform this from the vSphere Client (Configuration-tab - Storage - Add Storage) or from the vSphere Web Client (select your server, Related Objects-tab - Datastores and click the create a new datastore-icon). The image below shows how the configuration should look like. You can use the Openfiler's IP-address or server name if you have DNS configured.
The datastore name should be the same on all your ESXi-servers in your cluster so that virtual machines can run on all your hosts for example with vMotion and High Availability.
To configure iSCSI we need another volume in a volume group. From the Openfiler web based management interface select the Volumes-tab and from the menu on the right select Volume Groups. You can now create a new volume group on the empty disk (in this example /dev/sdc).
Next click Add Volume. If the new volume group you had just created is not selected then select it from the drop-down list and click Change.
Now add a new volume to this volume group. Most important to watch out for here is to select the block-type here to be able to use it as an iSCSI-target disk.
The disk is ready now so it's time to configure the iSCSI-target. From the Volumes-tab select iSCSI targets from the menu on the right. Since there is no iSCSI target configured you only option is to create a new one.
Next you must map a LUN to one of your volumes.
And the last step is to allow access to this target from the network.
You can now configure access to the iSCSI-target from your ESXi-host. This can be done from the vShere Client (Configuration-tab - Storage Adapters - Add) or from the vSphere Web Client. (see image below).
Once you have added the adapter it will show up in the list of storage controllers as VMHBA33 or higher. In this example in the image below you can see that it is adapter VMHBA37. In the Targets-tab click Add to add your iSCSI target. You will need to provide the IP-address or server name for your Openfiler server. Leave the port at the default of 3260.
After adding the target you will be warned that you must rescan the adapter to be able to see the devices that are available.
Now if you look at the Devices-tab of the iSCSI software adapter you will see the target that is available through your Openfiler server.
At this time you can format the empty disk with the VMFS file system. This can be done from from the vSphere Client (Configuration-tab - Storage - Add Storage) or from the vSphere Web Client (select your server, Related Objects-tab - Datastores and click the create a new datastore-icon).
You only have to create this datastore once. If you enable the iSCSI-target on you other ESXi-servers then they will detect the new VMFS datastore when you rescan the adapter.
Add CHAP authentication
In the configuration you have setup there is no additional security so when you connect other machines with iSCSI software to your network they could access the storage target too. To prevent this you can add authentication with the Challenge Handshake Authentication Protocol to your iSCSI-setup.
In the Openfiler configuration access the Volumes-tab and select CHAP Authentication. As you can see in the image below it requires a username and a password. The username is going to be the iSCSI initiator name or alias on your ESXi-host. We will show you where to find that later. For now I would use your server's name and provide a password (also called the secret).
Next you need to add CHAP-authentication to your iSCSI-adapter on ESXi. See the image below.
Select Use unidirectional CHAP from the drop down list. Next you must decide what to use to identify the server with the iSCSI-target. You could use the iSCSI initiator name if you used that same name in Openfiler. Or for example use the server's name as an alias as you can see in the image below. And provide the same secret as on the Openfiler server.