Have you always attached an OCI Block Volume to a Compute Instance? If yes, I assume by console or OCI CLI and then executed manually the iSCSI commands to attach the device on OS level. But wait, here is a magic way to attach the Block Volume – by the Oracle Cloud Agent.
Prerequisites
- Attached Service Gateway in VCN
- Oracle Cloud Agent software installed on the instance
- Enable the Block Volume Management plugin
- Verify Compute Instance disk status
- Create a Block Volume and attach Block Volume to Compute Instance
- OCI Tool oci-iscsi-config
- The OCI CLI method – the expressway
If you want to auto-attach a high-performance block volume (multipath enabled) or a block volume where auto-tune is enabled, these two IAM settings are additional required.
Dynamic Group
ANY {instance.compartment.id = 'ocid1.tenancy.oc1..<tenancy_ID>', instance.compartment.id = 'ocid1.compartment.oc1..<compartment_OCID>'}
Policy for Dynamic Group
Allow dynamic-group InstantAgent to use instances in tenancy Allow dynamic-group InstantAgent to use volume-attachments in tenancy
Attached Service Gateway in VCN
Verify the route table for the attached Service Gateway first. Here in my case the Service Gateway is attached for ZRH services in a private subnet.
Oracle Cloud Agent Software installed on the Instance
Verify that the agent is up and running. The agent is installed as per default on current images, for older platforms the agent can be installed manually.
]$ systemctl is-enabled oracle-cloud-agent &>/dev/null && echo "OCA is enabled" || echo "OCA is disabled" \ > && systemctl is-active oracle-cloud-agent &> /dev/null && echo "OCA is running" || echo "OCA is not running" OCA is enabled OCA is running
Verify the local metdata endpoint is reachable. Here you can see in the output that the Block Volume Management plugin is disabled as per default
$ curl -v -H 'Authorization: Bearer Oracle' http://169.254.169.254/opc/v2/instance/ | grep -B 1 Block
* Trying 169.254.169.254...
* TCP_NODELAY set
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Connected to 169.254.169.254 (169.254.169.254) port 80 (#0)
> GET /opc/v2/instance/ HTTP/1.1
> Host: 169.254.169.254
> User-Agent: curl/7.61.1
> Accept: */*
> Authorization: Bearer Oracle
>
< HTTP/1.1 200 OK
< Server: server
< Date: Mon, 05 Sep 2022 08:11:17 GMT
< Content-Type: application/json
< Transfer-Encoding: chunked
< Connection: keep-alive
< Etag: d4efec23-2401
< Last-Modified: Mon, 05 Sep 2022 08:17:06 GMT
< X-Request-Id: a4ad0529-5587-4540-b313-ac6398aae70a
<
{ [2413 bytes data]
100 2401 0 2401 0 0 586k 0 --:--:-- --:--:-- --:--:-- 586k
* Connection #0 to host 169.254.169.254 left intact
"desiredState": "DISABLED",
"name": "Block Volume Management"
Enable the Block Volume Management Plugin
Enabling of the plugin needs some minutes, please be patient. You can verify the metadata endpoint again for the plugin status. If the plugins doesn’t change to state running, verify the prerequisites.
$ curl -v -H 'Authorization: Bearer Oracle' http://169.254.169.254/opc/v2/instance/ | grep -B 1 Block
* Trying 169.254.169.254...
* TCP_NODELAY set
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Connected to 169.254.169.254 (169.254.169.254) port 80 (#0)
> GET /opc/v2/instance/ HTTP/1.1
> Host: 169.254.169.254
> User-Agent: curl/7.61.1
> Accept: */*
> Authorization: Bearer Oracle
>
< HTTP/1.1 200 OK
< Server: server
< Date: Mon, 05 Sep 2022 08:24:34 GMT
< Content-Type: application/json
< Transfer-Encoding: chunked
< Connection: keep-alive
< Etag: d4efec23-2401
< Last-Modified: Mon, 05 Sep 2022 08:17:06 GMT
< X-Request-Id: a4ad0529-5587-4540-b313-ac6398aae70a
<
{ [2413 bytes data]
100 2401 0 2401 0 0 586k 0 --:--:-- --:--:-- --:--:-- 586k
* Connection #0 to host 169.254.169.254 left intact
"desiredState": "ENABLED",
"name": "Block Volume Management"
Links
- Managing Plugins with Oracle Cloud Agent: https://docs.oracle.com/en-us/iaas/Content/Compute/Tasks/manage-plugins.htm
- Troubleshooting Oracle Cloud Agent: https://docs.oracle.com/en-us/iaas/Content/Compute/Tasks/manage-plugins-troubleshooting.htm#troubleshoot
Verify Compute Instance Disk Status
Actually there is no other disk that the boot volume attached.
$ sudo lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sda 8:0 0 46.6G 0 disk ├─sda1 8:1 0 100M 0 part /boot/efi ├─sda2 8:2 0 1G 0 part /boot └─sda3 8:3 0 45.5G 0 part ├─ocivolume-root 252:0 0 35.5G 0 lvm / └─ocivolume-oled 252:1 0 10G 0 lvm /var/oled
Create a Block Volume and attach it to the Compute Instance
A new Block Volume is created with 254GB space and ready to attach.
Block Volume -> Attach to Instance. Enable the checkbox
The disk is attached as /dev/sdb by iSCSI and can be partioned, formatted and mounted.
[opc@ci-zrh-t-crm-app-001 ~]$ sudo lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sda 8:0 0 46.6G 0 disk ├─sda1 8:1 0 100M 0 part /boot/efi ├─sda2 8:2 0 1G 0 part /boot └─sda3 8:3 0 45.5G 0 part ├─ocivolume-root 252:0 0 35.5G 0 lvm / └─ocivolume-oled 252:1 0 10G 0 lvm /var/oled sdb 8:16 0 254G 0 disk $ sudo ls -la /dev/disk/by-path/ | grep ip lrwxrwxrwx. 1 root root 9 Sep 5 08:48 ip-169.254.2.2:3260-iscsi-iqn.2015-12.com.oracleiaas:175c0c80-3704-42e8-9dc1-b39123456789-lun-1 -> ../../sdb
Logs are located on Compute Instance in the plugin folder, there is a YML file available which describes the action.
$ pwd
/var/log/oracle-cloud-agent/plugins/oci-blockautoconfig
[opc@ci-zrh-t-crm-app-001 oci-blockautoconfig]$ cat blockstorage.yml
[
{
"id": "ocid1.volumeattachment.oc1.eu-zurich-1.an5heljrsijhdmqcebk2p1234567890r5jaacpbjwcv5lsfasa",
"volumeId": "ocid1.volume.oc1.eu-zurich-1.ab1234567890iipcycyffb4rabdbax2nobys2zm6wog44xbhib5rxv3fa",
"instanceId": "ocid1.instance.oc1.eu-zurich-1.an5heljrsijhdmqcbv12345678906qaq3sscrrvmhlvpd323bniuij7q",
"chapSecret": "",
"chapUsername": "",
"ipv4": "169.254.2.2",
"iqn": "iqn.2015-12.com.oracleiaas:175c0c80-3704-42e8-9dc1-b3912345678904",
"port": 3260,
"timeCreated": "",
"multipathDevices": []
}
][
OCI Tool oci-iscsi-config
The integrated tool oci-iscsi-config is used to show the status and the details.
$ sudo oci-iscsi-config show
Unable to get volume ocid and display name for iqn [iqn.2015-12.com.oracleiaas:175c0c80-3704-42e8-9dc1-b3962b7c0574],
Currently attached iSCSI devices:
Volume Name | Attached Device | Size |
------------------------------------------
- | sdb | 254G |
The OCI CLI method – the Expressway
Create a Block Volume.
export ad=EUZg:EU-ZURICH-1-AD-1 export comp=ocid1.compartment.oc1..aaaaaaaa4oz4fobomuv7laetz6zdxznuoxk46j123456789gbo3nsq oci bv volume create --compartment-id $comp --availability-domain $ad
Attach the Block Volume to the Compute Instance by using the is-agent-auto-iscsi-login-enabled parameter. Use the Block Volume OCID from command above. If the parameter is not available in your environment, update your OCI CLI.
export inst=ocid1.instance.oc1.eu-zurich-1.an5heljrsijhdmqcbv2fd53hntwqs27123456789hlvpd323bniuij7q export bv=ocid1.volume.oc1.eu-zurich-1.ab5heljrgfacrjunfxxroeej5olipwxg123456789pmisck4y2upwla oci compute volume-attachment attach-iscsi-volume --instance-id $inst --volume-id $bv --is-agent-auto-iscsi-login-enabled true
OCI CLI Command Reference: https://docs.oracle.com/en-us/iaas/tools/oci-cli/3.15.2/oci_cli_docs/cmdref/compute/volume-attachment/attach-iscsi-volume.html
And BTW – Terraform supports it too: https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/core_volume_attachment
Summary
The iSCSI auto-configuration feature by the Oracle Cloud Agent simplifies the attachment of iSCSI disks to a Compute Instances. Just use it. #ilike