To secure data on your VM from outside access, you can enable SCSI persistent reservation and configure a LUN-backed virtual machine disk to be shared among multiple virtual machines. By enabling the shared option, you can use advanced SCSI commands, such as those required for a Windows failover clustering implementation, for managing the underlying storage.
When a storage volume is configured as the LUN
disk type, a VM can use the volume as a logical unit number (LUN) device. As a result, the VM can deploy and manage the disk by using SCSI commands.
You reserve a LUN through the SCSI persistent reserve options. To enable the reservation:
-
Configure the feature gate option
-
Activate the feature gate option on the LUN disk to issue SCSI device-specific input and output controls (IOCTLs) that the VM requires.
Prerequisites
-
You must have cluster administrator privileges to configure the feature gate option.
-
The volume access mode must be ReadWriteMany
(RWX) if the VMs that are sharing disks are running on different nodes.
If the VMs that are sharing disks are running on the same node, ReadWriteOnce
(RWO) volume access mode is sufficient.
-
The storage provider must support a Container Storage Interface (CSI) driver that uses the SCSI protocol.
-
If you are a cluster administrator and intend to configure disk sharing by using LUN, you must enable the cluster’s feature gate on the HyperConverged
custom resource (CR).
-
Disks that you want to share must be in block mode.
Procedure
-
Edit or create the VirtualMachine
manifest for your VM to set the required values, as shown in the following example:
apiVersion: kubevirt.io/v1
kind: VirtualMachine
metadata:
name: vm-0
spec:
template:
spec:
domain:
devices:
disks:
- disk:
bus: sata
name: rootdisk
- errorPolicy: report
lun: (1)
bus: scsi
reservation: true (2)
name: na-shared
serial: shared1234
volumes:
- dataVolume:
name: vm-0
name: rootdisk
- name: na-shared
persistentVolumeClaim:
claimName: pvc-na-share
1 |
Identifies a LUN disk. |
2 |
Identifies that the persistent reservation is enabled. |
-
Save the VirtualMachine
manifest file to apply your changes.
Configuring disk sharing by using LUN and the web console
You can use the OKD web console to configure disk sharing by using LUN.
Procedure
-
Click Virtualization → VirtualMachines in the web console.
-
Select a VM to open the VirtualMachine details page.
-
Expand Storage.
-
On the Disks tab, click Add disk.
-
Specify the Name, Source, Size, Interface, and Storage Class.
-
Select LUN as the Type.
-
Select Shared access (RWX) as the Access Mode.
-
Select Block as the Volume Mode.
-
Expand Advanced Settings, and select both checkboxes.
-
Click Save.
Configuring disk sharing by using LUN and the command line
You can use the command line to configure disk sharing by using LUN.
Procedure
-
Edit or create the VirtualMachine
manifest for your VM to set the required values, as shown in the following example:
apiVersion: kubevirt.io/v1
kind: VirtualMachine
metadata:
name: vm-0
spec:
template:
spec:
domain:
devices:
disks:
- disk:
bus: sata
name: rootdisk
- errorPolicy: report
lun: (1)
bus: scsi
reservation: true (2)
name: na-shared
serial: shared1234
volumes:
- dataVolume:
name: vm-0
name: rootdisk
- name: na-shared
persistentVolumeClaim:
claimName: pvc-na-share
1 |
Identifies a LUN disk. |
2 |
Identifies that the persistent reservation is enabled. |
-
Save the VirtualMachine
manifest file to apply your changes.