Sites Références

Cet article est une transposition sous MediaWiki de ces 2 adresses :

• Configure iSCSI Target on CentOS 9|AlmaLinux 9|RHEL 9
• Configure iSCSI Initiator on CentOS 9|AlmaLinux 9|RHEL 9

iSCSI stands for Internet Small Computer Systems Interface. It is an Internet Protocol that allows multiple servers and users to access network drives remotely over a TCP/IP network by setting up a shared storage network. iSCSI components include the iSCSI target which is the server that stores and allows access to storage and iSCSI initiator which is the hardware installed on a client to send data. A basic Ethernet port or a Host Bus Adapter (HBA) is what is required to connect iSCSI targets and initiators to a network. Both components are identified by a unique name known as iSCSI Qulified Name (iQN).

What is iSCSI Target?

iSCSI target as discussed above is the server that stores the storage and allows access to it. It can be a dedicated physical device on a network or an iSCSI software-configured logical device on a networked storage server. It is the remote storage that appears as a local drive on a host system. The iSCSI protocol then links the host with the storage over IP networks like LAN and WAN or Internet.

This guide shows how to configure an iSCSI Target on CentOS 9|AlmaLinux 9|RHEL 9 systems.

Install iSCSI Target on CentOS 9|AlmaLinux 9|RHEL 9

- Update the system packages.

sudo yum update -y

or

sudo dnf update -y

- Install the targetcli tool

sudo dnf install targetcli

- Start and enable the target service on boot time.

sudo systemctl enable --now target

- Open port 3260 in the firewall.

sudo firewall-cmd --permanent --add-port=3260/tcp
sudo firewall-cmd --reload

- To view the targetcli layout, login to the admin console.

$ sudo targetcli
targetcli shell version 2.1.53
Copyright 2011-2013 by Datera, Inc and others.
For help on commands, type 'help'.

/>

- List using the following command

> ls
o- / ..................................................................... [...]
  o- backstores .......................................................... [...]
  | o- block .............................................. [Storage Objects: 0]
  | o- fileio ............................................. [Storage Objects: 0]
  | o- pscsi .............................................. [Storage Objects: 0]
  | o- ramdisk ............................................ [Storage Objects: 0]
  o- iscsi ........................................................ [Targets: 0]
  o- loopback ..................................................... [Targets: 0]

- Exit the shell using the following command.

/> exit
Global pref auto_save_on_exit=true
Configuration saved to /etc/target/saveconfig.json

Configure iSCSI Target on CentOS 9|AlmaLinux 9|RHEL 9

To configure an iSCSI Target, we will use the following details

• iSCSI target with a unique iQN.
• iSCSI Backstore – is a storage object that defines the resources that the backstore uses.
• Create iSCSI Portal.
• Setup iSCSI LUN.
• Creating an iSCSI ACL.
• Setup CHAP Authentication.

Create an iSCSI target

The target name is in the iQN format. iQN format is as follows iqn.YYYY-MM.reverse.domain.name:OptionalIdentifier. Let’s say I was to name a target with an iQN unique string with the name technixleo and my domain is target.example.com the iqn name will be as iqn.2022-06.com.example.target:technixleo - Login to the admin console of the target CLI shell.

sudo targetcli

- Navigate to the iSCSI directory

/> cd iscsi/

- Create the iSCSI target as shown below.

/iscsi> create iqn.2022-06.com.example.target:technixleo

Created target iqn.2022-06.com.example.target:technixleo.
Created TPG 1.
Global pref auto_add_default_portal=true
Created default portal listening on all IPs (0.0.0.0), port 3260.

- Then verify the created target.

/iscsi> ls

o- iscsi .......................................................... [Targets: 1]
  o- iqn.2022-06.com.example.target:technixleo ....................... [TPGs: 1]
    o- tpg1 ............................................. [no-gen-acls, no-auth]
      o- acls ........................................................ [ACLs: 0]
      o- luns ........................................................ [LUNs: 0]
      o- portals .................................................. [Portals: 1]
        o- 0.0.0.0:3260 ................................................... [OK]

Create iSCSI Backstore

You can create backstore devices of any of the following 4 types

• fileio backstore for files
• block backstore for block devices.
• pscsi backstore for direct pass-through of SCSI commands.
• ramdisk backstore for a temporary RAM-backed device.

For this guide, I will create one for fileio and block backstores

Create fileio storage object

-Navigate to the fileio on the backstore directory. The backstore is the device where the storage is located.

/> cd /backstores/fileio

- Create a file storage object named disk1 in a directory say /tmp/disk1.img of size 5GB. You can create a different directory to store the disk.

/backstores/fileio> create disk1 /tmp/disk1.img 5G
Created fileio disk1 with size 5368709120

- Verify the created storage object

/backstores/fileio> ls

o- fileio ................................................. [Storage Objects: 1]
  o- disk1 .................... [/tmp/disk1.img (5.0GiB) write-back deactivated]
    o- alua ................................................... [ALUA Groups: 1]
      o- default_tg_pt_gp ....................... [ALUA state: Active/optimized]

Create a block storage object

Block devices include physical devices like HDDs, SSDs, CDs, and DVDs, and logical devices such as software or hardware RAID volumes, or LVM volumes.

- Navigate to the block of the backstores directory

/> cd /backstores/block

- Create a block storage object with the following command. Use a disk that is not in use.

/backstores/block> create name=block1 dev=/dev/vdb
Created block storage object block1 using /dev/vdb.

- Verify the created block storage.

/backstores/block> ls
o- block .................................................. [Storage Objects: 1]
  o- block1 ........................ [/dev/vdb (10.0GiB) write-thru deactivated]
    o- alua ................................................... [ALUA Groups: 1]
      o- default_tg_pt_gp ....................... [ALUA state: Active/optimized]

Creating an iSCSI Portal

An iSCSI Portal adds an IP address and a port to the target that keeps the target enabled.

- Navigate to the Portals directory.

/> cd /iscsi/iqn.2022-06.com.example.target:technixleo/tpg1/portals

By default, The iSCSI portal is set to listen to all IP addresses with the default port number that is: 0.0.0.0:3260. Delete the default portal with the following command

/iscsi/iqn.20.../tpg1/portals> delete ip_address=0.0.0.0 ip_port=3260
Deleted network portal 0.0.0.0:3260

- Then create the new portal and specify the IP address to enable the target.

/iscsi/iqn.20.../tpg1/portals> create 192.168.200.47
Using default IP port 3260
Created network portal 192.168.200.47:3260.

- Verify the portal created.

/iscsi/iqn.20.../tpg1/portals> ls
o- portals ........................................................ [Portals: 1]
  o- 192.168.200.47:3260 .................................................. [OK]

Creating an iSCSI LUN

- Create LUN of the create storage object above. Navigate to the iSCSI target directory.

/> cd /iscsi/iqn.2022-06.com.example.target:technixleo/tpg1/luns

- Set the LUN for the created backstores with the following commands.

/iscsi/iqn.20...leo/tpg1/luns> create /backstores/fileio/disk1
Created LUN 0.

/iscsi/iqn.20...leo/tpg1/luns> create /backstores/block/block1
Created LUN 1.

- Verify the creates LUN

/> ls
o- luns .............................................................. [LUNs: 2]
  o- lun0 ................... [fileio/disk1 (/tmp/disk1.img) (default_tg_pt_gp)]
  o- lun1 ......................... [block/block1 (/dev/vdb) (default_tg_pt_gp)]

Creating an iSCSI ACL

Access Control Lists are used to configure access rules that each initiator has access to LUNs. To configure an ACL you should have the unique identifier for an initiator.

If you have installed an initiator, you can check its name with the following command on the client machine. I am using the initiator name installed on my client machine on the Configure an iSCSI Initiator guide.

$ cat /etc/iscsi/initiatorname.iscsi
InitiatorName=iqn.1994-05.com.redhat:1cf224abfeb

- Once you have the initiator name, navigate to your iSCSI target and then to the ACL directory

/> cd /iscsi/iqn.2022-06.com.example.target:technixleo/tpg1/acls

- Then create an ACL using the initiator name.

/iscsi/iqn.20...leo/tpg1/acls> create <initiator name>

You can create an initiator name that is easy to remember with the iQN format as shown below. You will also have to change the initiator name on the client machine to match.

/iscsi/iqn.20...leo/tpg1/acls> create iqn.2022-06.com.example.initiator:initiator1
Created Node ACL for iqn.2022-06.com.example.initiator:initiator1
Created mapped LUN 0

- Set the user-created ACL within the TPG node on the target server.

/iscsi/iqn.20...leo/tpg1> set attribute generate_node_acls=1
Parameter generate_node_acls is now '1'.

- Verify the created ACL.

/iscsi/iqn.20...leo/tpg1/acls> ls
o- acls .............................................................. [ACLs: 1]
  o- iqn.2022-06.com.example.initiator:initiator1 ............. [Mapped LUNs: 1]
    o- mapped_lun0 .................................... [lun0 fileio/disk1 (rw)]

Setup CHAP for the target

You can use the Challenge-Handshake Authentication Protocol (CHAP) to protect the target server with a password. The initiator should also be configured with the password to be able to connect to the target.

- Set the attribute authentication with the following command.

/iscsi/iqn.20...leo/tpg1> set attribute authentication=1
Parameter authentication is now '1'.

- Change directory to the newly created initiator.

/iscsi/iqn.20...leo/tpg1/acls> cd iqn.2022-06.com.example.initiator:initiator1

- Then set the user-id and Password.

/iscsi/iqn.20...or:initiator1> set auth userid=technix
Parameter userid is now 'technix'.

/iscsi/iqn.20...or:initiator1> set auth password=technix_passwd
Parameter password is now 'technix_passwd'.

- Exit the shell.

/iscsi/iqn.20...or:initiator1> exit
lobal pref auto_save_on_exit=true
Configuration saved to /etc/target/saveconfig.json

- Check where the target port is listening using the following command

$ netstat -tnlp | grep 3260
tcp        0      0 192.168.200.47:3260     0.0.0.0:*               LISTEN

Next read through our guide on how to configure iSCSI Initiator:

Configure an iSCSI Initiator on CentOS 9/AlmaLinux 9/RHEL 9