JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
man pages section 1M: System Administration Commands     Oracle Solaris 10 1/13 Information Library
search filter icon
search icon

Document Information

Preface

Introduction

System Administration Commands - Part 1

6to4relay(1M)

accept(1M)

acct(1M)

acctadm(1M)

acctcms(1M)

acctcon1(1M)

acctcon(1M)

acctcon2(1M)

acctdisk(1M)

acctdusg(1M)

acctmerg(1M)

accton(1M)

acctprc1(1M)

acctprc(1M)

acctprc2(1M)

acctsh(1M)

acctwtmp(1M)

adbgen(1M)

add_allocatable(1M)

addbadsec(1M)

add_drv(1M)

add_install_client(1M)

add_to_install_server(1M)

afbconfig(1M)

aliasadm(1M)

apache(1M)

arp(1M)

aset(1M)

aset.restore(1M)

atohexlabel(1M)

audit(1M)

auditconfig(1M)

auditd(1M)

auditreduce(1M)

audit_startup(1M)

auditstat(1M)

audit_warn(1M)

automount(1M)

automountd(1M)

autopush(1M)

bart(1M)

bdconfig(1M)

boot(1M)

bootadm(1M)

bootconfchk(1M)

bootparamd(1M)

bsmconv(1M)

bsmrecord(1M)

bsmunconv(1M)

busstat(1M)

cachefsd(1M)

cachefslog(1M)

cachefspack(1M)

cachefsstat(1M)

cachefswssize(1M)

captoinfo(1M)

catman(1M)

cfgadm(1M)

cfgadm_ac(1M)

cfgadm_cardbus(1M)

cfgadm_fp(1M)

cfgadm_ib(1M)

cfgadm_pci(1M)

cfgadm_sata(1M)

cfgadm_sbd(1M)

cfgadm_scsi(1M)

cfgadm_shp(1M)

cfgadm_sysctrl(1M)

cfgadm_usb(1M)

cfsadmin(1M)

chargefee(1M)

chat(1M)

check(1M)

check-hostname(1M)

check-permissions(1M)

chk_encodings(1M)

chroot(1M)

cimworkshop(1M)

ckpacct(1M)

clear_locks(1M)

clinfo(1M)

closewtmp(1M)

clri(1M)

comsat(1M)

configCCR(1M)

consadm(1m)

conv_lp(1M)

conv_lpd(1M)

coreadm(1M)

cpustat(1M)

cron(1M)

cryptoadm(1M)

cvcd(1M)

datadm(1M)

dcopy(1M)

dcs(1M)

dd(1M)

devattr(1M)

devfree(1M)

devfsadm(1M)

devfsadmd(1M)

device_remap(1M)

devinfo(1M)

devlinks(1M)

devnm(1M)

devreserv(1M)

df(1M)

dfmounts(1M)

dfmounts_nfs(1M)

dfshares(1M)

dfshares_nfs(1M)

df_ufs(1M)

dhcpagent(1M)

dhcpconfig(1M)

dhcpmgr(1M)

dhtadm(1M)

dig(1M)

directoryserver(1M)

diskinfo(1M)

disks(1M)

diskscan(1M)

dispadmin(1M)

dladm(1M)

dmesg(1M)

dmi_cmd(1M)

dmiget(1M)

dminfo(1M)

dmispd(1M)

dnssec-dsfromkey(1M)

dnssec-keyfromlabel(1M)

dnssec-keygen(1M)

dnssec-signzone(1M)

dodisk(1M)

domainname(1M)

drd(1M)

drvconfig(1M)

dsvclockd(1M)

dtrace(1M)

dumpadm(1M)

editmap(1M)

edquota(1M)

eeprom(1M)

efdaemon(1M)

embedded_su(1M)

emCCR(1M)

emocmrsp(1M)

etrn(1M)

fbconfig(1M)

fcinfo(1M)

fdetach(1M)

fdisk(1M)

ff(1M)

ffbconfig(1M)

ff_ufs(1M)

fingerd(1M)

fiocompress(1M)

flar(1M)

flarcreate(1M)

fmadm(1M)

fmd(1M)

fmdump(1M)

fmstat(1M)

fmthard(1M)

format(1M)

fpsd(1M)

fruadm(1M)

fsck(1M)

fsck_cachefs(1M)

fsck_pcfs(1M)

fsck_udfs(1M)

fsck_ufs(1M)

fsdb(1M)

fsdb_udfs(1M)

fsdb_ufs(1M)

fsirand(1M)

fssnap(1M)

fssnap_ufs(1M)

fsstat(1M)

fstyp(1M)

ftpaddhost(1M)

ftpconfig(1M)

ftpd(1M)

ftprestart(1M)

ftpshut(1M)

fuser(1M)

fwflash(1M)

fwtmp(1M)

getdev(1M)

getdevpolicy(1M)

getdgrp(1M)

getent(1M)

gettable(1M)

getty(1M)

getvol(1M)

GFXconfig(1M)

gkadmin(1M)

groupadd(1M)

groupdel(1M)

groupmod(1M)

growfs(1M)

grpck(1M)

gsscred(1M)

gssd(1M)

halt(1M)

hextoalabel(1M)

host(1M)

hostconfig(1M)

hotplug(1M)

hotplugd(1M)

htable(1M)

ickey(1M)

id(1M)

idsconfig(1M)

ifconfig(1M)

if_mpadm(1M)

ifparse(1M)

ikeadm(1M)

ikecert(1M)

ilomconfig(1M)

imqadmin(1M)

imqbrokerd(1M)

imqcmd(1M)

imqdbmgr(1M)

imqkeytool(1M)

imqobjmgr(1M)

imqusermgr(1M)

in.chargend(1M)

in.comsat(1M)

in.daytimed(1M)

in.dhcpd(1M)

in.discardd(1M)

in.echod(1M)

inetadm(1M)

inetconv(1M)

inetd(1M)

in.fingerd(1M)

infocmp(1M)

in.ftpd(1M)

in.iked(1M)

init(1M)

init.sma(1M)

init.wbem(1M)

inityp2l(1M)

in.lpd(1M)

in.mpathd(1M)

in.named(1M)

in.ndpd(1M)

in.rarpd(1M)

in.rdisc(1M)

in.rexecd(1M)

in.ripngd(1M)

in.rlogind(1M)

in.routed(1M)

in.rshd(1M)

in.rwhod(1M)

install(1M)

installboot(1M)

installer(1M)

installf(1M)

installgrub(1M)

install_scripts(1M)

install-solaris(1M)

in.stdiscover(1M)

in.stlisten(1M)

in.talkd(1M)

in.telnetd(1M)

in.tftpd(1M)

in.timed(1M)

in.tnamed(1M)

intrstat(1M)

in.uucpd(1M)

iostat(1M)

ipaddrsel(1M)

ipf(1M)

ipfs(1M)

ipfstat(1M)

ipmon(1M)

ipnat(1M)

ippool(1M)

ipqosconf(1M)

ipsecalgs(1M)

ipsecconf(1M)

ipseckey(1M)

iscsiadm(1M)

iscsitadm(1M)

iscsitgtd(1M)

itu(1M)

k5srvutil(1M)

kadb(1M)

kadmin(1M)

kadmind(1M)

kadmin.local(1M)

kcfd(1M)

kclient(1M)

kdb5_ldap_util(1M)

kdb5_util(1M)

kdmconfig(1M)

kernel(1M)

keyserv(1M)

killall(1M)

kmscfg(1M)

kprop(1M)

kpropd(1M)

kproplog(1M)

krb5kdc(1M)

ksslcfg(1M)

kstat(1M)

ktkt_warnd(1M)

labeld(1M)

labelit(1M)

labelit_hsfs(1M)

labelit_udfs(1M)

labelit_ufs(1M)

lastlogin(1M)

ldapaddent(1M)

ldap_cachemgr(1M)

ldapclient(1M)

ldmad(1M)

link(1M)

listdgrp(1M)

listen(1M)

llc2_loop(1M)

localeadm(1M)

localectr(1M)

locator(1M)

lockd(1M)

lockfs(1M)

lockstat(1M)

lofiadm(1M)

logadm(1M)

logins(1M)

lpadmin(1M)

lpfilter(1M)

lpforms(1M)

lpget(1M)

lpmove(1M)

lpsched(1M)

lpset(1M)

lpshut(1M)

lpsystem(1M)

lpusers(1M)

lu(1M)

luactivate(1M)

lucancel(1M)

lucompare(1M)

lucreate(1M)

lucurr(1M)

ludelete(1M)

ludesc(1M)

lufslist(1M)

lumake(1M)

lumount(1M)

lupc(1M)

lurename(1M)

lustatus(1M)

luumount(1M)

luupgrade(1M)

luxadm(1M)

m64config(1M)

mail.local(1M)

makedbm(1M)

makemap(1M)

makeuuid(1M)

masfcnv(1M)

mdlogd(1M)

mdmonitord(1M)

medstat(1M)

metaclear(1M)

metadb(1M)

metadetach(1M)

metadevadm(1M)

System Administration Commands - Part 2

System Administration Commands - Part 3

iscsitadm

- administer iSCSI targets

Synopsis

iscsitadm create [-? | --help] object [-? | --help]
 [options] operand
iscsitadm modify [-? | --help] object [-? | --help]
 [options] operand
iscsitadm delete [-? | --help] object [-? | --help]
 [options] operand
iscsitadm list [-? | --help] object [-? | --help] [options]
 operand
iscsitadm show [-? | --help] admin
iscsitadm show [-? | --help] object [-? | --help] [options]
 [operand]
iscsitadm -? --help

Description

The iscsitadm command enables you to manage Internet SCSI (iSCSI) target nodes. It is a companion to iscsiadm(1M), which enables you to manage iSCSI initiator nodes.

The iscsitadm command has the following subcommands:

create

Creates a target using a local target as a reference.

modify

Modifies a target or a list of targets.

delete

Deletes a target or a list of targets.

list

Lists names and information about targets.

show

Displays target-related statistics.

The preceding subcommands work on the following objects:

target

An iSCSI target node, or list of target nodes.

initiator

An iSCSI initiator node, or list of initiator nodes.

admin

Stores administrative information, such as server locations and passwords.

tpgt

Stands for TargetPortGroupTag. A number that represents a list of connections that an initiator can use for a given target.

stats

Displays statistics; can accept interval and count values. Used only with the show subcommand.

These objects are discussed in greater detail under the options descriptions for each subcommand.

As indicated in the SYNOPSIS, iscsitadm has two levels of help. If you invoke -? or --help following a subcommand, the command displays available operands, options, and objects. If you invoke an help option following an object, iscsitadm displays options and operands.

Options

The iscsitadm options and objects are discussed below in the context of each subcommand. Note that the help options (-? or --help) are invoked as shown in the SYNOPSIS. See EXAMPLES.

create Options

The following are the options and objects for the create subcommand:

target --size|-z lun_size [--lun number]
[--type disk|tape|raw] [--backing-store|-b pathname] local_name

Create a target using local_name as a reference. local_name is only used within the context iscsitgtd. --size is a multiplier and is specified as a number followed by a single letter. The letter is one of:

k

kilobyte

m

megabyte

g

gigabyte

t

terabyte

--lun specifies the logical unit number. --type specifies which type of emulation will occur for the LUN. disk and tape are the familiar devices. raw indicates that the emulator will use the uSCSI interface and pass the command blocks directly to and from the device. The use of raw also implies the option --backing-store will be entered. The argument to this option is the full pathname to the device node normally found in /dev. If you use --backing-store, the size of the store is determined by a SCSI READ_CAPACITY command or, if the backing store is a regular file, by stat(2).

If local_name already exists, a new target name is not generated for this LUN. The LUN is created within the local_name storage hierarchy. You can use the --backing-store option to specify a different location for the data. If you use --backing-store, it is up to you to allocate actual storage instead of having the target create the data file.

initiator --iqn|-n iSCSI_node_name local_initiator

To use access control lists you must know the name of the initiator. Since the iSCSI initiator name can be quite long (223 bytes) and made up of a long list of numbers, it is best to enter this information once and then refer to the initiator using a simplified name of local_initiator.

tpgt tpgt_number

If a host has multiple NICs, you might want to limit the number of connections that an initiator can use for a given target. To establish this limit, you must first create a TargetPortGroupTag (TPGT), which can be any number from 1 to 65535. Once this tag is created, the IP addresses of the NICs can be added to the TPGT, using the modify subcommand. Then, the TPGT can itself be added to the target.

modify Options

The following are the options and objects for the modify subcommand:

target --tpgt|-p local_tpgt local_target

Specifies one or more target portal groups to use when initiators reference local_target during discovery.

target --acl|-l local_initiator local_target

Adds to the list a local initiator that can access local_target. By adding an initiator to a target all initiators from that point on must be in the ACL.

target --alias|-a TargetAlias local_target

Sets the alias if it was not done during the creation of the target or change an existing target's alias.

target --maxrecv|-m value local_target

Sets the MaxRecvDataSegmentLength, which can be any value between 512 to (224 - 1). You can use this option to limit the amount of memory used by the target.

initiator --chap-secret|-C local_initiator

Prompts the user to enter the value, using getpassphrase(3C). Associates the secret used for CHAP authentication during login with local_initiator.

initiator --chap-name|-H value local_initiator

Specifies the CHAP username used during authentication.

tpgt --ip-address|-i address tpgt_number

Adds the NIC's address to tpgt_number.

admin --base-directory|-d directory

Sets the location of where to store the data files that represent the individual LUNs. This should be done before any other function is performed. Otherwise, an error will be generated when attempting to set a persistent value.

admin --chap-secret|-C

Upon entering this option, you will be prompted to enter the value using getpassphrase(3C). For bidirectional authentication, this is the value used to generate a response to the initiator's challenge.

admin --chap-name|-H value

Specifies the user name portion of the CHAP protocol.

admin --radius-access|-R enable | disable

Enables or disables the use of the RADIUS server. Even with a RADIUS server address defined, the use of that server must be enabled. If the server becomes inaccessible and you need to fall back on configuration file access, you can use this option to disable the server.

admin --radius-server|-r hostname:port

Location of RADIUS server. hostname can be either a resolvable name or an IP address.

admin --radius-secret|-P

Used to initiate contact with the RADIUS server. Interaction with server uses getpassphrase(3C).

admin --isns-access|-S enable | disable

Enables or disables access to an iSNS server. iSNS servers broadcast their locations.

admin --isns-server|-s hostname

Location of the iSNS server. “hostname” can be either a resolvable host name or an IP address.

admin --fast-write-ack|-f enable | disable

Enables or disables fast-write acknowledgment. You should enable this option only if a system is connected to the power grid through a UPS. Otherwise, data corruption could occur if power is lost and some writes that were acknowledged have not been completely flushed to the backing store.

delete Options

The following are the options and objects for the delete subcommand:

target --lun|-u lun_number local_target

Removes information about the LUN identified by lun_number. This includes the data that is stored in the LUNs.

target --acl|-l local_initiator local_target

Remove access to local_target by local_initiator. If the initiator is currently logged into the target, this option sends an asynchronous event message to the initiator.

target --tpgt|-p local_tpgt local_target

Removes the local_tpgt from local_target. Does not affect existing connections.

initiator --all|-A local_initiator

Removes information about local_initiator. Does not affect current connections. This option search all targets, seeking those that reference local_initiator. On these, it performs the action defined by the command:

# iscsitadm delete target --acl local_initiator target
tpgt --all|-A tpgt_number

Removes from the system all knowledge of the target portal group identified by tpgt_number. This includes removal of the references by targets to this group.

tpgt --ip-address|-i address tpgt_number

Removes a NIC's address from the target portal group identified by tpgt_number. Does not affect current connections.

list Options

The following are the options and objects for the list subcommand:

target [--verbose] [local_target]
target [-v|-s num] [local_target]

By default, displays a list of target local names followed by the iSCSI TargetName, as it was created. By specifying local_target, the same information is displayed for that target and can be used to validate the name of local_target. With the --verbose option, information about the target's LUNs and current connections is displayed.

You can use the iostat(1M) command to obtain information on the number of SCSI commands issued and sectors read and written.

initiator [--verbose|-v] local_initiator

Displays detailed information about local_initiator. Among this data is CHAP information, what target portal groups this initiator belongs to, and any available connections.

tpgt [--verbose|-v] tpgt_number

Displays detailed information about target group identified by tpgt_number. Among this data is the list of NICs that are a part of this target group.

show Options

The following are the options and objects for the show subcommand:

admin

Displays a list of administrative information, including the base directory used by the target, CHAP, RADIUS, iSNS, and if fast writes are enabled.

stats [--interval|-I seconds [--count|-N value]] [local_target]

Displays statistics for all available targets, unless you specify local_target, in which case, displays statistics only for local_target. If you use --interval, displays statistics for an interval specified by seconds. If you do not specify --count, the display continues until you enter a Control-C.

Examples

Example 1 Invoking Help

All of the commands shown below are valid ways of invoking help.

# iscsitadm -?
# iscsitadm modify -?
# iscsitadm modify target -?
# iscsitadm --help
# iscsitadm create --help
# iscsitadm create tpgt --help

Example 2 Establishing Backing Store

The following command establishes the default location for the backing store. In addition to the backing store, certain configuration files will be stored in the same location.

# iscsitadm modify admin --base-directory /zfs/data/targets

The short form of the --base-directory option is -d.

Example 3 Simplest-Case Target Creation

The following command creates a target that will emulate an LBA device that has 10 GB of storage available. With the base directory set up and as well as a single target, it is possible to use the system as an iSCSI target. Note that because the LUN is not specified on the command line, it reverts to the default, 0.

# iscsitadm create target --size 10g play_area

The short form of the --size option is -z.

Example 4 Creating with Both Size and Backing Store

The following iscsitadm create command specifies LUN size and a backing store location. The result of this command is that the daemon will create a LUN file at the named location, of the specified size (20 GB).

# iscsitadm create target -z 20g -b /zfs/mirror/data/payroll payroll

A target such as the one created by the preceding command might be useful, for example, when most of the LUN can be created in a default area, using whatever redundancy is provided by the underlying file system. Alternatively, you might want to create a special LUN on a higher speed storage medium or one with better failover characteristics.

The long form of the -z option is --size. The long form of the -b option is --backing-store

Example 5 Specifying a Local Name for a SCSI Initiator

Consider that you want to restrict access to the payroll target, created in the previous example, to a limited set of initiators. Because the initiator names can be quite long (and therefore prone to be entered incorrectly), you create a local name for each initiator, as in the command below.

# iscsitadm create initiator --iqn \
iqn.1986-03.com.example[node name continues...] multistrada

The short form of the --iqn option is -q.

Example 6 Granting an Initiator Access to a Target

Upon completion of the command below, only the initiator multistrada is allowed to log into the daemon and access the payroll target. This presents a potential gap in security, which is addressed in the following example.

# iscsitadm modify target --acl multistrada payroll

The short form of the --acl option is -l.

Example 7 Adding CHAP Secret and Name for an Initiator

The initiator is allowed to identify itself. Because of this, it is prudent to add a CHAP secret an name for an initiator. This is accomplished with the following command.

# iscsitadm modify initiator -C multistrada

The preceding command prompts you for a secret to use. This must be the same secret that was setup on the initiator with the local name of multistrada. If it is not, the target daemon will issue a challenge to multistrada when it attempts to login. A non-matching response will cause the target to drop the connection. If you have many targets that require authentication, it is probably best to setup a RADIUS server to administer the secrets.

The long form of the -C option is --chap-secret.

Example 8 Displaying Target Information

The following commands displays information about iSCSI targets.

# iscsitadm list target
Target: vol0
         iSCSI Name: iqn.1986-03.com.sun:01:00093d12170c.434c5250.vol0
Target: disk0
         iSCSI Name: iqn.1986-03.com.sun:01:00093d12170c.434c6f05.disk0

The following command differs from the preceding in that it uses the verbose (-v) option and it specifies a single target.

# iscsitadm list target -v vol0
Target: vol0
         iSCSI Name: iqn.1986-03.com.sun:01:00093d12170c.434c5250.vol0
         ACL list:
         TPGT list:
         LUN information:
                 LUN: 0
                         GUID: 010000093d12170c00002a00434c5251
                         VID: SUN
                         PID: SOLARIS
                         Type: raw
                         Size: 0x1400000 blocks

Example 9 Displaying Administrative Information

The following command uses the show subcommand to display administrative information.

# iscsitadm show admin
iscsitadm:
         Base Directory: /zfs/stress/play/targets
         CHAP Name: Not set
         RADIUS Access: Not set
         RADIUS Server: Not set
         iSNS Access: Not set
         Fast Write ACK: Not set

Example 10 Displaying Statistics

The following command uses the show subcommand to display statistics.

# iscsitadm show stats
                         operations    bandwidth
device                 read  write   read  write
--------------------  -----  -----  -----  -----
vol0                      0      0     0K     0K
disk0                     0      0     0K     0K

Exit Status

0

Command successful.

>0

An error occurred.

Attributes

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE
ATTRIBUTE VALUE
Availability
SUNWiscsitgtu
Interface Stability
Volatile

See Also

iostat(1M), iscsiadm(1M), getpassphrase(3C), attributes(5), rbac(5), smf(5)

Notes

This command set is considered to be experimental. Future releases, both minor and micro, might introduce incompatible changes to the command set. A future release will stabilize the command set. Any future changes in stability level will be reflected in the ATTRIBUTES section of this man page.

The iSCSI Target daemon, iscsitgtd, is managed by the service management facility (smf(5)), under the fault management resource identifier (FMRI):

svc:/system/iscsitgt:default

Use iscsitadm to perform administrative actions, such as are performed by the create, modify, and delete subcommands, on iSCSI Target properties. Such actions require that you become superuser or assume the Primary Administrator role. See rbac(5).