19.7.1 Configuring an iSCSI Target

The following procedure describes how to set up a basic iSCSI target on an Oracle Linux system by using block storage backends. Note that you can use other storage backend types to set up an iSCSI target.

When you use the targetcli command, it saves the current configuration to the JSON-format file /etc/target/saveconfig.json. See the targetcli(8) manual page for additional information.

To set up a basic iSCSI target on an Oracle Linux system by using block storage backends:

  1. Run the targetcli interactive shell:

    # targetcli
    targetcli shell version 2.1.fb31
    Copyright 2011-2013 by Datera, Inc and others.
    For help on commands, type 'help'. 

    List the object hierarchy, which is initially empty:

    /> ls
    o- / ..................................................................... [...]
      o- backstores .......................................................... [...]
      | o- block .............................................. [Storage Objects: 0]
      | o- fileio ............................................. [Storage Objects: 0]
      | o- pscsi .............................................. [Storage Objects: 0]
      | o- ramdisk ............................................ [Storage Objects: 0]
      o- iscsi ........................................................ [Targets: 0]
      o- loopback ..................................................... [Targets: 0]
  2. Change to the /backstores/block directory and create a block storage object for the disk partitions that you want to provide as LUNs, for example:

    /> cd /backstores/block
    /backstores/block> create name=LUN_0 dev=/dev/sdb
    Created block storage object LUN_0 using /dev/sdb.
    /backstores/block> create name=LUN_1 dev=/dev/sdc
    Created block storage object LUN_1 using /dev/sdc.

    The names that you assign to the storage objects are arbitrary.

    Note

    The device path varies, based on the Oracle Linux instance's disk configuration.

  3. Change to the /iscsi directory and create an iSCSI target:

    /> cd /iscsi
    /iscsi> create
    Created target iqn.2013-01.com.mydom.host01.x8664:sn.ef8e14f87344.
    Created TPG 1.

    List the target portal group (TPG) hierarchy, which is initially empty:

    /iscsi> ls
    o- iscsi .......................................................... [Targets: 1]
      o- iqn.2013-01.com.mydom.host01.x8664:sn.ef8e14f87344 .............. [TPGs: 1]
        o- tpg1 ............................................. [no-gen-acls, no-auth]
          o- acls ........................................................ [ACLs: 0]
          o- luns ........................................................ [LUNs: 0]
          o- portals .................................................. [Portals: 0]
  4. Change to the luns subdirectory of the TPG directory hierarchy and add the LUNs to the target portal group:

    /iscsi> cd iqn.2013-01.com.mydom.host01.x8664:sn.ef8e14f87344/tpg1/luns 
    /iscsi/iqn.20...344/tpg1/luns> create /backstores/block/LUN_0
    Created LUN 0.
    /iscsi/iqn.20...344/tpg1/luns> create /backstores/block/LUN_1
    Created LUN 1.
  5. Change to the portals subdirectory of the TPG directory hierarchy and specify the IP address and TCP port of the iSCSI endpoint:

    /iscsi/iqn.20...344/tpg1/luns> cd ../portals
    /iscsi/iqn.20.../tpg1/portals> create 10.150.30.72 3260
    Using default IP port 3260
    Created network portal 10.150.30.72:3260.

    If you omit the TCP port number, the default value is 3260.

    Note

    If the portal creation fails, and a message similar to the following is displayed, it is most likely because a default portal was previously created:

    Could not create NetworkPortal in configFS

    In this case, first delete the default portal, then repeat Step 5 to create the new portal.

    /iscsi/iqn.20.../tpg1/portals> delete 0.0.0.0 ip_port=3260
  6. Enable TCP port 3260 by running either of the following commands:

    # firewall-cmd --permanent --add-port=3260/tcp
    # firewall-cmd --permanent --add-service iscsi-target
  7. List the object hierarchy, which now shows the configured block storage objects and TPG:

    /iscsi/iqn.20.../tpg1/portals> ls /
    o- / ..................................................................... [...]
      o- backstores .......................................................... [...]
      | o- block .............................................. [Storage Objects: 1]
      | | o- LUN_0 ....................... [/dev/sdb (10.0GiB) write-thru activated]
      | | o- LUN_1 ....................... [/dev/sdc (10.0GiB) write-thru activated]
      | o- fileio ............................................. [Storage Objects: 0]
      | o- pscsi .............................................. [Storage Objects: 0]
      | o- ramdisk ............................................ [Storage Objects: 0]
      o- iscsi ........................................................ [Targets: 1]
      | o- iqn.2013-01.com.mydom.host01.x8664:sn.ef8e14f87344 ............ [TPGs: 1]
      |   o- tpg1 ........................................... [no-gen-acls, no-auth]
      |     o- acls ...................................................... [ACLs: 0]
      |     o- luns ...................................................... [LUNs: 1]
      |     | o- lun0 ..................................... [block/LUN_0 (/dev/sdb)]
      |     | o- lun1 ..................................... [block/LUN_1 (/dev/sdc)]
      |     o- portals ................................................ [Portals: 1]
      |       o- 10.150.30.72:3260 ............................................ [OK]
      o- loopback ..................................................... [Targets: 0]
  8. Configure the access rights for logins by initiators. For example, to configure demonstration mode that does not require authentication, change to the TGP directory and set the values of the authentication and demo_mode_write_protect attributes to 0 and generate_node_acls cache_dynamic_acls to 1:

    /iscsi/iqn.20.../tpg1/portals> cd ..
    /iscsi/iqn.20...14f87344/tpg1> set attribute authentication=0 demo_mode_write_protect=0
    generate_node_acls=1 cache_dynamic_acls=1
    Parameter authentication is now '0'.
    Parameter demo_mode_write_protect is now '0'.
    Parameter generate_node_acls is now '1'.
    Parameter cache_dynamic_acls is now '1'.
    Caution

    Demonstration mode is inherently insecure. For information about configuring secure authentication modes, see http://linux-iscsi.org/wiki/ISCSI#Define_access_rights.

  9. Change to the root directory and save the configuration.

    /iscsi/iqn.20...14f87344/tpg1> cd /
    /> saveconfig
    Last 10 configs saved in /etc/target/backup.
    Configuration saved to /etc/target/saveconfig.json
  10. Enable the target service.

    # systemctl enable target.service
Note

Saving the configuration and enabling the target service ensures that the changes persist across system reboots. Note also that failure to run these commands can result in an empty configuration.