Configuring an iSCSI Target

The following procedure describes how to set up a basic iSCSI target on an Oracle Linux system by using block storage backends. Note that you can use other storage backend types to set up an iSCSI target.

In the example, the targetcli command saves the current configuration to /etc/target/saveconfig.json. See the targetcli(8) manual page for additional information.

1. Run the targetcli interactive shell:

   sudo targetcli

   targetcli shell version 2.1.58
   Copyright 2011-2013 by Datera, Inc and others.
   For help on commands, type 'help'.
   

2. (Optional) Use the ls command to list the object hierarchy, which is initially empty:

   ls

   o- / ..................................................................... [...]
     o- backstores .......................................................... [...]
     | o- block .............................................. [Storage Objects: 0]
     | o- fileio ............................................. [Storage Objects: 0]
     | o- pscsi .............................................. [Storage Objects: 0]
     | o- ramdisk ............................................ [Storage Objects: 0]
     o- iscsi ........................................................ [Targets: 0]
     o- loopback ..................................................... [Targets: 0]

3. Change to the /backstores/block directory and create a block storage object for the disk partitions that you want to provide as LUNs, for example:

   cd /backstores/block
   /backstores/block> create name=LUN_0 dev=/dev/sdb
   Created block storage object LUN_0 using /dev/sdb.
   /backstores/block> create name=LUN_1 dev=/dev/sdc
   Created block storage object LUN_1 using /dev/sdc.

   The names that you assign to the storage objects are arbitrary.

   Note:

   The device path varies based on the Oracle Linux instance's disk configuration.

4. Change to the /iscsi directory and create an iSCSI target:

   cd /iscsi
   /iscsi> create
   Created target iqn.2013-01.com.mydom.host01.x8664:sn.ef8e14f87344.
   Created TPG 1.

5. (Optional): List the target portal group (TPG) hierarchy, which is initially empty:

   /iscsi> ls

   o- iscsi .......................................................... [Targets: 1]
     o- iqn.2013-01.com.mydom.host01.x8664:sn.ef8e14f87344 .............. [TPGs: 1]
       o- tpg1 ............................................. [no-gen-acls, no-auth]
         o- acls ........................................................ [ACLs: 0]
         o- luns ........................................................ [LUNs: 0]
         o- portals .................................................. [Portals: 0]

6. Change to the luns subdirectory of the TPG directory hierarchy and add the LUNs to the target portal group:

   /iscsi> cd iqn.2013-01.com.mydom.host01.x8664:sn.ef8e14f87344/tpg1/luns 
   /iscsi/iqn.20...344/tpg1/luns> create /backstores/block/LUN_0
   Created LUN 0.
   /iscsi/iqn.20...344/tpg1/luns> create /backstores/block/LUN_1
   Created LUN 1.

7. Change to the portals subdirectory of the TPG directory hierarchy and specify the IP address and TCP port of the iSCSI endpoint:

   /iscsi/iqn.20...344/tpg1/luns> cd ../portals
   /iscsi/iqn.20.../tpg1/portals> create 10.150.30.72 3260
   Using default IP port 3260
   Created network portal 10.150.30.72:3260.

   The default TCP port number is 3260.

   Note:

   An existing default portal would cause the portal creation to fail and a message similar to the following is generated:

   Could not create NetworkPortal in configFS

   To resolve the issue, delete the default portal, then create the new portal again, for example:

   /iscsi/iqn.20.../tpg1/portals> delete 0.0.0.0 ip_port=3260

8. Enable TCP port 3260 either by adding the port or adding the iSCSI target:

   • Add the port:

     sudo firewall-cmd --permanent --add-port=3260/tcp

   • Add the target:

     sudo firewall-cmd --permanent --add-service \
     iqn.2013-01.com.mydom.host01.x8664:sn.ef8e14f87344

9. List the object hierarchy, which now shows the configured block storage objects and TPG:

   /iscsi/iqn.20.../tpg1/portals> ls /

   o- / ..................................................................... [...]
     o- backstores .......................................................... [...]
     | o- block .............................................. [Storage Objects: 1]
     | | o- LUN_0 ....................... [/dev/sdb (10.0GiB) write-thru activated]
     | | o- LUN_1 ....................... [/dev/sdc (10.0GiB) write-thru activated]
     | o- fileio ............................................. [Storage Objects: 0]
     | o- pscsi .............................................. [Storage Objects: 0]
     | o- ramdisk ............................................ [Storage Objects: 0]
     o- iscsi ........................................................ [Targets: 1]
     | o- iqn.2013-01.com.mydom.host01.x8664:sn.ef8e14f87344 ............ [TPGs: 1]
     |   o- tpg1 ........................................... [no-gen-acls, no-auth]
     |     o- acls ...................................................... [ACLs: 0]
     |     o- luns ...................................................... [LUNs: 1]
     |     | o- lun0 ..................................... [block/LUN_0 (/dev/sdb)]
     |     | o- lun1 ..................................... [block/LUN_1 (/dev/sdc)]
     |     o- portals ................................................ [Portals: 1]
     |       o- 10.150.30.72:3260 ............................................ [OK]
     o- loopback ..................................................... [Targets: 0]

10. Configure the access rights for logins by initiators.

    For example, to configure a demonstration mode that does not require authentication, change to the TGP directory and set the attributes as shown in the following example:

    /iscsi/iqn.20.../tpg1/portals> cd ..
    /iscsi/iqn.20...14f87344/tpg1> set attribute authentication=0 demo_mode_write_protect=0
                            generate_node_acls=1 cache_dynamic_acls=1
    Parameter authentication is now '0'.
    Parameter demo_mode_write_protect is now '0'.
    Parameter generate_node_acls is now '1'.
    Parameter cache_dynamic_acls is now '1'.

    Caution:

    The demonstration mode is inherently insecure. For information about configuring secure authentication modes, see the targetcli(8) manual page.

11. Change to the root (/) directory and save the configuration.

    This step ensures that the changes persist across system reboots. Omitting the step might result in an empty configuration.

    /iscsi/iqn.20...14f87344/tpg1> cd /
    /> saveconfig
    Last 10 configs saved in /etc/target/backup.
    Configuration saved to /etc/target/saveconfig.json

12. Enable the target service.

    sudo systemctl enable target.service