iSCSI Target and Initiator Configuration on RHEL 7

Configure iSCSI target via targetcli on RHEL 7.

Software

Software used in this article:

  1. RedHat Enterprise Linux 7.0
  2. targetcli 2.1.fb34
  3. iscsi-initiator-utils 6.2.0

Before We Begin

We have 3 VMs available, named ipa, srv1 and srv2. The ipa server, which we set up before, will be configured as an iSCSI target, and srv1 and srv2 will be iSCSI clients.

  1. iSCSI target provides remote block storage and is called server,
  2. iSCSI initiator uses this that storage and is called client.

iSCSI Target Installation

On the IPA server, that is going to act as an iSCSI target, create a volume group with a 100MB logical volume to use for iSCSI:

# vgcreate vg_san /dev/sdb
# lvcreate --name lv_block1 --size 100M vg_san

Install targetcli package and enable the target service to start on boot:

# yum install -y targetcli
# systemctl enable target

Configure firewalld to allow incoming iSCSI traffic on a TCP port 3260:

# firewall-cmd --add-port=3260/tcp --permanent
# firewall-cmd --reload

Configure iSCSI Target

Run targetcli to configure iSCSI target:

# targetcli

Our plan for configuring the target is as follows:

  1. backstore –> block,
  2. backstore –> fileio,
  3. iscsi (IQN name),
  4. iscsi –> tpg1 –> portals,
  5. iscsi –> tpg1 –> luns,
  6. iscsi –> tpg1 –> acls.

Create a couple of backstores, block and fileio, with a local file system cache disabled to reduce the risk of data loss:

/> backstores/block create block1 /dev/vg_san/lv_block1 write_back=false
/> backstores/fileio create file1 /root/file1.img size=100M sparse=true write_back=false

Create an IQN (Iscsi Qualified Name).

/> iscsi/ create iqn.2003-01.local.rhce.ipa:target
Created target iqn.2003-01.local.rhce.ipa:target.
Created TPG 1.

On RHEL 7.0 we need to create a portal, however, portal configuration is created automatically on RHEL 7.2.

/> iscsi/iqn.2003-01.local.rhce.ipa:target/tpg1/portals create 0.0.0.0 ip_port=3260

Create a lun for the fileio backstore:

/> iscsi/iqn.2003-01.local.rhce.ipa:target/tpg1/luns create /backstores/fileio/file1

Create two acls for our iSCSI clients (srv1 and srv2), but don’t add the previously mapped lun to the srv1 – the lun should only be available to the srv2:

/> iscsi/iqn.2003-01.local.rhce.ipa:target/tpg1/acls create iqn.1994-05.com.redhat:srv1 add_mapped_luns=false
/> iscsi/iqn.2003-01.local.rhce.ipa:target/tpg1/acls create iqn.1994-05.com.redhat:srv2

Create a lun for the block backstore, this lun will be available for both servers:

/> iscsi/iqn.2003-01.local.rhce.ipa:target/tpg1/luns create /backstores/block/block1

Disable authentication (should be disabled by default anyway):

/> iscsi/iqn.2003-01.local.rhce.ipa:target/tpg1 set attribute authentication=0

Optionally, set a userid and a password. Navigate to a certain acl of our target:

/> iscsi/iqn.2003-01.local.rhce.ipa:target/tpg1/acls/iqn.1994-05.com.redhat:srv1/ set auth userid=client password=client

Save the configuration and exit.

/> saveconfig

List the configuration:

/> ls
o- / ....................................................................................... [...]
  o- backstores ............................................................................ [...]
  | o- block ................................................................ [Storage Objects: 1]
  | | o- block1 .......................... [/dev/vg_san/lv_block1 (100.0MiB) write-thru activated]
  | o- fileio ............................................................... [Storage Objects: 1]
  | | o- file1 ................................. [/root/file1.img (100.0MiB) write-thru activated]
  | o- pscsi ................................................................ [Storage Objects: 0]
  | o- ramdisk .............................................................. [Storage Objects: 0]
  o- iscsi .......................................................................... [Targets: 1]
  | o- iqn.2003-01.local.rhce.ipa:target ............................................... [TPGs: 1]
  |   o- tpg1 ............................................................. [no-gen-acls, no-auth]
  |     o- acls ........................................................................ [ACLs: 2]
  |     | o- iqn.1994-05.com.redhat:srv1 ........................................ [Mapped LUNs: 1]
  |     | | o- mapped_lun0 .............................................. [lun1 block/block1 (rw)]
  |     | o- iqn.1994-05.com.redhat:srv2 ........................................ [Mapped LUNs: 2]
  |     |   o- mapped_lun0 .............................................. [lun0 fileio/file1 (rw)]
  |     |   o- mapped_lun1 .............................................. [lun1 block/block1 (rw)]
  |     o- luns ........................................................................ [LUNs: 2]
  |     | o- lun0 ............................................... [fileio/file1 (/root/file1.img)]
  |     | o- lun1 ......................................... [block/block1 (/dev/vg_san/lv_block1)]
  |     o- portals .................................................................. [Portals: 1]
  |       o- 0.0.0.0:3260 ................................................................... [OK]
  o- loopback ....................................................................... [Targets: 0]

Restart the target and check its status:

# systemctl restart target
# systemctl status target

Configure iSCSI Client (Initiator)

Configuration of an iSCSI initiator requires installation of the iscsi-initiator-utils package, which includes the iscsi and the iscsid services and the /etc/iscsi/iscsid.conf and /etc/iscsi/initiatorname.iscsi configuration files.

On the iSCSI client, install the package:

# yum install -y iscsi-initiator-utils

Note well that on the iSCSI initiator both services are needed. The iscsid service is the main service that accesses all configuration files involved. The iscsi service is the service that establishes the iSCSI connections.

# systemctl enable iscsi iscsid

Our plan for configuring the client is as follows:

  1. Configure iSCSI initiatorname,
  2. Discover targets,
  3. Log into targets.

Open the file /etc/iscsi/initiatorname.iscsi for editing, and the initiator’s name iqn.1994-05.com.redhat:srv1.

If username and password were configured, put them into /etc/iscsi/iscsid.conf:

node.session.auth.authmethod = CHAP
node.session.auth.username = client
node.session.auth.password = client

Be advised that CHAP authentication does not use strong encryption for the passing of credentials. If security of iSCSI data is a requirement, controlling the network side of the protocol is a better method to assure it. For example, using an isolated vlans to pass the iSCSI traffic will be a better implementation from a security point of view.

Discover targets (the ipa server is on 10.8.8.70):

# iscsiadm -m discovery -t sendtargets -p 10.8.8.70:3260
10.8.8.70:3260,1 iqn.2003-01.local.rhce.ipa:target
# iscsiadm -m discovery -P1
SENDTARGETS:
DiscoveryAddress: 10.8.8.70,3260
Target: iqn.2003-01.local.rhce.ipa:target
        Portal: 10.8.8.70:3260,1
                Iface Name: default
iSNS:
No targets found.
STATIC:
No targets found.
FIRMWARE:
No targets found.

Log into the discovered target:

# iscsiadm -m node -T iqn.2003-01.local.rhce.ipa:target -p 10.8.8.70:3260 --login

Check the session:

# iscsiadm -m session -P3 | less

An iSCSI disk should be available at this point:

# lsblk --scsi|grep LIO
sdb  3:0:0:0    disk LIO-ORG  block1   4.0  iscsi

Create a filesystem:

# mkfs.ext4 -m0 /dev/sdb

Create a mount point and get UUID:

# mkdir /mnt/block1
# blkid | grep sdb
/dev/sdb: UUID="6a1c44d0-3e2f-49fc-85ba-ced3e44bb5b0" TYPE="ext4"

Add the following to /etc/fstab:

UUID=6a1c44d0-3e2f-49fc-85ba-ced3e44bb5b0 /mnt/block1 ext4 _netdev 0 0

Mount the iSCSI drive:

# mount /mnt/block1

We can logout or delete the session this way:

# iscsiadm -m node -T iqn.2003-01.local.rhce.ipa:target -p 10.8.8.70:3260 --logout
# iscsiadm -m node -T iqn.2003-01.local.rhce.ipa:target -p 10.8.8.70:3260 -o delete

If things go wrong, we can stop the iscsi.service and remove all files under /var/lib/iscsi/nodes to clean up all current configuration. After doing that, we need to restart the iscsi.service and start the discovery and login again.

One thought on “iSCSI Target and Initiator Configuration on RHEL 7

  1. # systemctl stop target
    # lvextend -L +200M -r /dev/vgsan/lvsan1

    #systemctl start target

    it keeps the old size even after rebooting the server
    remounting it on the initiator ot re-ligging after clearing /var/lib/iscsi/nodes makes the device lost at all (yes, the UUID was updated in /etc/fstab after the re-formatting)

Leave a Reply

Your email address will not be published. Required fields are marked *