Red Hat Summit Red Hat SummitSupportConsoleDéveloppeursCommencer un essaiContact

Ce contenu n'est pas disponible dans la langue sélectionnée.

Chapter 6. Configuring an iSCSI target

Red Hat Enterprise Linux uses the targetcli shell as a command-line interface to perform the following operations:

  • Add, remove, view, and monitor iSCSI storage interconnects to utilize iSCSI hardware.
  • Export local storage resources that are backed by either files, volumes, local SCSI devices, or by RAM disks to remote systems.

The targetcli tool has a tree-based layout including built-in tab completion, auto-complete support, and inline documentation.

6.1. Installing targetcli
Copier lien

Install the targetcli tool to add, monitor, and remove iSCSI storage interconnects. For more information, see the targetcli(8) man page on your system.

Procedure

  1. Install the targetcli tool: 

    # dnf install targetcli
    Copy to Clipboard Toggle word wrap

  2. Start the target service: 

    # systemctl start target
    Copy to Clipboard Toggle word wrap

  3. Configure target to start at boot time: 

    # systemctl enable target
    Copy to Clipboard Toggle word wrap

  4. Open port 3260 in the firewall and reload the firewall configuration: 

    # firewall-cmd --permanent --add-port=3260/tcp
success
    Copy to Clipboard Toggle word wrap 
    # firewall-cmd --reload
success
    Copy to Clipboard Toggle word wrap

Verification

  • View the targetcli layout: 

    # targetcli
/> ls
o- /........................................[...]
  o- backstores.............................[...]
  | o- block.................[Storage Objects: 0]
  | o- fileio................[Storage Objects: 0]
  | o- pscsi.................[Storage Objects: 0]
  | o- ramdisk...............[Storage Objects: 0]
  o- iscsi...........................[Targets: 0]
  o- loopback........................[Targets: 0]
  o- srpt ...........................[Targets: 0]
    Copy to Clipboard Toggle word wrap

6.2. Creating an iSCSI target
Copier lien

You can create an iSCSI target to let the iSCSI initiator of the client to access the storage devices on the server. Both targets and initiators have unique identifying names.

Prerequisites

Procedure

  1. Navigate to the iSCSI directory. You can also use the cd command to navigate to the iSCSI directory. 

    /> iscsi/
    Copy to Clipboard Toggle word wrap

  2. Use one of the following options to create an iSCSI target:

    1. Creating an iSCSI target using a default target name: 

      /iscsi> create

Created target
iqn.2003-01.org.linux-iscsi.hostname.x8664:sn.78b473f296ff
Created TPG1
      Copy to Clipboard Toggle word wrap

    2. Creating an iSCSI target using a specific name: 

      /iscsi> create iqn.2006-04.com.example:444

Created target iqn.2006-04.com.example:444
Created TPG1
      Copy to Clipboard Toggle word wrap

      Replace iqn.2006-04.com.example:444 with the specific target name.

  3. Verify the newly created target: 

    /iscsi> ls

o- iscsi.......................................[1 Target]
    o- iqn.2006-04.com.example:444................[1 TPG]
        o- tpg1...........................[enabled, auth]
           o- acls...............................[0 ACL]
           o- luns...............................[0 LUN]
           o- portals.........................[0 Portal]
    Copy to Clipboard Toggle word wrap

6.3. iSCSI Backstore
Copier lien

An iSCSI backstore enables support for different methods of storing an exported LUN’s data on the local machine. Creating a storage object defines the resources that the backstore uses.

An administrator can choose any of the following backstore devices that Linux-IO (LIO) supports:

fileio backstore
Create a fileio storage object if you are using regular files on the local file system as disk images. For creating a fileio backstore, see Creating a fileio storage object.
block backstore
Create a block storage object if you are using any local block device and logical device. For creating a block backstore, see Creating a block storage object.
pscsi backstore
Create a pscsi storage object if your storage object supports direct pass-through of SCSI commands. For creating a pscsi backstore, see Creating a pscsi storage object.
ramdisk backstore
Create a ramdisk storage object if you want to create a temporary RAM backed device. For creating a ramdisk backstore, see Creating a Memory Copy RAM disk storage object.

6.4. Creating a fileio storage object
Copier lien

fileio storage objects can support either the write_back or write_thru operations. The write_back operation enables the local file system cache. This improves performance but increases the risk of data loss.

It is recommended to use write_back=false to disable the write_back operation in favor of the write_thru operation.

Prerequisites

Procedure

  1. Navigate to the fileio/ from the backstores/ directory: 

    /> backstores/fileio
    Copy to Clipboard Toggle word wrap

  2. Create a fileio storage object: 

    /backstores/fileio> create file1 /tmp/disk1.img 200M write_back=false

Created fileio file1 with size 209715200
    Copy to Clipboard Toggle word wrap

Verification

  • Verify the created fileio storage object: 

    /backstores/fileio> ls
    Copy to Clipboard Toggle word wrap

6.5. Creating a block storage object
Copier lien

The block driver allows the use of any block device that appears in the /sys/block/ directory to be used with Linux-IO (LIO). This includes physical devices, such as HDDs, SSDs, CDs, and DVDs, and logical devices, such as software or hardware RAID volumes, or LVM volumes.

Prerequisites

Procedure

  1. Navigate to the block/ from the backstores/ directory: 

    /> backstores/block/
    Copy to Clipboard Toggle word wrap

  2. Create a block backstore: 

    /backstores/block> create name=block_backend dev=/dev/sdb

Created block storage object block_backend using /dev/sdb.
    Copy to Clipboard Toggle word wrap

Verification

  • Verify the created block storage object: 

    /backstores/block> ls
    Copy to Clipboard Toggle word wrap

6.6. Creating a pscsi storage object
Copier lien

You can configure as a backstore any storage object that supports direct pass-through of SCSI commands without SCSI emulation and with an underlying SCSI device that appears with lsscsi in the /proc/scsi/scsi, such as a SAS hard drive. SCSI-3 and higher is supported with this subsystem.

Warning

pscsi should only be used by advanced users. Advanced SCSI commands such as for Asymmetric Logical Unit Assignment (ALUAs) or Persistent Reservations (for example, those used by VMware ESX, and vSphere) are usually not implemented in the device firmware and can cause malfunctions or crashes. When in doubt, use block backstore for production setups instead.

Prerequisites

Procedure

  1. Navigate to the pscsi/ from the backstores/ directory: 

    /> backstores/pscsi/
    Copy to Clipboard Toggle word wrap

  2. Create a pscsi backstore for a physical SCSI device, a TYPE_ROM device using /dev/sr0 in this example: 

    /backstores/pscsi> create name=pscsi_backend dev=/dev/sr0

Created pscsi storage object pscsi_backend using /dev/sr0
    Copy to Clipboard Toggle word wrap

Verification

  • Verify the created pscsi storage object: 

    /backstores/pscsi> ls
    Copy to Clipboard Toggle word wrap

6.7. Creating a Memory Copy RAM disk storage object
Copier lien

Memory Copy RAM disks (ramdisk) provide RAM disks with full SCSI emulation and separate memory mappings using memory copy for initiators. This provides capability for multi-sessions and is particularly useful for fast and volatile mass storage for production purposes.

Prerequisites

Procedure

  1. Navigate to the ramdisk/ from the backstores/ directory: 

    /> backstores/ramdisk/
    Copy to Clipboard Toggle word wrap

  2. Create a 1GB RAM disk backstore: 

    /backstores/ramdisk> create name=rd_backend size=1GB

Created ramdisk rd_backend with size 1GB.
    Copy to Clipboard Toggle word wrap

Verification

  • Verify the created ramdisk storage object: 

    /backstores/ramdisk> ls
    Copy to Clipboard Toggle word wrap

6.8. Creating an iSCSI portal
Copier lien

You can create an iSCSI portal. This adds an IP address and a port to the target that keeps the target enabled. For more information, see the targetcli(8) man page on your system.

Prerequisites

Procedure

  1. Navigate to the TPG directory: 

    /iscsi> iqn.2006-04.com.example:444/tpg1/
    Copy to Clipboard Toggle word wrap

  2. Use one of the following options to create an iSCSI portal:

    1. Creating a default portal uses the default iSCSI port 3260 and allows the target to listen to all IP addresses on that port: 

      /iscsi/iqn.20...mple:444/tpg1> portals/ create

Using default IP port 3260
Binding to INADDR_Any (0.0.0.0)
Created network portal 0.0.0.0:3260
      Copy to Clipboard Toggle word wrap

    2. Creating a portal using a specific IP address: 

      /iscsi/iqn.20...mple:444/tpg1> portals/ create 192.168.122.137

Using default IP port 3260
Created network portal 192.168.122.137:3260
      Copy to Clipboard Toggle word wrap

Verification

  • Verify the newly created portal: 

    /iscsi/iqn.20...mple:444/tpg1> ls

o- tpg.................................. [enabled, auth]
    o- acls ......................................[0 ACL]
    o- luns ......................................[0 LUN]
    o- portals ................................[1 Portal]
       o- 192.168.122.137:3260......................[OK]
    Copy to Clipboard Toggle word wrap

6.9. Creating an iSCSI LUN
Copier lien

Logical unit number (LUN) is a physical device that is backed by the iSCSI backstore. Each LUN has a unique number. For more information, see the targetcli(8) man page on your system.

Prerequisites

Procedure

  1. Create LUNs of already created storage objects: 

    /iscsi/iqn.20...mple:444/tpg1> luns/ create /backstores/ramdisk/rd_backend
Created LUN 0.

/iscsi/iqn.20...mple:444/tpg1> luns/ create /backstores/block/block_backend
Created LUN 1.

/iscsi/iqn.20...mple:444/tpg1> luns/ create /backstores/fileio/file1
Created LUN 2.
    Copy to Clipboard Toggle word wrap

  2. Verify the created LUNs: 

    /iscsi/iqn.20...mple:444/tpg1> ls

o- tpg.................................. [enabled, auth]
    o- acls ......................................[0 ACL]
    o- luns .....................................[3 LUNs]
    |  o- lun0.........................[ramdisk/ramdisk1]
    |  o- lun1.................[block/block1 (/dev/vdb1)]
    |  o- lun2...................[fileio/file1 (/foo.img)]
    o- portals ................................[1 Portal]
        o- 192.168.122.137:3260......................[OK]
    Copy to Clipboard Toggle word wrap

    Default LUN name starts at 0.

    Important

    By default, LUNs are created with read/write permissions. If a new LUN is added after ACLs are created, LUN automatically maps to all available ACLs and can cause a security risk. To create a LUN with read-only permissions, see Creating a read-only iSCSI LUN.

  3. Configure ACLs. For more information, see Creating an iSCSI ACL.

6.10. Creating a read-only iSCSI LUN
Copier lien

By default, LUNs are created with read/write permissions. You can create a read-only LUN. For more information, see the targetcli(8) man page on your system.

Prerequisites

Procedure

  1. Set read-only permissions: 

    /> set global auto_add_mapped_luns=false

Parameter auto_add_mapped_luns is now 'false'.
    Copy to Clipboard Toggle word wrap

    This prevents the auto mapping of LUNs to existing ACLs allowing the manual mapping of LUNs.

  2. Navigate to the initiator_iqn_name directory: 

    /> iscsi/target_iqn_name/tpg1/acls/initiator_iqn_name/
    Copy to Clipboard Toggle word wrap

  3. Create the LUN: 

    /iscsi/target_iqn_name/tpg1/acls/initiator_iqn_name> create mapped_lun=next_sequential_LUN_number tpg_lun_or_backstore=backstore write_protect=1
    Copy to Clipboard Toggle word wrap

    Example: 

    /iscsi/target_iqn_name/tpg1/acls/2006-04.com.example:888> create mapped_lun=1 tpg_lun_or_backstore=/backstores/block/block2 write_protect=1

Created LUN 1.
Created Mapped LUN 1.
    Copy to Clipboard Toggle word wrap

  4. Verify the created LUN: 

    /iscsi/target_iqn_name/tpg1/acls/2006-04.com.example:888> ls
 o- 2006-04.com.example:888 .. [Mapped LUNs: 2]
 | o- mapped_lun0 .............. [lun0 block/disk1 (rw)]
 | o- mapped_lun1 .............. [lun1 block/disk2 (ro)]
    Copy to Clipboard Toggle word wrap

    The mapped_lun1 line now has (ro) at the end (unlike mapped_lun0’s (rw)) stating that it is read-only.

  5. Configure ACLs. For more information, see Creating an iSCSI ACL.

6.11. Creating an iSCSI ACL
Copier lien

The targetcli service uses Access Control Lists (ACLs) to define access rules and grant each initiator access to a Logical Unit Number (LUN).

Both targets and initiators have unique identifying names. You must know the unique name of the initiator to configure ACLs. The /etc/iscsi/initiatorname.iscsi file, provided by the iscsi-initiator-utils package, contains the iSCSI initiator names.

For more information, see the targetcli(8) man page on your system.

Prerequisites

Procedure

  1. Optional: To disable auto mapping of LUNs to ACLs, see Creating a read-only iSCSI LUN.

  2. Navigate to the acls directory: 

    /> iscsi/target_iqn_name/tpg_name/acls/
    Copy to Clipboard Toggle word wrap

  3. Use one of the following options to create an ACL:

    • Use the initiator_iqn_name from the /etc/iscsi/initiatorname.iscsi file on the initiator: 

      iscsi/target_iqn_name/tpg_name/acls> create initiator_iqn_name

Created Node ACL for initiator_iqn_name
Created mapped LUN 2.
Created mapped LUN 1.
Created mapped LUN 0.
      Copy to Clipboard Toggle word wrap

    • Use a custom_name and update the initiator to match it: 

      iscsi/target_iqn_name/tpg_name/acls> create custom_name

Created Node ACL for custom_name
Created mapped LUN 2.
Created mapped LUN 1.
Created mapped LUN 0.
      Copy to Clipboard Toggle word wrap

      For information about updating the initiator name, see Creating an iSCSI initiator.

Verification

  • Verify the created ACL: 

    iscsi/target_iqn_name/tpg_name/acls> ls

o- acls .................................................[1 ACL]
    o- target_iqn_name ....[3 Mapped LUNs, auth]
        o- mapped_lun0 .............[lun0 ramdisk/ramdisk1 (rw)]
        o- mapped_lun1 .................[lun1 block/block1 (rw)]
        o- mapped_lun2 .................[lun2 fileio/file1 (rw)]
    Copy to Clipboard Toggle word wrap

By using the Challenge-Handshake Authentication Protocol (CHAP), users can protect the target with a password. The initiator must be aware of this password to be able to connect to the target. For more information, see the targetcli(8) man page on your system.

Prerequisites

Procedure

  1. Set attribute authentication: 

    /iscsi/iqn.20...mple:444/tpg1> set attribute authentication=1

Parameter authentication is now '1'.
    Copy to Clipboard Toggle word wrap

  2. Set userid and password: 

    /tpg1> set auth userid=redhat
Parameter userid is now 'redhat'.

/iscsi/iqn.20...689dcbb3/tpg1> set auth password=redhat_passwd
Parameter password is now 'redhat_passwd'.
    Copy to Clipboard Toggle word wrap

  3. Navigate to the acls directory: 

    /> iscsi/target_iqn_name/tpg1/acls/initiator_iqn_name/
    Copy to Clipboard Toggle word wrap

  4. Set attribute authentication: 

    /iscsi/iqn.20...:605fcc6a48be> set attribute authentication=1
Parameter authentication is now '1'.
    Copy to Clipboard Toggle word wrap

  5. Set userid and password: 

    /iscsi/iqn.20...:605fcc6a48be> set auth userid=redhat
Parameter userid is now 'redhat'.

/iscsi/iqn.20...:605fcc6a48be> set auth password=redhat_passwd
Parameter password is now 'redhat_passwd'.
    Copy to Clipboard Toggle word wrap

6.13. Removing an iSCSI object by using targetcli tool
Copier lien

You can remove the iSCSI objects by using the targetcli tool. For more information, see the targetcli(8) man page on your system.

Procedure

  1. Log off from the target: 

    # iscsiadm -m node -T iqn.2006-04.com.example:444 -u
    Copy to Clipboard Toggle word wrap

    For more information about how to log in to the target, see Creating an iSCSI initiator.

  2. Remove the entire target, including all ACLs, LUNs, and portals: 

    /> iscsi/ delete iqn.2006-04.com.example:444
    Copy to Clipboard Toggle word wrap

    Replace iqn.2006-04.com.example:444 with the target_iqn_name.

    • To remove an iSCSI backstore: 

      /> backstores/backstore-type/ delete block_backend
      Copy to Clipboard Toggle word wrap

      Replace backstore-type with either fileio, block, pscsi, or ramdisk.

      Replace block_backend with the backstore-name you want to delete.

    • To remove parts of an iSCSI target, such as an ACL: 

      /> /iscsi/iqn-name/tpg/acls/ delete iqn.2006-04.com.example:444
      Copy to Clipboard Toggle word wrap

Verification

  • View the changes: 

    /> iscsi/ ls
    Copy to Clipboard Toggle word wrap
Retour au début
Red Hat logoGithubredditYoutubeTwitter

Apprendre

Essayez, achetez et vendez

Communautés

À propos de la documentation Red Hat

Nous aidons les utilisateurs de Red Hat à innover et à atteindre leurs objectifs grâce à nos produits et services avec un contenu auquel ils peuvent faire confiance. Découvrez nos récentes mises à jour.

Rendre l’open source plus inclusif

Red Hat s'engage à remplacer le langage problématique dans notre code, notre documentation et nos propriétés Web. Pour plus de détails, consultez le Blog Red Hat.

À propos de Red Hat

Nous proposons des solutions renforcées qui facilitent le travail des entreprises sur plusieurs plates-formes et environnements, du centre de données central à la périphérie du réseau.

Theme

© 2025 Red Hat