RHEL7: Configure a system as either an iSCSI target or initiator that persistently mounts an iSCSI target.

Presentation

In the iSCSI world, you’ve got two types of agents:

• an iSCSI target provides some storage (here called server),
• an iSCSI initiator uses this available storage (here called client).

As you already guessed, we are going to use two virtual machines, respectively called server and client. If necessary, the server and client virtual machines can be one and only one machine.

iSCSI target configuration

Most of the target configuration is done interactively through the targetcli command. This command uses a directory tree to access the different objects.

To create an iSCSI target, you need to follow several steps on the server virtual machine.

Install the following packages:

# yum install -y targetcli 

Activate the target service at boot:

# systemctl enable target

Note: This is mandatory, otherwise your configuration won’t be read after a reboot!

Execute the targetcli command:

# targetcli Warning: Could not load preferences file /root/.targetcli/prefs.bin.
targetcli shell version 2.1.fb34
Copyright 2011-2013 by Datera, Inc and others.
For help on commands, type 'help'.
/>

Create a file called shareddata of 100MB in the /opt directory (don’t hesitate to use tab completion):

/> backstores/fileio create shareddata /opt/shareddata.img 100M Created fileio shareddata with size 104857600

Create a target with an iscsi qualified name (iqn) and an associated TPG (Target Portal Group):

/> iscsi/ create iqn.2014-08.com.example:tgt1 Created target iqn.2014-08.com.example:tgt1.
Created TPG 1.

Now, we can go to the newly created directory:

/> cd iscsi/iqn.2014-08.com.example:tgt1/tpg1 /iscsi/iqn.20...ple:tgt1/tpg1> ls o- tpg1 ................................................. [no-gen-acls, no-auth]
  o- acls ............................................................ [ACLs: 0]
  o- luns ............................................................ [LUNs: 0]
  o- portals ...................................................... [Portals: 0]

Below tpg1, three objects have been defined:

• acls (access control lists: restrict access to resources),
• luns (logical unit number: define exported resources),
• portals (define ways to reach the exported resources; consist in pairs of IP addresses and ports).

Create a portal (a pair of IP address and port through which the target can be contacted by initiators):

/iscsi/iqn.20...ple:tgt1/tpg1> portals/ create Using default IP port 3260
Binding to INADDR_ANY (0.0.0.0)
Created network portal 0.0.0.0:3260.

Create a lun:

/iscsi/iqn.20...ple:tgt1/tpg1> luns/ create /backstores/fileio/shareddata Created LUN 0.

Don’t set any authentication:

/iscsi/iqn.20...ple:tgt1/tpg1> set attribute authentication=0 demo_mode_write_protect=0 Parameter authentication is now '0'.
Parameter demo_mode_write_protect is now '0'.

Note: Don’t forget the demo_mode_write_protect=0 option, otherwise the resource will be in read-only mode, not advisable to create a file system!

Don’t set any acl:

/iscsi/iqn.20...ple:tgt1/tpg1> set attribute generate_node_acls=1 Parameter generate_node_acls is now '1'.

Now, to check the configuration, type:

/iscsi/iqn.20...ple:tgt1/tpg1> ls o- tpg1 .................................................... [gen-acls, no-auth]
  o- acls ............................................................ [ACLs: 0]
  o- luns ............................................................ [LUNs: 1]
  | o- lun0 .......................... [fileio/shareddata (/opt/shareddata.img)]
  o- portals ...................................................... [Portals: 1]
    o- 0.0.0.0:3260 ....................................................... [OK]

Finally, you can quit the targetcli command:

/iscsi/iqn.20...ple:tgt1/tpg1> exit Global pref auto_save_on_exit=true
Last 10 configs saved in /etc/target/backup.
Configuration saved to /etc/target/saveconfig.json

Note: The configuration is automatically saved to the /etc/target/saveconfig.json file.

Also, it can be useful to check the ports currently used:

# netstat -ant Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:3260 0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN
tcp6       0      0 ::1:25                  :::*                    LISTEN
tcp6       0      0 :::22                   :::*                    LISTEN

Create the /etc/firewalld/services/iscsi.xml file and paste the following lines:

iSCSI
iSCSI protocol

Add a new service to the firewall:

# firewall-cmd --permanent --add-service=iscsi Success

Reload the firewall configuration:

# firewall-cmd --reload Success

iSCSI initiator configuration

To create an iSCSI initiator, you need to follow several steps on the client virtual machine.

Install the following package:

# yum install -y iscsi-initiator-utils

Execute the iscsiadm command in discovery mode with the server ip address (here 192.168.1.81):

# iscsiadm --mode discovery --type sendtargets --portal 192.168.1.81 192.168.1.81:3260,1 iqn.2014-08.com.example:tgt1

Execute the iscsiadm command in node mode with the server ip address (here 192.168.1.81):

# iscsiadm --mode node --targetname iqn.2014-08.com.example:tgt1 --portal 192.168.1.81 --login Logging in to [iface: default, target: iqn.2014-08.com.example:tgt1, portal: 192.168.1.81,3260] (multiple)
Login to [iface: default, target: iqn.2014-08.com.example:tgt1, portal: 192.168.1.81,3260] successful.

To check the configuration, type:

# lsblk --scsi NAME HCTL       TYPE VENDOR   MODEL             REV TRAN
sda  2:0:0:0    disk LIO-ORG  shareddata       4.0  iscsi

To be sure that your resource is not in read-only mode (1=read-only mode), type:

# lsblk | egrep "NAME|sda" NAME               MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
sda                  8:0    0  100M 0 disk

Now, you can create a file system:

# mkfs.ext4 /dev/sda mke2fs 1.42.9 (28-Dec-2013)
/dev/sda is entire device, not just one partition!
Proceed anyway? (y,n) y Filesystem label=
OS type: Linux
Block size=1024 (log=0)
Fragment size=1024 (log=0)
Stride=0 blocks, Stripe width=4096 blocks
25688 inodes, 102400 blocks
5120 blocks (5.00%) reserved for the super user
First data block=1
Maximum filesystem blocks=33685504
13 block groups
8192 blocks per group, 8192 fragments per group
1976 inodes per group
Superblock backups stored on blocks:
8193, 24577, 40961, 57345, 73729

Allocating group tables: done
Writing inode tables: done
Creating journal (4096 blocks): done
Writing superblocks and filesystem accounting information: done

Retrieve the UUID of this disk:

# blkid | grep "/dev/sda" /dev/sda: UUID="4a184c70-20ad-4d91-a0b1-c2cf0eb1986f" TYPE="ext4"

Add the disk UUID to the /etc/fstab file:

# echo "UUID=..." >> /etc/fstab

Note: Be very careful to type >> and not >, otherwise this will destroy all your configuration!
Make a copy of the /etc/fstab file before doing this operation if you don’t want to take any risk.

Edit the /etc/fstab file and add the mount point (here /mnt), the file system type (here ext4) and the mount options (_netdev):

UUID=... /mnt ext4 _netdev 0 0

To check your configuration, type:

# mount -a

Note: Before rebooting, , this can be helpful!

Source: targetcli man page and .

In addition, you can watch (don’t forget to enable the target service, set the demo_mode_write_protect=0 option and the firewalld configuration).