July Release Confetti
150+ New Courses, Hands‑On Labs, And
Interactive Learning Activities
Learn More

How to: Share your storage with iSCSI

Introduction

iSCSI stands for internet small computer system interface. iSCSI is a protocol that allows you to connect with the host storage remotely. Basically, iSCSI works on the TCP/IP layer by sending the SCSI data over TCP packets. These packets will be transported over LAN between iSCSI target and iSCSI initiator. Typically, iSCSI is implemented in the storage area network (SAN). In this guide, we will set up an iSCSI target and iSCSI initiator in Linux.


Terminology

iSCSI Initiator: iSCSI initiators are clients that authenticate to an iSCSI target and get the authorization of block level storage access. Clients can have multiple iSCSI devices access the initiator.

iSCSI Target: An iSCSI target is a server that provides storage to an iSCSI Initiator. You can create a LUN in a target and provide block storage to the iSCSI initiator.

LUN (Logical Unit Number): A LUN is a SCSI concept that allows us to divide a large number of the storage into a sizable chunk. A LUN is a logical representation of a physical disk. Storage which has been assigned to the iSCSI initiator will be the LUN.

IQN (iSCSI qualified name): An IQN is a unique name that is assigned to the iSCSI target and iSCSI initiator to identify each other. IQN format looks like:

Iqn.yyyy-mm.<domain or naming>:unique name

Example:

Iqn.2017-08.com.example:server

Portal: The iSCSI portal is a network portal within the iSCSI network where the iSCSI network initiates. iSCSI works over TCP/IP, so the portal can be identified by IP address. There can be one or more Portal.

ACL: An access control list will allow the iSCSI initiator to connect to an iSCSI target. The ACL will restrict access for the iSCSI target so unauthorized initiators cannot connect


How does it work?

iSCSI offers different ways of storing data locally, including block, FileIO, pscsi, and RAMDisk. Here we are focusing on exporting block storage from iSCSI target to initiator. We will create a LUN in the target machine and export it to the initiator. The initiator then will be able to use this storage from the iSCSI target as if it were a local disk. We will create a partition from that disk. To accomplish this, we will use the targetcli utility, which will allow us to manage target configuration. We will create a LUN and IQN in the target and provide access to the initiator.


Environment

Client: client.example.com: This system will work as the iSCSI initiator.

Server: server.example.com: This system will work as the iSCSI target.

We will use a RedHat 7 machine for the demo.


Configure iSCSI target:

To create an iSCSI target, we should have extra storage available to assign it to the initiator. I have a 20 GB hard disk added to my machine from which we will create a partition and assign it to the iSCSI LUN. 

user_35668_59d5136470977.png_800.jpg

Creating the Partition:

We will create a partition from /dev/xvdb disk. You should select the proper disk to create a partition. Enter the partition wizard by using the below command:

[root@server ~]# fdisk /dev/xvdb

Now, using fdisk we will create 10 GB partition. To create a new partition, enter the character “n”.

user_35668_59d51404561eb.png_800.jpg

It will ask input for partition type, partition number, and first sector. We are going to keep default values here. Hit enter for all three options. For the last sector, we give a value of “+10G”. This means we are creating a partition of 10 GB out of the available 20 GBs.

user_35668_59d514a692e27.png_800.jpg

Now, as you can see, we have 10 GB partition ready. You can print the number of the partition available for the disk by entering “p” character.

user_35668_59d5150299638.png_800.jpg

We have the “/dev/xvdb1” partition ready to use. This partition will be used to create a LUN in the targetcli utility. Exit the wizard, and enter command “partprobe”. This command will apply the changes immediately so we do not need to reboot the machine to reflect changes.

[root@server ~]# partprobe
user_35668_59d5155846268.png_800.jpg
Target Configuration:
1. Now we will start configuring the target. We require the targetcli tool to perform target configuration. This will provide you the CLI environment for updating and viewing target configuration. This configuration exports the local disk storage to the remote machine. Update your system and install targetcli
[root@server ~]# yum update && yum install targetcli -y

2. Before using targetcli, we need to start target service. By enabling the service, targetcli will automatically start at boot time.

[root@server ~]# systemctl start target.service
[root@server ~]# systemctl enable target.service

3. Now we can use the targetcli utility. 

[root@server ~]# targetcli

4. After entering in targetcli, browse to the /backstore/block path. We will create the backstore here. We can create different types of storage, such as block, pscsi, and FileIO. For this guide, we will use block storage, which is a simple block device like harddisk. 

/> /backstores/block
/backstores/block> create disk /dev/xvdb1

user_35668_59d51666c0cc3.png_800.jpg

5. Now, browse to “iscsi”. We will create the iSCSI target with an IQN and iSCSI target name (“server”). If you don’t want to enter an IQN and target name, then you can just type “create” and it will automatically take the default IQN and target name. 

/backstores/block> /iscsi
/iscsi> create iqn.2017-08.com.example:server
user_35668_59d516c9a22bd.png_800.jpg

6. Now we need to create an ACL so only our iSCSI initiator can access this target. Here I am keeping the initiator’s IQN as “iqn.2017-08.com.example.com:client”. We will set the IQN at the time of initiator configuration. 

/iscsi> iqn.2017-08.com.example:server/tpg1/acls
/iscsi/iqn.20...ver/tpg1/acls> create iqn.2017-08.com.example:client
user_35668_59d51729b076e.png_800.jpg

7. Now, we will create the LUN from the disk we created in step 4. This LUN will have read-write permissions by default. 

/iscsi/iqn.20...ver/tpg1/acls> /iscsi/iqn.2017-08.com.example:server/tpg1/luns
/iscsi/iqn.20...ver/tpg1/luns> create /backstores/block/disk
user_35668_59d51771bc420.png_800.jpg

8. For the final step, we will create a portal. This portal will initiate the iSCSI network. We are going to give the private IP address of the current machine, which will be the IP address of iSCSI target.

/> /iscsi/iqn.2017-08.com.example:server/tpg1/portals/
/iscsi/iqn.20.../tpg1/portals> create 172.31.3.109

Remember that if you have any default portal, then it will not allow you to create a new portal. Most default portals would be “0.0.0.0”. You can keep that one, or you can delete the old portal and create a new portal as shown below. You can view the current portal with “ls” command. 

/iscsi/iqn.20.../tpg1/portals> ls
/iscsi/iqn.20.../tpg1/portals> delete 0.0.0.0 3260
/iscsi/iqn.20.../tpg1/portals> create 172.31.3.109

user_35668_59d517f3c526c.png

Now we have the configuration ready for the iSCSI target.


Configure the iSCSI initiator

1. Log in to the iSCSI initiator where you want to mount your storage from the iSCSI target. Here we are going to install the “iscsi-initiator-utilits” package. Update the system, and install the package with the below command.

[root@client ~]# yum update && yum install iscsi-initiator-utils

2. Set up the IQN for the initiator. We are going to set “iqn.2017-08.com.example:client” as initiator’s IQN. You can set the IQN in the initiatorname.iscsi file.

[root@client ~]# vim /etc/iscsi/initiatorname.iscsi
InitiatorName=iqn.2017-08.com.example:client

3. Save and exit the file. Enable and start the iSCSI service.

[root@client ~]# systemctl start iscsid iscsi
[root@client ~]# systemctl enable iscsid iscsi

4. We need to discover the target with the private IP address of the target server and see what the target is offering. In this case, the target IP address is “172.31.3.109”.

[root@client ~]# iscsiadm --mode discovery -t st -p 172.31.3.109:3260

5. We can see the available target from the client. We must log in to the target to use it.

[root@client ~]# iscsiadm -m node -T iqn.2017-08.com.example:server -p 172.31.3.109:3260 -l

6. You can view the active iSCSI session using the below command.

[root@client ~]# iscsiadm -m session -P

7. The block disk shared from the iSCSI target is now available to the iSCSI initiator, as shown below. 

[root@client ~]# fdisk -l
user_35668_59d51958896b6.png

The partition is mounted as the “/dev/sda” device. You can create a partition, format it as an ext4 or xfs file system, and mount it to a directory.


Things to remember:

1. After mounting the file system to a directory, you can make an entry in “/etc/fstab” to mount it automatically at boot time. Remember to use the “_netdev” attribute, as shown below, in the “/etc/fstab” entry.

user_35668_59d519b7f205c.png

2. To log out of the iSCSI target, first unmount the disk from the directory, remove the entry from “/etc/fstab”, and execute the command below:

[root@client ec2-user]# iscsiadm -m node -u

3. If you have not mounted the disk properly, and you are rebooting the server without logging out, then there is a chance of a server crash.

4. The iSCSI target is using port 3260 for communication, so enable it from the firewall.

  • post-author-pic
    Shahan K
    10-05-2017

    Nice addition  @talkwithmurtuza !

  • post-author-pic
    Murtuza K
    10-06-2017

     @SKarim  Thank you very much

  • post-author-pic
    Ravindra K
    10-07-2017

    Excellent article

  • post-author-pic
    Terrence C
    10-07-2017

    Great guide, thanks for putting it up!

  • post-author-pic
    Murtuza K
    10-10-2017

     @rkulkarni  Thank you !!

  • post-author-pic
    Murtuza K
    10-10-2017

     @tcox  Thank you very much for feedback :)

  • post-author-pic
    Alick M
    02-04-2018

    Brilliant write up thanks a lot!!

  • post-author-pic
    Murtuza K
    02-12-2018

    Thanks a lot  @alickMitchell 


  • post-author-pic
    Taz B
    05-23-2018

    I am impressed by your guide, it is very informative.  If someone were to use this for say the RHCE preparation, they would be steered correctly.  Bravo!

  • post-author-pic
    Ravindra K
    05-29-2018

    Amazing article.. spot on!

  • post-author-pic
    Murtuza K
    06-04-2018

     @tazbrown1918-a1780936  Thank you very much for your kind word :) 


  • post-author-pic
    Murtuza K
    06-04-2018

     @rkulkarni  Thanks you very much !!


Looking For Team Training?

Learn More