I need to have an iSCSI storage to be used by my oVirt lab. The last time I had to create an iSCSI target was during the preparation of the RHCE 7 exam. Therefore, I think this is an opportunity to practice doing this again.
First, install the required package. Then enable the target service, otherwise the target won’t work on the next reboot.
[root@utility ~]# dnf install targetcli -y
[root@utility ~]# systemctl enable target
Run the targetcli command to create an iSCSI target/storage using the storage block (/dev/mapper/data_iscsi LVM volume).
[root@utility ~]# targetcli
Warning: Could not load preferences file /root/.targetcli/prefs.bin.
targetcli shell version 2.1.51
Copyright 2011-2013 by Datera, Inc and others.
For help on commands, type 'help'.
# create a blocked device disk from an lvm data-isci
/> /backstores/block create iscsi_data /dev/data/iscsi
Created block storage object iscsi_data using /dev/data/iscsi.
# create a target
/> /iscsi create iqn.2020-11.com.example.lab:utility
Created target iqn.2020-11.com.example.lab:utility.
Created TPG 1.
Global pref auto_add_default_portal=true
Created default portal listening on all IPs (0.0.0.0), port 3260.
# create LUN
/> /iscsi/iqn.2020-11.com.example.lab:utility/tpg1/luns create /backstores/block/iscsi_data
Created LUN 0.
/> ls
o- / ............................................................................... [...]
o- backstores .................................................................... [...]
| o- block ........................................................ [Storage Objects: 1]
| | o- iscsi_data.......................[/dev/data/iscsi (32.0GiB) write-thru activated]
| | o- alua ......................................................... [ALUA Groups: 1]
| | o- default_tg_pt_gp ............................. [ALUA state: Active/optimized]
| o- fileio ....................................................... [Storage Objects: 0]
| o- pscsi .........................................................[Storage Objects: 0]
| o- ramdisk ...................................................... [Storage Objects: 0]
o- iscsi .................................................................. [Targets: 1]
| o- iqn.2020-11.com.example.lab:utility ..................................... [TPGs: 1]
| o- tpg1 ..................................................... [no-gen-acls, no-auth]
| o- acls ................................................................ [ACLs: 0]
| o- luns ................................................................ [LUNs: 1]
| | o- lun0 ................ [block/iscsi_data (/dev/data/iscsi) (default_tg_pt_gp)]
| o- portals .......................................................... [Portals: 1]
| o- 0.0.0.0:3260 ........................................................... [OK]
o- loopback ................................................................[Targets: 0]
Note: I had a problem when setting the portal IP address to 172.24.0.8.
/> /iscsi/iqn.2020-11.com.example.lab:utility/tpg1/portals create 172.24.0.8
Using default IP port 3260
Could not create NetworkPortal in configFS
The solution is to first remove the default portal before adding the desired one.
/iscsi/iqn.20...:utility/tpg1> ./portals delete 0.0.0.0 3260
Deleted network portal 0.0.0.0:3260
/iscsi/iqn.20...:utility/tpg1> ./portals create 172.24.0.8
Using default IP port 3260
Created network portal 172.24.0.8:3260.
/iscsi/iqn.20...:utility/tpg1>
If you’re configuring the iSCSI target for general usage, it’s recommended that the Access Control list (ACL) get set so that only authorized clients can use this resource. For example, if we want to only allow the iSCSI initiator (client) with the following name iqn.2020-11.com.example.lab:hostb to acccess this resource, here is how ACL can be set.
# create ACL
/> /iscsi/iqn.2020-11.com.example.lab:utility/tpg1/acls create iqn.2020-11.com.example.lab:hostb
Created Node ACL for iqn.2020-11.com.example.lab:hostb
However, I’m creating this iscsi block to be used by oVirt hosts. In this case, it’s better to not set the ACL. Additionally, I also ned to enable the “generate_node_acls mode” to ignore the ACL mode. (Thanks to this blog post from 2015.)
/iscsi/iqn.20...:utility/tpg1> ls
o- tpg1 ......................................................... [no-gen-acls, no-auth]
o- acls .................................................................... [ACLs: 0]
o- luns .................................................................... [LUNs: 1]
| o- lun0 ............. [block/iscsi_data (/dev/mapper/data-iscsi) (default_tg_pt_gp)]
o- portals .............................................................. [Portals: 1]
o- 172.24.0.8:3260 ............................................................ [OK]
/iscsi/iqn.20...:utility/tpg1> get attribute authentication
authentication=0
/iscsi/iqn.20...:utility/tpg1> get attribute generate_node_acls
generate_node_acls=0
/iscsi/iqn.20...:utility/tpg1> set attribute generate_node_acls=1
Parameter generate_node_acls is now '1'.
/iscsi/iqn.20...:utility/tpg1> exit
Global pref auto_save_on_exit=true
Configuration saved to /etc/target/saveconfig.json
Finally, we need to update firewalld to allow clients to connect to this server.
[root@utility ~]# firewall-cmd --add-service iscsi-target
success
[root@utility ~]# !! --permanent
firewall-cmd --add-service iscsi-target --permanent
success
References:
- RHEL7: Configure a system as either an iSCSI target or initiator that persistently mounts an iSCSI target.
- How to Configure ISCSI Target Server on CentOS 8 / RHEL 8
- Iscsi configuration error : Could not create networkportal in ConfigFS (You may require to login with Red Hat account)
- How to Configure iSCSI Target on Red Hat Enterprise Linux 7