How can I setup iSCSI Target on CentOS 8 / RHEL 8?. With CentOS 8 within reach now, it is time to make maximum use of it in running precious and important services in your organization or lab. Here, we are going to install and configure iSCSI Target and Initiator on CentOS 8 / RHEL 8 Linux server. The set up is a single server as the Target and another one as the initiator as illustrated in the figure below. Let us begin
Step 1: Update your system
Ensure you’re doing this setup on an updated CentOS / RHEL server.
sudo dnf update -yAfter an update it’s usually recommended to perform a reboot.
sudo rebootStep 2: Ensure SELinux is in Enforcing
Confirm your SELinux status
$ getenforce
EnforcingAs this setup covers configuration of SELinux, keep it running in an enforcing mode.
Step 3: Install targetcli package
The package for iSCSI Target is available as targetcli on your CentOS 8 / RHEL 8 default AppStream repositories. Install it by running the command:
sudo dnf -y install targetcliStep 4: Check available disk space
This is to make sure there is enough disk space or blocks available for allocation. It is advisable to set a different partition for this so that it is easier to manage without interfering with the core CentOS files and system.
$ df -hT
Filesystem Type Size Used Avail Use% Mounted on
devtmpfs devtmpfs 365M 0 365M 0% /dev
tmpfs tmpfs 380M 0 380M 0% /dev/shm
tmpfs tmpfs 380M 10M 370M 3% /run
tmpfs tmpfs 380M 0 380M 0% /sys/fs/cgroup
/dev/mapper/cl-root xfs 27G 1.6G 26G 6% /
/dev/sda1 ext4 976M 159M 751M 18% /boot
tmpfs tmpfs 76M 0 76M 0% /run/user/1000
If you have a secondary disk on the server, I recommend you use it.
Step 5: Configure iSCSI Target
Create a folder in your configured disks for example in /var/ or a mount point for your secondary disk, or a raid device.
sudo mkdir /var/targetdisk01Let us now get onto targetcli admin console to create our target(s)
$ sudo su -
# targetcli
targetcli shell version 2.1.fb49
Copyright 2011-2013 by Datera, Inc and others.
For help on commands, type 'help'.
/>
Do an ls to check its contents
/> ls
o- / …………………………………………………………………………………………………… […]
o- backstores …………………………………………………………………………………………. […]
| o- block ……………………………………………………………………………………………. [Storage Objects: 0]
| o- fileio …………………………………………………………………………………………… [Storage Objects: 0]
| o- pscsi ……………………………………………………………………………………………. [Storage Objects: 0]
| o- ramdisk ………………………………………………………………………………………….. [Storage Objects: 0]
o- iscsi ……………………………………………………………………………………………… [Targets: 0]
o- loopback …………………………………………………………………………………………… [Targets: 0]Everything is empty. Apart from that, you will notice that the first thing in the contents is the backstores. Backstores here assists in providing different ways of keeping the data locally that will later be exported or made available to an external system such as an initiator. The available options for backstores are block, fileio, pscsi, and ramdisk.
A block backstore as you can easily guess is a Linux block device such as a hard drive like /dev/sda. If you have a disk in your target, you can use this option. A fileio backstore, on the other hand, is a normal file on the file system that has been created with a predefined size. W shall use this option in our set-up. Generally, a block backstore performs better than a single file.
Let us create a fileio backstore of 5GB:
Navigate to backstores/fileio while on the targetcli console and create the backstore.
/> cd backstores/fileio
/backstores/fileio> create targetdisk1 /var/targetdisk01/targetdisk1.img 5G
Created fileio targetdisk1 with size 5368709120Issue ls command to check that it has been created
/backstores/fileio> ls
o- fileio ……………………………………………………………………………………….. [Storage Objects: 1]
o- targetdisk1 …………………… [/var/targetdisk01/targetdisk1.img (5.0GiB) write-back deactivated]
o- alua …………………………………………………………………………………………. [ALUA Groups: 1]
o- default_tg_pt_gp ……………………………………………………. [ALUA state: Active/optimized]Create the iSCSI Target
In order to create the iSCSI Target, we have to move into the iSCSI path in our server.
/backstores/fileio> cd /iscsi
/iscsi>While inside the iscsi path, it is now possible to create the iscsi target with a name. The naming convention is standard and it goes like this:
[ iqn.(year)-(month).(reverse of domain name):(any name you prefer) ]. Our domain is geeksforgeeks.org, so the reverse is com.neveropen. Do the same for yours. Let us proceed with naming our target.
iqn.2019-11.geeksforgeeks.org:GeeksTarget1Create the target
/iscsi> create iqn.2019-11.geeksforgeeks.org:GeeksTarget1
Created target iqn.2019-11.geeksforgeeks.org:geekstarget1.
Created TPG 1.
Global pref auto_add_default_portal=true
Created default portal listening on all IPs (0.0.0.0), port 3260.Issue ls command to confirm changes made
/iscsi> ls
o- iscsi ……………………………………………………………………………………………….. [Targets: 1]
o- iqn.2019-11.geeksforgeeks.org:geekstarget1 ………………………. [TPGs: 1]
o- tpg1 ……………………………………………………………………………………. [no-gen-acls, no-auth]
o- acls ……………………………………………………………………………………………… [ACLs: 0]
o- luns ……………………………………………………………………………………………… [LUNs: 1]
| o- lun0 …………………. [fileio/targetdisk1 (/var/targetdisk01/targetdisk1.img) (default_tg_pt_gp)]
o- portals ………………………………………………………………………………………… [Portals: 1]
o- 0.0.0.0:3260 …………………………………………………………………………………………. [OK]Create a LUN
An iSCSI LUN is a logical unit of storage. A target can offer one or more LUNs to the iSCSI clients, who initiate a connection with the iSCSI server. Navigate to the target portal group (TPG) that was created in the previous command. Notice “Created TPG 1” from above.
/iscsi> cd iqn.2019-11.geeksforgeeks.org:geekstarget1/tpg1/luns
/iscsi/iqn.20…et1/tpg1/luns>Then create the LUN from targetdisk1 we had created before. Use yours in this step.
/iscsi/iqn.20…et1/tpg1/luns> create /backstores/fileio/targetdisk1
Created LUN 0.Issue ls command to check
/iscsi/iqn.20…et1/tpg1/luns> ls
o- luns …………………………………………………………………………………………………… [LUNs: 1]
o- lun0 ………………………………………. [fileio/targetdisk1 (/var/targetdisk01/targetdisk1.img) (default_tg_pt_gp)]Configure Access Control List (ACL)
An Access Control List will make sure that only known initiators will connect to our Target. To do this, this /etc/iscsi/initiatorname.iscsi file on the client/initiator has a line as shown below. We shall use this in our ACL. The name can be edited to suit your environment.
## This is file in your initiator
$ sudo vi /etc/iscsi/initiatorname.iscsi
InitiatorName=iqn.2019-11.com.neveropen:initiator1 While still on the same path as above navigate to acls.
/iscsi/iqn.20…starget1/tpg1> cd acls
/iscsi/iqn.20…et1/tpg1/acls>Then run the following with the iqn of the initiator in the acls path
/iscsi/iqn.20…et1/tpg1/acls> create iqn.2019-11.com.neveropen:initiator1
Created Node ACL for iqn.2019-11.com.neveropen:initiator1
Created mapped LUN 0.Set userid and password
Navigate into the new iqn created in acls then set Username and Password to authenticate the initiator while it sends a request to the target.
/iscsi/iqn.20…et1/tpg1/acls> cd iqn.2019-11.com.neveropen:initiator1
/iscsi/iqn.20…ks:initiator1>
/iscsi/iqn.20…ks:initiator1> set auth userid=initiator1
Parameter userid is now 'initiator1'.
/iscsi/iqn.20…ks:initiator1> set auth password=gai0daeNgu ##Use strong password here
Parameter password is now 'gai0daeNgu'.
/iscsi/iqn.20…ks:initiator1>Lets navigate to /iscsi and confirm if all of our settings are well done then save by exiting
/iscsi/iqn.20…ks:initiator1> cd /iscsi/
/iscsi> ls
o- iscsi ……………………………………………………………………………………………….. [Targets: 1]
o- iqn.2019-11.geeksforgeeks.org:geekstarget1 ………………………………………………. [TPGs: 1]
o- tpg1 ……………………………………………………………………………………. [no-gen-acls, no-auth]
o- acls ……………………………………………………………………………………………… [ACLs: 1]
| o- iqn.2019-11.com.neveropen:initiator1 ………………………………………………….. [Mapped LUNs: 1]
| o- mapped_lun0 …………………………………………………………………. [lun0 fileio/targetdisk1 (rw)]
o- luns ……………………………………………………………………………………………… [LUNs: 1]
| o- lun0 …………………………………. [fileio/targetdisk1 (/var/targetdisk01/targetdisk1.img) (default_tg_pt_gp)]
o- portals ………………………………………………………………………………………… [Portals: 1]
o- 0.0.0.0:3260 …………………………………………………………………………………………. [OK]As you can attest, all is well and good. Save by exiting
/iscsi> exit
Global pref auto_save_on_exit=true
Last 10 configs saved in /etc/target/backup/.
Configuration saved to /etc/target/saveconfig.jsonEnable the target and set firewall rules if a firewall is running.
$ sudo systemctl enable target
Created symlink /etc/systemd/system/multi-user.target.wants/target.service → /usr/lib/systemd/system/target.service.
## Set the firewall rules as below
$ sudo firewall-cmd --add-service=iscsi-target --permanent
success
$ sudo firewall-cmd --reload
successStep 6: Configure iSCSI Initiator
And we are good to go. The only remaining thing is to configure our initiator and consume these resources. Follow out guide below.
Conclusion
Everything is now set as far as our target is concerned. The server is ready to serve the initiators added in the ACL and work to begin serving your use case. The next guide will tackle the initiator’s side so that everyone is happy.
We are glad that you found it fit to visit the site. Thank you for stopping by. Do not hesitate to check out the outlined CentOS 8/RHEL 8-related guides below.
- Install Varnish Cache 6 for Apache/Nginx on CentOS 8 / RHEL 8
- Install FreeRADIUS and Daloradius on CentOS 8 / RHEL 8
- How To Create CentOS 8 Local Repository Mirrors With Rsync & Nginx
- Setup GlusterFS Storage With Heketi on CentOS 8 / CentOS 7
- How To Sync CentOS 8 repositories on Satellite / Katello / Foreman
- How To Create CentOS 8 KVM Image Template on OpenStack
- Install Apache Subversion (SVN) on CentOS 8 / RHEL 8
- Install Apache OpenOffice on RHEL 8 / CentOS 8
- How To Join CentOS 8 / RHEL 8 System to Active Directory (AD) domain
- Enable Automatic Software Updates on CentOS 8 / RHEL 8
