From Fedora Project Wiki

(Note for n00bs (like me))
(fix link)
Line 53: Line 53:
 
# First, [[#Create_a_new_target_device|create a target device]]
 
# First, [[#Create_a_new_target_device|create a target device]]
 
# Next, [[#Add_a_logical_unit|add a logical unit]]
 
# Next, [[#Add_a_logical_unit|add a logical unit]]
# Finally, [[#Permissions_-_Allow_all_initiators|enable the target to accept initiators]]  
+
# Finally, [[#Allow_all_initiators|enable the target to accept initiators]]  
  
 
That's it!
 
That's it!

Revision as of 16:51, 12 February 2009

Idea.png
Specialized hardware is not needed!
You can use this page to run and test the scsi-target-utils functions without any special hardware, using either physical or virtual machines that share a network.

About

This page is intended to outline a series of steps need to quickly get a scsi-target-utils based iSCSI software target working.

Most of these instructions can also be found in a README provided by the scsi-target-utils package (see /usr/share/doc/scsi-target-utils-0.9.2/README.iscsi).

Installation

Start by installing the scsi-target-utils package.

# yum install scsi-target-utils

Configuration

Firewall

Ensure, port 3260 is available for incoming connection and there is no firewall in the way between target and test machine.

  • Either stop your firewall:
    # service iptables stop
  • Or, open up port 3260 for traffic using:
    # system-config-firewall
  • Or, modify your iptables configuration manually by
    1. editing /etc/sysconfig/iptables
    2. Then restarting iptables:
      # service iptables restart

Backing Store

When configured, the tgtd service will present a block device to iSCSI initiators. You may use a LVM logical volume, a disk partition, a whole disk, or a loop back partition. For this document, we will create a /dev/loop0 loop back device.

  1. First, create a 8Gib file:
    # dd if=/dev/zero of=/tmp/iscsi-disk1 bs=1M count=8000
  2. Next, create a loopback device:
    # losetup /dev/loop0 /tmp/iscsi-disk1

Selinux

Warning.png
FIXME
Detail any SELinux considerations here.

Service startup

Configure the tgtd service to start on boot. Type:

# service tgtd start
# chkconfig tgtd on

Up and running in 3 steps

For the fastest way to present a target device with 1 logical unit to any initiator ... follow these three steps:

  1. First, create a target device
  2. Next, add a logical unit
  3. Finally, enable the target to accept initiators

That's it!

How to ...

The following sections detail common actions you might perform using the tgtadm utility with the configuration used above. All of the following steps are also detailed in the README.iscsi included in the scsi-target-utils package.

List active targets

At any time you can list the active targets by typing:

# tgtadm --lld iscsi --op show --mode target

Create a new target device

Create a target device:

# tgtadm --lld iscsi --op new --mode target --tid=1 --targetname iqn.2009-02.com.example:for.all

Add a logical unit

You can add a logical unit to an existing target device by typing:

# tgtadm --lld iscsi --op new --mode logicalunit --tid 1 --lun 1 -b /dev/loop0

Repeat this process while changing the -b parameter to add more logical units.

Permissions

The following sections detail various authentication and restrictions you can enabled using tgtadm.

List all user accounts

To display a list of all configured user accounts, type:

# tgtadm --lld iscsi --op show --mode account

Allow all initiators

# tgtadm --lld iscsi --op bind --mode target --tid 1 -I ALL

IP-based restrictions

If you've previously configured this target to accept ALL initiators, you'll need to remove that first.

# tgtadm --lld iscsi --op unbind --mode target --tid 1 -I ALL

Now, restrict access to a specific IP ...

# tgtadm --lld iscsi --op bind --mode target --tid 1 -I 10.10.0.24

Or, restrict access to a subnet ...

# tgtadm --lld iscsi --op bind --mode target --tid 1 -I 10.10.0.0/24

User/Password authentication (CHAP)

  1. First, create a user and password:
    # tgtadm --lld iscsi --op new --mode account --user ''consumer'' --password ''Longsw0rd''
  2. Next, add the users to an existing target device:
    # tgtadm --lld iscsi --op bind --mode account --tid 1 --user ''consumer''

Reverse User/Password authentication (CHAP)

Warning.png
FIXME
What's the different between one-way and two-way ... and reverse CHAP?
  1. First, create a user and password:
    # tgtadm --lld iscsi --op new --mode account --user ''provider'' --password ''Shortsw0rd''
  2. Next, add the users to an existing target device:
    # tgtadm --lld iscsi --op bind --mode account --tid 1 --user ''provider'' --outgoing