https://fedoraproject.org/wiki/Scsi-target-utils_Quickstart_Guide
This page is intended to outline a series of steps need to quickly get a scsi-target-utils based iSCSI software target working.
Most of these instructions can also be found in a README provided by the scsi-target-utils package (see /usr/share/doc/scsi-target-utils-*/README.iscsi).
Start by installing the scsi-target-utils package using DNF:
# dnf install scsi-target-utilsOr with YUM:
# yum install scsi-target-utilsEnsure, port 3260 is available for incoming connection and there is no firewall in the way between target and test machine.
Either stop your firewall: # service iptables stop Or, open up tcp port 3260 for traffic using: # system-config-firewall Or, modify your iptables configuration manually by editing /etc/sysconfig/iptables Then restarting iptables: # service iptables restartFor firewalld:
firewall-cmd --zone=FedoraServer --add-service=iscsi-target --permanent firewall-cmd --reloadWhen configured, the tgtd service will present a block device to iSCSI initiators. You may use a LVM logical volume, a disk partition, a whole disk, or a file. For production use a LVM logical volume is typically used. For this document, we will create a file.
First, create a 8Gib file: # dd if=/dev/zero of=/var/tmp/iscsi-disk1 bs=1M count=8000Configure the tgtd service to start on boot. Type:
# service tgtd start # chkconfig tgtd onFor the fastest way to present a target device with 1 logical unit to any initiator ... follow these three steps:
First, create a target deviceNext, add a logical unitFinally, enable the target to accept initiatorsThat's it!
The following sections detail common actions you might perform using the tgtadm utility with the configuration used above. All of the following steps are also detailed in the README.iscsi included in the scsi-target-utils package.
You can add a logical unit to an existing target device by typing:
# tgtadm --lld iscsi --mode logicalunit --op new --tid 1 --lun 1 -b /var/tmp/iscsi-disk1 SELinux note Note that /var/tmp/iscsi-disk1 will need to exist, and have the correct SELinux label, or else you will get an unhelpful " tgtadm: invalid request" error. (See above.)Repeat this process while changing the -b parameter to add more logical units.
The following sections detail various authentication and restrictions you can enabled using tgtadm.
To display a list of all configured user accounts, type:
# tgtadm --lld iscsi --mode account --op show
If you've previously configured this target to accept ALL initiators, you'll need to remove that first.
# tgtadm --lld iscsi --mode target --op unbind --tid 1 -I ALLNow, restrict access to a specific IP ...
# tgtadm --lld iscsi --mode target --op bind --tid 1 -I 10.10.0.24Or, restrict access to a subnet ...
# tgtadm --lld iscsi --mode target --op bind --tid 1 -I 10.10.0.0/24There are two types of CHAP configurations supported for iSCSI authentication:
Authentication TypeA.K.A.DescriptionInitiator AuthenticationForward, One-WayThe initiator is authenticated by the target.Target AuthenticationReverse, Bi-directional, Mutual, Two-wayThe target is authenticated by the initiator. This method also requires Initiator Authentication. Initiator Authentication is basic CHAP authentication. A username and password is created on the target. Each initiator logs into the target with this information. Target Authentication is an authentication method in addition to Initiator Authentication. A separate "outgoing" username is created on the target. This username/password pair is used by the target to log into each initiator. Initiator Authentication must also be configured in this scenario.