Scsi-target-utils Quickstart Guide

Source: Internet
Author: User
Tags auth iptables firewall

Https://fedoraproject.org/wiki/Scsi-target-utils_Quickstart_Guide

About

This page are intended to outline a series of steps need to quickly get a scsi-target-utils based ISCSI software Target working.

Most of these instructions can also is found in a README provided by the Scsi-target-utils package (See/usr/share/doc/scs I-TARGET-UTILS-*/README.ISCSI). installation

Start by installing the Scsi-target-utils package using DNF:

# DNF Install Scsi-target-utils

Or with YUM:

# yum Install Scsi-target-utils
Configuration Firewall

Ensure, Port 3260 is available for incoming connection and there are no firewall in the way between target and test machine . Either stop your firewall:

# Service Iptables Stop
Or, open up TCP port 3260 for traffic using:
# System-config-firewall
Or, modify your iptables configuration manually by Editing/etc/sysconfig/iptables Then restarting:
# Service Iptables Restart

For FIREWALLD:

Firewall-cmd--zone=fedoraserver--add-service=iscsi-target--permanent
Firewall-cmd--reload
backing Store

When configured, the TGTD service would present a block device to ISCSI initiators. You could use a LVM logical volume, a disk partition, a whole disk, or a file. For production use a LVM logical volume is typically used. For this document, we'll create a file. The Create a 8Gib file:

# dd If=/dev/zero of=/var/tmp/iscsi-disk1 bs=1m count=8000
Selinux
# semanage Fcontext-a-T tgtd_var_lib_t/var/tmp/iscsi-disk1
# RESTORECON-RV  /var/tmp/iscsi-disk1
Service Startup

Configure the TGTD service to start on boot. Type:

# service TGTD start
# chkconfig TGTD on
Up and running in 3 steps

For the fastest way to present a target device with 1 logical unit to any initiator ... follow these three steps:first, C reate a target device Next, add a logical unit Finally, enable the target to accept initiators

That ' s it! How to ...

The following sections detail common actions you might perform using the Tgtadm utility with the configuration used. All of the following steps are also detailed in the README.ISCSI included in the scsi-target-utils. List Active Targets At any time you can list the active targets by typing:

# Tgtadm--LLD iSCSI--mode Target--op Show
Create A new target deviceCreate a target device:
# Tgtadm--LLD iSCSI--mode Target--op New--tid=1--targetname

ADD a logical unit (LUN)

Can add a logical unit to a existing target device by typing:

# Tgtadm--lld iSCSI--mode logicalunit--op new--tid 1--lun 1-b/var/tmp/iscsi-disk1
SELinux Note
Note That/var/tmp/iscsi-disk1 'll need to exist, and have the correct SELinux label, or else you'll get a unhelpful " Tgtadm:invalid Request "error. (above.)

Repeat this process while changing the- b parameter to add more logical units. Permissions

The following sections detail various authentication and restrictions you can-enabled using TGTADM. List all user accounts

To display a list of all configured user accounts, type:

# Tgtadm--lld iSCSI--mode account--op Show

ADD IP wildcard to allow all initiators

# Tgtadm--LLD iSCSI--mode target--op bind--tid 1-i All
ip-based Restrictions

If you have ' ve previously configured this target to accept all initiators, you'll be need to remove.

# Tgtadm--LLD iSCSI--mode Target--op unbind--tid all

Now, restrict access to a specific IP ...

# Tgtadm--LLD iSCSI--mode target--op bind--tid 1-i

Or, restrict access to a subnet ...

# Tgtadm--LLD iSCSI--mode target--op bind--tid 1-i
User/password Authentication (CHAP)

There are two types of CHAP configurations supported for ISCSI authentication:

Authentication Type a.k.a. Description
Initiator authentication Forward, one-way The initiator is authenticated by the target.
Target Authentication Reverse, Bi-directional, Mutual, two-way The target is authenticated by the initiator. This method also requires initiator authentication.
Initiator authentication is basic CHAP authentication. A username and password is created on the target. Each initiator logs to the target with this information. Target authentication is a authentication in addition to initiator authentication. A separate "outgoing" username is created on the target. This username/password pair are used by the target to log into each initiator. Initiator authentication must also is configured in this scenario. CHAP Initiator AuthenticationThe "Create a" user and password:
# Tgtadm--lld iSCSI--mode account--op new--user ' Consumer '--password ' ' longsw0rd '
Next, add the users to a existing target device:
# Tgtadm--lld iSCSI--mode account--op bind--tid 1--user ' consumer '
On the initiator ' s system, this Username/password information is entered into/etc/iscsi/iscsid.conf as:for discovery Aut Hentication (not supported by TGT yet): Discovery.sendtargets.auth. {Username,password} For the session Authentication:node.session.auth. {Username,password} CHAP Target AuthenticationThe "Create a" user and password:
# Tgtadm--lld iSCSI--mode account--op new--user ' provider '--password ' ' shortsw0rd '
Next, add the users to a existing target device:
# Tgtadm--lld iSCSI--mode account--op bind--tid 1--user ' provider '--outgoing
On the initiator ' s system, this Username/password information is entered into/etc/iscsi/iscsid.conf as:for discovery Aut Hentication (not supported by TGT yet): Discovery.sendtargets.auth. {username_in,password_in} For the session Authentication:node.session.auth. {username_in,password_in}

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.