The first thing you will need if you want to have some hands-on with the protocol is to have some storage which supports iSCSI protocol. If you have a server with VMs running on it, you can easily have some basic Ubuntu images and create your own iSCSI Target. At the end of this blog you can find the iSCSI Terminology
iSCSI Linux Target and Initiator Config
For my own convieniance, I post not only the screenshots with results, but also the commands, so it is easier to copy-paste. (Yes, I am lazy).
I used two Ubuntu images and installed the following packages on it :
On the Target Image :
On the Initiator Image :
On the target I created already a Logical Volume. You don’t have to do it, but I was curious about the configuration.
Create a Physical Volume Create a Volume Group. Create a Logical Volume
With the command :
you are seeing all blockdevices of the OS.
Let’s start :
so that we can configure a Target on this image.
Within Targetcli we can do also some commands. With the TargetCLI command :
we are seeing that nothing is configured yet.
If you have a config, you can clear it with :
There are several options to create a backstore. First we are creating a block storage object.
With <tab> you don’t have to fill in the commands completely.
If you do ls you can verify the command everytime.
Now we have a block storage object. Create a target with a iqn name. IQN stands for iSCSI Qualified Name.
Before we going to configure the rest, I will have a closer look at the IQN. The IQN always start with iqn followed with a dot (.) and the year and month of when a company had the domain name. In this case you can have unique IQNs.
After the year, you see the domain name, but in reversed order followed by : and a name, serial number or whatever.
2020-02 is feb 2020.
com.localnet is the domain localnet.com
and blocklvm1 is in this case the name of the storage. Could be anything what you think is easy.
No we have a iqn name, we have to attach a lun.
Every initiator also has a unique iqn. It can have default values or you can change it. In this case I will just fill in some names and later I will change the initiator names.
To have a overview what we configured you can do :
Here are some examples of creating backstores with RAM, File or Partition.
If the file already exists it will use that size. If it isn’t there yet, it will create a file with the size you configured.
Here you see all the backstores configured.
If you don’t configure the portal, it will default listen on all interfaces at port 3260.
You can change this, to first delete the default portal and then create a new one
The config has changed a bit and now this is the result :
On the Initiator I can do a discovery of the Target :
It is possible to have authentication on the discovery. Let’s enable it.
with get discovery_auth you can see all the parameters.
At the /iscsi level you can setup discovery authentication by :
You can see that 1-way discovery authentication is enabled.
If you want to do a discovery at the Initiator, you will see a login failure:
At the Initiator you must change the file :
Restart the iscsi service at the Initiator
And now you can discover the Target on the Initiator.
Let’s put authentication on the Target :
At the IQN level you see there is nothing configured yet :
Because I just created an Initiator name at the Target, the Initiator name must be changed at the Initiator :
Change the iscsi config file again and restart the service.
We can login at the Target via :
iSCSI Windows Initiator
When connecting a Windows Initiator to a Linux Target, you must remember a few things :
For my Windows Machine I created a new IQN.
Open the iSCSI Initiator app on your windows machine. If the service isn’t running, you can get a warning and an opportunity to start the service.
And I configured the Target to use Mutual CHAP Secret. It is not necessary, but I thought : Well, let’s give it a try.
Open the Discovery and click on Discover Portal.
Here you fill in the ip address of the Target and click on Advanced.
Here you can fill in the CHAP credentials for the discover process.
You will discover some backstores of the Target.
Click on the right one which we configured. (IQN of the windows machine.)
Fill in the CHAP credentials.
And now the Windows Machine and the Target are connected.
If you go to Disk Management of the windows machine, you will see new disks (In this case the first one is the 50M. The seconds was the 8Gb)
Final TargetCLI configuration
Here are some screenshot of my final TargetCLI configuration.
With the get and set command you can see of set parameters.
Enable the IQN authentication at TPG level.
Set the Auth at the IQN level.
Logical Unit Number represents a single addressable iSCSI disk
Server that emulates a backstore to presents it as a LUN to initiators
Target LUN is logical unit itself exported by the target server
Access control list
iSCSI Qualified Name is a unique name to identify the iSCSI target server
Optional string up to 255 char describing the target
Authentication is handled by challenge-handshake protocol CHAP
CHAP initiator authentication
Mutual CHAP authentication
Demo Mode (Authentication is disabled. Default)
Storage resource that backs the LUN
This resource may be :
Entire physical device
LVM Logical volume
A client that accesses the LUNs on a target iSCSI server
iSCSI Storage Name Service used by an initiator to discover shared LUNs
Single discoverable object on a iSCSI SAN
Combination of an IP address and port
Default iSCSI listen on port 3260
More storage related links :