See all of the guides.

Part 2: Storage

iSCSI Basics

Targets provide access to the storage backend. The backend could be:

  • Physical disks
  • Partitions
  • Logical Volumes
  • Files

Servers connect to the targets using the iSCSI initiator.
Once a server is connected to the storage, devices will appear in:

  • /proc/partitions
  • The lsscsi command


  • IQN: iSCSI Qualified Name is a well structured name which needs to be unique and which is used to identify targets.
  • Initiator: The iSCSI clients that's identified by an IQN.
  • Target: The service on an iSCSI server that gives access to the backend storage.
  • Access Control List: A list of clients that are allowed access to a specific target.
  • Portal: also referred to as node. Contains the IP address and ports that a target or initiator uses to establish connections.
  • Discovery: The process where an initiator finds the targets that are configured on a portal.
  • LUN:  Logical unit which is basically the block devices that are shared through the target.
  • Login: Authentication that gives an initiator access to LUNs
  • TPG: Target Portal Group, a collection of IP addresses and TCP ports to which specific iSCSI target will listen on.

Setting up iSCSI

Prepare the Initiator

On the iSCSI clients

  • Install the iscsi-initiator-utils
    yum install -y iscsi-initiator-utils
  • Get the initiator name
    cat /etc/iscsi/initiatorname.iscsi
    The output will look simalar to:
    This will be needed when configuring target ACLs.

Target setup

On the node that will be the target run the following commands and configurations.

yum install -y targetcli

Targetcli is organized similar to a normal file system. You can use basic command like ls to view the structure.

targetcli will put you in the targetcli. From the root, type ls to see the configuration.

ls output

Create a backing store:

  • cd backstores/block
  • create dev=/dev/sdb name=sdb

Create the target

  • cd /iscsi
  • create
    The IQN format is iqn.YYYY-MM.reverse.domain:identifyer
output from iscsi create
  • Change to the LUN path:
    cd iscsi/
  • Create a LUN using the backstore created earlier:
    create /backstores/block/sdb
  • Configure ACLs
    Change to the ACL path
    cd /iscsi/
  • Create the new ACL
    This will allow access to the LUN from the specified initiator
  • Return to the top level and review the settings
Example of the targetcli configuration
  • Exit the targetcli. The configuration will automatically be saved.
Example of exit
  • Enable and start the target service
    systemctl start target
    systemctl enable target
  • Check the status of the target service
    systemctl status target
Starting and verifying the target service
  • Reboot to make sure everything is working.
    After the reboot run targetcli ls to verify the service configuration loaded.
  • Open the firewall ports
    firewall-cmd --add-service=iscsi-target --permanent
    firewall-cmd --reload

Connecting the initiator to the target

On the initiator (the iSCSI client) do the following

  • Discover the targets using the iscsiadm command
    iscsiadm --mode discoverydb --type sendtargets --portal <ip of target> --discover
  • Login to the target using iscsiadm
    iscsiadm --mode node --targetname --portal --login
  • Check the status
    iscsiadm --mode node
Example of attaching an initiator to a target

Reboot to verify everything is working properly.

Run systemctl status iscsid and lsscsi to verify the iSCSI configurations held after a reboot.

Example of iscsid after reboot

Review the man pages for iscsiadm for all of the available options.
man iscsiadm

Configuring LVM over iSCSI

Once the initiator is configured and the target is attached, the rest of the configuration is as if the disk was locally attached.

  • Create the volume group
    vgcreate vgsan /dev/sdc
  • Create the logial volume
    lvcreate -l 100%FREE -n lvsan vgsan
  • Put a filesystem on the new volume
    mkfs.ext4 /dev/vgsan/lvsan
  • Add an entry to fstab is the volume is to be mounted at boot.
    /dev/vgsan/lvsan /san ext4 _netdev 0 0
    The _netdev is extreamly important since the fstab loads before networking. The _netdev will tell the system to wait for networking before mounting the volume.
  • Run mount -a to mount the new volume. Check it mounted using df -h. You should see a line simalar to:
    /dev/mapper/vgsan-lvsan  988M  2.6M  919M   1% /san
Exam hint: Now would be a great time to restart the client and server to verify everything works. Shutdown client, reboot server, start client

For even more RHEL/CentOS based SAN configurations check out the Books.