Part 2: Storage
iSCSI Basics
Targets provide access to the storage backend. The backend could be:
- Physical disks
- Partitions
- Logical Volumes
- Files
Servers connect to the targets using the iSCSI initiator.
Once a server is connected to the storage, devices will appear in:
- /proc/partitions
- The lsscsi command
Terminology:
- IQN: iSCSI Qualified Name is a well structured name which needs to be unique and which is used to identify targets.
- Initiator: The iSCSI clients that's identified by an IQN.
- Target: The service on an iSCSI server that gives access to the backend storage.
- Access Control List: A list of clients that are allowed access to a specific target.
- Portal: also referred to as node. Contains the IP address and ports that a target or initiator uses to establish connections.
- Discovery: The process where an initiator finds the targets that are configured on a portal.
- LUN: Logical unit which is basically the block devices that are shared through the target.
- Login: Authentication that gives an initiator access to LUNs
- TPG: Target Portal Group, a collection of IP addresses and TCP ports to which specific iSCSI target will listen on.
Setting up iSCSI
Prepare the Initiator
On the iSCSI clients
- Install the iscsi-initiator-utils
yum install -y iscsi-initiator-utils
- Get the initiator name
cat /etc/iscsi/initiatorname.iscsi
The output will look simalar to:
InitiatorName=iqn.1994-05.com.redhat:f18e8fb397e8
This will be needed when configuring target ACLs.
Target setup
On the node that will be the target run the following commands and configurations.
yum install -y targetcli
Targetcli is organized similar to a normal file system. You can use basic command like ls to view the structure.
targetcli
will put you in the targetcli. From the root, type ls
to see the configuration.

Create a backing store:
cd backstores/block
create dev=/dev/sdb name=sdb
Create the target
cd /iscsi
create wwn=iqn.2019-03.com.example:diskb
The IQN format is iqn.YYYY-MM.reverse.domain:identifyer

- Change to the LUN path:
cd iscsi/iqn.2019-03.com.example:diskb/tpg1/luns
- Create a LUN using the backstore created earlier:
create /backstores/block/sdb
- Configure ACLs
Change to the ACL path
cd /iscsi/iqn.2019-03.com.example:diskb/tpg1/acls
- Create the new ACL
create wwn=iqn.1994-05.com.redhat:f18e8fb397e8
This will allow access to the LUN from the specified initiator - Return to the top level and review the settings

- Exit the targetcli. The configuration will automatically be saved.

- Enable and start the target service
systemctl start target
systemctl enable target
- Check the status of the target service
systemctl status target

- Reboot to make sure everything is working.
After the reboot runtargetcli ls
to verify the service configuration loaded. - Open the firewall ports
firewall-cmd --add-service=iscsi-target --permanent
firewall-cmd --reload
Connecting the initiator to the target
On the initiator (the iSCSI client) do the following
- Discover the targets using the iscsiadm command
iscsiadm --mode discoverydb --type sendtargets --portal <ip of target> --discover
- Login to the target using iscsiadm
iscsiadm --mode node --targetname iqn.2019-03.com.example:diskb --portal 192.168.4.210:3260 --login
- Check the status
iscsiadm --mode node

Reboot to verify everything is working properly.
Run systemctl status iscsid
and lsscsi
to verify the iSCSI configurations held after a reboot.

Review the man pages for iscsiadm for all of the available options. man iscsiadm
Configuring LVM over iSCSI
Once the initiator is configured and the target is attached, the rest of the configuration is as if the disk was locally attached.
- Create the volume group
vgcreate vgsan /dev/sdc
- Create the logial volume
lvcreate -l 100%FREE -n lvsan vgsan
- Put a filesystem on the new volume
mkfs.ext4 /dev/vgsan/lvsan
- Add an entry to fstab is the volume is to be mounted at boot.
/dev/vgsan/lvsan /san ext4 _netdev 0 0
The _netdev is extreamly important since the fstab loads before networking. The _netdev will tell the system to wait for networking before mounting the volume. - Run
mount -a
to mount the new volume. Check it mounted usingdf -h
. You should see a line simalar to:
/dev/mapper/vgsan-lvsan 988M 2.6M 919M 1% /san
Exam hint: Now would be a great time to restart the client and server to verify everything works. Shutdown client, reboot server, start client
For even more RHEL/CentOS based SAN configurations check out the Books.