Linux iSCSI Targets Management
Contents
Scope of This Document
Yet another topic that I keep forgetting all of the syntax. I had it memorized long enough to pass my redhat assessments :)
One of the issues I always run into with iscsi use, is how to add and remove targets while the server is running. You have to assume that you might have more than one initiator logged in, and if you want to remove initiator B's targets from the iscsi server while initiator A's targets remain unchanged, you have do do this without restarting the tgtd daemon (ie.. if you restart the tgtd daemon, you will interrupt initiator A's file systems). Creating and starting iscsi targets is the easy part... removing them gracefully is the real trick.
Necessary Packages
For the iSCSI server, we need scsi-target-utils, and its dependencies.
yum install scsi-target-utils
Creating a Target
First, ensure your tgtd is started, and set to start every time you reboot.
/etc/init.d/tgtd start chkconfig tgtd on
A target contains a unique identifier called an IQN. Here is how IQN is formed based on the RFC:
Naming String defined by
Type Date Auth "example.com" naming authority
+--++-----+ +---------+ +-----------------------------+
| || | | | | |
iqn.1992-01.com.example:storage:diskarrays-sn-a8675309
iqn.1992-01.com.example
iqn.1992-01.com.example:storage.tape1.sys1.xyz
iqn.1992-01.com.example:storage.disk2.sys1.xyz
My IQN looks like this:
iqn.2012-08.local.dfwlp:storage.dlp-centos6.iscsi01
Thus, i designate:
- 2012-08 - as the year/month i created the dfwlp.local domain. I truth, i actually use it as when i created this particular iscsi target. Its purely cosmetic, and you can make it say whatever year/month you like.
- local.dfwlp - is the domain I claim authority over. Again, this is purely cosmetic, and you can make it say what ever you like.
- storage - device type. Cosmetic.
- dlp-centos6 - source server the device type is on. Cosmetic.
- iscsi01 - the target name. Cosmetic.
As long as its [iqn][date][naming auth][string definition], you can use whatever you like. Between my example and the RFC example, you can come up with your own iqn that suits your use.
So now since our tgtd is running and set to auto start, and now we know what we will use to set as our iqn, we will create a target.
tgtadm --lld iscsi --op new --mode target --tid=1 --targetname iqn.2012-08.local.dfwlp:storage.dlp-centos6.iscsi01
Creating a Device
Now we need a device to associate in to our target. My preference is to use LVM. this way i can take a 2TB volume group, and use each logical volume like a LUN on an iscsi SAN. each one can belong to a different target, thus, can be assigned to any server i want... all from the same physical disk (via LVM).
tgtadm --lld iscsi --op new --mode logicalunit --tid=1 --lun=1 --backing-store /dev/vg01/lv_iscsi01
so what we see above is:
- --lld iscsi - is the device type. iscsi is what were
- --op new - is out operation to create a new device
- --mode logicalunit - add a logical unit as a LUN that will be published to inbound iscsi-initiator connections
- --tid 1 - is our target id that we already created above.
- --lun 1 - designate the LUN number of the device we are creating. (*note that the target is LUN0*)
- --backing-store - is the actual device we are sharing out. As stated above, we are sharing a logical volume called lv_iscsi01 from the volume group called vg01.
And now we bind it to an ACL.
tgtadm --lld iscsi --op bind --mode target --tid=1 --initiator-address 192.168.125.54
The above statement prevents any system except the one with the initiator's IP address 192.168.125.54 from logging in. Generally, you do not want more than one computer accessing and mounting a hard drive (but there are of course exceptions to this). Another option is "--initiator-address ALL".
- NOTE* keep in mind, this ACL is for the target.. not the LUN. All LUNs in this target will be available to the initiator that logs in. If you need to only give this LUN to one computer, and you have another LUN you want to give to another computer via ACL... then you should create a new target.
Now dump your current running config to /etc/tgt/targets.conf (and we will make a backup first, in case we want to read the example again later)
cp /etc/tgt/targets.conf /etc/tgt/targets.conf.bak tgt-admin --dump > /etc/tgt/targets.conf
Finally, check the current running status of your target.
tgt-admin -s
Unbinding a Device
First, ensure that the LUN is not mounted from the initiator. Remove the ACL.
tgtadm --lld iscsi --op unbind --mode target --tid=1 --initiator-address 192.168.125.54
Remove the LUN.
tgtadm --lld iscsi --op delete --mode logicalunit --tid=1 --lun=1
Removing a Target
Last, we remove the target.
tgtadm --lld iscsi --op delete --mode target --tid=1
Save your empty config back to your targets.conf... or youll get a surprise on your next reboot.
tgt-admin --dump > /etc/tgt/targets.conf
The Short Version
tgtadm --lld iscsi --op new --mode target --tid=1 --targetname iqn.2012-08.local.dfwlp:storage.dlp-centos6.iscsi01
tgtadm --lld iscsi --op new --mode logicalunit --tid=1 --lun=1 --backing-store /dev/vg01/lv_iscsi01
tgtadm --lld iscsi --op bind --mode target --tid=1 --initiator-address 192.168.125.54
tgt-admin --dump > /etc/tgt/targets.conf
tgtadm --lld iscsi --op unbind --mode target --tid=1 --initiator-address 192.168.125.54
tgtadm --lld iscsi --op delete --mode logicalunit --tid=1 --lun=1
tgtadm --lld iscsi --op delete --mode target --tid=1
tgt-admin --dump > /etc/tgt/targets.conf
Other Notes
- the --backing-store can be any device. It doesnt have to be a logical volume from a volume group like i use in my example, it can be /dev/sdb1 or other unclaimed partition.
- if you do need more than one server to be able to access the target, just reissue the "--op bind" command with the other IP addresses. this would be used if you have a clustered/shared file system between multiple systems.
- you can add more than one logical unit to a target. just reissue the "--op new --mode logicalunit" command against another partition such as /dev/vg01/lv_iscsi02
- to create a new target, just reissue the "--op new --mode target" command and increment the iqn target name string by 1. example: iqn.2012-08.local.dfwlp:storage.dlp-centos6.iscsi02
