Internet Small Computer System Interface (iSCSI) is an IP-based standard for connecting storage devices. iSCSI uses IP networks to encapsulate SCSI commands, allowing data to be transferred over long distances. iSCSI provides shared storage among a number of client systems. Storage devices are attached to servers (targets). Client systems (initiators) access the remote storage devices over IP networks. To the client systems, the storage devices appear to be locally attached. iSCSI uses the existing IP infrastructure and does not require any additional cabling, as is the case with Fibre Channel (FC) storage area networks.


Installing targetcli


1. RHEL/CentOS 7 uses the Linux-IO (LIO) kernel target subsystem for iSCSI. In addition to iSCSI, LIO supports a number of storage fabrics including Fibre Channel over Ethernet (FCoE), iSCSI access over Mellanox InfiniBand networks (iSER), and SCSI access over Mellanox InfiniBand networks (SRP). In RHEL 7, all storage fabrics are managed with the targetcli utility.


To configure RHEL system as an iSCSI server, begin by installing the targetcli software package:

# yum install targetcli


2. Installing the targetcli software package also installs the python-rtslib package, which provides the /usr/lib/systemd/system/target.service file. Before using the targetcli utility to create, delete, and view storage targets, use the systemctl command to enable and start the target service on the iSCSI server.

# systemctl enable target
Created symlink from /etc/systemd/system/ to /usr/lib/systemd/system/target.service.


# systemctl start target


Adding the device


1. Add the disk /dev/xvdf as iSCSI device under Backstores /backstores/block. Backstores are local storage resources that the kernel target uses to “back” the SCSI devices it exports.

 # targetcli 

/> cd /backstores/block/
/backstores/block> create disk0 /dev/xvdf
Created block storage object disk0 using /dev/xvdf.


2. Verify the New device using “ls” under the /backstores/block directory of targetcli command line.


Create new IQN


1. The following example uses the create command to create an IQN (iSCSI Qualified Name) with a target. Use the create command without any arguments to create an iSCSI target by using a default target name. By default, the target is identified by an “iqn” identifier. This is an iSCSI Qualified Name (IQN), which uniquely identifies a target.

cd /iscsi 
/iscsi> create
Created target
Created TPG 1.
Global pref auto_add_default_portal=true
Created default portal listening on all IPs (, port 3260.


2. Verify the newly create IQN using ls command under /iscsi directory.


Setting up the ACL

Access Control Lists (ACLs) restrict access to LUNs from remote systems. You can create an ACL for each initiator to enforce authentication when the initiator connects to the target. This allows you to give a specific initiator exclusive access to a specific target.


1. Before you can create an ACL, you will have to find out the initiator name from your client (iscsi-initiator). Use the command below on the client to get the initiator name.

[root@initiator ~]# cat /etc/iscsi/initiatorname.iscsi 


2. The following example uses the create command to create an ACL for an initiator. From the targetcli shell, begin by using the cd command to change to the acls directory within the [target/TGP] hierarchy. Use the initiator name you just obtained from the command above.

 cd /iscsi/ 
/iscsi/iqn.20...721/tpg1/acls> create
Created Node ACL for


3. Verify the new ACL you have just setup.


Creating Target Portal Group (TPG)


A default Target Portal Group (TPG) is created when you create a new IQN. A network portal is an IP address:port pair. An iSCSI target is accessed by remote systems through the network portal. The default portal of allows the iSCSI server to listen on all IPv4 addresses on port 3260. You can delete the default portal and configure portals as needed. Both IPv4 and IPv6 addresses are supported.


1. As you can see in the command below the default TGP is already created.

/> cd /iscsi/
/iscsi/iqn.20.../tpg1/portals> ls 


2. To allow remote systems to access an iSCSI target on port 3260, either disable the firewalld service on the iSCSI server or configure firewalld to trust the 3260/tcp port. The following example uses firewall-cmd to open the 3260/tcp port for the firewalld service.

# firewall-cmd --permanent --add-port=3260/tcp 


If you include the –permanent option when adding a port, use the firewall-cmd command to reload the configuration.

 # firewall-cmd –reload


Adding iSCSI disks to the TPG


1. Now we need to add the Disk (disk0) we created earlier in this post to the default TPG.

/> cd /iscsi/ 
/iscsi/iqn.20...721/tpg1/luns> create /backstores/block/disk0 
Created LUN 0.
Created LUN 0->0 mapping in node ACL 


2. Verify your configuration.


Save the configuration


The last step is to save the configuration using the “saveconfig” command. Make sure you run the command from the “/” directory, otherwise it will fail.

/> saveconfig
Last 10 configs saved in /etc/target/backup.
Configuration saved to /etc/target/saveconfig.json 


Configuring the iSCSI initiator


1. On your iscsi-initiator run a discovery against the target to verify your iqn is available.

iscsiadm --mode discoverydb --type sendtargets --portal [ip-of-target] --discover


2. Login into the target.

# iscsiadm --mode node --targetname --portal [ip-of-target] --login
Logging in to [iface: default, target:, portal: [ip-of-target],3260] (multiple)
Login to [iface: default, target:, portal: [ip-of-target],3260] successful. 


3. Verify if you can see the new iSCSI storage.

# cat /proc/scsi/scsi 
Attached devices:
Host: scsi2 Channel: 00 Id: 00 Lun: 00
  Vendor: LIO-ORG  Model: disk0            Rev: 4.0 
  Type:   Direct-Access                    ANSI  SCSI revision: 05 


Was this answer helpful? 0 Users Found This Useful (0 Votes)