Home » Blog » Installing and Configuring an iSCSI Storage Server on CentOS 7

Information

Installing and Configuring an iSCSI Storage Server on CentOS 7

Benhcmark Administrator

02/11/2025

1 View 0

SaveSavedRemoved 0

How to Set Up an iSCSI Storage Server on CentOS 7: A Comprehensive Guide

In modern IT environments, flexible and scalable storage solutions are essential. While dedicated Storage Area Networks (SANs) can be expensive, iSCSI offers a powerful and cost-effective alternative by allowing you to transmit standard SCSI commands over your existing Ethernet network. This transforms a standard server into a robust block-level storage device that other servers can access as if it were a local drive.

This guide provides a detailed walkthrough for installing and configuring an iSCSI storage server, also known as an iSCSI target, on a CentOS 7 system. We will also cover how to connect to this storage from a client machine, known as the iSCSI initiator.

What is iSCSI?

iSCSI (Internet Small Computer System Interface) is a storage networking protocol that enables you to access block-level storage devices over a TCP/IP network. In simple terms, it makes a remote disk drive appear as a local disk to your operating system. This is incredibly useful for:

• Centralized storage for virtual machines.
• Creating shared storage for database clusters.
• Expanding server storage without adding physical drives.
• Building cost-effective SAN solutions using standard network hardware.

Prerequisites

Before you begin, ensure you have the following:

• Two servers running CentOS 7 (one for the target, one for the initiator).
• Root or sudo privileges on both servers.
• A static IP address configured on the iSCSI target server. It’s highly recommended to use a dedicated network or VLAN for storage traffic to ensure performance and security.

Step 1: Install the iSCSI Target Software

The first step is to install the necessary software on the server that will act as your storage provider. The targetcli package provides the tools needed to create and manage iSCSI targets on Linux.

Open a terminal on your designated target server and run the following command:

sudo yum install targetcli -y

This command installs the targetcli utility, which is a user-friendly shell for configuring all aspects of your iSCSI storage.

Step 2: Prepare the Storage Backend

Your iSCSI target needs a source for the storage it will provide. This can be a physical disk, a partition, or, most flexibly, a Logical Volume Manager (LVM) volume. Using LVM is a best practice as it allows you to easily manage, resize, and snapshot your storage.

Let’s create a 10GB Logical Volume to use as our storage backend. First, identify an available disk or partition using lsblk or fdisk -l. For this example, we’ll assume /dev/sdb is an empty disk.

1. Create a Physical Volume:

   sudo pvcreate /dev/sdb
   

2. Create a Volume Group:

   sudo vgcreate iscsi_vg /dev/sdb
   

3. Create a Logical Volume:
   bash
sudo lvcreate -L 10G -n iscsi_lv iscsi_vg


You now have a 10GB logical volume at /dev/iscsi_vg/iscsi_lv ready to be exported via iSCSI.

Step 3: Configure the iSCSI Target with targetcli

Now we will use the targetcli interactive shell to configure the storage. This process involves creating a backstore, a target, a LUN, and an ACL.

Launch the targetcli shell:

sudo targetcli

You will now be inside the targetcli configuration environment.

1. Create a Block Backstore: A backstore is the actual storage you are making available. We will use the LVM volume we just created.

   /> /backstores/block create storage1 /dev/iscsi_vg/iscsi_lv
   

   This command creates a block backstore named storage1 that points to our logical volume.

2. Create the iSCSI Target: The target has a unique name called an IQN (iSCSI Qualified Name). The standard format is iqn.yyyy-mm.naming-authority:unique-name.

   /> /iscsi create iqn.2024-05.com.example:storage-server
   

   This creates a new iSCSI target. You can list targets with the ls command to see the new structure.

3. Create the LUN: A LUN (Logical Unit Number) links your backstore storage to the target. LUN 0 is typically the first one created.

   /> /iscsi/iqn.2024-05.com.example:storage-server/tpg1/luns create /backstores/block/storage1
   

   This makes the storage1 backstore available as LUN 0 under our target.

4. Configure the ACL: The ACL (Access Control List) defines which clients (initiators) are allowed to connect. You will need the IQN of your client machine for this step. You can usually find it in /etc/iscsi/initiatorname.iscsi on the client. Let’s assume the client’s IQN is iqn.2024-05.com.example:client1.

   /> /iscsi/iqn.2024-05.com.example:storage-server/tpg1/acls create iqn.2024-05.com.example:client1
   

   This rule explicitly grants access to the initiator named iqn.2024-05.com.example:client1. This is a critical security step to prevent unauthorized access to your storage.

5. Save Configuration and Exit:
   
/> saveconfig
/> exit

   The saveconfig command makes your changes persistent across reboots.

Step 4: Configure the Firewall

The iSCSI protocol uses TCP port 3260. You must open this port in your firewall to allow clients to connect to the target server.

sudo firewall-cmd --permanent --add-port=3260/tcp
sudo firewall-cmd --reload

Step 5: Enable and Start the Target Service

Finally, ensure the iSCSI target service starts automatically on boot and is running now.

sudo systemctl enable target
sudo systemctl start target

Your iSCSI target server is now fully configured and ready to accept connections.

Connecting from an iSCSI Initiator (Client)

On your client server, you need to install the initiator tools, discover the target, and log in.

1. Install Initiator Utilities:

   sudo yum install iscsi-initiator-utils -y
   

2. Discover the Target: Use the iscsiadm command to discover the available targets on your storage server. Replace 192.168.1.100 with your target server’s IP address.

   sudo iscsiadm -m discovery -t sendtargets -p 192.168.1.100
   

   This should return the IQN of the target we configured earlier.

3. Log in to the Target:

   sudo iscsiadm -m node -T iqn.2024-05.com.example:storage-server -p 192.168.1.100 -l
   

   If successful, you will see a confirmation message.

4. Verify the New Disk: You can now verify that a new block device is available on your client machine. Run lsblk or dmesg | tail. You should see a new disk (e.g., /dev/sdc), which is your network-attached iSCSI storage. You can now partition, format, and mount it like any other local disk.

Security Tip: Enable CHAP Authentication

For an added layer of security, it is highly recommended to enable CHAP (Challenge-Handshake Authentication Protocol). This requires the initiator to authenticate with a username and password before being granted access.

On the target server, within targetcli:

1. Enable Authentication:

   /> /iscsi/iqn.2024-05.com.example:storage-server/tpg1 set attribute authentication=1
   

2. Set Credentials for the ACL:

   /> /iscsi/iqn.2024-05.com.example:storage-server/tpg1/acls/iqn.2024-05.com.example:client1 set auth userid=myuser password=mysecretpassword
   

3. Save and Exit:
   
/> saveconfig
/> exit


On the initiator (client) machine, you must edit /etc/iscsi/iscsid.conf and uncomment/set the following lines:

node.session.auth.authmethod = CHAP
node.session.auth.username = myuser
node.session.auth.password = mysecretpassword

After updating the configuration, restart the iscsid service (sudo systemctl restart iscsid) and log in to the target again. This ensures that only clients with the correct credentials can access your storage.

Source: https://kifarunix.com/how-install-and-configure-iscsi-storage-server-on-centos-7/