Home » Blog » Setting Up an iSCSI Storage Server on Ubuntu 24.04

Information

Setting Up an iSCSI Storage Server on Ubuntu 24.04

Benhcmark Administrator

18/10/2025

3 Views 0

SaveSavedRemoved 0

How to Set Up an iSCSI Storage Server on Ubuntu 24.04: A Comprehensive Guide

In modern IT environments, centralized storage is a cornerstone of efficiency, scalability, and data management. While there are many ways to share files, sharing block-level storage over a network provides a robust solution for everything from virtualization clusters to high-performance databases. This is where iSCSI (Internet Small Computer System Interface) comes in, allowing you to create a powerful Storage Area Network (SAN) using standard Ethernet infrastructure.

This guide provides a step-by-step walkthrough for configuring an iSCSI storage server, known as a Target, on Ubuntu 24.04. We will also cover how to connect to this storage from another machine, known as an Initiator.

What You’ll Need Before You Begin

To follow this tutorial, you will need two systems running Ubuntu 24.04:

• The iSCSI Target: This is the server that will host the storage. It should have available disk space that you can allocate—this can be a dedicated hard drive, an LVM volume, or even a file-based storage block.
• The iSCSI Initiator: This is the client machine that will connect to the target and use the storage as if it were a local disk.
• Network Connectivity: Both machines must be on the same network and able to communicate with each other. For best performance, a dedicated, high-speed network is recommended.
• Privileges: You will need sudo or root access on both systems.

Step 1: Installing and Configuring the iSCSI Target Server

The first phase involves setting up the server that will share its storage. We’ll use the LIO kernel target engine, which is the standard in modern Linux systems.

1. Install the Target Software

The necessary tools are packaged in targetcli-fb. Open a terminal on your designated server and run the following command to install it:

sudo apt update
sudo apt install -y targetcli-fb

This package provides the targetcli utility, an interactive shell for managing storage targets.

2. Prepare Your Storage Block

Next, you need to create the storage resource that will be shared. You have several options:

• A whole, unformatted disk (/dev/sdb)
• A disk partition (/dev/sdb1)
• An LVM Logical Volume
• A file-based image

For this guide, we will create a 20GB file-based block device, which is excellent for testing and development.

sudo fallocate -l 20G /var/lib/iscsi_storage.img

This command quickly creates a 20GB file that can be treated as a raw block device.

3. Configure the Target with targetcli

Now it’s time to define how the storage will be presented over the network. Launch the targetcli interactive shell:

sudo targetcli

You will now be inside the targetcli prompt. Follow these commands precisely.

A. Create a Block Backstore:
A backstore maps a local storage resource (our file) to a name that the iSCSI target can use.

/> /backstores/fileio create storage_disk /var/lib/iscsi_storage.img

B. Create an iSCSI Target IQN:
An iSCSI Qualified Name (IQN) is a unique, worldwide-valid name for your target. The standard format is iqn.yyyy-mm.naming-authority:unique-name. The tool can generate one for you.

/> /iscsi create

This command will automatically create a uniquely named IQN, such as iqn.2003-01.org.linux-iscsi.ubuntu-server.x8664:sn.somenumber.

C. Create a Network Portal:
The portal defines the IP address and port the target will listen on for connections. By default, it listens on all IP addresses on the standard iSCSI port (3260). We will stick with this default.

D. Associate the Backstore with the Target (Create a LUN):
A Logical Unit Number (LUN) is a numbered device that the client will see. We need to link our storage_disk backstore to our target as LUN 0. Navigate to your newly created IQN (use ls to see the full name) and create the LUN.

/> /iscsi/iqn.2003-01.org.linux-iscsi.ubuntu-server.x8664:sn.somenumber/tpg1/luns create /backstores/fileio/storage_disk

Note: Replace the IQN with the one generated on your system.

E. Create an Access Control List (ACL):
For security, we need to specify which initiators are allowed to connect. First, find the IQN of your client machine by running this command on the client:

cat /etc/iscsi/initiatorname.iscsi

It will output a line like InitiatorName=iqn.1993-08.org.debian:01:uniquenode. Copy this name.

Now, back on the server’s targetcli shell, create an ACL for that client:

/> /iscsi/iqn.2003-01.org.linux-iscsi.ubuntu-server.x8664:sn.somenumber/tpg1/acls create iqn.1993-08.org.debian:01:uniquenode

Note: Replace both the server IQN and the client IQN with your actual values.

4. Save Configuration and Exit

Your configuration is complete, but it’s only stored in memory. Save it so it persists after a reboot.

/> saveconfig
Configuration saved to /etc/target/saveconfig.json
/> exit

Finally, ensure the target service is running and enabled at boot:

sudo systemctl enable --now targetclid

Step 2: Connecting the Client with the iSCSI Initiator

With the target server configured, let’s move to the client machine to connect to the shared storage.

1. Install the Initiator Software

The open-iscsi package contains the necessary tools for the client.

sudo apt update
sudo apt install -y open-iscsi

2. Discover the iSCSI Target

The first step is to ask the server what targets it is offering. This is called discovery.

sudo iscsiadm -m discovery -t sendtargets -p SERVER_IP_ADDRESS

Replace SERVER_IP_ADDRESS with the actual IP address of your iSCSI target server. If successful, it will print the IQN of the target you configured.

3. Log In to the Target

Once discovered, you can connect (log in) to the target. This will attach the network storage to your client system as a block device.

sudo iscsiadm -m node -T TARGET_IQN -p SERVER_IP_ADDRESS --login

Replace TARGET_IQN with the name discovered in the previous step and SERVER_IP_ADDRESS with your server’s IP.

4. Verify the Connection

If the login was successful, you should now see a new disk attached to your system. You can verify this with several commands:

lsblk

Look for a new disk (e.g., /dev/sdb, /dev/sdc). You can also check the kernel messages:

dmesg | tail

You should see messages indicating a new SCSI disk has been attached.

Step 3: Formatting and Mounting the New iSCSI Drive

The new disk is attached but is completely raw. To use it, you need to format and mount it like any other local drive.

1. Create a Partition and Filesystem:
   Use your favorite tool like fdisk or parted to create a partition. For simplicity, we’ll format the entire disk (/dev/sdb in this example) with an ext4 filesystem.
   Warning: Ensure you are using the correct device name to avoid data loss.

   sudo mkfs.ext4 /dev/sdb
   

2. Mount the Filesystem:
   Create a directory to serve as the mount point and mount the new filesystem.

   sudo mkdir /mnt/iscsi-storage
   sudo mount /dev/sdb /mnt/iscsi-storage
   

3. Ensure Automatic Mounting on Boot:
   To make the connection persistent across reboots, you need to edit /etc/fstab. However, because this is a network device, you must add the _netdev option. This tells the system to wait until the network is fully up before attempting to mount the drive.

   First, get the UUID of the new filesystem:

   sudo blkid /dev/sdb
   

   Copy the UUID value. Now, edit /etc/fstab:

   sudo nano /etc/fstab
   

   Add the following line to the end of the file, replacing the UUID and device path as needed:

   UUID="your-device-uuid"  /mnt/iscsi-storage  ext4  _netdev,defaults  0  0
   

   The _netdev option is crucial. Without it, your system may fail to boot correctly as it tries to mount a network drive that isn’t available yet.

Enhancing Security with CHAP Authentication

By default, our setup allows any initiator with the correct IQN to connect. For a more secure environment, you should use CHAP (Challenge-Handshake Authentication Protocol) to require a username and password.

1. On the Target Server (in targetcli):
   Set a user ID and password for the client’s ACL.

   sudo targetcli
   /> /iscsi/TARGET_IQN/tpg1/acls/CLIENT_IQN set auth userid=myuser
   /> /iscsi/TARGET_IQN/tpg1/acls/CLIENT_IQN set auth password=SuperSecretPassword123
   /> saveconfig
   /> exit
   

2. On the Initiator (Client):
   Edit the main iSCSI configuration file to provide these credentials.

   sudo nano /etc/iscsi/iscsid.conf
   

   Find and uncomment/edit the following lines:

   node.session.auth.authmethod = CHAP
   node.session.auth.username = myuser
   node.session.auth.password = SuperSecretPassword123
   

   Save the file, and then restart the open-iscsi service:

   sudo systemctl restart open-iscsi.service
   

   Finally, log out and log back in to the target for the changes to take effect:

   sudo iscsiadm -m node -T TARGET_IQN -p SERVER_IP_ADDRESS --logout
   sudo iscsiadm -m node -T TARGET_IQN -p SERVER_IP_ADDRESS --login
   

Your connection is now secured with CHAP authentication, preventing unauthorized access to your storage.

Source: https://kifarunix.com/install-and-configure-iscsi-storage-server-on-ubuntu-24-04/