Diferencia entre revisiones de «ISCSI»
De jagfloriano.com
Ir a la navegaciónIr a la búsqueda
| (No se muestran 36 ediciones intermedias del mismo usuario) | |||
| Línea 1: | Línea 1: | ||
== Introducción == | == iSCSI == | ||
=== Introducción === | |||
El protocolo '''iSCSI (Internet Small Computer Systems Interface)''' permite proporcionar '''acceso a dispositivos de bloques a través de una red IP''', utilizando TCP/IP como transporte. | |||
A diferencia de protocolos de compartición de archivos como '''NFS''' o '''Samba''', iSCSI '''no exporta ficheros ni directorios''', sino '''dispositivos de bloques completos'''. Desde el punto de vista del sistema cliente, un recurso iSCSI se comporta como un '''disco duro local''', accesible a bajo nivel. | |||
iSCSI no | |||
El dispositivo iSCSI se presenta '''en bruto''', sin necesidad de tabla de particiones ni sistema de ficheros preexistente, ya que estas tareas quedan bajo el control del '''initiator''' (cliente). | |||
ni sistema de ficheros, ya que estas tareas quedan bajo el control del cliente | |||
Una de las características más relevantes de iSCSI es que | Una de las características más relevantes de iSCSI es que '''un mismo dispositivo de bloques puede ser accesible simultáneamente por varios clientes'''. | ||
Esto '''no implica control de concurrencia''', por lo que el acceso simultáneo debe gestionarse mediante capas adicionales (clúster, lock manager, filesystem distribuido, etc.). El protocolo iSCSI '''no impone restricciones en este sentido. | |||
Gracias a esto, iSCSI se convierte en una alternativa '''mucho más económica''' frente a tecnologías como '''Fibre Channel''', manteniendo compatibilidad con la mayoría de sistemas operativos actuales y utilizando infraestructura de red estándar. | |||
''' | |||
iSCSI se emplea habitualmente en '''redes de almacenamiento''', donde se busca aislar el tráfico de datos y mejorar la seguridad. Además, incorpora mecanismos propios de autenticación y control de acceso, como '''CHAP''', que se utilizarán a lo largo de este laboratorio. | |||
Antes de comenzar con la configuración práctica, es importante familiarizarse con la terminología básica del protocolo. | |||
=== Terminología básica === | === Terminología básica === | ||
{| class="wikitable" | |||
! Término !! Descripción | |||
|- | |||
| '''Unidad lógica (LUN)''' | |||
| Dispositivo de bloques que se comparte desde el servidor iSCSI. Puede tratarse de discos duros, particiones o volúmenes lógicos. | |||
|- | |||
| '''Target''' | |||
| Recurso exportado por el servidor iSCSI que contiene una o varias LUN. Un cliente se conecta a un target mediante una única sesión y puede acceder a todos los dispositivos asociados. | |||
|- | |||
| '''Initiator''' | |||
| Cliente iSCSI que establece la conexión con el target para acceder a los dispositivos de bloques compartidos. | |||
|- | |||
| '''Multipath''' | |||
| Mecanismo que garantiza la disponibilidad del dispositivo remoto cuando existen múltiples rutas entre el initiator y el target. | |||
|- | |||
| '''IQN''' | |||
| Identificador único utilizado para nombrar recursos iSCSI. Sigue el formato: <code>iqn.año-mes.dominio_invertido:nombre</code> | |||
|- | |||
| '''iSNS''' | |||
| Protocolo que permite gestionar y descubrir recursos iSCSI de forma centralizada, de forma similar a Fibre Channel. | |||
|} | |||
== Configuración del almacenamiento ISCSI == | |||
== Configuración del almacenamiento | |||
=== Instalación de paquetes requeridos === | === Instalación de paquetes requeridos === | ||
==== Target / Server ==== | |||
Registrar el sistema en Red Hat Subscription Management: | |||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
[root@icecube ~]# subscription-manager register | [root@icecube ~]# subscription-manager register | ||
| Línea 68: | Línea 55: | ||
</syntaxhighlight> | </syntaxhighlight> | ||
Habilitar los repositorios necesarios (CRB y EPEL): | |||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
[root@icecube ~]# subscription-manager repos --enable codeready-builder-for-rhel-9-$(arch)-rpms | [root@icecube ~]# subscription-manager repos --enable codeready-builder-for-rhel-9-$(arch)-rpms | ||
Repository 'codeready-builder-for-rhel-9-x86_64-rpms' is enabled for this system. | Repository 'codeready-builder-for-rhel-9-x86_64-rpms' is enabled for this system. | ||
</syntaxhighlight> | |||
<syntaxhighlight lang="bash"> | |||
[root@icecube ~]# dnf install \ | [root@icecube ~]# dnf install \ | ||
https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm | https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm | ||
| Línea 112: | Línea 102: | ||
</syntaxhighlight> | </syntaxhighlight> | ||
Instalar paquetes requeridos: | Instalar los paquetes requeridos para el target iSCSI: | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
[root@icecube ~]# dnf --enablerepo=epel* install targetcli | [root@icecube ~]# dnf --enablerepo=epel* install targetcli | ||
| Línea 191: | Línea 181: | ||
</syntaxhighlight> | </syntaxhighlight> | ||
==== Configuración del iSCSI Target | ==== Initiator / Client ==== | ||
En los nodos clientes, instalar los paquetes necesarios: | |||
<syntaxhighlight lang="bash"> | |||
[root@nodo1 ~]# dnf -y install iscsi-initiator-utils | |||
Updating Subscription Management repositories. | |||
Red Hat Enterprise Linux 9 for x86_64 - AppStream (RPMs) 43 MB/s | 79 MB 00:01 | |||
Red Hat CodeReady Linux Builder for RHEL 9 x86_64 (RPMs) 19 MB/s | 15 MB 00:00 | |||
Red Hat Enterprise Linux 9 for x86_64 - BaseOS (RPMs) 45 MB/s | 95 MB 00:02 | |||
Package iscsi-initiator-utils-6.2.1.9-1.gita65a472.el9.x86_64 is already installed. | |||
Dependencies resolved. | |||
========================================================================================================================================================================= | |||
Package Architecture Version Repository Size | |||
========================================================================================================================================================================= | |||
Upgrading: | |||
iscsi-initiator-utils x86_64 6.2.1.11-0.git4b3e853.el9 rhel-9-for-x86_64-baseos-rpms 392 k | |||
iscsi-initiator-utils-iscsiuio x86_64 6.2.1.11-0.git4b3e853.el9 rhel-9-for-x86_64-baseos-rpms 81 k | |||
Transaction Summary | |||
========================================================================================================================================================================= | |||
Upgrade 2 Packages | |||
Total download size: 473 k | |||
Downloading Packages: | |||
(1/2): iscsi-initiator-utils-6.2.1.11-0.git4b3e853.el9.x86_64.rpm 1.6 MB/s | 392 kB 00:00 | |||
(2/2): iscsi-initiator-utils-iscsiuio-6.2.1.11-0.git4b3e853.el9.x86_64.rpm 330 kB/s | 81 kB 00:00 | |||
------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | |||
Total 1.9 MB/s | 473 kB 00:00 | |||
Red Hat Enterprise Linux 9 for x86_64 - BaseOS (RPMs) 3.1 MB/s | 3.6 kB 00:00 | |||
Importing GPG key 0xFD431D51: | |||
Userid : "Red Hat, Inc. (release key 2) <security@redhat.com>" | |||
Fingerprint: 567E 347A D004 4ADE 55BA 8A5F 199E 2F91 FD43 1D51 | |||
From : /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release | |||
Key imported successfully | |||
Importing GPG key 0x5A6340B3: | |||
Userid : "Red Hat, Inc. (auxiliary key 3) <security@redhat.com>" | |||
Fingerprint: 7E46 2425 8C40 6535 D56D 6F13 5054 E4A4 5A63 40B3 | |||
From : /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release | |||
Key imported successfully | |||
Running transaction check | |||
Transaction check succeeded. | |||
Running transaction test | |||
Transaction test succeeded. | |||
Running transaction | |||
Preparing : 1/1 | |||
Upgrading : iscsi-initiator-utils-iscsiuio-6.2.1.11-0.git4b3e853.el9.x86_64 1/4 | |||
Running scriptlet: iscsi-initiator-utils-iscsiuio-6.2.1.11-0.git4b3e853.el9.x86_64 1/4 | |||
Upgrading : iscsi-initiator-utils-6.2.1.11-0.git4b3e853.el9.x86_64 2/4 | |||
Running scriptlet: iscsi-initiator-utils-6.2.1.11-0.git4b3e853.el9.x86_64 2/4 | |||
Running scriptlet: iscsi-initiator-utils-6.2.1.9-1.gita65a472.el9.x86_64 3/4 | |||
Cleanup : iscsi-initiator-utils-6.2.1.9-1.gita65a472.el9.x86_64 3/4 | |||
Running scriptlet: iscsi-initiator-utils-6.2.1.9-1.gita65a472.el9.x86_64 3/4 | |||
Running scriptlet: iscsi-initiator-utils-iscsiuio-6.2.1.9-1.gita65a472.el9.x86_64 4/4 | |||
Cleanup : iscsi-initiator-utils-iscsiuio-6.2.1.9-1.gita65a472.el9.x86_64 4/4 | |||
Running scriptlet: iscsi-initiator-utils-iscsiuio-6.2.1.9-1.gita65a472.el9.x86_64 4/4 | |||
Verifying : iscsi-initiator-utils-6.2.1.11-0.git4b3e853.el9.x86_64 1/4 | |||
Verifying : iscsi-initiator-utils-6.2.1.9-1.gita65a472.el9.x86_64 2/4 | |||
Verifying : iscsi-initiator-utils-iscsiuio-6.2.1.11-0.git4b3e853.el9.x86_64 3/4 | |||
Verifying : iscsi-initiator-utils-iscsiuio-6.2.1.9-1.gita65a472.el9.x86_64 4/4 | |||
Installed products updated. | |||
Upgraded: | |||
iscsi-initiator-utils-6.2.1.11-0.git4b3e853.el9.x86_64 iscsi-initiator-utils-iscsiuio-6.2.1.11-0.git4b3e853.el9.x86_64 | |||
Complete! | |||
</syntaxhighlight> | |||
=== Configuración del iSCSI Target === | |||
==== Configuraciones previas: ==== | |||
Habilitar el servicio target: | Habilitar y arrancar el servicio del target: | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
[root@icecube ~]# systemctl enable --now target | [root@icecube ~]# systemctl enable --now target | ||
| Línea 213: | Línea 270: | ||
</syntaxhighlight> | </syntaxhighlight> | ||
Confirmar que existe un volumen lógico que será utilizado como LUN: | |||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
[root@icecube ~]# lsblk /dev/vg_iscsi/lv_storage | [root@icecube ~]# lsblk /dev/vg_iscsi/lv_storage | ||
| Línea 221: | Línea 278: | ||
</syntaxhighlight> | </syntaxhighlight> | ||
==== Configurar el Target ==== | |||
Verificar que no existe configuración actualmente en targetcli: | Verificar que no existe configuración actualmente en targetcli: | ||
<syntaxhighlight lang="ini"> | <syntaxhighlight lang="ini"> | ||
| Línea 295: | Línea 352: | ||
Verificación del fichero de configuracion: | Verificación del fichero de configuracion: | ||
<syntaxhighlight lang="ini"> | <syntaxhighlight lang="ini"> | ||
| Línea 463: | Línea 519: | ||
</syntaxhighlight> | </syntaxhighlight> | ||
==== Comprobación del servicio iSCSI ==== | |||
Ver estado de configuracion de targetcli: | Ver estado de configuracion de targetcli: | ||
| Línea 509: | Línea 565: | ||
</syntaxhighlight> | </syntaxhighlight> | ||
=== Configuración SELinux del Target === | |||
Ajustar contextos SELinux: | Ajustar contextos SELinux: | ||
| Línea 520: | Línea 576: | ||
</syntaxhighlight> | </syntaxhighlight> | ||
=== Configuración del iSCSI Initiator | ==== Configuración del iSCSI Initiator ==== | ||
Los siguientes pasos deben ejecutarse en | Los siguientes pasos deben ejecutarse en los nodos que queramos añadir LUNs. | ||
==== Instalación de paquetes ==== | ==== Instalación de paquetes ==== | ||
| Línea 591: | Línea 647: | ||
==== Configuración del Initiator==== | ==== Configuración del Initiator==== | ||
Estos pasos deben ejecutarse en cada nodo cliente que vaya a consumir LUNs iSCSI. | |||
Verificar el IQN del initiator: | |||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
[root@nodo1 ~]# cat /etc/iscsi/initiatorname.iscsi | [root@nodo1 ~]# cat /etc/iscsi/initiatorname.iscsi | ||
| Línea 598: | Línea 655: | ||
</syntaxhighlight> | </syntaxhighlight> | ||
vim /etc/iscsi/iscsid.conf | |||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
[root@nodo1 ~]# vim /etc/iscsi/iscsid.conf | [root@nodo1 ~]# vim /etc/iscsi/iscsid.conf | ||
| Línea 604: | Línea 661: | ||
Verificar parámetros de autenticación: | Verificar parámetros de autenticación: | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
[root@nodo1 ~]# grep -i node.session.auth /etc/iscsi/iscsid.conf|grep -v ^# | [root@nodo1 ~]# grep -i node.session.auth /etc/iscsi/iscsid.conf|grep -v ^# | ||
| Línea 611: | Línea 667: | ||
node.session.auth.password = PASSWORD2020 | node.session.auth.password = PASSWORD2020 | ||
</syntaxhighlight> | </syntaxhighlight> | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
| Línea 640: | Línea 695: | ||
==== Verificación del disco compartido ==== | ==== Verificación del disco compartido ==== | ||
Comprobar | Comprobar la sesión activa: | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
[root@nodo1 ~]# iscsiadm -m session -o show | [root@nodo1 ~]# iscsiadm -m session -o show | ||
| Línea 647: | Línea 701: | ||
</syntaxhighlight> | </syntaxhighlight> | ||
Verificar que el disco aparece en el sistema: | |||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
[root@nodo1 ~]# lsblk | [root@nodo1 ~]# lsblk | ||
Revisión actual - 13:52 3 ene 2026
iSCSI
Introducción
El protocolo iSCSI (Internet Small Computer Systems Interface) permite proporcionar acceso a dispositivos de bloques a través de una red IP, utilizando TCP/IP como transporte.
A diferencia de protocolos de compartición de archivos como NFS o Samba, iSCSI no exporta ficheros ni directorios, sino dispositivos de bloques completos. Desde el punto de vista del sistema cliente, un recurso iSCSI se comporta como un disco duro local, accesible a bajo nivel.
El dispositivo iSCSI se presenta en bruto, sin necesidad de tabla de particiones ni sistema de ficheros preexistente, ya que estas tareas quedan bajo el control del initiator (cliente).
Una de las características más relevantes de iSCSI es que un mismo dispositivo de bloques puede ser accesible simultáneamente por varios clientes. Esto no implica control de concurrencia, por lo que el acceso simultáneo debe gestionarse mediante capas adicionales (clúster, lock manager, filesystem distribuido, etc.). El protocolo iSCSI no impone restricciones en este sentido.
Gracias a esto, iSCSI se convierte en una alternativa mucho más económica frente a tecnologías como Fibre Channel, manteniendo compatibilidad con la mayoría de sistemas operativos actuales y utilizando infraestructura de red estándar.
iSCSI se emplea habitualmente en redes de almacenamiento, donde se busca aislar el tráfico de datos y mejorar la seguridad. Además, incorpora mecanismos propios de autenticación y control de acceso, como CHAP, que se utilizarán a lo largo de este laboratorio.
Antes de comenzar con la configuración práctica, es importante familiarizarse con la terminología básica del protocolo.
Terminología básica
| Término | Descripción |
|---|---|
| Unidad lógica (LUN) | Dispositivo de bloques que se comparte desde el servidor iSCSI. Puede tratarse de discos duros, particiones o volúmenes lógicos. |
| Target | Recurso exportado por el servidor iSCSI que contiene una o varias LUN. Un cliente se conecta a un target mediante una única sesión y puede acceder a todos los dispositivos asociados. |
| Initiator | Cliente iSCSI que establece la conexión con el target para acceder a los dispositivos de bloques compartidos. |
| Multipath | Mecanismo que garantiza la disponibilidad del dispositivo remoto cuando existen múltiples rutas entre el initiator y el target. |
| IQN | Identificador único utilizado para nombrar recursos iSCSI. Sigue el formato: iqn.año-mes.dominio_invertido:nombre
|
| iSNS | Protocolo que permite gestionar y descubrir recursos iSCSI de forma centralizada, de forma similar a Fibre Channel. |
Configuración del almacenamiento ISCSI
Instalación de paquetes requeridos
Target / Server
Registrar el sistema en Red Hat Subscription Management:
[root@icecube ~]# subscription-manager register
Registering to: subscription.rhsm.redhat.com:443/subscription
Username: $USER
Password:
The system has been registered with ID: dddb6e1e-049a-4ea2-8943-403ec63bb06f
The registered system name is: icecube
Habilitar los repositorios necesarios (CRB y EPEL):
[root@icecube ~]# subscription-manager repos --enable codeready-builder-for-rhel-9-$(arch)-rpms
Repository 'codeready-builder-for-rhel-9-x86_64-rpms' is enabled for this system.
[root@icecube ~]# dnf install \
https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm
Updating Subscription Management repositories.
Red Hat CodeReady Linux Builder for RHEL 9 x86_64 (RPMs) 24 MB/s | 15 MB 00:00
epel-release-latest-9.noarch.rpm 41 kB/s | 19 kB 00:00
Dependencies resolved.
===============================================================================================================================
Package Architecture Version Repository Size
===============================================================================================================================
Installing:
epel-release noarch 9-10.el9 @commandline 19 k
Transaction Summary
===============================================================================================================================
Install 1 Package
Total size: 19 k
Installed size: 26 k
Is this ok [y/N]: y
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : epel-release-9-10.el9.noarch 1/1
Running scriptlet: epel-release-9-10.el9.noarch 1/1
Many EPEL packages require the CodeReady Builder (CRB) repository.
It is recommended that you run /usr/bin/crb enable to enable the CRB repository.
Verifying : epel-release-9-10.el9.noarch 1/1
Installed products updated.
Installed:
epel-release-9-10.el9.noarch
Complete!
Instalar los paquetes requeridos para el target iSCSI:
[root@icecube ~]# dnf --enablerepo=epel* install targetcli
Updating Subscription Management repositories.
Last metadata expiration check: 0:02:26 ago on Fri 02 Jan 2026 09:50:24 PM CET.
Dependencies resolved.
======================================================================================================================================================
Package Architecture Version Repository Size
======================================================================================================================================================
Installing:
targetcli noarch 2.1.57-2.el9 rhel-9-for-x86_64-appstream-rpms 79 k
Installing dependencies:
python3-configshell noarch 1:1.1.30-1.el9 rhel-9-for-x86_64-baseos-rpms 76 k
python3-kmod x86_64 0.9-32.el9 rhel-9-for-x86_64-baseos-rpms 88 k
python3-pyparsing noarch 2.4.7-9.el9 rhel-9-for-x86_64-baseos-rpms 154 k
python3-rtslib noarch 2.1.76-1.el9 rhel-9-for-x86_64-appstream-rpms 104 k
python3-urwid x86_64 2.1.2-4.el9 rhel-9-for-x86_64-baseos-rpms 842 k
target-restore noarch 2.1.76-1.el9 rhel-9-for-x86_64-appstream-rpms 16 k
Transaction Summary
======================================================================================================================================================
Install 7 Packages
Total download size: 1.3 M
Installed size: 5.0 M
Is this ok [y/N]: y
Downloading Packages:
(1/7): python3-pyparsing-2.4.7-9.el9.noarch.rpm 1.0 MB/s | 154 kB 00:00
(2/7): python3-kmod-0.9-32.el9.x86_64.rpm 347 kB/s | 88 kB 00:00
(3/7): python3-configshell-1.1.30-1.el9.noarch.rpm 683 kB/s | 76 kB 00:00
(4/7): target-restore-2.1.76-1.el9.noarch.rpm 145 kB/s | 16 kB 00:00
(5/7): python3-rtslib-2.1.76-1.el9.noarch.rpm 900 kB/s | 104 kB 00:00
(6/7): targetcli-2.1.57-2.el9.noarch.rpm 677 kB/s | 79 kB 00:00
(7/7): python3-urwid-2.1.2-4.el9.x86_64.rpm 318 kB/s | 842 kB 00:02
---------------------------------------------------------------------------------------
Total 513 kB/s | 1.3 MB 00:02
Red Hat Enterprise Linux 9 for x86_64 - BaseOS (RPMs) 2.7 MB/s | 3.6 kB 00:00
Importing GPG key 0xFD431D51:
Userid : "Red Hat, Inc. (release key 2) <security@redhat.com>"
Fingerprint: 567E 347A D004 4ADE 55BA 8A5F 199E 2F91 FD43 1D51
From : /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
Is this ok [y/N]: y
Key imported successfully
Importing GPG key 0x5A6340B3:
Userid : "Red Hat, Inc. (auxiliary key 3) <security@redhat.com>"
Fingerprint: 7E46 2425 8C40 6535 D56D 6F13 5054 E4A4 5A63 40B3
From : /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
Is this ok [y/N]: y
Key imported successfully
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : python3-urwid-2.1.2-4.el9.x86_64 1/7
Installing : python3-pyparsing-2.4.7-9.el9.noarch 2/7
Installing : python3-configshell-1:1.1.30-1.el9.noarch 3/7
Installing : python3-kmod-0.9-32.el9.x86_64 4/7
Installing : python3-rtslib-2.1.76-1.el9.noarch 5/7
Installing : target-restore-2.1.76-1.el9.noarch 6/7
Running scriptlet: target-restore-2.1.76-1.el9.noarch 6/7
Installing : targetcli-2.1.57-2.el9.noarch 7/7
Running scriptlet: targetcli-2.1.57-2.el9.noarch 7/7
Verifying : python3-kmod-0.9-32.el9.x86_64 1/7
Verifying : python3-pyparsing-2.4.7-9.el9.noarch 2/7
Verifying : python3-urwid-2.1.2-4.el9.x86_64 3/7
Verifying : python3-configshell-1:1.1.30-1.el9.noarch 4/7
Verifying : target-restore-2.1.76-1.el9.noarch 5/7
Verifying : python3-rtslib-2.1.76-1.el9.noarch 6/7
Verifying : targetcli-2.1.57-2.el9.noarch 7/7
Installed products updated.
Installed:
python3-configshell-1:1.1.30-1.el9.noarch python3-kmod-0.9-32.el9.x86_64 python3-pyparsing-2.4.7-9.el9.noarch python3-rtslib-2.1.76-1.el9.noarch python3-urwid-2.1.2-4.el9.x86_64 target-restore-2.1.76-1.el9.noarch targetcli-2.1.57-2.el9.noarch
Complete!
Initiator / Client
En los nodos clientes, instalar los paquetes necesarios:
[root@nodo1 ~]# dnf -y install iscsi-initiator-utils
Updating Subscription Management repositories.
Red Hat Enterprise Linux 9 for x86_64 - AppStream (RPMs) 43 MB/s | 79 MB 00:01
Red Hat CodeReady Linux Builder for RHEL 9 x86_64 (RPMs) 19 MB/s | 15 MB 00:00
Red Hat Enterprise Linux 9 for x86_64 - BaseOS (RPMs) 45 MB/s | 95 MB 00:02
Package iscsi-initiator-utils-6.2.1.9-1.gita65a472.el9.x86_64 is already installed.
Dependencies resolved.
=========================================================================================================================================================================
Package Architecture Version Repository Size
=========================================================================================================================================================================
Upgrading:
iscsi-initiator-utils x86_64 6.2.1.11-0.git4b3e853.el9 rhel-9-for-x86_64-baseos-rpms 392 k
iscsi-initiator-utils-iscsiuio x86_64 6.2.1.11-0.git4b3e853.el9 rhel-9-for-x86_64-baseos-rpms 81 k
Transaction Summary
=========================================================================================================================================================================
Upgrade 2 Packages
Total download size: 473 k
Downloading Packages:
(1/2): iscsi-initiator-utils-6.2.1.11-0.git4b3e853.el9.x86_64.rpm 1.6 MB/s | 392 kB 00:00
(2/2): iscsi-initiator-utils-iscsiuio-6.2.1.11-0.git4b3e853.el9.x86_64.rpm 330 kB/s | 81 kB 00:00
------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 1.9 MB/s | 473 kB 00:00
Red Hat Enterprise Linux 9 for x86_64 - BaseOS (RPMs) 3.1 MB/s | 3.6 kB 00:00
Importing GPG key 0xFD431D51:
Userid : "Red Hat, Inc. (release key 2) <security@redhat.com>"
Fingerprint: 567E 347A D004 4ADE 55BA 8A5F 199E 2F91 FD43 1D51
From : /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
Key imported successfully
Importing GPG key 0x5A6340B3:
Userid : "Red Hat, Inc. (auxiliary key 3) <security@redhat.com>"
Fingerprint: 7E46 2425 8C40 6535 D56D 6F13 5054 E4A4 5A63 40B3
From : /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
Key imported successfully
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Upgrading : iscsi-initiator-utils-iscsiuio-6.2.1.11-0.git4b3e853.el9.x86_64 1/4
Running scriptlet: iscsi-initiator-utils-iscsiuio-6.2.1.11-0.git4b3e853.el9.x86_64 1/4
Upgrading : iscsi-initiator-utils-6.2.1.11-0.git4b3e853.el9.x86_64 2/4
Running scriptlet: iscsi-initiator-utils-6.2.1.11-0.git4b3e853.el9.x86_64 2/4
Running scriptlet: iscsi-initiator-utils-6.2.1.9-1.gita65a472.el9.x86_64 3/4
Cleanup : iscsi-initiator-utils-6.2.1.9-1.gita65a472.el9.x86_64 3/4
Running scriptlet: iscsi-initiator-utils-6.2.1.9-1.gita65a472.el9.x86_64 3/4
Running scriptlet: iscsi-initiator-utils-iscsiuio-6.2.1.9-1.gita65a472.el9.x86_64 4/4
Cleanup : iscsi-initiator-utils-iscsiuio-6.2.1.9-1.gita65a472.el9.x86_64 4/4
Running scriptlet: iscsi-initiator-utils-iscsiuio-6.2.1.9-1.gita65a472.el9.x86_64 4/4
Verifying : iscsi-initiator-utils-6.2.1.11-0.git4b3e853.el9.x86_64 1/4
Verifying : iscsi-initiator-utils-6.2.1.9-1.gita65a472.el9.x86_64 2/4
Verifying : iscsi-initiator-utils-iscsiuio-6.2.1.11-0.git4b3e853.el9.x86_64 3/4
Verifying : iscsi-initiator-utils-iscsiuio-6.2.1.9-1.gita65a472.el9.x86_64 4/4
Installed products updated.
Upgraded:
iscsi-initiator-utils-6.2.1.11-0.git4b3e853.el9.x86_64 iscsi-initiator-utils-iscsiuio-6.2.1.11-0.git4b3e853.el9.x86_64
Complete!
Configuración del iSCSI Target
Configuraciones previas:
Habilitar y arrancar el servicio del target:
[root@icecube ~]# systemctl enable --now target
[root@icecube ~]# systemctl status target
● target.service - Restore LIO kernel target configuration
Loaded: loaded (/usr/lib/systemd/system/target.service; enabled; preset: disabled)
Active: active (exited) since Fri 2026-01-02 23:10:39 CET; 2min 44s ago
Main PID: 5382 (code=exited, status=0/SUCCESS)
CPU: 49ms
Jan 02 23:10:39 icecube systemd[1]: Starting Restore LIO kernel target configuration...
Jan 02 23:10:39 icecube systemd[1]: Finished Restore LIO kernel target configuration.
[root@icecube ~]#
Confirmar que existe un volumen lógico que será utilizado como LUN:
[root@icecube ~]# lsblk /dev/vg_iscsi/lv_storage
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
vg_iscsi-lv_storage 253:2 0 40G 0 lvm
[root@icecube ~]# f
Configurar el Target
Verificar que no existe configuración actualmente en targetcli:
[root@icecube ~]# targetcli ls
o- / ......................................................................................................................... [...]
o- backstores .............................................................................................................. [...]
| o- block .................................................................................................. [Storage Objects: 0]
| o- fileio ................................................................................................. [Storage Objects: 0]
| o- pscsi .................................................................................................. [Storage Objects: 0]
| o- ramdisk ................................................................................................ [Storage Objects: 0]
o- iscsi ............................................................................................................ [Targets: 0]
o- loopback ......................................................................................................... [Targets: 0]
[root@icecube ~]#
Acceder a la consola de configuración y crear una LUN:
[root@icecube ~]# targetcli
targetcli shell version 2.1.57
Copyright 2011-2013 by Datera, Inc and others.
For help on commands, type 'help'.
/> /backstores/block create lun01 /dev/vg_iscsi/lv_storage
Created block storage object lun01 using /dev/vg_iscsi/lv_storage.
Crear el target y el backstore iSCSI:
/> /iscsi create iqn.2026-01.icecube:storage.target01
Created target iqn.2026-01.icecube:storage.target01.
Created TPG 1.
Global pref auto_add_default_portal=true
Created default portal listening on all IPs (0.0.0.0), port 3260.
/> /iscsi/iqn.2026-01.icecube:storage.target01/tpg1/luns create /backstores/block/lun01
Created LUN 0.
Configurar ACLs y autenticación CHAP:
/> /iscsi/iqn.2026-01.icecube:storage.target01/tpg1/acls create iqn.2026-01.icecube:node01.initiator01
Created Node ACL for iqn.2026-01.icecube:node01.initiator01
Created mapped LUN 0.
/> /iscsi/iqn.2026-01.icecube:storage.target01/tpg1 set attribute authentication=1
Parameter authentication is now '1'.
/> /iscsi/iqn.2026-01.icecube:storage.target01/tpg1/acls/iqn.2026-01.icecube:node01.initiator01 set auth userid=bonzo
Parameter userid is now 'bonzo'.
/> /iscsi/iqn.2026-01.icecube:storage.target01/tpg1/acls/iqn.2026-01.icecube:node01.initiator01 set auth password=PASSWORD2020
Parameter password is now 'PASSWORD2020'.
Salir y guardar la configuración:
/> exit
Global pref auto_save_on_exit=true
Last 10 configs saved in /etc/target/backup/.
Configuration saved to /etc/target/saveconfig.json
Verificación del fichero de configuracion:
[root@icecube ~]# cat /etc/target/saveconfig.json
{
"fabric_modules": [],
"storage_objects": [
{
"alua_tpgs": [
{
"alua_access_state": 0,
"alua_access_status": 0,
"alua_access_type": 3,
"alua_support_active_nonoptimized": 1,
"alua_support_active_optimized": 1,
"alua_support_offline": 1,
"alua_support_standby": 1,
"alua_support_transitioning": 1,
"alua_support_unavailable": 1,
"alua_write_metadata": 0,
"implicit_trans_secs": 0,
"name": "default_tg_pt_gp",
"nonop_delay_msecs": 100,
"preferred": 0,
"tg_pt_gp_id": 0,
"trans_delay_msecs": 0
}
],
"attributes": {
"alua_support": 1,
"block_size": 512,
"emulate_3pc": 1,
"emulate_caw": 1,
"emulate_dpo": 1,
"emulate_fua_read": 1,
"emulate_fua_write": 1,
"emulate_model_alias": 1,
"emulate_pr": 1,
"emulate_rest_reord": 0,
"emulate_rsoc": 1,
"emulate_tas": 1,
"emulate_tpu": 0,
"emulate_tpws": 0,
"emulate_ua_intlck_ctrl": 0,
"emulate_write_cache": 0,
"enforce_pr_isids": 1,
"force_pr_aptpl": 0,
"is_nonrot": 0,
"max_unmap_block_desc_count": 0,
"max_unmap_lba_count": 0,
"max_write_same_len": 65535,
"optimal_sectors": 65528,
"pgr_support": 1,
"pi_prot_format": 0,
"pi_prot_type": 0,
"pi_prot_verify": 0,
"queue_depth": 128,
"submit_type": 0,
"unmap_granularity": 0,
"unmap_granularity_alignment": 0,
"unmap_zeroes_data": 0
},
"dev": "/dev/vg_iscsi/lv_storage",
"name": "lun01",
"plugin": "block",
"readonly": false,
"write_back": false,
"wwn": "b1e53820-2d0e-4605-a66e-96ed4d4738a9"
}
],
"targets": [
{
"fabric": "iscsi",
"parameters": {
"cmd_completion_affinity": "-1"
},
"tpgs": [
{
"attributes": {
"authentication": 1,
"cache_dynamic_acls": 0,
"default_cmdsn_depth": 64,
"default_erl": 0,
"demo_mode_discovery": 1,
"demo_mode_write_protect": 1,
"fabric_prot_type": 0,
"generate_node_acls": 0,
"login_keys_workaround": 1,
"login_timeout": 15,
"prod_mode_write_protect": 0,
"t10_pi": 0,
"tpg_enabled_sendtargets": 1
},
"enable": true,
"luns": [
{
"alias": "4937399dfd",
"alua_tg_pt_gp_name": "default_tg_pt_gp",
"index": 0,
"storage_object": "/backstores/block/lun01"
}
],
"node_acls": [
{
"attributes": {
"authentication": -1,
"dataout_timeout": 3,
"dataout_timeout_retries": 5,
"default_erl": 0,
"nopin_response_timeout": 30,
"nopin_timeout": 15,
"random_datain_pdu_offsets": 0,
"random_datain_seq_offsets": 0,
"random_r2t_offsets": 0
},
"chap_password": "PASSWORD2020",
"chap_userid": "bonzo",
"mapped_luns": [
{
"alias": "612d32f2e4",
"index": 0,
"tpg_lun": 0,
"write_protect": false
}
],
"node_wwn": "iqn.2026-01.icecube:node01.initiator01"
}
],
"parameters": {
"AuthMethod": "CHAP",
"DataDigest": "CRC32C,None",
"DataPDUInOrder": "Yes",
"DataSequenceInOrder": "Yes",
"DefaultTime2Retain": "20",
"DefaultTime2Wait": "2",
"ErrorRecoveryLevel": "0",
"FirstBurstLength": "65536",
"HeaderDigest": "CRC32C,None",
"IFMarkInt": "Reject",
"IFMarker": "No",
"ImmediateData": "Yes",
"InitialR2T": "Yes",
"MaxBurstLength": "262144",
"MaxConnections": "1",
"MaxOutstandingR2T": "1",
"MaxRecvDataSegmentLength": "8192",
"MaxXmitDataSegmentLength": "262144",
"OFMarkInt": "Reject",
"OFMarker": "No",
"TargetAlias": "LIO Target"
},
"portals": [
{
"ip_address": "0.0.0.0",
"iser": false,
"offload": false,
"port": 3260
}
],
"tag": 1
}
],
"wwn": "iqn.2026-01.icecube:storage.target01"
}
]
}
Comprobación del servicio iSCSI
Ver estado de configuracion de targetcli:
[root@icecube ~]# targetcli ls
o- / ......................................................................................................................... [...]
o- backstores .............................................................................................................. [...]
| o- block .................................................................................................. [Storage Objects: 1]
| | o- lun01 ........................................................... [/dev/vg_iscsi/lv_storage (40.0GiB) write-thru activated]
| | o- alua ................................................................................................... [ALUA Groups: 1]
| | o- default_tg_pt_gp ....................................................................... [ALUA state: Active/optimized]
| o- fileio ................................................................................................. [Storage Objects: 0]
| o- pscsi .................................................................................................. [Storage Objects: 0]
| o- ramdisk ................................................................................................ [Storage Objects: 0]
o- iscsi ............................................................................................................ [Targets: 1]
| o- iqn.2026-01.icecube:storage.target01 .............................................................................. [TPGs: 1]
| o- tpg1 .......................................................................................... [no-gen-acls, auth per-acl]
| o- acls .......................................................................................................... [ACLs: 1]
| | o- iqn.2026-01.icecube:node01.initiator01 ................................................... [1-way auth, Mapped LUNs: 1]
| | o- mapped_lun0 ................................................................................. [lun0 block/lun01 (rw)]
| o- luns .......................................................................................................... [LUNs: 1]
| | o- lun0 ...................................................... [block/lun01 (/dev/vg_iscsi/lv_storage) (default_tg_pt_gp)]
| o- portals .................................................................................................... [Portals: 1]
| o- 0.0.0.0:3260 ..................................................................................................... [OK]
o- loopback ......................................................................................................... [Targets: 0]
Verificar que el puerto iSCSI está en escucha:
[root@icecube ~]# ss -napt | grep 3260
LISTEN 0 256 *:3260 *:*
[root@icecube ~]#
[root@icecube ~]# firewall-cmd --add-service=iscsi-target --permanent
success
[root@icecube ~]# firewall-cmd --reload
success
Configuración SELinux del Target
Ajustar contextos SELinux:
[root@icecube ~]# chcon -R -t tgtd_var_lib_t /var/lib/iscsi_disks
[root@icecube ~]# semanage fcontext -a -t tgtd_var_lib_t /var/lib/iscsi_disks
Configuración del iSCSI Initiator
Los siguientes pasos deben ejecutarse en los nodos que queramos añadir LUNs.
Instalación de paquetes
[root@nodo1 ~]# dnf -y install iscsi-initiator-utils
Updating Subscription Management repositories.
Red Hat Enterprise Linux 9 for x86_64 - AppStream (RPMs) 43 MB/s | 79 MB 00:01
Red Hat CodeReady Linux Builder for RHEL 9 x86_64 (RPMs) 19 MB/s | 15 MB 00:00
Red Hat Enterprise Linux 9 for x86_64 - BaseOS (RPMs) 45 MB/s | 95 MB 00:02
Package iscsi-initiator-utils-6.2.1.9-1.gita65a472.el9.x86_64 is already installed.
Dependencies resolved.
=========================================================================================================================================================================
Package Architecture Version Repository Size
=========================================================================================================================================================================
Upgrading:
iscsi-initiator-utils x86_64 6.2.1.11-0.git4b3e853.el9 rhel-9-for-x86_64-baseos-rpms 392 k
iscsi-initiator-utils-iscsiuio x86_64 6.2.1.11-0.git4b3e853.el9 rhel-9-for-x86_64-baseos-rpms 81 k
Transaction Summary
=========================================================================================================================================================================
Upgrade 2 Packages
Total download size: 473 k
Downloading Packages:
(1/2): iscsi-initiator-utils-6.2.1.11-0.git4b3e853.el9.x86_64.rpm 1.6 MB/s | 392 kB 00:00
(2/2): iscsi-initiator-utils-iscsiuio-6.2.1.11-0.git4b3e853.el9.x86_64.rpm 330 kB/s | 81 kB 00:00
------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 1.9 MB/s | 473 kB 00:00
Red Hat Enterprise Linux 9 for x86_64 - BaseOS (RPMs) 3.1 MB/s | 3.6 kB 00:00
Importing GPG key 0xFD431D51:
Userid : "Red Hat, Inc. (release key 2) <security@redhat.com>"
Fingerprint: 567E 347A D004 4ADE 55BA 8A5F 199E 2F91 FD43 1D51
From : /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
Key imported successfully
Importing GPG key 0x5A6340B3:
Userid : "Red Hat, Inc. (auxiliary key 3) <security@redhat.com>"
Fingerprint: 7E46 2425 8C40 6535 D56D 6F13 5054 E4A4 5A63 40B3
From : /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
Key imported successfully
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Upgrading : iscsi-initiator-utils-iscsiuio-6.2.1.11-0.git4b3e853.el9.x86_64 1/4
Running scriptlet: iscsi-initiator-utils-iscsiuio-6.2.1.11-0.git4b3e853.el9.x86_64 1/4
Upgrading : iscsi-initiator-utils-6.2.1.11-0.git4b3e853.el9.x86_64 2/4
Running scriptlet: iscsi-initiator-utils-6.2.1.11-0.git4b3e853.el9.x86_64 2/4
Running scriptlet: iscsi-initiator-utils-6.2.1.9-1.gita65a472.el9.x86_64 3/4
Cleanup : iscsi-initiator-utils-6.2.1.9-1.gita65a472.el9.x86_64 3/4
Running scriptlet: iscsi-initiator-utils-6.2.1.9-1.gita65a472.el9.x86_64 3/4
Running scriptlet: iscsi-initiator-utils-iscsiuio-6.2.1.9-1.gita65a472.el9.x86_64 4/4
Cleanup : iscsi-initiator-utils-iscsiuio-6.2.1.9-1.gita65a472.el9.x86_64 4/4
Running scriptlet: iscsi-initiator-utils-iscsiuio-6.2.1.9-1.gita65a472.el9.x86_64 4/4
Verifying : iscsi-initiator-utils-6.2.1.11-0.git4b3e853.el9.x86_64 1/4
Verifying : iscsi-initiator-utils-6.2.1.9-1.gita65a472.el9.x86_64 2/4
Verifying : iscsi-initiator-utils-iscsiuio-6.2.1.11-0.git4b3e853.el9.x86_64 3/4
Verifying : iscsi-initiator-utils-iscsiuio-6.2.1.9-1.gita65a472.el9.x86_64 4/4
Installed products updated.
Upgraded:
iscsi-initiator-utils-6.2.1.11-0.git4b3e853.el9.x86_64 iscsi-initiator-utils-iscsiuio-6.2.1.11-0.git4b3e853.el9.x86_64
Complete!
Configuración del Initiator
Estos pasos deben ejecutarse en cada nodo cliente que vaya a consumir LUNs iSCSI.
Verificar el IQN del initiator:
[root@nodo1 ~]# cat /etc/iscsi/initiatorname.iscsi
InitiatorName=iqn.2026-01.icecube:node01.initiator01
vim /etc/iscsi/iscsid.conf
[root@nodo1 ~]# vim /etc/iscsi/iscsid.conf
Verificar parámetros de autenticación:
[root@nodo1 ~]# grep -i node.session.auth /etc/iscsi/iscsid.conf|grep -v ^#
node.session.auth.authmethod = CHAP
node.session.auth.username = bonzo
node.session.auth.password = PASSWORD2020
[root@nodo1 ~]# systemctl enable --now iscsid
Created symlink /etc/systemd/system/multi-user.target.wants/iscsid.service → /usr/lib/systemd/system/iscsid.service.
[root@nodo1 ~]# systemctl restart iscsid
Descubrimiento y conexión al target
Descubrir targets disponibles:
[root@nodo1 ~]# iscsiadm -m discovery -t sendtargets -p 192.168.1.80
192.168.1.80:3260,1 iqn.2027-04.icecube:storage.target00
Iniciar sesión:
[root@nodo1 ~]# iscsiadm -m node --login
Login to [iface: default, target: iqn.2026-01.icecube:storage.target01, portal: 192.168.1.80,3260] successful.
Verificación del disco compartido
Comprobar la sesión activa:
[root@nodo1 ~]# iscsiadm -m session -o show
tcp: [1] 192.168.1.80:3260,1 iqn.2026-01.icecube:storage.target01 (non-flash)
Verificar que el disco aparece en el sistema:
[root@nodo1 ~]# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 10.5G 0 disk
├─sda1 8:1 0 1G 0 part /boot
└─sda2 8:2 0 9.5G 0 part
├─centos-root 253:0 0 8.4G 0 lvm /
└─centos-swap 253:1 0 1G 0 lvm [SWAP]
sdb 8:16 0 8G 0 disk
sr0 11:0 1 1024M 0 rom
