Setup iSCSI storage on CentOS systems (Part One)

What is iSCSI ?

iSCSI (internet Small Computer System Interface) is a very popular and reliable SAN(Storage Area Network) solution. It works over TCP, so iSCSI command can be sent over LAN , WAN or internet.

In this tutorial, We have a server machine with CentOS 7.3 installed in it. We will configure this machine so it can provide access to iSCSI storage.  the server that provides iscsi access is called iSCSI target. On the other hand, the server that access this target is called iSCSI initiator.


iSCSI Target Configuration:

We have a CentOS machine with a second 8GB disk attached to it. We are going to configure this with LVM . Then it will be used as a backend storage device for iSCSI .

We can check the disk exists(In our case it is the sdb device) via “lsblk” command.

Step 1: Prepare LVM

We will Configure this into a volume group called vgsan then create a lvm logical volume named “lvsan” form it.

[root@localhost ~]# vgcreate vgsan /dev/sdb
  Physical volume "/dev/sdb" successfully created
  Volume group "vgsan" successfully created
[root@localhost ~]# lvcreate -n lvsan -l 100%VG /dev/vgsan
  Logical volume "lvsan" created.
[root@localhost ~]# lvs
  LV    VG     Attr       LSize   Pool Origin Data%  Meta%  Move Log Cpy%Sync Convert
  root  centos -wi-ao----   6.67g                                                    
  swap  centos -wi-ao---- 820.00m                                                    
  lvsan vgsan  -wi-a-----   8.00g    

Step 2 : Install software

In centOS, iscsi target is managed via “targetcli” . Lets install targetcli first.

yum -y install targetcli.

Step 3:

To enter the targetcli interface just type “targetcli”

Once inside the targetcli prompt, use ‘ls’ command to get a picture of what we are going configure. Its a long directory structure, but don’t worry we are going to configure it step by step so it does not become complicated.

Step 3.1: Configure backstores

First thing is to configure backstorage device. we will configure the previously configured LVM volume and an image file to used as backstorage.

Move to the backstore section of targetcli configuration.

/> cd backstores

First thing is to configure a backstorage device from our previously configured lvm volume. We wil also create a empty file with 1Gb size to used as storage option.

/backstores> block/ create block1 /dev/vgsan/lvsan
Created block storage object block1 using /dev/vgsan/lvsan.
/backstores> fileio/ create file1 /root/filestorage 1G
Created fileio file1 with size 1073741824

Step 3.2 :Configure IQN

IQN is the unique identifier of each iSCSI-target.  IQN follows strict naming convention. It is in iqn.YY-MM.[inverse-DNS]:[target name] format. We have to make to sure to follow this convention, otherwise iqn creation will fail. To create iqn, move to the iscsi section.

/backstores> cd /iscsi
/iscsi> create
Created target
Created TPG 1.
Global pref auto_add_default_portal=true
Created default portal listening on all IPs (, port 3260.

Use the ls command to see the newly created iqn. Notice that it automatically created the target portal group tpg1.

Step 3.3 : Create ACL

Now we will create the acLs to allow access to this iqn. The following command will create an ACL to allow “client1” to access this target. If we have multiple client , we will need acls for each of them. This client name has to match the initiator name on the client (More details on that later).

/iscsi/iqn.20....example:rock> tpg1/acls/ create
Created Node ACL for

Step 3.4 : Create LUN

Next step is to create lun(logical unit number) . Luns assign a block device to a specific tpg. We need two luns to assign our previously created block devices to tpg1.

/iscsi/iqn.20....example:rock> tpg1/luns/ create /backstores/block/block1
Created LUN 0.
Created LUN 0->0 mapping in node ACL
/iscsi/iqn.20....example:rock> tpg1/luns/ create /backstores/fileio/file1
Created LUN 1.
Created LUN 1->1 mapping in node ACL

Now we will go back to targetcli root to get a whole picture of what we created so far.


This completes the iscsi setup. Enter the command “exit” to come out of the targetcli prompt. this also saves the configuration.

/> exit
Global pref auto_save_on_exit=true
Last 10 configs saved in /etc/target/backup.
Configuration saved to /etc/target/saveconfig.json

Now our target is ready .

Step 4: Service Configuration

Now we will start the iscsi target and enable it so it will still be operational after a system reboot.

[root@localhost ~]# systemctl start target

[root@localhost ~]# systemctl enable target

Created symlink from /etc/systemd/system/ to /usr/lib/systemd/system/target.service.

Firewall configuration:

Now will configure the firewall so that it does not block the iscsi-service port .

[root@localhost ~]# firewall-cmd --add-service=iscsi-target --permanent
[root@localhost ~]# firewall-cmd --reload

We will configure the initiator in the next part of this tutorial.

Leave a comment

Your email address will not be published. Required fields are marked *