Create Centralized Secure Storage using iSCSI Target _ Initiator on RHEL_CentOS 7

iSCSI (Internet Small Computer System Interface) is a storage networking technology that allows block-level data to be transported over an IP network. It provides a cost-effective alternative to traditional Fibre Channel SANs by using standard Ethernet infrastructure to create centralized storage solutions.

In this tutorial, we will set up an iSCSI target on a RHEL/CentOS 7 server and connect to it using an iSCSI initiator on another server. We will configure CHAP authentication to ensure secure communication between the target and initiator.

Architecture Overview

Step 1: Install Required Packages

Install the necessary packages on both servers. On the target server

sudo yum install scsi-target-utils -y
sudo mkdir -p /var/lib/iscsi_disks

On the initiator server

sudo yum install iscsi-initiator-utils -y

Step 2: Configure the iSCSI Target

Create a backing storage file for the LUN

sudo dd if=/dev/zero of=/var/lib/iscsi_disks/lun01 bs=1M count=10000

Create the target configuration file

sudo nano /etc/tgt/conf.d/iscsi.conf

Add the following configuration

<target iqn.2021-05.example.com:lun01>
  backing-store /var/lib/iscsi_disks/lun01
  incominguser chap_user secret_password
</target>

Start and enable the target service

sudo systemctl start tgtd
sudo systemctl enable tgtd
sudo systemctl restart tgtd

Configure firewall to allow iSCSI traffic

sudo firewall-cmd --permanent --add-port=3260/tcp
sudo firewall-cmd --reload

Step 3: Configure the iSCSI Initiator

Discover available targets

sudo iscsiadm -m discovery -t sendtargets -p target_ip_address

Configure CHAP authentication

sudo iscsiadm -m node -T iqn.2021-05.example.com:lun01 -p target_ip_address --op=update --name node.session.auth.authmethod --value=CHAP
sudo iscsiadm -m node -T iqn.2021-05.example.com:lun01 -p target_ip_address --op=update --name node.session.auth.username --value=chap_user
sudo iscsiadm -m node -T iqn.2021-05.example.com:lun01 -p target_ip_address --op=update --name node.session.auth.password --value=secret_password

Login to the target

sudo iscsiadm -m node -T iqn.2021-05.example.com:lun01 -p target_ip_address -l

Verify the connection

sudo lsblk

Step 4: Create File System and Mount

Create a partition on the iSCSI device

sudo fdisk /dev/sdb

In the fdisk prompt, execute the following sequence: n ? p ? 1 ? Enter ? Enter ? w

Format the partition with ext4

sudo mkfs.ext4 /dev/sdb1

Create mount point and mount the filesystem

sudo mkdir /mnt/iscsi_target
sudo mount /dev/sdb1 /mnt/iscsi_target

Step 5: Configure Persistent Mount

Get the UUID of the iSCSI device

sudo blkid /dev/sdb1

Add entry to /etc/fstab for automatic mounting

sudo nano /etc/fstab

Add the following line (replace UUID with your actual UUID)

UUID=your-uuid-here /mnt/iscsi_target ext4 defaults,_netdev 0 0

Step 6: Testing the Setup

Test write operations

sudo touch /mnt/iscsi_target/testfile.txt
sudo echo "iSCSI storage test" > /mnt/iscsi_target/testfile.txt

Verify storage usage

df -h /mnt/iscsi_target
ls -la /mnt/iscsi_target/

Security Considerations

Conclusion

This tutorial demonstrated how to create a centralized secure storage system using iSCSI on RHEL/CentOS 7. The setup includes CHAP authentication for security and persistent mounting for reliability. iSCSI provides a flexible, cost-effective solution for centralized storage that can scale across multiple servers in your infrastructure.