Title: OpenBSD and iSCSI part1: the target (server) | |
Author: Solène | |
Date: 21 February 2019 | |
Tags: unix openbsd iscsi | |
Description: | |
This is the first article of a series about iSCSI. | |
iSCSI is a protocol designed for sharing a block device across | |
network as if it was a local disk. This doesn't permit using that | |
disk from multiples places at once though, except if you use a | |
specific filesystem like GFS2 or OCFS2 (Linux only). In this article, | |
we will learn how to create an iSCSI target, which is the "server" | |
part of iSCSI, the target is the system holding the disk and making | |
it available to others on the network. | |
OpenBSD does not have an target server in base, we will have to use | |
net/netbsd-iscsi-target for this. The setup is really simple. | |
First, we obviously need to install the package and we will activate | |
the daemon | |
so it start automatically at boot, but don't start it yet: | |
# pkg_add netbsd-iscsi-target | |
# rcctl enable iscsi_target | |
The configurations files are in **/etc/iscsi/** folder, it contains | |
files | |
**auths** and **targets**. The default configuration files are the | |
same. By | |
looking at the source code, it seems that **auths** is used there but | |
it seems | |
to have no use at all. We will just overwrite it everytime we modify | |
**targets** to keep them in sync. | |
Default **/etc/iscsi/targets** (with comments stripped): | |
extent0 /tmp/iscsi-target0 0 100MB | |
target0 rw extent0 10.4.0.0/16 | |
The first line defines the file holding our disk in the second field, | |
and the | |
last field defines the size of it. When iscsi-target will be started, | |
it will | |
create files as required with the size defined here. | |
The second line defines permissions, in that case, the extent0 disk can | |
be used | |
read/write by the net 10.4.0.0/16. For this example, I will only change | |
the | |
netmask to suit my network, **then I copy targets over auths**. | |
Let's start the daemon: | |
# rcctl start iscsi_target | |
# rcctl check iscsi_target | |
iscsi_target(ok) | |
If you want to restrict ports using PF, you only have to allows the TCP | |
port | |
3260 from the network that will connect to the target. The according | |
line would | |
looks like this: | |
pass in proto tcp to port 3260 | |
Done! |