| Title: OpenBSD and iSCSI part1: the target (server)
Author: Solène
Date: 21 February 2019
Tags: unix openbsd iscsi
Description:
This is the first article of a series about iSCSI.
iSCSI is a protocol designed for sharing a block device across
network as if it was a local disk. This doesn't permit using that
disk from multiples places at once though, except if you use a
specific filesystem like GFS2 or OCFS2 (Linux only). In this article,
we will learn how to create an iSCSI target, which is the "server"
part of iSCSI, the target is the system holding the disk and making
it available to others on the network.
OpenBSD does not have an target server in base, we will have to use
net/netbsd-iscsi-target for this. The setup is really simple.
First, we obviously need to install the package and we will activate
the daemon
so it start automatically at boot, but don't start it yet:
# pkg_add netbsd-iscsi-target
# rcctl enable iscsi_target
The configurations files are in **/etc/iscsi/** folder, it contains
files
**auths** and **targets**. The default configuration files are the
same. By
looking at the source code, it seems that **auths** is used there but
it seems
to have no use at all. We will just overwrite it everytime we modify
**targets** to keep them in sync.
Default **/etc/iscsi/targets** (with comments stripped):
extent0 /tmp/iscsi-target0 0 100MB
target0 rw extent0 10.4.0.0/16
The first line defines the file holding our disk in the second field,
and the
last field defines the size of it. When iscsi-target will be started,
it will
create files as required with the size defined here.
The second line defines permissions, in that case, the extent0 disk can
be used
read/write by the net 10.4.0.0/16. For this example, I will only change
the
netmask to suit my network, **then I copy targets over auths**.
Let's start the daemon:
# rcctl start iscsi_target
# rcctl check iscsi_target
iscsi_target(ok)
If you want to restrict ports using PF, you only have to allows the TCP
port
3260 from the network that will connect to the target. The according
line would
looks like this:
pass in proto tcp to port 3260
Done! |