💾 Archived View for perso.pw › blog › articles › iscsi-server.gmi captured on 2024-05-10 at 11:28:37. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2023-05-24)

-=-=-=-=-=-=-

OpenBSD and iSCSI part1: the target (server)

Comment on Mastodon

This is the first article of a series about iSCSI.

iSCSI is a protocol designed for sharing a block device across

network as if it was a local disk. This doesn't permit using that

disk from multiples places at once though, except if you use a

specific filesystem like GFS2 or OCFS2 (Linux only). In this article,

we will learn how to create an iSCSI target, which is the "server"

part of iSCSI, the target is the system holding the disk and making

it available to others on the network.

OpenBSD does not have an target server in base, we will have to use

net/netbsd-iscsi-target for this. The setup is really simple.

First, we obviously need to install the package and we will activate the daemon

so it start automatically at boot, but don't start it yet:

# pkg_add netbsd-iscsi-target

# rcctl enable iscsi_target

The configurations files are in **/etc/iscsi/** folder, it contains files

looking at the source code, it seems that **auths** is used there but it seems

to have no use at all. We will just overwrite it everytime we modify

Default **/etc/iscsi/targets** (with comments stripped):

extent0 /tmp/iscsi-target0 0 100MB

target0 rw extent0 10.4.0.0/16

The first line defines the file holding our disk in the second field, and the

last field defines the size of it. When iscsi-target will be started, it will

create files as required with the size defined here.

The second line defines permissions, in that case, the extent0 disk can be used

read/write by the net 10.4.0.0/16. For this example, I will only change the

netmask to suit my network, **then I copy targets over auths**.

Let's start the daemon:

# rcctl start iscsi_target

# rcctl check iscsi_target

iscsi_target(ok)

If you want to restrict ports using PF, you only have to allows the TCP port

3260 from the network that will connect to the target. The according line would

looks like this:

pass in proto tcp to port 3260

Done!