Tribblix: manual page: itadm.8

ITADM(8) Maintenance Commands and Procedures ITADM(8)

NAME

itadm - administer iSCSI targets

SYNOPSIS

itadm create-target [-a,--auth-method radius | chap | none | default]
[-s,--chap-secret] [-S,--chap-secret-file path]
[-u,--chap-user chap-user-name] [-n,--node-name target_node_name]
[-l,--alias alias] [-t,--tpg tpg-name[,tpg-name]]

itadm modify-target [-a,--auth-method radius | chap | none | default]
[-s,--chap-secret] [-S,--chap-secret-file path]
[-u,--chap-user chap-user-name] [-n,--node-name new_target_node_name]
[-l,--alias alias] [-t,--tpg tpg-name[,tpg-name]] target_node_name

itadm delete-target [-f,--force] target_node_name

itadm list-target [-p,--parsable] [-v,--verbose] [target_node_name]

itadm create-tpg tpg_name IP-address[:port] [IP-address[:port]]...

itadm list-tpg [-p,--parsable] [-v,--verbose] [tpg_name]

itadm delete-tpg [-f,--force] tpg_name

itadm create-initiator [-s,--chap-secret] [-S,--chap-secret-file path]
[-u,--chap-user chap-user-name] initiator_node_name

itadm modify-initiator [-s,--chap-secret] [-S,--chap-secret-file path]
[-u,--chap-user chap-user-name] initiator_node_name

itadm list-initiator [-p,--parsable] [-v,--verbose] initiator_node_name

itadm delete-initiator initiator_node_name

itadm modify-defaults [-a,--auth-method radius | chap | none]
[-r,--radius-server IP-address[:port]] [-d,--radius-secret]
[-D,--radius-secret-file path][-i,--isns enable | disable]
[-I,--isns-server IP-address[:port][,IP-address[:port]]]

itadm list-defaults [-p,--parsable]

DESCRIPTION

The itadm command manages Internet SCSI (iSCSI) target nodes within
the SCSI Target Mode Framework described in stmfadm(8) and
libstmf(3LIB). This allows the iSCSI initiators to access STMF
logical units using the iSCSI protocol. In addition to iSCSI target
nodes, itadm manages two other classes of managed objects: iSCSI
Target Portal Groups, and iSCSI Initiator Node Contexts.

itadm is implemented as a set of subcommands with options and
operands for each subcommand. These subcommands are described in
their own section, below. In addition to its subcommands, itadm has a
help command, which displays the utility's usage information. The
help command is invoked with the -? option.

iSCSI Target Portal Groups
An iSCSI Target Network Portal is an IP address and TCP port that can
be used by an initiator node to connect to an iSCSI target. A
collection of these portals is called a Target Portal Group (TPG).
You can use a TPG to limit access to an iSCSI target. Use the itadm
modify -t command to bind a specific iSCSI target to the TPG. An
iSCSI listener is created on each IP address that belongs to the
TPG, and listens for connections to the iSCSI target.

A TPG is identified by a unique name provided when the TPG is
created. A numerical "Target Portal Group Tag" from the range 2-65535
is automatically generated when the TPG is created. The Target Portal
Group Tag 1 is reserved for the "default" target portal group that is
used when no explicit Target Portal Groups are set on the target. The
portal for the default TPG matches requests from all network
interfaces on port 3260.

iSCSI Initiator Node Contexts
Certain operations such as authentication by means of Challenge
Handshake Authentication Protocol (CHAP) require parameters
associated with a remote iSCSI Initiator Node. These parameters are
associated with an iSCSI Initiator Node Context. An iSCSI Initiator
Node Context is identified by its Initiator Node Name, formatted in
either IQN or EUI format (see RFC 3720). For example:

iqn.1986-03.com.sun:01:e00000000000.47d55444
eui.02004567A425678D

Specifying IP Addresses

A number of itadm subcommands require that you specify one or more IP
addresses with optional port numbers. For IPv4, use standard dotted
decimal notation. For IPv6, enclose addresses in square brackets. The
following are example specifications.

IPv4: 10.2.4.1
10.2.4.1:3260
IPv6: [1080:0:0:0:8:800:200C:417A]
[1080:0:0:0:8:800:200C:417A]:3260

SUBCOMMANDS

The following are the itadm subcommands with their options.

itadm create-target
itadm create-target [-a,--auth-method radius | chap | none | default]
[-s,--chap-secret]
[-S,--chap-secret-file path] [-u,--chap-user chap-user-name]
[-n,--node-name target_node_name] [-l,--alias alias]
[-t,--tpg tpg-name[,tpg-name,...]]

Create a iSCSI target with the specified options. Options are as
follows.

-a,--auth-method radius | chap | none | default

Specifies the authentication method to use for the target. Valid
values are radius, chap, and none. chap indicates that initiators
connecting to this target must be authenticated using the
Challenge Handshake Authentication Protocol (CHAP). radius
indicates initiators should also be authenticated by means of
CHAP but the required authentication parameters should be
obtained from a central RADIUS server (see the radius-server and
radius-secret options). none means that no authentication is
required to connect to the target. default means the target will
use the global setting of this property. (See the modify-
defaults subcommand.)

-s,--chap-secret

The CHAP secret to send during mutual CHAP authentication. There
is no default for this property. Maximum length is 255
characters; minimum required length is 12 characters.

-S,--chap-secret-file path

Path to a temporary file containing the CHAP secret as described
in the -s option.

-u,--chap-user chap-user-name

Specifies the CHAP username for a target for use in mutual CHAP
authentication. This value is allowed only for targets, cannot
be set globally, and is used only when the initiator node is
configured to use mutual CHAP authentication. If no value is
specified then the target node name is used as the username. See
iscsiadm(8).

-n,--node-name target_node_name

An iSCSI Target Node is identified by its Target Node Name,
formatted in either IQN or EUI format (see RFC 3720). This option
establishes that name.

-l,--alias alias

An alternate identifier associated with a target node. The
identifier does not need to be unique.

-t,--tpg tpg-name[,tpg-name,...]

A list of Target Portal Group (TPG) identifiers that specifies
the TPGs that an initiator can use to access a specific target or
the keyword default. If default is specified, the target will
use the default portal, INADDR_ANY:3260.

itadm modify-target
itadm modify-target [-a,--auth-method radius | chap | none | default]
[-s,--chap-secret] [-S,--chap-secret-file path]
[-u,--chap-user chap-user-name] [-n,--node-name new_tgt_node_name]
[-l,--alias alias] [-t,--tpg tpg-name[,tpg-name]] target_node_name

Modify an iSCSI target according to the specified options. Options
are as follows.

-a,--auth-method radius | chap | none | default

As described under the create-target subcommand, above.

-s,--chap-secret

As described under the create-target subcommand, above.

-S,--chap-secret-file path

As described under the create-target subcommand, above.

-u,--chap-user chap-user-name

As described under the create-target subcommand, above. To remove
an explicitly set CHAP username use -u none.

-n,--node-name target_node_name

Renames the target. See also the description of -n under the
create-target subcommand, above.

-l,--alias alias

As described under the create-target subcommand, above. To remove
an explicitly set alias use -l none.

-t,--tpg tpg-name[,tpg-name,...]

As described under the create-target subcommand, above.

itadm list-target
itadm list-target [-p,--parsable] [-v,--verbose] [target_node_name]

List information about the configured targets. If target_node_name is
specified, list only the information for that target. Options are as
follows.

-p,--parsable

Used for scripting mode. Do not print headers and separate fields
by a single tab instead of arbitrary white space.

-v,--verbose

Verbose mode.

itadm delete-target
itadm delete-target [-f,--force] target_node_name

Delete the target specified by target_node_name. The target must be
offline before it can be deleted. Option is as follows.

-f,--force

If the target persists in an online state, this option attempts
to offline the target before deleting it.

itadm create-tpg
itadm create-tpg tpg_name IP-address[:port]...

Create an iSCSI target portal group made up of the specified portals
and assign it the identifier tpg_name. Each portal is an IP address
and port pair. IPv4 portals are specified in dotted address
notation, for example, 172.31.255.255. IPv6 portal addresses must be
enclosed in square brackets.

This subcommand has no options.

itadm list-tpg
itadm list-tpg [-p,--parsable] [-v,--verbose] [tpg_name]

List information about the configured target portal group. If
tpg_name is specified then list only the information about the target
portal group associated with that tpg_name. Options are as follows.

-p,--parsable

Used for scripting mode. Do not print headers and separate fields
by a single tab instead of arbitrary white space.

-v,--verbose

Verbose mode.

itadm delete-tpg
itadm delete-tpg [-f,--force] tpg_name

Delete the target portal group associated with tpg_name. Option is as
follows.

-f,--force

If the TPG is associated with any targets, the request to delete
will be denied unless this option is specified.

itadm create-initiator
itadm create-initiator [-s,--chap-secret] [-S,--chap-secret-file path]
[-u,--chap-user chap-user-name] initiator_node_name

Configure parameters associated with the remote initiator named
initiator_node_name. Options are as follows.

-s,--chap-secret

As described under the create-target subcommand, above.

-S,--chap-secret-file path

As described under the create-target subcommand, above.

-u,--chap-user chap-user-name

Specifies the CHAP username for an initiator, for use in CHAP
authentication. If no value is specified then the initiator node
name is used as the username.

itadm modify-initiator
itadm modify-initiator [-s,--chap-secret] [-S,--chap-secret-file path]
[-u,--chap-user chap-user-name] initiator_node_name

Modify parameters associated with the remote initiator named
initiator_node_name. Options are as follows.

-s,--chap-secret

As described under the create-target subcommand, above.

-S,--chap-secret-file path

As described under the create-target subcommand, above.

-u,--chap-user chap-user-name

Specifies the CHAP username for an initiator, for use in CHAP
authentication. If no value is specified then the initiator node
name is used as the username.

itadm delete-initiator
itadm delete-initiator initiator_node_name

Delete parameters associated with the remote initiator named
initiator_node_name. This subcommand has no options.

itadm list-initiator
itadm list-initiator [-p,--parsable] [-v,--verbose] initiator_node_name

List parameters associated with the initiator named
initiator_node_name. Options are as follows.

-p,--parsable

Used for scripting mode. Do not print headers and separate fields
by a single tab instead of arbitrary white space.

-v,--verbose

Verbose mode.

itadm modify-defaults
itadm modify-defaults [-a,--auth-method radius | chap | none]
[-r,--radius-server IP-address[:port]] [-d,--radius-secret]
[-D,--radius-secret-file path][-i,--isns enable | disable]
[-I,--isns-server IP-address[:port][,IP-address[:port]]]

Modify default parameters. Options are as follows.

-a,--auth-method radius | chap | none

Specifies the default authentication method to use for all
targets. Valid values are radius, chap, and none. chap indicates
that initiators connecting to this target must be authenticated
using Challenge Handshake Authentication Protocol (CHAP). radius
indicates initiators should also be authenticated by means of
CHAP, but the required authentication parameters should be
obtained from a central RADIUS server. (See --radius-server and
--radius-secret options.) none means that no authentication is
required to connect to the target. Individual targets can
override this global setting using the -a option of the create-
target and modify-target subcommands.

-d,--radius-secret

RADIUS Shared Secret for centralized CHAP authentication.

-D,--radius-secret-file path

Path to a temporary file containing the CHAP secret as described
in the -d option.

-i,--sns enable | disable

Specifies whether targets should be registered with the set of
defined iSCSI Name Service (iSNS) servers.

-I,--isns-server IP-address[:port][,IP-address[:port],...]

Defines a list of iSNS servers with which iSCSI target nodes will
be registered when the isns option associated with the respective
target is set. Up to eight iSNS servers can be specified. To
remove all iSNS servers, use -I none.

-r,--radius-server IP-address[:port]

Specify the IP address of the RADIUS server used for centralized
CHAP authentication.

itadm list-defaults
itadm list-defaults [-p,--parsable]

List information about the default properties. Option is as follows.

-p,--parsable

Used for scripting mode. Do not print headers and separate fields
by a single tab instead of arbitrary white space.

EXAMPLES

Example 1: Creating a Target

The following command creates a target.

# itadm create-target
Target iqn.1986-03.com.sun:02:72e1b181-7bce-c0e6-851e-ec0d8cf14b7a
successfully created

Example 2: Creating a Target with a Specific Name

The following command creates a target with a specific IQN.

# itadm create-target -n eui.20387ab8943ef7548
or:
# itadm create-target \
-n iqn.1986-03.com.sun:02:a9a366f8-cc2b-f291-840948c7f29e

Example 3: Changing a Name

The following command changes an IQN for an existing target.

# itadm modify-target -n eui.20387ab8943ef7548 \
iqn.1986-03.com.sun:02:a9a366f8-909b-cc2b-f291-840948c7f29e

Example 4: Setting up CHAP Authentication

The following command sets up CHAP authentication for a target using
the default CHAP username.

# itadm modify-initiator -s iqn.1986-03.com.sun:01:e00000000000.47d55444
Enter CHAP secret: *********
Re-enter secret: *********

# itadm modify-target -a chap eui.20387ab8943ef7548

Example 5: Creating Target Portal Groups

The following command creates two target portal groups, A and B,
using port 8000 for the addresses in TPG 2.

# itadm create-tpg A 192.168.0.1 192.168.0.2
# itadm create-tpg B 192.168.0.2:8000 192.168.0.2:8000

Example 6: Configuring a Target to Use TPGs

The following command configures a target to use TPGs A and B.

# itadm modify-target -t A,B eui.20387ab8943ef7548

Example 7: Setting up RADIUS Authentication for Specific Target

The following command sets up RADIUS authentication for a specific
target.

# itadm modify-defaults -r 192.168.10.1 -d
Enter RADIUS secret: *********
Re-enter secret: *********

# itadm modify-target -a radius eui.20387ab8943ef7548

Example 8: Setting up RADIUS Authentication for All Targets

The following command sets up RADIUS authentication for all targets.

# itadm modify-defaults -d -r 192.168.10.1 -a radius
Enter RADIUS secret: *********
Re-enter secret: *********

The preceding command assumes all targets were created with -a
default.

Example 9: Listing Default Properties

The following command lists default properties.

# itadm list-defaults
iSCSI Target Default Properties:

alias: none
auth: none
radiusserver: none
radiussecret: unset
isns: disabled
isnsserver: 2.3.4.5,4.5.6.7

Example 10: Listing Targets

The following command lists targets.

# itadm list-target
TARGET NAME STATE SESSIONS
iqn.1986-03.com.sun:02:72e1b181-7bce-c0e6-851e-ec0d8cf14b7a online 0
iqn.1986-03.com.sun:02:2cb0c526-c05a-e279-e396-a367006f4227 online 0
iqn.1986-03.com.sun:02:d14125bb-1c9d-c28d-97b0-f89259b642f3 online 0
iqn.1986-03.com.sun:02:03ff9fc5-794a-e9b4-a081-bb82917c292a online 0

Example 11: Listing Targets (Verbose)

The following command lists targets with the verbose option.

# itadm list-target -v
TARGET NAME STATE SESSIONS
iqn.1986-03.com.sun:02:d23e68d8-2d79-c988-98e7-a6361689d33c online 0
alias: -
auth: none (defaults)
targetchapuser: -
targetchapsecret: unset
tpg-tags: default
iqn.1986-03.com.sun:02:94ec46d4-c8e1-6993-ef03-ffc1dcd66606 online 1
alias: -
auth: chap
targetchapuser: -
targetchapsecret: unset
tpg-tags: nge1_ipv4 = 3

Example 12: Listing a Specific Target

The following command lists targets with the verbose option.

# itadm list-target -v \
iqn.1986-03.com.sun:02:2cb0c526-c05a-e279-e396-a367006f4227
TARGET NAME STATE SESSIONS
iqn.1986-03.com.sun:02:2cb0c526-c05a-e279-e396-a367006f4227 online 1
alias: -
auth: chap
targetchapuser: -
targetchapsecret: unset
tpg-tags: nge1_ipv4 = 3

ATTRIBUTES