System Administration Commands itadm(1M)
NAME
itadm - administer iSCSI targets
SYNOPSIS
itadm create-target [-a,--auth-method radius chap none default]
[-s,--chap-secret] [-S,--chap-secret-file path]
[-u,--chap-user chap-user-name] [-n,--node-name targetnodename]
[-l,--alias alias] [-t,--tpg tpg-name[,tpg-name]
itadm modify-target [-a,--auth-method radius chap none default]
[-s,--chap-secret] [-S,--chap-secret-file path]
[-u,--chap-user chap-user-name] [-n,--node-name newtargetnodename]
[-l,--alias alias] [-t,--tpg tpg-name[,tpg-name] targetnodename
itadm delete-target [-f,--force] targetnodename
itadm list-target [-v,--verbose] [targetnodename]
itadm create-tpg tpgname IP-address[:port] [IP-address[:port]...
itadm list-tpg [-v,--verbose] [tpgname]
itadm delete-tpg [-f,--force] tpgname
itadm create-initiator [-s,--chap-secret] [-S,--chap-secret-file path]
[-u,--chap-user chap-user-name] initiatornodename
itadm modify-initiator [-s,--chap-secret] [-S,--chap-secret-file path]
[-u,--chap-user chap-user-name] initiatornodename
itadm list-initiator [-v,--verbose] initiatornodename
itadm delete-initiator initiatornodename
itadm modify-defaults [-a,--auth-method radius chap none]
[-r,--radius-server IP-address[:port] [-d,--radius-secret]
[-D,--radius-secret-file path][-i,--isns enable disable]
[-I,--isns-server IP-address[:port][,IP-address[:port]
SunOS 5.11 Last change: 11 Nov 2008 1
System Administration Commands itadm(1M)
itadm list-defaults
DESCRIPTION
The itadm command manages Internet SCSI (iSCSI) target nodes
within the SCSI Target Mode Framework described by
libstmf(3LIB). This allows the iSCSI initiators to access
STMF logical units using the iSCSI protocol. In addition to
iSCSI target nodes, itadm manages two other classes of
managed objects: iSCSI Target Portal Groups, and iSCSI Ini-
tiator Node Contexts.
itadm is implemented as a set of subcommands with options
and operands for each subcommand. These subcommands are
described in their own section, below. In addition to its
subcommands, itadm has a help command, which displays the
utility's usage information. The help command is invoked
with the -? option.
iSCSI Target Portal Groups
An iSCSI Target Network Portal is an IP address and TCP port
that can be used by an initiator node to connect to an iSCSI
target. A collection of such portals represents a Target
Portal Group (TPG). TPGs can be used to limit access to an
iSCSI target through certain network interface cards. A TPG
is identified by a unique name provided when the TPG is
created. A numerical "Target Portal Group Tag" from the
range 2-65535 is automatically generated when the TPG is
created. The Target Portal Group Tag 1 is reserved for the
"default" target portal group that is used when no explicit
Target Portal Groups are set on the target. The portal for
the default TPG matches requests from all network interfaces
on port 3260.
iSCSI Initiator Node Contexts
Certain operations such as authentication by means of Chal-
lenge Handshake Authentication Protocol (CHAP) require
parameters associated with a remote iSCSI Initiator Node.
These parameters are associated with an iSCSI Initiator Node
Context. An iSCSI Initiator Node Context is identified by
its Initiator Node Name, formatted in either IQN or EUI for-
mat (see RFC 3720). For example:
iqn.1986-03.com.sun:01:e00000000000.47d55444
eui.02004567A425678D
Specifying IP Addresses
A number of itadm subcommands require that you specify one
or more IP addresses with optional port numbers. For IPv4,
SunOS 5.11 Last change: 11 Nov 2008 2
System Administration Commands itadm(1M)
use standard dotted decimal notation. For IPv6, enclose
addresses in square brackets. The following are example
specifications.
IPv4: 10.2.4.1[:3260]
IPv6: [1080:0:0:0:8:800:200C:417A][:3260]
SUB-COMANDS
The following are the itadm subcommands with their options.
itadm create-target
itadm create-target [-a,--auth-method radius chap none default]
[-s,--chap-secret]
[-S,--chap-secret-file path] [-u,--chap-user chap-user-name]
[-n,--node-name targetnodename] [-l,--alias alias]
[-t,--tpg tpg-name[,tpg-name,...]
Create a iSCSI target with the specified options. Options
are as follows.
-a,--auth-method radius chap none default
Specifies the authentication method to use for the tar-
get. Valid values are radius, chap, and none. chap indi-
cates that initiators connecting to this target must be
authenticated using the Challenge Handshake Authentica-
tion Protocol (CHAP). radius indicates initiators should
also be authenticated by means of CHAP but the required
authentication parameters should be obtained from a
central RADIUS server (see the radius-server and
radius-secret options). none means that no authentica-
tion is required to connect to the target. default means
the target will use the global setting of this property.
(See the modify-defaults subcommand.)
-s,--chap-secret
The CHAP secret to send during mutual CHAP authentica-
tion. There is no default for this property. Maximum
length is 255 characters; minimum required length is 12
characters.
-S,--chap-secret-file path
Path to a temporary file containing the CHAP secret as
SunOS 5.11 Last change: 11 Nov 2008 3
System Administration Commands itadm(1M)
described in the -s option.
-u,--chap-user chap-user-name
Specifies the CHAP username for a target for use in
mutual CHAP authentication. This value is allowed only
for targets, cannot be set globally, and is used only
when the initiator node is configured to use mutual CHAP
authentication. If no value is specified then the target
node name is used as the username. See iscsiadm(1M).
-n,--node-name targetnodename
An iSCSI Target Node is identified by its Target Node
Name, formatted in either IQN or EUI format (see RFC
3720). This option establishes that name.
-l,--alias alias
An alternate identifier associated with a target node.
The identifier does not need to be unique.
-t,--tpg tpg-name[,tpg-name,...]
A list of Target Portal Group (TPG) identifiers that
specifies the TPGs that an initiator can use to access a
specific target or the keyword default. If default is
specified, the target will use the default portal,
INADRANY:3260.
itadm modify-target
itadm modify-target [-a,--auth-method radius chap none default]
[-s,--chap-secret] [-S,--chap-secret-file path]
[-u,--chap-user chap-user-name] [-n,--node-name newtgtnodename]
[-l,--alias alias] [-t,--tpg tpg-name[,tpg-name] targetnodename
Modify an iSCSI target according to the specified options.
Options are as follows.
-a,--auth-method radius chap none default
As described under the create-target subcommand, above.
SunOS 5.11 Last change: 11 Nov 2008 4
System Administration Commands itadm(1M)
-s,--chap-secret
As described under the create-target subcommand, above.
-S,--chap-secret-file path
As described under the create-target subcommand, above.
-u,--chap-user chap-user-name
As described under the create-target subcommand, above.
To remove an explicitly set CHAP username use -u none.
-n,--node-name targetnodename
Renames the target. See also the description of -n under
the create-target subcommand, above.
-l,--alias alias
As described under the create-target subcommand, above.
To remove an explicitly set alias use -l none.
-t,--tpg tpg-name[,tpg-name,...]
As described under the create-target subcommand, above.
itadm list-target
itadm list-target [-v,--verbose] [targetnodename]
List information about the configured targets. If
targetnodename is specified, list only the information for
that target. Option is as follows.
-v,--verbose
Verbose mode.
itadm delete-target
itadm delete-target [-f,--force] targetnodename
SunOS 5.11 Last change: 11 Nov 2008 5
System Administration Commands itadm(1M)
Delete the target specified by targetnodename. The target
must be offline before it can be deleted. Option is as fol-
lows.
-f,--force
If the target persists in an online state, this option
attempts to offline the target before deleting it.
itadm create-tpg
itadm create-tpg tpgname IP-address[:port]...
Create an iSCSI target portal group made up of the specified
portals and assign it the identifier tpgname. Each portal
is an IP address and port pair. IPv4 portals are specified
in dotted address notation, for example, 172.31.255.255.
IPv6 portal addresses must be enclosed in square brackets.
This subcommand has no options.
itadm list-tpg
itadm list-tpg [-v,--verbose] [tpgname]
List information about the configured target portal group.
If tpgname is specified then list only the information
about the target portal group associated with that tpgname.
Option is as follows.
-v,--verbose
Verbose mode.
itadm delete-tpg
itadm delete-tpg [-f,--force] tpgname
Delete the target portal group associated with tpgname.
Option is as follows.
-f,--force
SunOS 5.11 Last change: 11 Nov 2008 6
System Administration Commands itadm(1M)
If the TPG is associated with any targets, the request
to delete will be denied unless this option is speci-
fied.
itadm create-initiator
itadm create-initiator [-s,--chap-secret] [-S,--chap-secret-file path]
[-u,--chap-user chap-user-name] initiatornodename
Configure parameters associated with the remote initiator
named initiatornodename. Options are as follows.
-s,--chap-secret
As described under the create-target subcommand, above.
-S,--chap-secret-file path
As described under the create-target subcommand, above.
-u,--chap-user chap-user-name
Specifies the CHAP username for an initiator, for use in
CHAP authentication. If no value is specified then the
initiator node name is used as the username.
itadm modify-initiator
itadm modify-initiator [-s,--chap-secret] [-S,--chap-secret-file path]
[-u,--chap-user chap-user-name] initiatornodename
Modify parameters associated with the remote initiator named
initiatornodename. Options are as follows.
-s,--chap-secret
As described under the create-target subcommand, above.
-S,--chap-secret-file path
As described under the create-target subcommand, above.
SunOS 5.11 Last change: 11 Nov 2008 7
System Administration Commands itadm(1M)
-u,--chap-user chap-user-name
Specifies the CHAP username for an initiator, for use in
CHAP authentication. If no value is specified then the
initiator node name is used as the username.
itadm delete-initiator
itadm delete-initiator initiatornodename
Delete parameters associated with the remote initiator named
initiatornodename. This subcommand has no options.
itadm list-initiator
itadm list-initiator [-v,--verbose] initiatornodename
List parameters associated with the initiator named
initiatornodename. Option is as follows.
-v,--verbose
Verbose mode.
itadm modify-defaults
itadm modify-defaults [-a,--auth-method radius chap none]
[-r,--radius-server IP-address[:port] [-d,--radius-secret]
[-D,--radius-secret-file path][-i,--isns enable disable]
[-I,--isns-server IP-address[:port][,IP-address[:port]
Modify default parameters. Options are as follows.
-a,--auth-method radius chap none
Specifies the default authentication method to use for
all targets. Valid values are radius, chap, and none.
chap indicates that initiators connecting to this target
must be authenticated using Challenge Handshake Authen-
tication Protocol (CHAP). radius indicates initiators
should also be authenticated by means of CHAP, but the
required authentication parameters should be obtained
from a central RADIUS server. (See --radius-server and
--radius-secret options.) none means that no
SunOS 5.11 Last change: 11 Nov 2008 8
System Administration Commands itadm(1M)
authentication is required to connect to the target.
Individual targets can override this global setting
using the -a option of the create-target and modify-
target subcommands.
-d,--radius-secret
RADIUS Shared Secret for centralized CHAP authentica-
tion.
-D,--radius-secret-file path
Path to a temporary file containing the CHAP secret as
described in the -d option.
-i,--sns enable disable
Specifies whether targets should be registered with the
set of defined iSCSI Name Service (iSNS) servers.
-I,--isns-server IP-address[:port][,IP-address[:port],...]
Defines a list of iSNS servers with which iSCSI target
nodes will be registered when the isns option associated
with the respective target is set. Up to eight iSNS
servers can be specified. To remove all iSNS servers,
use -I none.
itadm list-defaults
itadm list-defaults
List information about the default properties. This subcom-
mand has no options.
EXAMPLES
Example 1 Creating a Target
The following command creates a target.
# itadm create-target
Target iqn.1986-03.com.sun:02:72e1b181-7bce-c0e6-851e-ec0d8cf14b7a
successfully created
SunOS 5.11 Last change: 11 Nov 2008 9
System Administration Commands itadm(1M)
Example 2 Creating a Target with a Specific Name
The following command creates a target with a specific IQN.
# itadm create-target -n eui.20387ab8943ef7548
or:
# itadm create-target \
-n iqn.1986-03.com.sun:02:a9a366f8-cc2b-f291-840948c7f29e
Example 3 Changing a Name
The following command changes an IQN for an existing target.
# itadm modify-target -n eui.20387ab8943ef7548 \
iqn.1986-03.com.sun:02:a9a366f8-909b-cc2b-f291-840948c7f29e
Example 4 Setting up CHAP Authentication
The following command sets up CHAP authentication for a tar-
get using the default CHAP username.
# itadm modify-initiator -s iqn.1986-03.com.sun:01:e00000000000.47d55444
Enter CHAP secret: *********
Re-enter secret: *********
# itadm modify-target -a chap eui.20387ab8943ef7548
Example 5 Creating Target Portal Groups
The following command creates two target portal groups, A
and B, using port 8000 for the addresses in TPG 2.
# itadm create-tpg A 192.168.0.1 192.168.0.2
# itadm create-tpg B 192.168.0.2:8000 192.168.0.2:8000
SunOS 5.11 Last change: 11 Nov 2008 10
System Administration Commands itadm(1M)
Example 6 Configuring a Target to Use TPGs
The following command configures a target to use TPGs A and
B.
# itadm modify-target -t A,B eui.20387ab8943ef7548
Example 7 Setting up RADIUS Authentication for Specific Tar-
get
The following command sets up RADIUS authentication for a
specific target.
# itadm modify-defaults -r 192.168.10.1 -d
Enter RADIUS secret: *********
Re-enter secret: *********
# itadm modify-target -a radius eui.20387ab8943ef7548
Example 8 Setting up RADIUS Authentication for All Targets
The following command sets up RADIUS authentication for all
targets.
# itadm modify-defaults -d -r 192.168.10.1 -a radius
Enter RADIUS secret: *********
Re-enter secret: *********
The preceding command assumes all targets were created with
-a default.
Example 9 Listing Default Properties
The following command lists default properties.
# itadm list-defaults
SunOS 5.11 Last change: 11 Nov 2008 11
System Administration Commands itadm(1M)
iSCSI Target Default Properties:
alias: none
auth: none
radiusserver: none
radiussecret: unset
isns: disabled
isnsserver: 2.3.4.5,4.5.6.7
Example 10 Listing Targets
The following command lists targets.
# itadm list-target
TARGET NAME STATE SESIONS
iqn.1986-03.com.sun:02:72e1b181-7bce-c0e6-851e-ec0d8cf14b7a online 0
iqn.1986-03.com.sun:02:2cb0c526-c05a-e279-e396-a367006f4227 online 0
iqn.1986-03.com.sun:02:d14125bb-1c9d-c28d-97b0-f89259b642f3 online 0
iqn.1986-03.com.sun:02:03ff9fc5-794a-e9b4-a081-bb82917c292a online 0
Example 11 Listing Targets (Verbose)
The following command lists targets with the verbose option.
# itadm list-target -v
TARGET NAME STATE SESIONS
iqn.1986-03.com.sun:02:d23e68d8-2d79-c988-98e7-a6361689d33c online 0
alias: -
auth: none (defaults)
targetchapuser: -
targetchapsecret: unset
tpg-tags: default
iqn.1986-03.com.sun:02:94ec46d4-c8e1-6993-ef03-ffc1dcd66606 online 1
alias: -
auth: chap
targetchapuser: -
targetchapsecret: unset
tpg-tags: nge1ipv4 = 3
Example 12 Listing a Specific Target
SunOS 5.11 Last change: 11 Nov 2008 12
System Administration Commands itadm(1M)
The following command lists targets with the verbose option.
# itadm list-target -v \
iqn.1986-03.com.sun:02:2cb0c526-c05a-e279-e396-a367006f4227
TARGET NAME STATE SESIONS
iqn.1986-03.com.sun:02:2cb0c526-c05a-e279-e396-a367006f4227 online 1
alias: -
auth: chap
targetchapuser: -
targetchapsecret: unset
tpg-tags: nge1ipv4 = 3
ATRIBUTES
See attributes(5) for descriptions of the following attri-
butes:
ATRIBUTE TYPE ATRIBUTE VALUE
Availability SUNWiscsitu
Interface Stability Committed
SEE ALSO
iscsiadm(1M), libstmf(3LIB), attributes(5)
SunOS 5.11 Last change: 11 Nov 2008 13
|
