ITADM(1M) Maintenance Commands ITADM(1M)


NAME


itadm - administer iSCSI targets

SYNOPSIS


itadm create-target [-a,--auth-method radius | chap | none | default]
[-s,--chap-secret] [-S,--chap-secret-file path]
[-u,--chap-user chap-user-name] [-n,--node-name target_node_name]
[-l,--alias alias] [-t,--tpg tpg-name[,tpg-name]]


itadm modify-target [-a,--auth-method radius | chap | none | default]
[-s,--chap-secret] [-S,--chap-secret-file path]
[-u,--chap-user chap-user-name] [-n,--node-name new_target_node_name]
[-l,--alias alias] [-t,--tpg tpg-name[,tpg-name]] target_node_name


itadm delete-target [-f,--force] target_node_name


itadm list-target [-p,--parsable] [-v,--verbose] [target_node_name]


itadm create-tpg tpg_name IP-address[:port] [IP-address[:port]]...


itadm list-tpg [-p,--parsable] [-v,--verbose] [tpg_name]


itadm delete-tpg [-f,--force] tpg_name


itadm create-initiator [-s,--chap-secret] [-S,--chap-secret-file path]
[-u,--chap-user chap-user-name] initiator_node_name


itadm modify-initiator [-s,--chap-secret] [-S,--chap-secret-file path]
[-u,--chap-user chap-user-name] initiator_node_name


itadm list-initiator [-p,--parsable] [-v,--verbose] initiator_node_name


itadm delete-initiator initiator_node_name


itadm modify-defaults [-a,--auth-method radius | chap | none]
[-r,--radius-server IP-address[:port]] [-d,--radius-secret]
[-D,--radius-secret-file path][-i,--isns enable | disable]
[-I,--isns-server IP-address[:port][,IP-address[:port]]]


itadm list-defaults [-p,--parsable]


DESCRIPTION


The itadm command manages Internet SCSI (iSCSI) target nodes within the
SCSI Target Mode Framework described in stmfadm(1M) and libstmf(3LIB).
This allows the iSCSI initiators to access STMF logical units using the
iSCSI protocol. In addition to iSCSI target nodes, itadm manages two
other classes of managed objects: iSCSI Target Portal Groups, and iSCSI
Initiator Node Contexts.


itadm is implemented as a set of subcommands with options and operands
for each subcommand. These subcommands are described in their own
section, below. In addition to its subcommands, itadm has a help command,
which displays the utility's usage information. The help command is
invoked with the -? option.

iSCSI Target Portal Groups
An iSCSI Target Network Portal is an IP address and TCP port that can be
used by an initiator node to connect to an iSCSI target. A collection of
these portals is called a Target Portal Group (TPG). You can use a TPG
to limit access to an iSCSI target. Use the itadm modify -t command to
bind a specific iSCSI target to the TPG. An iSCSI listener is created on
each IP address that belongs to the TPG, and listens for connections to
the iSCSI target.


A TPG is identified by a unique name provided when the TPG is created. A
numerical "Target Portal Group Tag" from the range 2-65535 is
automatically generated when the TPG is created. The Target Portal Group
Tag 1 is reserved for the "default" target portal group that is used when
no explicit Target Portal Groups are set on the target. The portal for
the default TPG matches requests from all network interfaces on port
3260.

iSCSI Initiator Node Contexts
Certain operations such as authentication by means of Challenge Handshake
Authentication Protocol (CHAP) require parameters associated with a
remote iSCSI Initiator Node. These parameters are associated with an
iSCSI Initiator Node Context. An iSCSI Initiator Node Context is
identified by its Initiator Node Name, formatted in either IQN or EUI
format (see RFC 3720). For example:

iqn.1986-03.com.sun:01:e00000000000.47d55444
eui.02004567A425678D


Specifying IP Addresses


A number of itadm subcommands require that you specify one or more IP
addresses with optional port numbers. For IPv4, use standard dotted
decimal notation. For IPv6, enclose addresses in square brackets. The
following are example specifications.

IPv4: 10.2.4.1
10.2.4.1:3260
IPv6: [1080:0:0:0:8:800:200C:417A]
[1080:0:0:0:8:800:200C:417A]:3260


SUBCOMMANDS


The following are the itadm subcommands with their options.

itadm create-target
itadm create-target [-a,--auth-method radius | chap | none | default]
[-s,--chap-secret]
[-S,--chap-secret-file path] [-u,--chap-user chap-user-name]
[-n,--node-name target_node_name] [-l,--alias alias]
[-t,--tpg tpg-name[,tpg-name,...]]


Create a iSCSI target with the specified options. Options are as follows.

-a,--auth-method radius | chap | none | default

Specifies the authentication method to use for the target. Valid
values are radius, chap, and none. chap indicates that initiators
connecting to this target must be authenticated using the Challenge
Handshake Authentication Protocol (CHAP). radius indicates initiators
should also be authenticated by means of CHAP but the required
authentication parameters should be obtained from a central RADIUS
server (see the radius-server and radius-secret options). none means
that no authentication is required to connect to the target. default
means the target will use the global setting of this property. (See
the modify-defaults subcommand.)


-s,--chap-secret

The CHAP secret to send during mutual CHAP authentication. There is
no default for this property. Maximum length is 255 characters;
minimum required length is 12 characters.


-S,--chap-secret-file path

Path to a temporary file containing the CHAP secret as described in
the -s option.


-u,--chap-user chap-user-name

Specifies the CHAP username for a target for use in mutual CHAP
authentication. This value is allowed only for targets, cannot be
set globally, and is used only when the initiator node is configured
to use mutual CHAP authentication. If no value is specified then the
target node name is used as the username. See iscsiadm(1M).


-n,--node-name target_node_name

An iSCSI Target Node is identified by its Target Node Name, formatted
in either IQN or EUI format (see RFC 3720). This option establishes
that name.


-l,--alias alias

An alternate identifier associated with a target node. The identifier
does not need to be unique.


-t,--tpg tpg-name[,tpg-name,...]

A list of Target Portal Group (TPG) identifiers that specifies the
TPGs that an initiator can use to access a specific target or the
keyword default. If default is specified, the target will use the
default portal, INADDR_ANY:3260.


itadm modify-target
itadm modify-target [-a,--auth-method radius | chap | none | default]
[-s,--chap-secret] [-S,--chap-secret-file path]
[-u,--chap-user chap-user-name] [-n,--node-name new_tgt_node_name]
[-l,--alias alias] [-t,--tpg tpg-name[,tpg-name]] target_node_name


Modify an iSCSI target according to the specified options. Options are as
follows.

-a,--auth-method radius | chap | none | default

As described under the create-target subcommand, above.


-s,--chap-secret

As described under the create-target subcommand, above.


-S,--chap-secret-file path

As described under the create-target subcommand, above.


-u,--chap-user chap-user-name

As described under the create-target subcommand, above. To remove an
explicitly set CHAP username use -u none.


-n,--node-name target_node_name

Renames the target. See also the description of -n under the create-
target subcommand, above.


-l,--alias alias

As described under the create-target subcommand, above. To remove an
explicitly set alias use -l none.


-t,--tpg tpg-name[,tpg-name,...]

As described under the create-target subcommand, above.


itadm list-target
itadm list-target [-p,--parsable] [-v,--verbose] [target_node_name]


List information about the configured targets. If target_node_name is
specified, list only the information for that target. Options are as
follows.


-p,--parsable

Used for scripting mode. Do not print headers and separate fields by
a single tab instead of arbitrary white space.


-v,--verbose

Verbose mode.


itadm delete-target
itadm delete-target [-f,--force] target_node_name


Delete the target specified by target_node_name. The target must be
offline before it can be deleted. Option is as follows.

-f,--force

If the target persists in an online state, this option attempts to
offline the target before deleting it.


itadm create-tpg
itadm create-tpg tpg_name IP-address[:port]...


Create an iSCSI target portal group made up of the specified portals and
assign it the identifier tpg_name. Each portal is an IP address and port
pair. IPv4 portals are specified in dotted address notation, for
example, 172.31.255.255. IPv6 portal addresses must be enclosed in square
brackets.


This subcommand has no options.

itadm list-tpg
itadm list-tpg [-p,--parsable] [-v,--verbose] [tpg_name]


List information about the configured target portal group. If tpg_name is
specified then list only the information about the target portal group
associated with that tpg_name. Options are as follows.


-p,--parsable

Used for scripting mode. Do not print headers and separate fields by
a single tab instead of arbitrary white space.


-v,--verbose

Verbose mode.


itadm delete-tpg
itadm delete-tpg [-f,--force] tpg_name


Delete the target portal group associated with tpg_name. Option is as
follows.

-f,--force

If the TPG is associated with any targets, the request to delete will
be denied unless this option is specified.


itadm create-initiator
itadm create-initiator [-s,--chap-secret] [-S,--chap-secret-file path]
[-u,--chap-user chap-user-name] initiator_node_name


Configure parameters associated with the remote initiator named
initiator_node_name. Options are as follows.

-s,--chap-secret

As described under the create-target subcommand, above.


-S,--chap-secret-file path

As described under the create-target subcommand, above.


-u,--chap-user chap-user-name

Specifies the CHAP username for an initiator, for use in CHAP
authentication. If no value is specified then the initiator node
name is used as the username.


itadm modify-initiator
itadm modify-initiator [-s,--chap-secret] [-S,--chap-secret-file path]
[-u,--chap-user chap-user-name] initiator_node_name


Modify parameters associated with the remote initiator named
initiator_node_name. Options are as follows.

-s,--chap-secret

As described under the create-target subcommand, above.


-S,--chap-secret-file path

As described under the create-target subcommand, above.


-u,--chap-user chap-user-name

Specifies the CHAP username for an initiator, for use in CHAP
authentication. If no value is specified then the initiator node
name is used as the username.


itadm delete-initiator
itadm delete-initiator initiator_node_name


Delete parameters associated with the remote initiator named
initiator_node_name. This subcommand has no options.

itadm list-initiator
itadm list-initiator [-p,--parsable] [-v,--verbose] initiator_node_name


List parameters associated with the initiator named initiator_node_name.
Options are as follows.


-p,--parsable

Used for scripting mode. Do not print headers and separate fields by
a single tab instead of arbitrary white space.


-v,--verbose

Verbose mode.


itadm modify-defaults
itadm modify-defaults [-a,--auth-method radius | chap | none]
[-r,--radius-server IP-address[:port]] [-d,--radius-secret]
[-D,--radius-secret-file path][-i,--isns enable | disable]
[-I,--isns-server IP-address[:port][,IP-address[:port]]]


Modify default parameters. Options are as follows.

-a,--auth-method radius | chap | none

Specifies the default authentication method to use for all targets.
Valid values are radius, chap, and none. chap indicates that
initiators connecting to this target must be authenticated using
Challenge Handshake Authentication Protocol (CHAP). radius indicates
initiators should also be authenticated by means of CHAP, but the
required authentication parameters should be obtained from a central
RADIUS server. (See --radius-server and --radius-secret options.)
none means that no authentication is required to connect to the
target. Individual targets can override this global setting using the
-a option of the create-target and modify-target subcommands.


-d,--radius-secret

RADIUS Shared Secret for centralized CHAP authentication.


-D,--radius-secret-file path

Path to a temporary file containing the CHAP secret as described in
the -d option.


-i,--sns enable | disable

Specifies whether targets should be registered with the set of
defined iSCSI Name Service (iSNS) servers.


-I,--isns-server IP-address[:port][,IP-address[:port],...]

Defines a list of iSNS servers with which iSCSI target nodes will be
registered when the isns option associated with the respective target
is set. Up to eight iSNS servers can be specified. To remove all iSNS
servers, use -I none.


-r,--radius-server IP-address[:port]

Specify the IP address of the RADIUS server used for centralized CHAP
authentication.


itadm list-defaults
itadm list-defaults [-p,--parsable]


List information about the default properties. Option is as follows.


-p,--parsable

Used for scripting mode. Do not print headers and separate fields by
a single tab instead of arbitrary white space.


EXAMPLES


Example 1: Creating a Target




The following command creates a target.


# itadm create-target
Target iqn.1986-03.com.sun:02:72e1b181-7bce-c0e6-851e-ec0d8cf14b7a
successfully created


Example 2: Creating a Target with a Specific Name




The following command creates a target with a specific IQN.


# itadm create-target -n eui.20387ab8943ef7548
or:
# itadm create-target \
-n iqn.1986-03.com.sun:02:a9a366f8-cc2b-f291-840948c7f29e


Example 3: Changing a Name




The following command changes an IQN for an existing target.


# itadm modify-target -n eui.20387ab8943ef7548 \
iqn.1986-03.com.sun:02:a9a366f8-909b-cc2b-f291-840948c7f29e


Example 4: Setting up CHAP Authentication




The following command sets up CHAP authentication for a target using the
default CHAP username.


# itadm modify-initiator -s iqn.1986-03.com.sun:01:e00000000000.47d55444
Enter CHAP secret: *********
Re-enter secret: *********

# itadm modify-target -a chap eui.20387ab8943ef7548


Example 5: Creating Target Portal Groups




The following command creates two target portal groups, A and B, using
port 8000 for the addresses in TPG 2.


# itadm create-tpg A 192.168.0.1 192.168.0.2
# itadm create-tpg B 192.168.0.2:8000 192.168.0.2:8000


Example 6: Configuring a Target to Use TPGs




The following command configures a target to use TPGs A and B.


# itadm modify-target -t A,B eui.20387ab8943ef7548


Example 7: Setting up RADIUS Authentication for Specific Target




The following command sets up RADIUS authentication for a specific
target.


# itadm modify-defaults -r 192.168.10.1 -d
Enter RADIUS secret: *********
Re-enter secret: *********

# itadm modify-target -a radius eui.20387ab8943ef7548


Example 8: Setting up RADIUS Authentication for All Targets




The following command sets up RADIUS authentication for all targets.


# itadm modify-defaults -d -r 192.168.10.1 -a radius
Enter RADIUS secret: *********
Re-enter secret: *********


The preceding command assumes all targets were created with -a default.


Example 9: Listing Default Properties




The following command lists default properties.


# itadm list-defaults
iSCSI Target Default Properties:

alias: none
auth: none
radiusserver: none
radiussecret: unset
isns: disabled
isnsserver: 2.3.4.5,4.5.6.7


Example 10: Listing Targets




The following command lists targets.


# itadm list-target
TARGET NAME STATE SESSIONS
iqn.1986-03.com.sun:02:72e1b181-7bce-c0e6-851e-ec0d8cf14b7a online 0
iqn.1986-03.com.sun:02:2cb0c526-c05a-e279-e396-a367006f4227 online 0
iqn.1986-03.com.sun:02:d14125bb-1c9d-c28d-97b0-f89259b642f3 online 0
iqn.1986-03.com.sun:02:03ff9fc5-794a-e9b4-a081-bb82917c292a online 0


Example 11: Listing Targets (Verbose)




The following command lists targets with the verbose option.


# itadm list-target -v
TARGET NAME STATE SESSIONS
iqn.1986-03.com.sun:02:d23e68d8-2d79-c988-98e7-a6361689d33c online 0
alias: -
auth: none (defaults)
targetchapuser: -
targetchapsecret: unset
tpg-tags: default
iqn.1986-03.com.sun:02:94ec46d4-c8e1-6993-ef03-ffc1dcd66606 online 1
alias: -
auth: chap
targetchapuser: -
targetchapsecret: unset
tpg-tags: nge1_ipv4 = 3


Example 12: Listing a Specific Target




The following command lists targets with the verbose option.


# itadm list-target -v \
iqn.1986-03.com.sun:02:2cb0c526-c05a-e279-e396-a367006f4227
TARGET NAME STATE SESSIONS
iqn.1986-03.com.sun:02:2cb0c526-c05a-e279-e396-a367006f4227 online 1
alias: -
auth: chap
targetchapuser: -
targetchapsecret: unset
tpg-tags: nge1_ipv4 = 3


ATTRIBUTES


See attributes(5) for descriptions of the following attributes:


+--------------------+-----------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+--------------------+-----------------+
|Interface Stability | Committed |
+--------------------+-----------------+

SEE ALSO


iscsiadm(1M), stmfadm(1M), libstmf(3LIB), attributes(5)


April 9, 2016 ITADM(1M)