ITADM(1M)ITADM(1M)NAMEitadm - administer iSCSI targets
SYNOPSISitadm create-target [-a,--auth-method radius | chap | none | default]
[-s,--chap-secret] [-S,--chap-secret-file path]
[-u,--chap-user chap-user-name] [-n,--node-name target_node_name]
[-l,--alias alias] [-t,--tpg tpg-name[,tpg-name]]
itadm modify-target [-a,--auth-method radius | chap | none | default]
[-s,--chap-secret] [-S,--chap-secret-file path]
[-u,--chap-user chap-user-name] [-n,--node-name new_target_node_name]
[-l,--alias alias] [-t,--tpg tpg-name[,tpg-name]] target_node_name
itadm delete-target [-f,--force] target_node_name
itadm list-target [-p,--parsable] [-v,--verbose] [target_node_name]
itadm create-tpg tpg_name IP-address[:port] [IP-address[:port]]...
itadm list-tpg [-p,--parsable] [-v,--verbose] [tpg_name]
itadm delete-tpg [-f,--force] tpg_name
itadm create-initiator [-s,--chap-secret] [-S,--chap-secret-file path]
[-u,--chap-user chap-user-name] initiator_node_name
itadm modify-initiator [-s,--chap-secret] [-S,--chap-secret-file path]
[-u,--chap-user chap-user-name] initiator_node_name
itadm list-initiator [-p,--parsable] [-v,--verbose] initiator_node_name
itadm delete-initiator initiator_node_name
itadm modify-defaults [-a,--auth-method radius | chap | none]
[-r,--radius-server IP-address[:port]] [-d,--radius-secret]
[-D,--radius-secret-file path][-i,--isns enable | disable]
[-I,--isns-server IP-address[:port][,IP-address[:port]]]
itadm list-defaults [-p,--parsable]
DESCRIPTION
The itadm command manages Internet SCSI (iSCSI) target nodes within the
SCSI Target Mode Framework described in stmfadm(1M) and libstmf(3LIB).
This allows the iSCSI initiators to access STMF logical units using the
iSCSI protocol. In addition to iSCSI target nodes, itadm manages two
other classes of managed objects: iSCSI Target Portal Groups, and iSCSI
Initiator Node Contexts.
itadm is implemented as a set of subcommands with options and operands
for each subcommand. These subcommands are described in their own sec‐
tion, below. In addition to its subcommands, itadm has a help command,
which displays the utility's usage information. The help command is
invoked with the -? option.
iSCSI Target Portal Groups
An iSCSI Target Network Portal is an IP address and TCP port that can
be used by an initiator node to connect to an iSCSI target. A collec‐
tion of these portals is called a Target Portal Group (TPG). You can
use a TPG to limit access to an iSCSI target. Use the itadm modify -t
command to bind a specific iSCSI target to the TPG. An iSCSI listener
is created on each IP address that belongs to the TPG, and listens for
connections to the iSCSI target.
A TPG is identified by a unique name provided when the TPG is created.
A numerical "Target Portal Group Tag" from the range 2-65535 is auto‐
matically generated when the TPG is created. The Target Portal Group
Tag 1 is reserved for the "default" target portal group that is used
when no explicit Target Portal Groups are set on the target. The portal
for the default TPG matches requests from all network interfaces on
port 3260.
iSCSI Initiator Node Contexts
Certain operations such as authentication by means of Challenge Hand‐
shake Authentication Protocol (CHAP) require parameters associated with
a remote iSCSI Initiator Node. These parameters are associated with an
iSCSI Initiator Node Context. An iSCSI Initiator Node Context is iden‐
tified by its Initiator Node Name, formatted in either IQN or EUI for‐
mat (see RFC 3720). For example:
iqn.1986-03.com.sun:01:e00000000000.47d55444
eui.02004567A425678D
Specifying IP Addresses
A number of itadm subcommands require that you specify one or more IP
addresses with optional port numbers. For IPv4, use standard dotted
decimal notation. For IPv6, enclose addresses in square brackets. The
following are example specifications.
IPv4: 10.2.4.1
10.2.4.1:3260
IPv6: [1080:0:0:0:8:800:200C:417A]
[1080:0:0:0:8:800:200C:417A]:3260
SUB-COMMANDS
The following are the itadm subcommands with their options.
itadm create-target
itadm create-target [-a,--auth-method radius | chap | none | default]
[-s,--chap-secret]
[-S,--chap-secret-file path] [-u,--chap-user chap-user-name]
[-n,--node-name target_node_name] [-l,--alias alias]
[-t,--tpg tpg-name[,tpg-name,...]]
Create a iSCSI target with the specified options. Options are as fol‐
lows.
-a,--auth-method radius | chap | none | default
Specifies the authentication method to use for the target. Valid
values are radius, chap, and none. chap indicates that initiators
connecting to this target must be authenticated using the Challenge
Handshake Authentication Protocol (CHAP). radius indicates initia‐
tors should also be authenticated by means of CHAP but the required
authentication parameters should be obtained from a central RADIUS
server (see the radius-server and radius-secret options). none
means that no authentication is required to connect to the target.
default means the target will use the global setting of this prop‐
erty. (See the modify-defaults subcommand.)
-s,--chap-secret
The CHAP secret to send during mutual CHAP authentication. There is
no default for this property. Maximum length is 255 characters;
minimum required length is 12 characters.
-S,--chap-secret-file path
Path to a temporary file containing the CHAP secret as described in
the -s option.
-u,--chap-user chap-user-name
Specifies the CHAP username for a target for use in mutual CHAP
authentication. This value is allowed only for targets, cannot be
set globally, and is used only when the initiator node is config‐
ured to use mutual CHAP authentication. If no value is specified
then the target node name is used as the username. See iscsi‐
adm(1M).
-n,--node-name target_node_name
An iSCSI Target Node is identified by its Target Node Name, format‐
ted in either IQN or EUI format (see RFC 3720). This option estab‐
lishes that name.
-l,--alias alias
An alternate identifier associated with a target node. The identi‐
fier does not need to be unique.
-t,--tpg tpg-name[,tpg-name,...]
A list of Target Portal Group (TPG) identifiers that specifies the
TPGs that an initiator can use to access a specific target or the
keyword default. If default is specified, the target will use the
default portal, INADDR_ANY:3260.
itadm modify-target
itadm modify-target [-a,--auth-method radius | chap | none | default]
[-s,--chap-secret] [-S,--chap-secret-file path]
[-u,--chap-user chap-user-name] [-n,--node-name new_tgt_node_name]
[-l,--alias alias] [-t,--tpg tpg-name[,tpg-name]] target_node_name
Modify an iSCSI target according to the specified options. Options are
as follows.
-a,--auth-method radius | chap | none | default
As described under the create-target subcommand, above.
-s,--chap-secret
As described under the create-target subcommand, above.
-S,--chap-secret-file path
As described under the create-target subcommand, above.
-u,--chap-user chap-user-name
As described under the create-target subcommand, above. To remove
an explicitly set CHAP username use -u none.
-n,--node-name target_node_name
Renames the target. See also the description of -n under the cre‐
ate-target subcommand, above.
-l,--alias alias
As described under the create-target subcommand, above. To remove
an explicitly set alias use -l none.
-t,--tpg tpg-name[,tpg-name,...]
As described under the create-target subcommand, above.
itadm list-target
itadm list-target [-p,--parsable] [-v,--verbose] [target_node_name]
List information about the configured targets. If target_node_name is
specified, list only the information for that target. Options are as
follows.
-p,--parsable
Used for scripting mode. Do not print headers and separate fields
by a single tab instead of arbitrary white space.
-v,--verbose
Verbose mode.
itadm delete-target
itadm delete-target [-f,--force] target_node_name
Delete the target specified by target_node_name. The target must be
offline before it can be deleted. Option is as follows.
-f,--force
If the target persists in an online state, this option attempts to
offline the target before deleting it.
itadm create-tpg
itadm create-tpg tpg_name IP-address[:port]...
Create an iSCSI target portal group made up of the specified portals
and assign it the identifier tpg_name. Each portal is an IP address and
port pair. IPv4 portals are specified in dotted address notation, for
example, 172.31.255.255. IPv6 portal addresses must be enclosed in
square brackets.
This subcommand has no options.
itadm list-tpg
itadm list-tpg [-p,--parsable] [-v,--verbose] [tpg_name]
List information about the configured target portal group. If tpg_name
is specified then list only the information about the target portal
group associated with that tpg_name. Options are as follows.
-p,--parsable
Used for scripting mode. Do not print headers and separate fields
by a single tab instead of arbitrary white space.
-v,--verbose
Verbose mode.
itadm delete-tpg
itadm delete-tpg [-f,--force] tpg_name
Delete the target portal group associated with tpg_name. Option is as
follows.
-f,--force
If the TPG is associated with any targets, the request to delete
will be denied unless this option is specified.
itadm create-initiator
itadm create-initiator [-s,--chap-secret] [-S,--chap-secret-file path]
[-u,--chap-user chap-user-name] initiator_node_name
Configure parameters associated with the remote initiator named initia‐
tor_node_name. Options are as follows.
-s,--chap-secret
As described under the create-target subcommand, above.
-S,--chap-secret-file path
As described under the create-target subcommand, above.
-u,--chap-user chap-user-name
Specifies the CHAP username for an initiator, for use in CHAP
authentication. If no value is specified then the initiator node
name is used as the username.
itadm modify-initiator
itadm modify-initiator [-s,--chap-secret] [-S,--chap-secret-file path]
[-u,--chap-user chap-user-name] initiator_node_name
Modify parameters associated with the remote initiator named initia‐
tor_node_name. Options are as follows.
-s,--chap-secret
As described under the create-target subcommand, above.
-S,--chap-secret-file path
As described under the create-target subcommand, above.
-u,--chap-user chap-user-name
Specifies the CHAP username for an initiator, for use in CHAP
authentication. If no value is specified then the initiator node
name is used as the username.
itadm delete-initiator
itadm delete-initiator initiator_node_name
Delete parameters associated with the remote initiator named initia‐
tor_node_name. This subcommand has no options.
itadm list-initiator
itadm list-initiator [-p,--parsable] [-v,--verbose] initiator_node_name
List parameters associated with the initiator named initia‐
tor_node_name. Options are as follows.
-p,--parsable
Used for scripting mode. Do not print headers and separate fields
by a single tab instead of arbitrary white space.
-v,--verbose
Verbose mode.
itadm modify-defaults
itadm modify-defaults [-a,--auth-method radius | chap | none]
[-r,--radius-server IP-address[:port]] [-d,--radius-secret]
[-D,--radius-secret-file path][-i,--isns enable | disable]
[-I,--isns-server IP-address[:port][,IP-address[:port]]]
Modify default parameters. Options are as follows.
-a,--auth-method radius | chap | none
Specifies the default authentication method to use for all targets.
Valid values are radius, chap, and none. chap indicates that ini‐
tiators connecting to this target must be authenticated using Chal‐
lenge Handshake Authentication Protocol (CHAP). radius indicates
initiators should also be authenticated by means of CHAP, but the
required authentication parameters should be obtained from a cen‐
tral RADIUS server. (See --radius-server and --radius-secret
options.) none means that no authentication is required to connect
to the target. Individual targets can override this global setting
using the -a option of the create-target and modify-target subcom‐
mands.
-d,--radius-secret
RADIUS Shared Secret for centralized CHAP authentication.
-D,--radius-secret-file path
Path to a temporary file containing the CHAP secret as described in
the -d option.
-i,--sns enable | disable
Specifies whether targets should be registered with the set of
defined iSCSI Name Service (iSNS) servers.
-I,--isns-server IP-address[:port][,IP-address[:port],...]
Defines a list of iSNS servers with which iSCSI target nodes will
be registered when the isns option associated with the respective
target is set. Up to eight iSNS servers can be specified. To remove
all iSNS servers, use -I none.
-r,--radius-server IP-address[:port]
Specify the IP address of the RADIUS server used for centralized
CHAP authentication.
itadm list-defaults
itadm list-defaults [-p,--parsable]
List information about the default properties. Option is as follows.
-p,--parsable
Used for scripting mode. Do not print headers and separate fields
by a single tab instead of arbitrary white space.
EXAMPLES
Example 1 Creating a Target
The following command creates a target.
# itadm create-target
Target iqn.1986-03.com.sun:02:72e1b181-7bce-c0e6-851e-ec0d8cf14b7a
successfully created
Example 2 Creating a Target with a Specific Name
The following command creates a target with a specific IQN.
# itadm create-target -n eui.20387ab8943ef7548
or:
# itadm create-target \
-n iqn.1986-03.com.sun:02:a9a366f8-cc2b-f291-840948c7f29e
Example 3 Changing a Name
The following command changes an IQN for an existing target.
# itadm modify-target -n eui.20387ab8943ef7548 \
iqn.1986-03.com.sun:02:a9a366f8-909b-cc2b-f291-840948c7f29e
Example 4 Setting up CHAP Authentication
The following command sets up CHAP authentication for a target using
the default CHAP username.
# itadm modify-initiator -s iqn.1986-03.com.sun:01:e00000000000.47d55444
Enter CHAP secret: *********
Re-enter secret: *********
# itadm modify-target -a chap eui.20387ab8943ef7548
Example 5 Creating Target Portal Groups
The following command creates two target portal groups, A and B, using
port 8000 for the addresses in TPG 2.
# itadm create-tpg A 192.168.0.1 192.168.0.2
# itadm create-tpg B 192.168.0.2:8000 192.168.0.2:8000
Example 6 Configuring a Target to Use TPGs
The following command configures a target to use TPGs A and B.
# itadm modify-target -t A,B eui.20387ab8943ef7548
Example 7 Setting up RADIUS Authentication for Specific Target
The following command sets up RADIUS authentication for a specific tar‐
get.
# itadm modify-defaults -r 192.168.10.1 -d
Enter RADIUS secret: *********
Re-enter secret: *********
# itadm modify-target -a radius eui.20387ab8943ef7548
Example 8 Setting up RADIUS Authentication for All Targets
The following command sets up RADIUS authentication for all targets.
# itadm modify-defaults -d -r 192.168.10.1 -a radius
Enter RADIUS secret: *********
Re-enter secret: *********
The preceding command assumes all targets were created with -a default.
Example 9 Listing Default Properties
The following command lists default properties.
# itadm list-defaults
iSCSI Target Default Properties:
alias: none
auth: none
radiusserver: none
radiussecret: unset
isns: disabled
isnsserver: 2.3.4.5,4.5.6.7
Example 10 Listing Targets
The following command lists targets.
# itadm list-target
TARGET NAME STATE SESSIONS
iqn.1986-03.com.sun:02:72e1b181-7bce-c0e6-851e-ec0d8cf14b7a online 0
iqn.1986-03.com.sun:02:2cb0c526-c05a-e279-e396-a367006f4227 online 0
iqn.1986-03.com.sun:02:d14125bb-1c9d-c28d-97b0-f89259b642f3 online 0
iqn.1986-03.com.sun:02:03ff9fc5-794a-e9b4-a081-bb82917c292a online 0
Example 11 Listing Targets (Verbose)
The following command lists targets with the verbose option.
# itadm list-target -v
TARGET NAME STATE SESSIONS
iqn.1986-03.com.sun:02:d23e68d8-2d79-c988-98e7-a6361689d33c online 0
alias: -
auth: none (defaults)
targetchapuser: -
targetchapsecret: unset
tpg-tags: default
iqn.1986-03.com.sun:02:94ec46d4-c8e1-6993-ef03-ffc1dcd66606 online 1
alias: -
auth: chap
targetchapuser: -
targetchapsecret: unset
tpg-tags: nge1_ipv4 = 3
Example 12 Listing a Specific Target
The following command lists targets with the verbose option.
# itadm list-target -v \
iqn.1986-03.com.sun:02:2cb0c526-c05a-e279-e396-a367006f4227
TARGET NAME STATE SESSIONS
iqn.1986-03.com.sun:02:2cb0c526-c05a-e279-e396-a367006f4227 online 1
alias: -
auth: chap
targetchapuser: -
targetchapsecret: unset
tpg-tags: nge1_ipv4 = 3
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
┌────────────────────┬─────────────────┐
│ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
├────────────────────┼─────────────────┤
│Interface Stability │ Committed │
└────────────────────┴─────────────────┘
SEE ALSOiscsiadm(1M), stmfadm(1M), libstmf(3LIB), attributes(5)
Mar 27, 2014 ITADM(1M)
