iSCSI (Internet Small Computer System Interface) is a network protocol that allows servers to access block-level storage over a TCP/IP network, enabling centralized storage management. On RHEL 9, configuring iSCSI involves setting up a storage target that exports block devices and an initiator that connects to and mounts those devices. This tutorial covers the full end-to-end workflow: configuring an iSCSI target with targetcli, connecting with the initiator utilities, and mounting the discovered disk persistently. All commands require root privileges and assume both target and initiator are running RHEL 9.

Prerequisites

  • Two RHEL 9 servers: one acting as the iSCSI target, one as the initiator
  • Network connectivity between both servers
  • Root or sudo access on both machines
  • An available disk or free space for a file-backed storage image on the target
  • Firewall access on port 3260/tcp on the target server

Step 1 — Install and Configure the iSCSI Target

On the target server, install targetcli, which provides an interactive shell for configuring the Linux-IO (LIO) target subsystem:

dnf install -y targetcli
systemctl enable --now target

Launch the targetcli shell and create a file-backed storage object. Replace /data/disk1.img with your desired path and adjust the size as needed:

targetcli

# Inside the targetcli shell:
cd /backstores/fileio
create disk1 /data/disk1.img 10G
cd /iscsi
create iqn.2024-01.com.example:storage01
cd iqn.2024-01.com.example:storage01/tpg1
portals/ create 0.0.0.0 3260
luns/ create /backstores/fileio/disk1
acls/ create iqn.2024-01.com.example:client01
set auth userid=iscsiuser password=SecurePass123
saveconfig
exit

The IQN (iSCSI Qualified Name) follows the format iqn.YYYY-MM.reverse-domain:identifier. The ACL entry must match the initiator name configured on the client.

Step 2 — Open the Firewall on the Target

Allow incoming iSCSI connections on port 3260:

firewall-cmd --permanent --add-port=3260/tcp
firewall-cmd --reload

Step 3 — Install and Configure the iSCSI Initiator

On the initiator server, install the iSCSI initiator utilities and set the initiator name to match the ACL created on the target:

dnf install -y iscsi-initiator-utils

# Edit the initiator name file
echo "InitiatorName=iqn.2024-01.com.example:client01" > /etc/iscsi/initiatorname.iscsi

# Configure CHAP authentication in /etc/iscsi/iscsid.conf
sed -i 's/#node.session.auth.authmethod = CHAP/node.session.auth.authmethod = CHAP/' /etc/iscsi/iscsid.conf
echo "node.session.auth.username = iscsiuser" >> /etc/iscsi/iscsid.conf
echo "node.session.auth.password = SecurePass123" >> /etc/iscsi/iscsid.conf

systemctl enable --now iscsid

Step 4 — Discover and Log In to the Target

Use iscsiadm to discover available targets on the target server’s IP address, then log in. Replace 192.168.1.100 with your target server’s IP:

# Discover targets
iscsiadm --mode discoverydb --type sendtargets --portal 192.168.1.100 --discover

# Log in to the discovered target
iscsiadm --mode node --targetname iqn.2024-01.com.example:storage01 
  --portal 192.168.1.100:3260 --login

# Verify the session is active
iscsiadm --mode session

# Check for the new block device
lsblk

After login, the iSCSI disk should appear as a new device (e.g., /dev/sdb).

Step 5 — Partition, Format, and Mount the iSCSI Disk

Create a partition, format it with ext4, and mount it persistently. The _netdev mount option is critical — it tells systemd to mount this filesystem only after the network is available:

# Partition the disk
fdisk /dev/sdb
# In fdisk: press n, p, 1, Enter, Enter, w to create a primary partition

# Format the partition
mkfs.ext4 /dev/sdb1

# Create a mount point and mount it
mkdir -p /mnt/iscsi
mount /dev/sdb1 /mnt/iscsi

# Get the UUID for fstab
blkid /dev/sdb1

Add the following entry to /etc/fstab using the UUID from blkid:

UUID=your-uuid-here  /mnt/iscsi  ext4  defaults,_netdev  0 0

Verify the fstab entry is valid:

mount -a
df -h /mnt/iscsi

Step 6 — Enable the iSCSI Service on Boot

Ensure the iSCSI session reconnects automatically after a reboot:

# Enable automatic login at boot for this target
iscsiadm --mode node --targetname iqn.2024-01.com.example:storage01 
  --portal 192.168.1.100:3260 --op update --name node.startup --value automatic

# Confirm services are enabled
systemctl enable iscsid
systemctl is-enabled iscsid
systemctl status target   # On the target server

Conclusion

You have successfully configured an iSCSI target with CHAP authentication using targetcli and connected a RHEL 9 initiator that mounts the remote block device persistently at boot. iSCSI provides a cost-effective way to centralize block storage without dedicated SAN hardware, using your existing Ethernet infrastructure. You can add more LUNs by creating additional backstores and associating them with the TPG, and scale out by adding multiple portals for redundancy.

Next steps: How to Configure GlusterFS Distributed Storage on RHEL 9, How to Set Up a Ceph Storage Cluster on RHEL 9, and How to Install and Configure MinIO Object Storage on RHEL 9.