Title : OpenBSD and iSCSI part1: the target (server)
Author: Solène
Date  : 21 February 2019
Tags  : unix openbsd iscsi

This is the first article of a series about iSCSI.

iSCSI is a protocol designed for sharing a block device across
network as if it was a local disk. This doesn't permit using that
disk from multiples places at once though, except if you use a
specific filesystem like GFS2 or OCFS2 (Linux only). In this article,
we will learn how to create an iSCSI target, which is the "server"
part of iSCSI, the target is the system holding the disk and making
it available to others on the network.

OpenBSD does not have an target server in base, we will have to use
net/netbsd-iscsi-target for this. The setup is really simple.

First, we obviously need to install the package and we will activate the daemon
so it start automatically at boot, but don't start it yet:

    # pkg_add netbsd-iscsi-target
    # rcctl enable iscsi_target

The configurations files are in **/etc/iscsi/** folder, it contains files
**auths** and **targets**. The default configuration files are the same. By
looking at the source code, it seems that **auths** is used there but it seems
to have no use at all. We will just overwrite it everytime we modify
**targets** to keep them in sync.

Default **/etc/iscsi/targets** (with comments stripped):

    extent0         /tmp/iscsi-target0      0       100MB
    target0         rw      extent0

The first line defines the file holding our disk in the second field, and the
last field defines the size of it. When iscsi-target will be started, it will
create files as required with the size defined here.

The second line defines permissions, in that case, the extent0 disk can be used
read/write by the net For this example, I will only change the
netmask to suit my network, **then I copy targets over auths**.

Let's start the daemon:

    # rcctl start iscsi_target
    # rcctl check iscsi_target

If you want to restrict ports using PF, you only have to allows the TCP port
3260 from the network that will connect to the target. The according line would
looks like this:

    pass in proto tcp to port 3260