Re: ctl.conf / iscsi docs and best practices

From: mike tancsa <mike_at_sentex.net>
Date: Mon, 14 Mar 2022 19:12:30 UTC
On 3/14/2022 3:00 PM, Michael Jung wrote:
> I just started working with the target again about a week ago, here is 
> my setup.
>
> For two remote initiators to connect to the same target you need
> option "ha shared" "on"
>
> Maybe this helps you a little.
>
It does, thank you!!  Couple of questions below.


> auth-group "ag0" {
> initiator-name "iqn.1998-01.com.vmware:hv1-3972eaf3"
> initiator-name "iqn.1998-01.com.vmware:esxi2.mikej.local:980613345:64"
> initiator-name "iqn.1998-01.com.vmware:esxi3.mikej.local.:1805690011:64"
> initiator-portal "192.168.6.8"
> initiator-portal "192.168.6.14"
> initiator-portal "192.168.6.5"
> auth-type "none"
> }
>

For the above auth group, for the portal IPs I guess this means those 
users are only allowed to connect from those IP addresses but you cant 
restrict a user to a specific IP ?


>
> option "naa" "0x6589cfc00000079e8a0d223e935440ab"
>
the naa is just a uniq identifier ? Who / what makes use of that ? A 
quick google says its just used to identify the serial #. Why / when 
would I want to do that ?

In the two targets below, why use lun "0" and why lun "1" in the second 
target ? From the config I generated from TrueNAS, it kept the lun as 
"0" for each target. Just convention ?

Thanks again!

     ---Mike


>
>
> target "iqn.2005-10.org.mikej.ctl:esxi-store1" {
> auth-group "ag0"
> portal-group "pg0"
> alias "esxi-store1"
> lun "0" "esxi-store1"
> }
>
> target "iqn.1994-05.com.unitrends:60e2f1d15e57" {
> auth-group "ag1"
> portal-group "pg0"
> alias "unitrens11"
> lun "1" "unitrends1"
> }
>