iSCSI stands for Internet Small Computer Systems Interface, an IP-based storage, works on top of internet protocol by carrying SCSI commands over IP network. iSCSI transports block-level data between an iSCSI initiator on a client machine and an iSCSI target on a storage device (server).
Environment:
Server: server.itzgeek.local
IP Address: 192.168.12.20
Client: node1.itzgeek.local
IP Address: 192.168.12.11
Storage Configuration:
Here, we will create 5GB of LVM disk on the target server to use as a shared storage for clients. Let’s list the available disks attached to the target server using below command. If you want to use the whole disk for LVM, skip the below step.
[root@server ~]# fdisk -l | grep -i sd Disk /dev/sda: 107.4 GB, 107374182400 bytes, 209715200 sectors /dev/sda1 * 2048 1026047 512000 83 Linux /dev/sda2 1026048 209715199 104344576 8e Linux LVM Disk /dev/sdb: 10.7 GB, 10737418240 bytes, 20971520 sectors
From the above output, you can see that my system has a 10GB of disk (/dev/sdb). We will create a 5GB partition on the above disk and will use it for LVM.
[root@server ~]# fdisk /dev/sdb
Welcome to fdisk (util-linux 2.23.2).
Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.
Device does not contain a recognized partition table
Building a new DOS disklabel with disk identifier 0x173dfa4d.
Command (m for help): n --> New partition
Partition type:
p primary (0 primary, 0 extended, 4 free)
e extended
Select (default p): p --> Pimary partition
Partition number (1-4, default 1): 1 - -> Partition number
First sector (2048-20971519, default 2048): --> Just enter
Using default value 2048
Last sector, +sectors or +size{K,M,G} (2048-20971519, default 20971519): +5G --> Enter the size
Partition 1 of type Linux and of size 5 GiB is set
Command (m for help): t --> Change label
Selected partition 1
Hex code (type L to list all codes): 8e --> Change it as LVM label
Changed type of partition 'Linux' to 'Linux LVM'
Command (m for help): w --> Save
The partition table has been altered!
Calling ioctl() to re-read partition table.
Syncing disks.
Create a LVM with /dev/sdb1 partition (replace /dev/sdb1 with your disk name)
[root@server ~]# pvcreate /dev/sdb1 [root@server ~]# vgcreate vg_iscsi /dev/sdb1 [root@server ~]# lvcreate -l 100%FREE -n lv_iscsi vg_iscsi
Creating iSCSI target:
Now you have an option of creating target either with authentication or without authentication. In this article, you can find steps for both scenarios. It is up to you to decide which one is suitable for your environment.
Configuring iSCSI Targets with CHAP authentication:
Install the targetcli package on the server.
[root@server ~]# yum install targetcli -y
Once you installed the package, enter below command to get a iSCSI CLI for an interactive prompt.
[root@server ~]# targetcli Warning: Could not load preferences file /root/.targetcli/prefs.bin. targetcli shell version 2.1.fb41 Copyright 2011-2013 by Datera, Inc and others. For help on commands, type 'help'. >
Now use an existing logical volume (/dev/vg_iscsi/lv_iscsi) as a block-type backing store for storage object “scsi_disk1_server“.
/> cd backstores/block /backstores/block> create scsi_disk1_server /dev/vg_iscsi/lv_iscsi Created block storage object scsi_disk1_server using /dev/vg_iscsi/lv_iscsi.
Create a target.
/backstores/block> cd /iscsi /iscsi> create iqn.2016-02.local.itzgeek.server:disk1 Created target iqn.2016-02.local.itzgeek.server:disk1. Created TPG 1. Global pref auto_add_default_portal=true Created default portal listening on all IPs (0.0.0.0), port 3260. /iscsi>
Create ACL for client machine (It’s the IQN which clients use to connect).
/iscsi> cd /iscsi/iqn.2016-02.local.itzgeek.server:disk1/tpg1/acls /iscsi/iqn.20...sk1/tpg1/acls> create iqn.2016-02.local.itzgeek.server:node1node2 Created Node ACL for iqn.2016-02.local.itzgeek.server:node1node2
Set CHAP authentication.
/iscsi/iqn.20...sk1/tpg1/acls> cd iqn.2016-02.local.itzgeek.server:node1node2 /iscsi/iqn.20...er:node1node2> set auth userid=user Parameter userid is now 'user'. /iscsi/iqn.20...er:node1node2> set auth password=password Parameter password is now 'password'.
Create a LUN under the target, The LUN should use the previously mentioned backing storage object named “scsi_disk1_server”
/iscsi/iqn.20...er:node1node2> cd /iscsi/iqn.2016-02.local.itzgeek.server:disk1/tpg1/luns /iscsi/iqn.20...sk1/tpg1/luns> create /backstores/block/scsi_disk1_server Created LUN 0. Created LUN 0->0 mapping in node ACL iqn.2016-02.local.itzgeek.server:node1node2
Verify the target server configuration.
/iscsi/iqn.20.../tpg1/portals> cd / /> ls o- / ......................................................................................................................... [...] o- backstores .............................................................................................................. [...] | o- block .................................................................................................. [Storage Objects: 1] | | o- scsi_disk1_server .................................................. [/dev/vg_iscsi/lv_iscsi (5.0GiB) write-thru activated] | o- fileio ................................................................................................. [Storage Objects: 0] | o- pscsi .................................................................................................. [Storage Objects: 0] | o- ramdisk ................................................................................................ [Storage Objects: 0] o- iscsi ............................................................................................................ [Targets: 1] | o- iqn.2016-02.local.itzgeek.server:disk1 ............................................................................ [TPGs: 1] | o- tpg1 ............................................................................................... [no-gen-acls, no-auth] | o- acls .......................................................................................................... [ACLs: 1] | | o- iqn.2016-02.local.itzgeek.server:node1node2 .......................................................... [Mapped LUNs: 1] | | o- mapped_lun0 ..................................................................... [lun0 block/scsi_disk1_server (rw)] | o- luns .......................................................................................................... [LUNs: 1] | | o- lun0 ............................................................... [block/scsi_disk1_server (/dev/vg_iscsi/lv_iscsi)] | o- portals .................................................................................................... [Portals: 1] | o- 0.0.0.0:3260 ..................................................................................................... [OK] o- loopback ......................................................................................................... [Targets: 0]
Save and exit from target CLI.
/> saveconfig Last 10 configs saved in /etc/target/backup. Configuration saved to /etc/target/saveconfig.json /> exit Global pref auto_save_on_exit=true Last 10 configs saved in /etc/target/backup. Configuration saved to /etc/target/saveconfig.json
Enable and restart the target service.
[root@server ~]# systemctl enable target.service [root@server ~]# systemctl restart target.service
Configure the firewall to allow iSCSI traffic.
[root@server ~]# firewall-cmd --permanent --add-port=3260/tcp [root@server ~]# firewall-cmd --reload
Configure Initiator with CHAP authentication:
Now it’s the time to configure a client machine to use this target as a storage, install below package on the client machine (node1).
[root@node1 ~]# yum install iscsi-initiator-utils -y
Edit below file and add iscsi initiator name.
[root@node1 ~]# vi /etc/iscsi/initiatorname.iscsi InitiatorName=iqn.2016-02.local.itzgeek.server:node1node2
Discover the target using below command.
[root@node1 ~]# iscsiadm -m discovery -t st -p 192.168.12.20 192.168.12.20:3260,1 iqn.2016-02.local.itzgeek.server:disk1
Enable CHAP authentication in iscsid.conf file, uncomment and modify the green colored lines as per your environment.
[root@node1 ~]# vi /etc/iscsi/iscsid.conf
# To enable CHAP authentication set node.session.auth.authmethod # to CHAP. The default is None. node.session.auth.authmethod = CHAP # To set a CHAP username and password for initiator # authentication by the target(s), uncomment the following lines: node.session.auth.username = user node.session.auth.password = password
Restart and enable the initiator service.
[root@node1 ~]# systemctl restart iscsid.service [root@node1 ~]# systemctl enable iscsid.service
Login to the discovered target.
[root@node1 ~]# iscsiadm -m node -T iqn.2016-02.local.itzgeek.server:disk1 -p 192.168.12.20 -l Logging in to [iface: default, target: iqn.2016-02.local.itzgeek.server:disk1, portal: 192.168.12.20,3260] (multiple) Login to [iface: default, target: iqn.2016-02.local.itzgeek.server:disk1, portal: 192.168.12.20,3260] successful.
Configuring iSCSI Targets without CHAP Authentication:
Install the targetcli package on the server.
[root@server ~]# yum install targetcli -y
Once you installed the package, enter below command to get a iSCSI CLI for an interactive prompt.
[root@server ~]# targetcli Warning: Could not load preferences file /root/.targetcli/prefs.bin. targetcli shell version 2.1.fb41 Copyright 2011-2013 by Datera, Inc and others. For help on commands, type 'help'. >
Now use an existing logical volume (/dev/vg_iscsi/lv_iscsi) as a block-type backing store for storage object “scsi_disk1_server“.
/> cd backstores/block /backstores/block> create scsi_disk1_server /dev/vg_iscsi/lv_iscsi Created block storage object scsi_disk1_server using /dev/vg_iscsi/lv_iscsi.
Create a target.
/backstores/block> cd /iscsi /iscsi> create iqn.2016-02.local.itzgeek.server:disk1 Created target iqn.2016-02.local.itzgeek.server:disk1. Created TPG 1. Global pref auto_add_default_portal=true Created default portal listening on all IPs (0.0.0.0), port 3260. /iscsi>
Create ACL for client machine (It’s the IQN which clients use to connect).
/iscsi> cd /iscsi/iqn.2016-02.local.itzgeek.server:disk1/tpg1/acls /iscsi/iqn.20...sk1/tpg1/acls> create iqn.2016-02.local.itzgeek.server:node1node2 Created Node ACL for iqn.2016-02.local.itzgeek.server:node1node2
By default authentication is enabled, disable it.
/iscsi/iqn.20...sk1/tpg1/acls> cd /iscsi/iqn.2016-02.local.itzgeek.server:disk1/tpg1/ /iscsi/iqn.20...er:disk1/tpg1> set attribute authentication=0 Parameter authentication is now '0'. /iscsi/iqn.20...er:disk1/tpg1> set attribute generate_node_acls=1 Parameter generate_node_acls is now '1'.
Create a LUN under the target, The LUN should use the previously mentioned backing storage object named “scsi_disk1_server”
/iscsi/iqn.20...er:disk1/tpg1> cd /iscsi/iqn.2016-02.local.itzgeek.server:disk1/tpg1/luns /iscsi/iqn.20...sk1/tpg1/luns> create /backstores/block/scsi_disk1_server Created LUN 0. Created LUN 0->0 mapping in node ACL iqn.2016-02.local.itzgeek.server:node1node2
Verify the target server configuration.
/iscsi/iqn.20.../tpg1/portals> cd / /> ls o- / ......................................................................................................................... [...] o- backstores .............................................................................................................. [...] | o- block .................................................................................................. [Storage Objects: 1] | | o- scsi_disk1_server .................................................. [/dev/vg_iscsi/lv_iscsi (5.0GiB) write-thru activated] | o- fileio ................................................................................................. [Storage Objects: 0] | o- pscsi .................................................................................................. [Storage Objects: 0] | o- ramdisk ................................................................................................ [Storage Objects: 0] o- iscsi ............................................................................................................ [Targets: 1] | o- iqn.2016-02.local.itzgeek.server:disk1 ............................................................................ [TPGs: 1] | o- tpg1 .................................................................................................. [gen-acls, no-auth] | o- acls .......................................................................................................... [ACLs: 1] | | o- iqn.2016-02.local.itzgeek.server:node1node2 .......................................................... [Mapped LUNs: 1] | | o- mapped_lun0 ..................................................................... [lun0 block/scsi_disk1_server (rw)] | o- luns .......................................................................................................... [LUNs: 1] | | o- lun0 ............................................................... [block/scsi_disk1_server (/dev/vg_iscsi/lv_iscsi)] | o- portals .................................................................................................... [Portals: 1] | o- 0.0.0.0:3260 ..................................................................................................... [OK] o- loopback ......................................................................................................... [Targets: 0]Save and exit from target CLI.
/> saveconfig Last 10 configs saved in /etc/target/backup. Configuration saved to /etc/target/saveconfig.json /> exit Global pref auto_save_on_exit=true Last 10 configs saved in /etc/target/backup. Configuration saved to /etc/target/saveconfig.json
Enable and restart the target service.
[root@server ~]# systemctl enable target.service [root@server ~]# systemctl restart target.service
Configure the firewall to allow iSCSI traffic.
[root@server ~]# firewall-cmd --permanent --add-port=3260/tcp [root@server ~]# firewall-cmd --reload
Configure Initiator without CHAP authentication:
Now it’s the time to configure a client machine to use this target as a storage, install below package on the client machine (node1).
[root@node1 ~]# yum install iscsi-initiator-utils -y
Edit below file and add iscsi initiator name.
[root@node1 ~]# vi /etc/iscsi/initiatorname.iscsi InitiatorName=iqn.2016-02.local.itzgeek.server:node1node2
Discover the target using below command.
[root@node1 ~]# iscsiadm -m discovery -t st -p 192.168.12.20 192.168.12.20:3260,1 iqn.2016-02.local.itzgeek.server:disk1
Restart and enable the initiator service.
[root@node1 ~]# systemctl restart iscsid.service [root@node1 ~]# systemctl enable iscsid.service
Login to the discovered target.
[root@node1 ~]# iscsiadm -m node -T iqn.2016-02.local.itzgeek.server:disk1 -p 192.168.12.20 -l Logging in to [iface: default, target: iqn.2016-02.local.itzgeek.server:disk1, portal: 192.168.12.20,3260] (multiple) Login to [iface: default, target: iqn.2016-02.local.itzgeek.server:disk1, portal: 192.168.12.20,3260] successful.
Creating File System:
After login (connecting) to discovered target, have a look at messages file. You would find similar output like below, from where you can find a name of the disk.
[root@node1 ~]# cat /var/log/messages Feb 23 14:54:47 node2 kernel: sd 34:0:0:0: [sdb] 10477568 512-byte logical blocks: (5.36 GB/4.99 GiB) Feb 23 14:54:47 node2 kernel: sd 34:0:0:0: [sdb] Write Protect is off Feb 23 14:54:47 node2 kernel: sd 34:0:0:0: [sdb] Write cache: disabled, read cache: enabled, doesn't support DPO or FUA Feb 23 14:54:48 node2 kernel: sdb: unknown partition table Feb 23 14:54:48 node2 kernel: sd 34:0:0:0: [sdb] Attached SCSI disk Feb 23 14:54:48 node2 iscsid: Could not set session2 priority. READ/WRITE throughout and latency could be affected. Feb 23 14:54:48 node2 iscsid: Connection2:0 to [target: iqn.2016-02.local.itzgeek.server:disk1, portal: 192.168.12.20,3260] through [iface: default] is operational now
List down the attached disks.
[root@node1 ~]# cat /proc/partitions major minor #blocks name 8 0 104857600 sda 8 1 512000 sda1 8 2 104344576 sda2 11 0 1048575 sr0 253 0 2113536 dm-0 253 1 52428800 dm-1 253 2 49799168 dm-2 8 16 5238784 sdb
Format the new disk (for sake of article, I have formated whole disk instead of creating partition)
root@node1 ~]# mkfs.xfs /dev/sdb meta-data=/dev/sdb isize=256 agcount=8, agsize=163712 blks = sectsz=512 attr=2, projid32bit=1 = crc=0 data = bsize=4096 blocks=1309696, imaxpct=25 = sunit=0 swidth=0 blks naming =version 2 bsize=4096 ascii-ci=0 ftype=0 log =internal log bsize=4096 blocks=2560, version=2 = sectsz=512 sunit=0 blks, lazy-count=1 realtime =none extsz=4096 blocks=0, rtextents=0
Mount the disk.
[root@node1 ~]# mount /dev/sdb /mnt
verify the disk is mounted using below command.
[root@node1 ~]# df -hT Filesystem Type Size Used Avail Use% Mounted on /dev/mapper/centos-root xfs 50G 955M 50G 2% / devtmpfs devtmpfs 908M 0 908M 0% /dev tmpfs tmpfs 914M 54M 861M 6% /dev/shm tmpfs tmpfs 914M 8.5M 905M 1% /run tmpfs tmpfs 914M 0 914M 0% /sys/fs/cgroup /dev/mapper/centos-home xfs 48G 33M 48G 1% /home /dev/sda1 xfs 497M 97M 401M 20% /boot /dev/sdb xfs 5.0G 33M 5.0G 1% /mnt
In case you want to de-attach the added disk, please follow the procedure (unmount and logout).
[root@node1 ~]# umount /mnt/ [root@node1 ~]# iscsiadm -m node -T iqn.2016-02.local.itzgeek.server:disk1 -p 192.168.12.20 -u Logging out of session [sid: 1, target: iqn.2016-02.local.itzgeek.server:disk1, portal: 192.168.12.20,3260] Logout of [sid: 1, target: iqn.2016-02.local.itzgeek.server:disk1, portal: 192.168.12.20,3260] successful.
That’s All.
no copyright !! 个人原创博客欢迎转载,可以不保留出处。
浙公网安备 33010602011771号