iSCSI配置
本文部分转自https://www.linuxprobe.com/chapter-17.html
角色 | ip |
iSCSI 服务端 | 192.168.197.148 |
iSCSI 客户端 | 192.168.197.142 |
服务端添加两块10G的硬盘,用于共享存储
[root@localhost ~]# fdisk -l Disk /dev/sdb: 10.7 GB, 10737418240 bytes, 20971520 sectors Units = sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk /dev/sda: 85.9 GB, 85899345920 bytes, 167772160 sectors Units = sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk label type: dos Disk identifier: 0x000ad3bc Device Boot Start End Blocks Id System /dev/sda1 * 2048 1026047 512000 83 Linux /dev/sda2 1026048 167772159 83373056 8e Linux LVM Disk /dev/sdc: 10.7 GB, 10737418240 bytes, 20971520 sectors Units = sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk /dev/mapper/centos-root: 76.8 GB, 76780929024 bytes, 149962752 sectors Units = sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk /dev/mapper/centos-swap: 8589 MB, 8589934592 bytes, 16777216 sectors Units = sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes
服务端配置
第1步:配置好Yum软件仓库后安装iSCSI服务端程序以及配置命令工具。
yum -y install targetd targetcli
安装完成后启动iSCSI的服务端程序targetd,然后把这个服务程序加入到开机启动项中,以便下次在服务器重启后依然能够为用户提供iSCSI共享存储资源服务:
systemctl start targetd
systemctl enable targetd
第2步:配置iSCSI服务端共享资源。targetcli是用于管理iSCSI服务端存储资源的专用配置命令,它能够提供类似于fdisk命令的交互式配置功能,将iSCSI共享资源的配置内容抽象成“目录”的形式,我们只需将各类配置信息填入到相应的“目录”中即可。这里的难点主要在于认识每个“参数目录”的作用。当把配置参数正确地填写到“目录”中后,iSCSI服务端也可以提供共享资源服务了。
在执行targetcli命令后就能看到交互式的配置界面了。在该界面中可以使用很多Linux命令,比如利用ls查看目录参数的结构,使用cd切换到不同的目录中。/backstores/block是iSCSI服务端配置共享设备的位置。我们需要把刚刚添加的两块10G盘加入到配置共享设备的“资源池”中,并将该文件分别命名为storage01和storage02,这样用户就不会知道是由服务器中的哪块硬盘来提供共享存储资源,而只会看到两个个名为storage01和storage02的存储设备。
[root@localhost ~]# targetcli Warning: Could not load preferences file /root/.targetcli/prefs.bin. targetcli shell version 2.1.fb46 Copyright 2011-2013 by Datera, Inc and others. For help on commands, type 'help'. /> ls o- / ......................................................................................................................... [...] o- backstores .............................................................................................................. [...] | o- block .................................................................................................. [Storage Objects: 0] | o- fileio ................................................................................................. [Storage Objects: 0] | o- pscsi .................................................................................................. [Storage Objects: 0] | o- ramdisk ................................................................................................ [Storage Objects: 0] o- iscsi ............................................................................................................ [Targets: 0] o- loopback ......................................................................................................... [Targets: 0] /> cd /backstores/block /backstores/block> ls o- block ...................................................................................................... [Storage Objects: 0] /backstores/block> create storage01 /dev/sdb Created block storage object storage01 using /dev/sdb. /backstores/block> create storage02 /dev/sdc Created block storage object storage02 using /dev/sdc. /backstores/block> cd / /> ls o- / ......................................................................................................................... [...] o- backstores .............................................................................................................. [...] | o- block .................................................................................................. [Storage Objects: 2] | | o- storage01 ..................................................................... [/dev/sdb (10.0GiB) write-thru deactivated] | | | o- alua ................................................................................................... [ALUA Groups: 1] | | | o- default_tg_pt_gp ....................................................................... [ALUA state: Active/optimized] | | o- storage02 ..................................................................... [/dev/sdc (10.0GiB) write-thru deactivated] | | o- alua ................................................................................................... [ALUA Groups: 1] | | o- default_tg_pt_gp ....................................................................... [ALUA state: Active/optimized] | o- fileio ................................................................................................. [Storage Objects: 0] | o- pscsi .................................................................................................. [Storage Objects: 0] | o- ramdisk ................................................................................................ [Storage Objects: 0] o- iscsi ............................................................................................................ [Targets: 0] o- loopback ......................................................................................................... [Targets: 0] />
第3步:创建iSCSI target名称及配置共享资源。iSCSI target名称是由系统自动生成的,这是一串用于描述共享资源的唯一字符串。稍后用户在扫描iSCSI服务端时即可看到这个字符串,因此我们不需要记住它。系统在生成这个target名称后,还会在/iscsi参数目录中创建一个与其字符串同名的新“目录”用来存放共享资源。我们需要把前面加入到iSCSI共享资源池中的硬盘设备添加到这个新目录中,这样用户在登录iSCSI服务端后,即可默认使用这硬盘设备提供的共享存储资源了。
/> cd iscsi /iscsi> create Created target iqn.2003-01.org.linux-iscsi.localhost.x8664:sn.1903640455de. Created TPG 1. Global pref auto_add_default_portal=true Created default portal listening on all IPs (0.0.0.0), port 3260. /iscsi> cd iqn.2003-01.org.linux-iscsi.localhost.x8664:sn.1903640455de/ /iscsi/iqn.20....1903640455de> ls o- iqn.2003-01.org.linux-iscsi.localhost.x8664:sn.1903640455de ........................................................... [TPGs: 1] o- tpg1 ................................................................................................... [no-gen-acls, no-auth] o- acls .............................................................................................................. [ACLs: 0] o- luns .............................................................................................................. [LUNs: 0] o- portals ........................................................................................................ [Portals: 1] o- 0.0.0.0:3260 ......................................................................................................... [OK] /iscsi/iqn.20....1903640455de> cd tpg1/luns /iscsi/iqn.20...5de/tpg1/luns> ls o- luns .................................................................................................................. [LUNs: 0] /iscsi/iqn.20...5de/tpg1/luns> create /backstores/block/storage01 Created LUN 0. /iscsi/iqn.20...5de/tpg1/luns> create /backstores/block/storage02 Created LUN 1. /iscsi/iqn.20...5de/tpg1/luns>
第4步:设置访问控制列表(ACL)。iSCSI协议是通过客户端名称进行验证的,也就是说,用户在访问存储共享资源时不需要输入密码,只要iSCSI客户端的名称与服务端中设置的访问控制列表中某一名称条目一致即可,因此需要在iSCSI服务端的配置文件中写入一串能够验证用户信息的名称。acls参数目录用于存放能够访问iSCSI服务端共享存储资源的客户端名称。刘遄老师推荐在刚刚系统生成的iSCSI target后面追加上类似于:client的参数,这样既能保证客户端的名称具有唯一性,又非常便于管理和阅读:
/iscsi/iqn.20...5de/tpg1/luns> cd /iscsi/iqn.2003-01.org.linux-iscsi.localhost.x8664:sn.1903640455de/tpg1/acls /iscsi/iqn.20...5de/tpg1/acls> ls o- acls .................................................................................................................. [ACLs: 0] /iscsi/iqn.20...5de/tpg1/acls> create iqn.2003-01.org.linux-iscsi.localhost.x8664:sn.1903640455de:acl Created Node ACL for iqn.2003-01.org.linux-iscsi.localhost.x8664:sn.1903640455de:acl Created mapped LUN 1. Created mapped LUN 0.
第5步:(这步可以不操作)设置iSCSI服务端的监听IP地址和端口号。位于生产环境中的服务器上可能有多块网卡,那么到底是由哪个网卡或IP地址对外提供共享存储资源呢?这就需要我们在配置文件中手动定义iSCSI服务端的信息,即在portals参数目录中写上服务器的IP地址。接下来将由系统自动开启服务器192.168.10.10的3260端口将向外提供iSCSI共享存储资源服务:
/iscsi/iqn.20...5de/tpg1/acls> cd /iscsi/iqn.2003-01.org.linux-iscsi.localhost.x8664:sn.1903640455de/tpg1/portals/ /iscsi/iqn.20.../tpg1/portals> ls o- portals ............................................................................................................ [Portals: 1] o- 0.0.0.0:3260 ............................................................................................................. [OK] /iscsi/iqn.20.../tpg1/portals> create 192.168.197.148 ip_port=3260 Using default IP port 3260
第6步:配置妥当后检查配置信息,重启iSCSI服务端程序并配置防火墙策略。在参数文件配置妥当后,可以浏览刚刚配置的信息,确保与下面的信息基本一致。在确认信息无误后输入exit命令来退出配置。注意,千万不要习惯性地按Ctrl + C组合键结束进程,这样不会保存配置文件,我们的工作也就白费了。最后重启iSCSI服务端程序
/iscsi/iqn.20.../tpg1/portals> cd / /> ls / o- / ......................................................................................................................... [...] o- backstores .............................................................................................................. [...] | o- block .................................................................................................. [Storage Objects: 2] | | o- storage01 ....................................................................... [/dev/sdb (10.0GiB) write-thru activated] | | | o- alua ................................................................................................... [ALUA Groups: 1] | | | o- default_tg_pt_gp ....................................................................... [ALUA state: Active/optimized] | | o- storage02 ....................................................................... [/dev/sdc (10.0GiB) write-thru activated] | | o- alua ................................................................................................... [ALUA Groups: 1] | | o- default_tg_pt_gp ....................................................................... [ALUA state: Active/optimized] | o- fileio ................................................................................................. [Storage Objects: 0] | o- pscsi .................................................................................................. [Storage Objects: 0] | o- ramdisk ................................................................................................ [Storage Objects: 0] o- iscsi ............................................................................................................ [Targets: 1] | o- iqn.2003-01.org.linux-iscsi.localhost.x8664:sn.1903640455de ....................................................... [TPGs: 1] | o- tpg1 ............................................................................................... [no-gen-acls, no-auth] | o- acls .......................................................................................................... [ACLs: 1] | | o- iqn.2003-01.org.linux-iscsi.localhost.x8664:sn.1903640455de:acl ...................................... [Mapped LUNs: 2] | | o- mapped_lun0 ............................................................................. [lun0 block/storage01 (rw)] | | o- mapped_lun1 ............................................................................. [lun1 block/storage02 (rw)] | o- luns .......................................................................................................... [LUNs: 2] | | o- lun0 .................................................................. [block/storage01 (/dev/sdb) (default_tg_pt_gp)] | | o- lun1 .................................................................. [block/storage02 (/dev/sdc) (default_tg_pt_gp)] | o- portals .................................................................................................... [Portals: 1] | o- 0.0.0.0:3260 ..................................................................................................... [OK] o- loopback ......................................................................................................... [Targets: 0] /> exit
重启服务
systemctl restart targetd
记住服务端的acl标识:iqn.2003-01.org.linux-iscsi.localhost.x8664:sn.1903640455de:acl
客户端配置
在RHEL 7系统中,已经默认安装了iSCSI客户端服务程序initiator。如果您的系统没有安装的话,可以使用Yum软件仓库手动安装。
yum install -y iscsi-initiator-utils
前面讲到,iSCSI协议是通过客户端的名称来进行验证,而该名称也是iSCSI客户端的唯一标识,而且必须与服务端配置文件中访问控制列表中的信息一致,否则客户端在尝试访问存储共享设备时,系统会弹出验证失败的保存信息。
下面我们编辑iSCSI客户端中的initiator名称文件,把服务端的访问控制列表名称填写进来,然后重启客户端iscsid服务程序并将其加入到开机启动项中:
[root@client ~]# cat /etc/iscsi/initiatorname.iscsi InitiatorName=iqn.2003-01.org.linux-iscsi.localhost.x8664:sn.1903640455de:acl systemctl restart iscsid systemctl enable iscsid
iSCSI客户端访问并使用共享存储资源的步骤很简单,只需要记住刘遄老师的一个小口诀“先发现,再登录,最后挂载并使用”。iscsiadm是用于管理、查询、插入、更新或删除iSCSI数据库配置文件的命令行工具,用户需要先使用这个工具扫描发现远程iSCSI服务端,然后查看找到的服务端上有哪些可用的共享存储资源。其中,-m discovery参数的目的是扫描并发现可用的存储资源,-t st参数为执行扫描操作的类型,-p 192.168.197.148参数为iSCSI服务端的IP地址:
[root@client ~]# iscsiadm -m discovery -t st -p 192.168.197.148 192.168.197.148:3260,1 iqn.2003-01.org.linux-iscsi.localhost.x8664:sn.1903640455de
在使用iscsiadm命令发现了远程服务器上可用的存储资源后,接下来准备登录iSCSI服务端。其中,-m node参数为将客户端所在主机作为一台节点服务器,-T iqn.2003-01. org.linux-iscsi.linuxprobe.x8664:sn.d497c356ad80参数为要使用的存储资源(大家可以直接复制前面命令中扫描发现的结果,以免录入错误),-p 192.168.10.10参数依然为对方iSCSI服务端的IP地址。最后使用--login或-l参数进行登录验证。
[root@client ~]# iscsiadm -m node -T iqn.2003-01.org.linux-iscsi.localhost.x8664:sn.1903640455de -p 192.168.197.148 --login Logging in to [iface: default, target: iqn.2003-01.org.linux-iscsi.localhost.x8664:sn.1903640455de, portal: 192.168.197.148,3260] (multiple) Login to [iface: default, target: iqn.2003-01.org.linux-iscsi.localhost.x8664:sn.1903640455de, portal: 192.168.197.148,3260] successful.
在iSCSI客户端成功登录之后,会在客户端主机上多出两块名为/dev/sdb和/dev/sdc的设备文件。udev服务在命名硬盘名称时,与硬盘插槽是没有关系的。接下来可以像使用本地主机上的硬盘那样来操作这个设备文件了。
[root@client ~]# parted -l Model: VMware, VMware Virtual S (scsi) Disk /dev/sda: 85.9GB Sector size (logical/physical): 512B/512B Partition Table: msdos Disk Flags: Number Start End Size Type File system Flags 1 1049kB 525MB 524MB primary xfs boot 2 525MB 85.9GB 85.4GB primary lvm Error: /dev/sdb: unrecognised disk label Model: LIO-ORG storage01 (scsi) Disk /dev/sdb: 10.7GB Sector size (logical/physical): 512B/512B Partition Table: unknown Disk Flags: Error: /dev/sdc: unrecognised disk label Model: LIO-ORG storage02 (scsi) Disk /dev/sdc: 10.7GB Sector size (logical/physical): 512B/512B Partition Table: unknown Disk Flags: Model: Linux device-mapper (linear) (dm) Disk /dev/mapper/centos-swap: 8590MB Sector size (logical/physical): 512B/512B Partition Table: loop Disk Flags: Number Start End Size File system Flags 1 0.00B 8590MB 8590MB linux-swap(v1) Model: Linux device-mapper (linear) (dm) Disk /dev/mapper/centos-root: 76.8GB Sector size (logical/physical): 512B/512B Partition Table: loop Disk Flags: Number Start End Size File system Flags 1 0.00B 76.8GB 76.8GB xfs
格式化并挂载
mkfs -t xfs /dev/sdb mkfs -t xfs /dev/sdc mkdir -p /storage01 mkdir -p /storage02 mount -t xfs /dev/sdb /storage01 mount -t xfs /dev/sdc /storage02
开机自动挂载
[root@client ~]# blkid | grep /dev/sdb /dev/sdb: UUID="af1e1e7b-7777-4e96-8845-505a922f1fa2" TYPE="xfs" # 查看UUID
由于/dev/sdb是一块网络存储设备,而iSCSI协议是基于TCP/IP网络传输数据的,因此必须在/etc/fstab配置文件中添加上_netdev参数,表示当系统联网后再进行挂载操作,以免系统开机时间过长或开机失败,编辑/etc/fstab文件:
#
# /etc/fstab
# Created by anaconda on Thu Apr 23 12:54:34 2020
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
/dev/mapper/centos-root / xfs defaults 0 0
UUID=44bc377f-6caa-41c0-8229-aa53a5c317c4 /boot xfs defaults 0 0
/dev/mapper/centos-swap swap swap defaults 0 0
UUID=af1e1e7b-7777-4e96-8845-505a922f1fa2 /storage01 xfs defaults,_netdev 0 0
UUID=2372f16d-f25b-48c9-a28a-ae2908177ab1 /storage02 xfs defaults,_netdev 0 0
自动挂载
[root@client ~]# mount -a [root@client ~]# df -hT Filesystem Type Size Used Avail Use% Mounted on /dev/mapper/centos-root xfs 72G 13G 59G 18% / devtmpfs devtmpfs 2.3G 0 2.3G 0% /dev tmpfs tmpfs 2.3G 0 2.3G 0% /dev/shm tmpfs tmpfs 2.3G 20M 2.3G 1% /run tmpfs tmpfs 2.3G 0 2.3G 0% /sys/fs/cgroup /dev/sda1 xfs 497M 139M 359M 28% /boot tmpfs tmpfs 471M 0 471M 0% /run/user/0 /dev/loop0 iso9660 11G 11G 0 100% /var/www/html/centos76/base /dev/sdb xfs 10G 33M 10G 1% /storage01 /dev/sdc xfs 10G 33M 10G 1% /storage02
可以看到已经挂载上去了
如果我们不再需要使用iSCSI共享设备资源了,可以用iscsiadm命令的-u参数将其设备卸载:
[root@server ~]# iscsiadm -m node -T iqn.2003-01.org.linux-iscsi.localhost.x8664:sn.1903640455de -u Logging out of session [sid: 2, target: iqn.2003-01.org.linux-iscsi.localhost.x8664:sn.1903640455de, portal: 192.168.197.148,3260] Logout of [sid: 2, target: iqn.2003-01.org.linux-iscsi.localhost.x8664:sn.1903640455de, portal: 192.168.197.148,3260] successful.