Linux samba,iscsi

1.samba

1.1 服务的安装和用户的建立

yum install samba-client samba-common samba -y  ##安装samba服务
systemctl stop firewalld.service        ##关闭防火墙
setsebool -P samba_enable_home_dirs on      ##初始状态为不允许访问家目录，此步操作为开启
getsebool -a | grep samba           ##查看samba的sexlinux状态
    samba_create_home_dirs --> off
    samba_domain_controller --> off
    samba_enable_home_dirs --> on
    samba_export_all_ro --> off
    samba_export_all_rw --> off
    samba_portmapper --> off
    samba_run_unconfined --> off
    samba_share_fusefs --> off
    samba_share_nfs --> off
    sanlock_use_samba --> off
    use_samba_home_dirs --> off
    virt_sandbox_use_samba --> off
    virt_use_samba --> off
systemctl start smb             ##开启服务
smbpasswd -a student                ##建立用户，此用户必须是电脑存在的用户（需要配置密码，密码可随意填写）
pdbedit -L                  ##查看用户列表
pdbedit -x student              ##删除用户student
smbclient -L //172.25.254.124 -U student    ##连接共享服务
smbclient //172.25.254.124/student -U student   ##进入该用户家目录
Enter student's password: 
    Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
    smb: \> ls
      .                                   D        0  Thu Jul 10 19:06:52 2014
      ..                                  D        0  Thu Jul 10 18:19:09 2014
      .bash_logout                        H       18  Wed Jan 29 07:45:18 2014
      .bash_profile                       H      193  Wed Jan 29 07:45:18 2014
      .bashrc                             H      231  Wed Jan 29 07:45:18 2014
      .ssh                               DH        0  Thu Jul 10 18:19:10 2014
      .config                            DH        0  Thu Jul 10 19:06:53 2014
                40913 blocks of size 262144. 28582 blocks available
    smb: \> 

1.2 共享目录

    mkdir /yang     ##建立测试目录
    mkdir /ypa
    vim /etc/samba/smb.conf         ##修改配置文件

        .....
            workgroup = LINUXJET
        321         [yang]
        322         comment = this is myself mkdir
        323         path = /yang
        324         [ypa]
        325         comment = this is ypa
        326         path = /ypa
        .....

    systemctl restart smb.service 
    semanage fcontext -a -t samba_share_t '/yang(/.*)?' ##修改安全上下文只对，该目录有效。故保证ypa目录也可被访问，则需要修改selinux里面的
    restorecon -FvvR //
    smbclient //172.25.254.124/yang -U student
smbclient //172.25.254.124/yang -U student
Enter student's password: 
Domain=[LINUXJET]('此处名字修改，即为主配置文件中22行的修改变量') OS=[Unix] Server=[Samba 4.1.1]
    smb: \> ls
      .                                   D        0  Fri Mar 17 22:13:45 2017
      ..                                  D        0  Fri Mar 17 22:13:52 2017

            40913 blocks of size 262144. 28546 blocks available
    smb: \> 

smbclient //172.25.254.124/ypa -U student
getsebool -a | grep samba
setsebool -P samba_export_all_rw on ##修改读写权限，包括系统目录及自建目录。这个开启后就与文件的安全上下文无关
[root@samba student]# smbclient -L //172.25.254.124 -U student
Enter student's password: 
Domain=[LINUXJET] OS=[Unix] Server=[Samba 4.1.1]

        Sharename       Type      Comment
        ---------       ----      -------
        yang             Disk      this is myself mkdir
        ypa             Disk      this is ypa
        IPC$            IPC       IPC Service (Samba Server Version 4.1.1)
        student         Disk      Home Directories
    Domain=[LINUXJET] OS=[Unix] Server=[Samba 4.1.1]

        Server               Comment
        ---------            -------

        Workgroup            Master
        ---------            -------

1.3 samba 匿名访问

vim /etc/samba/smb.conf

        ....
        125         map to guest = bad user     ##允许匿名用户访问
        321         [yang]
        322         comment = this is myself mkdir  ##说明
        323         path = /yang            ##指定共享目录
        324         guest ok = yes          ##允许匿名用户访问
        ....

systemctl restart smb.service 
mount //172.25.254.124/yang /mnt/ -o username=guest
df
    Filesystem           1K-blocks    Used Available Use% Mounted on
    /dev/vda1             10473900 3156972   7316928  31% /
    devtmpfs                481120       0    481120   0% /dev
    tmpfs                   496708     140    496568   1% /dev/shm
    tmpfs                   496708   13036    483672   3% /run
    tmpfs                   496708       0    496708   0% /sys/fs/cgroup
    //172.25.254.124/yang  10473900 3156972   7316928  31% /mnt
cd /mnt/
ls -a

1.4 samba共享目录的管理参数

vim /etc/samba/smb.conf 

    321         [yang]
    322         comment = local directory yang
    323         path = /yang
    324         guest ok = yes
    325         writable = yes      ##所有人可写
    326         #write list = yang      ##列表中的人可写
    327         #write list = +yang     ##列表中的组可写
    328         #valid users = yang     ##允许登陆的人
    329         #valid users = @yang    ##允许登陆的组
    330         #browseable = yes       ##是否隐藏，yes不隐藏
    331         #admin users = yang     ##允许某用户以超户操作

测试
mount //172.25.254.125/yang /mnt/ -o password=aaa,username=student                     

1.5 samba多用户认证,多用户挂载

yum install cifs-utils
vim /root/passfile

        username=smb用户
        password=smb用户密码

mount //172.25.254.125/yang /mnt/ -o credentials=/root/passfile,multiuser,sec=ntlmssp       ##多用户挂载
su - yang       ##与smb用户同名
ls /mnt
cifscreds add 172.25.254.125
ls /mnt 查看成功

su - test
ls /mnt
cifscreds add 172.25.254.125
ls /mnt         ##依然不成功

2.iSCSI远程块存储

2.1 所需服务

[root@iscsi ~]# fdisk /dev/vdb         ##创建共享分区
[root@iscsi ~]# yum install targetcli.noarch -y    ##安装服务
    [root@iscsi ~]# systemctl start target
    [root@iscsi ~]# systemctl enable target
    [root@iscsi ~]# systemctl status firewalld.service 
    [root@iscsi ~]# targetcli          ##使用

[root@iscsi ~]# targetcli 
targetcli shell version 2.1.fb34
Copyright 2011-2013 by Datera, Inc and others.
For help on commands, type 'help'.

/> ls
o- / ................................................................... [...]
  o- backstores ........................................................ [...]
  | o- block ............................................ [Storage Objects: 0]
  | o- fileio ........................................... [Storage Objects: 0]
  | o- pscsi ............................................ [Storage Objects: 0]
  | o- ramdisk .......................................... [Storage Objects: 0]
  o- iscsi ...................................................... [Targets: 0]
  o- loopback ................................................... [Targets: 0]
/>

2.2 创建共享分区

/> /backstores/block create yang:si /dev/vdb1                   ##创建块文件与/dev/vdb1关联
Created block storage object yang:si using /dev/vdb1.
/> /iscsi create iqn.2017-03.com.yang:si                    ##创建iqn
Created target iqn.2017-03.com.yang:si.
Created TPG 1.
/> /iscsi/iqn.2017-03.com.yang:si/tpg1/acls create iqn.2017-03.com.yang:key1    ##创建钥匙文件
Created Node ACL for iqn.2017-03.com.yang:key1
/> /iscsi/iqn.2017-03.com.yang:si/tpg1/luns create /backstores/block/yang:si    ##关联iqn与块文件
Created LUN 0.
Created LUN 0->0 mapping in node ACL iqn.2017-03.com.yang:key
/> /iscsi/iqn.2017-03.com.yang:si/tpg1/portals create 172.25.254.125        ##开放ip共享
Using default IP port 3260
Created network portal 172.25.254.125:3260.
/> exit
Global pref auto_save_on_exit=true
Last 10 configs saved in /etc/target/backup.
Configuration saved to /etc/target/saveconfig.json

2.3 登陆，使用共享磁盘

[root@iscsi-client ~]# iscsiadm -m discovery -t st -p 172.25.254.125               ##发现设备
[root@iscsi-client ~]# iscsiadm -m node -T iqn.2017-03.com.yang:si -p 172.25.254.125 -l    ##登陆
[root@iscsi-client ~]# fdisk -l            ##测试
[root@iscsi-client ~]# fdisk /dev/sda      ##使用磁盘并分区
[root@iscsi-client ~]# partprobe
[root@iscsi-client ~]# mkfs.xfs /dev/sda1
[root@iscsi-client ~]# mount /dev/sda1 /mnt    
[root@iscsi-client ~]# df
[root@iscsi-client ~]# umount /mnt
[root@iscsi-client ~]# df
[root@iscsi-client ~]# iscsiadm -m node -T iqn.2017-03.com.yang:si -u              ##退出登陆
[root@iscsi-client ~]# iscsiadm -m node -T iqn.2017-03.com.yang:si -o delete           ##删除