iscsi服务
当我们的linux服务器需要大量的磁盘容量,但暂时没有足够的存储空间分配。此时,我们可以使用通过网络的scsi磁盘,即Internet scsi(iscsi)。
iscsi主要是通过TCP/IP将存储设备端通过iscsi target功能,做成可以提供磁盘的服务器端,再通过iscsi initiator(iscsi初始化用户)功能,做成能够挂载使用iscsi target的客户端,这样就能够通过iscsi协议来进行磁盘的应用了。
iscsi架构的主要部分,分别是:
- iscsi target:就是存储设备端,存放磁盘设备。目的在于提供其他主机使用的磁盘。
- iscsi initiator:就是能够使用target的客户端,需要磁盘的服务器。也就是说,想要连接到iscsi target的服务器,也必须要安装iscsi initiator的相关功能后才能使用iscsi target提供的磁盘。
iscsi服务需要的插件:
- iscsi服务端需要使用的软件为targetcli
- iscsi客户端需要的软件为iscsi-initiator-utils
iscsi的共享需要经过两次挂载映射关系:
第一次:将共享目录挂载在本地的/backstores下,开辟出共享空间和文件
第二次:将共享目录挂载到/iscsi下,提供iscsi服务的共享文件空间
iscsi可以通过:大型文件,单一分区,单一设备来进行共享
-
配置iscsi服务端共享资源
- 配置共享文件
#创建500M的空间,创建在/iscsi
//创建500M的空间,创建在/iscsi ---dd 创建 从/dev下 of是存储位置 bs为单位体积 500个
[root@lxb /]# dd if=/dev/zero of=/iscsi bs=1M count=500
记录了500+0 的读入
记录了500+0 的写出
524288000 bytes (524 MB, 500 MiB) copied, 1.52346 s, 344 MB/s
#划出两个磁盘空间sde和sdf分别为5G和2G
-
iscsi服务器下载
//iscsi服务器需要下载的服务插件
[root@lxb ~]# yum install targetcli -y
-
配置iscsi服务端共享资源
//targetcli是用于管理iscsi服务端存储资源的专用配置命令,
//将iscsi共享资源的配置内容抽象成“目录”的形式,
//我们只需要将各类配置信息填入到相应的“目录”中即可
[root@lxb ~]# targetcli
Warning: Could not load preferences file /root/.targetcli/prefs.bin.
targetcli shell version 2.1.53
Copyright 2011-2013 by Datera, Inc and others.
For help on commands, type 'help'.
#可用于iscsi的服务存储类型有四种
#block [块设备,磁盘驱动器,磁盘分区,逻辑卷],以及服务器上定义的任何类型的设备文件
#fileio 在服务器上生成的一个指定大小的文件
#pscsi 物理scsi,通常不用
#ramdisk 内存盘,其中存储的数据在服务器重启后将全部丢失
/> ls
o- / ................................................................................................... [...]
o- backstores ........................................................................................ [...]
| o- block ............................................................................ [Storage Objects: 0]
| o- fileio ........................................................................... [Storage Objects: 0]
| o- pscsi ............................................................................ [Storage Objects: 0]
| o- ramdisk .......................................................................... [Storage Objects: 0]
o- iscsi ...................................................................................... [Targets: 0]
o- loopback ................................................................................... [Targets: 0]
-
给三个可共享存储定义逻辑单元编号
#给三个可共享存储定义逻辑单元编号
#创建磁盘块空间,命名为lun0,使用的磁盘为sde 大小5G ---lun为逻辑存储数字
/> cd /backstores/block
/backstores/block> create dev=/dev/sde name=lun0 #位置在/dev/sde
Created block storage object lun0 using /dev/sde.
/backstores/block> ls
o- block ................................................................................ [Storage Objects: 1]
o- lun0 ......................................................... [/dev/sde (5.0GiB) write-thru deactivated]
o- alua ................................................................................. [ALUA Groups: 1]
o- default_tg_pt_gp ..................................................... [ALUA state: Active/optimized]
/backstores/block> create dev=/dev/sdf name=lun1 #位置在/dev/sdf 大小为2G
Created block storage object lun1 using /dev/sdf.
/backstores/block> ls
o- block ................................................................................ [Storage Objects: 2]
o- lun0 ......................................................... [/dev/sde (5.0GiB) write-thru deactivated]
| o- alua ................................................................................. [ALUA Groups: 1]
| o- default_tg_pt_gp ..................................................... [ALUA state: Active/optimized]
o- lun1 ......................................................... [/dev/sdf (2.0GiB) write-thru deactivated]
o- alua ................................................................................. [ALUA Groups: 1]
o- default_tg_pt_gp ..................................................... [ALUA state: Active/optimized]
#在fileio目录下创建虚拟机内共享的文件/iscsi
/backstores/block> cd ../fileio
/backstores/fileio> create
file_or_dev= name= size= sparse= write_back= wwn=
/backstores/fileio> create file_or_dev=/iscsi name=lun3 #位置在/iscsi 大小为500M
Created fileio lun3 with size 524288000
#此时到/下查看共享
/backstores/fileio> cd ..
/backstores> ls
o- backstores .......................................................................................... [...]
o- block .............................................................................. [Storage Objects: 2]
| o- lun0 ....................................................... [/dev/sde (5.0GiB) write-thru deactivated]
| | o- alua ............................................................................... [ALUA Groups: 1]
| | o- default_tg_pt_gp ................................................... [ALUA state: Active/optimized]
| o- lun1 ....................................................... [/dev/sdf (2.0GiB) write-thru deactivated]
| o- alua ............................................................................... [ALUA Groups: 1]
| o- default_tg_pt_gp ................................................... [ALUA state: Active/optimized]
o- fileio ............................................................................. [Storage Objects: 1]
| o- lun3 ....................................................... [/iscsi (500.0MiB) write-back deactivated]
| o- alua ............................................................................... [ALUA Groups: 1]
| o- default_tg_pt_gp ................................................... [ALUA state: Active/optimized]
o- pscsi .............................................................................. [Storage Objects: 0]
o- ramdisk ............................................................................ [Storage Objects: 0]
/backstores>
-
设置共享的iscsi target名称及配置共享资源
//iscsi target名称可由系统自动生成,这是一串用于描述共享资源的唯一字符串
//iscsi有一套自己共享target名称的定义,基本上iscsi共享出来的target文件名都是以iqn开头
//acls: 权限控制 luns: 对应我们实体存储 portals: ip:port(端口)
#cd到iscsi下创建iscsi共享文件
/> cd /iscsi
/iscsi> ls
o- iscsi .................................................................................................. [Targets: 0]
/iscsi> create #创建iscsi共享文件
Created target iqn.2003-01.org.linux-iscsi.lxb.x8664:sn.2c4dc2594940.
Created TPG 1.
Global pref auto_add_default_portal=true
Created default portal listening on all IPs (0.0.0.0), port 3260.
/iscsi> ls #查看iscsi共享目录
o- iscsi .................................................................................................. [Targets: 1]
o- iqn.2003-01.org.linux-iscsi.lxb.x8664:sn.2c4dc2594940 ................................................... [TPGs: 1]
o- tpg1 ..................................................................................... [no-gen-acls, no-auth]
o- acls ................................................................................................ [ACLs: 0]
o- luns ................................................................................................ [LUNs: 0]
o- portals .......................................................................................... [Portals: 1]
o- 0.0.0.0:3260 ........................................................................................... [OK] #cd到共享目录tpg1/luns下进行lun创建
/iscsi> cd /iscsi/iqn.2003-01.org.linux-iscsi.lxb.x8664:sn.2c4dc2594940/tpg1/luns
/iscsi/iqn.20...940/tpg1/luns> create /backstores/block/lun0 #创建/block/lun0的共享
Created LUN 0.
/iscsi/iqn.20...940/tpg1/luns> create /backstores/block/lun1 #创建/block/lun1的共享
Created LUN 1.
/iscsi/iqn.20...940/tpg1/luns> create /backstores/fileio/lun2 #创建/fileio/lun2的共享
Created LUN 2.
/iscsi/iqn.20...940/tpg1/luns> ls #ls查看lun共享情况
o- luns ...................................................................................................... [LUNs: 3]
o- lun0 ................................................................... [block/lun0 (/dev/sde) (default_tg_pt_gp)]
o- lun1 ................................................................... [block/lun1 (/dev/sdf) (default_tg_pt_gp)]
o- lun2 .................................................................... [fileio/lun3 (/iscsi) (default_tg_pt_gp)]
-
设置iscsi服务端的监听ip地址和端口号(以及相关服务)
//查看ip地址和端口
/> cd /iscsi/iqn.2003-01.org.linux-iscsi.lxb.x8664:sn.2c4dc2594940/tpg1/portals/
/iscsi/iqn.20.../tpg1/portals> ls
o- portals .......................................................................................................... [Portals: 1]
o- 0.0.0.0:3260 ........................................................................................................... [OK]
//设置关闭账号密码验证访问控制和自动生成acl节点
/> cd /iscsi/iqn.2003-01.org.linux-iscsi.lxb.x8664:sn.2c4dc2594940/tpg1/
/iscsi/iqn.20...c2594940/tpg1> ls
o- tpg1 .................................................. [no-gen-acls, no-auth]
o- acls ............................................................. [ACLs: 0]
o- luns ............................................................. [LUNs: 3]
| o- lun0 .......................... [block/lun0 (/dev/sde) (default_tg_pt_gp)]
| o- lun1 .......................... [block/lun1 (/dev/sdf) (default_tg_pt_gp)]
| o- lun2 ........................... [fileio/lun3 (/iscsi) (default_tg_pt_gp)]
o- portals ....................................................... [Portals: 1]
o- 0.0.0.0:3260 ........................................................ [OK]
/iscsi/iqn.20...c2594940/tpg1> set attribute authentication=0
Parameter authentication is now '0'. #关闭账号密码验证访问控制
/iscsi/iqn.20...c2594940/tpg1> set attribute generate_node_acls=1
Parameter generate_node_acls is now '1'. #自动生成acl节点
/iscsi/iqn.20...c2594940/tpg1> exit
-
重启服务器
[root@lxb ~]# systemctl stop firewalld
[root@lxb ~]# getenforce
Permissive
[root@lxb ~]# systemctl restart target
-
iscsi的客户端
-
iscsi客户端下载
[root@localhost ~]# yum install iscsi-initiator-utils -y
//iscsiadm 客户扫描是否由可以用的iscsi服务
-m: mode discovery, discoverydb, node, fw, host iface or session
-p: ip:port
-T: -T, --targetname=targetname 使用tagetname iqn.xxxx.xx
-t: --type
-t: sendtargets, This option is only valid for discovery mode
-u: logout 退出
-U: 全部退出
-l: login 登录
-L: alllogin 全部登录
-I: interface 接口
discovery: 扫描并发现
node: 把自己节点登录server
-
iscsi客户端查看和登录
//此时客户端重启iscsi iscsid两个服务
[root@localhost ~]# systemctl restart iscsi iscsid
//扫描并发现可用的存储资源
[root@localhost ~]# iscsiadm -m discovery
//自己作为节点与server端建立连接
[root@localhost ~]# iscsiadm -m node
iscsiadm: No records found
//查看会话
[root@localhost ~]# iscsiadm -m session
tcp: [1] 192.168.220.129:3260,1 iqn.2003-01.org.linux-iscsi.lxb.x8664:sn.2c4dc2594940 (non-flash)
//连接iscsi服务器
[root@localhost ~]# iscsiadm -m discovery -t sendtargets -p 192.168.220.129
192.168.220.129:3260,1 iqn.2003-01.org.linux-iscsi.lxb.x8664:sn.2c4dc2594940
//登录
[root@localhost ~]# iscsiadm -m node -l
Logging in to [iface: default, target: iqn.2003-01.org.linux-iscsi.lxb.x8664:sn.2c4dc2594940, portal: 192.168.220.129,3260]
Login to [iface: default, target: iqn.2003-01.org.linux-iscsi.lxb.x8664:sn.2c4dc2594940, portal: 192.168.220.129,3260] successful.
//此时查看挂载 --- 发现多了三个来自服务端的iscsi的挂载sda,sdb,sdc
[root@localhost ~]# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 5G 1 disk
sdb 8:16 0 2G 1 disk
sdc 8:32 0 500M 1 disk
sr0 11:0 1 7.9G 0 rom /run/media/root/RHEL-8-2-0-BaseOS-x86_64
nvme0n1 259:0 0 20G 0 disk
├─nvme0n1p1 259:1 0 400M 0 part /boot
├─nvme0n1p2 259:2 0 17.6G 0 part /
└─nvme0n1p3 259:3 0 2G 0 part [SWAP]
nvme0n2 259:4 0 10G 0 disk
├─nvme0n2p1 259:5 0 1G 0 part
├─nvme0n2p2 259:6 0 2G 0 part
└─nvme0n2p3 259:7 0 1K 0 part
//退出iscsi登录
[root@localhost ~]# iscsiadm -m node -p 192.168.220.129:3260 -u
Logging out of session [sid: 8, target: iqn.2003-01.org.linux-iscsi.lxb.x8664:sn.2c4dc2594940, portal: 192.168.220.129,3260]
Logout of [sid: 8, target: iqn.2003-01.org.linux-iscsi.lxb.x8664:sn.2c4dc2594940, portal: 192.168.220.129,3260] successful.
[root@localhost ~]# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sdd 8:48 0 5G 0 disk
sr0 11:0 1 7.9G 0 rom /run/media/root/RHEL-8-2-0-BaseOS-x86_64
nvme0n1 259:0 0 40G 0 disk
├─nvme0n1p1 259:1 0 1G 0 part /boot
└─nvme0n1p2 259:2 0 39G 0 part
├─rhel-root 253:0 0 37G 0 lvm /
└─rhel-swap 253:1 0 2G 0 lvm [SWAP]
-
当服务端设置ACL权限时:
-
此时服务器设置ACL权限
//设置服务端的acl权限
[root@lxb ~]# targetcli
/iscsi/iqn.20...940/tpg1/acls> ls
o- acls ............................................................... [ACLs: 0]
/iscsi/iqn.20...940/tpg1/acls> create iqn.2021-12.com.redhat:client #设置格式要和前面一样
Created Node ACL for iqn.2021-12.com.redhat:client
Created mapped LUN 2.
Created mapped LUN 1.
Created mapped LUN 0.
/iscsi/iqn.20...940/tpg1/acls> exit
Global pref auto_save_on_exit=true
Last 10 configs saved in /etc/target/backup/.
Configuration saved to /etc/target/saveconfig.json
//重启服务
[root@lxb ~]# systemctl restart target
-
客户端需要在iscsi服务端上的操作
//此时重新启动新的虚拟机 --- 尝试挂载服务端的iscsi
[root@localhost ~]# iscsiadm -m discovery -t sendtargets -p 192.168.220.129
192.168.220.129:3260,1 iqn.2003-01.org.linux-iscsi.lxb.x8664:sn.2c4dc2594940
//此时发现无法挂载服务器的iscsi共享磁盘
[root@localhost ~]# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sr0 11:0 1 7.9G 0 rom /run/media/root/RHEL-8-2-0-BaseOS-x86_64
nvme0n1 259:0 0 40G 0 disk
├─nvme0n1p1 259:1 0 1G 0 part /boot
└─nvme0n1p2 259:2 0 39G 0 part
├─rhel-root 253:0 0 37G 0 lvm /
└─rhel-swap 253:1 0 2G 0 lvm [SWAP]
[root@localhost ~]# vim /etc/iscsi/initiatorname.iscsi
#!!!此时要注意InitiatorName为唯一的编码连接!!!
#InitiatorName=iqn.1994-05.com.redhat:32f1b84b4a52
InitiatorName=iqn.2021-12.com.redhat:client
//重启服务
[root@localhost ~]# systemctl restart iscsi iscsid
//录入ip
[root@localhost ~]# iscsiadm -m discovery -t sendtargets -p 192.168.220.129
192.168.220.129:3260,1 iqn.2003-01.org.linux-iscsi.lxb.x8664:sn.2c4dc2594940
//登录
[root@localhost ~]# iscsiadm -m node -l
//查看挂载情况
[root@localhost ~]# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 5G 0 disk
sdb 8:16 0 2G 0 disk
sdc 8:32 0 500M 0 disk
sr0 11:0 1 7.9G 0 rom /run/media/root/RHEL-8-2-0-BaseOS-x86_64
nvme0n1 259:0 0 40G 0 disk
├─nvme0n1p1 259:1 0 1G 0 part /boot
└─nvme0n1p2 259:2 0 39G 0 part
├─rhel-root 253:0 0 37G 0 lvm /
└─rhel-swap 253:1 0 2G 0 lvm [SWAP]
设置iscsi的服务端密码登录密码:
//在iscsi的服务端设置
[root@lxb ~]# targetcli
targetcli shell version 2.1.53
Copyright 2011-2013 by Datera, Inc and others.
For help on commands, type 'help'.
/iscsi/iqn.20...940/tpg1/acls> ls
o- acls .................................................................................. [ACLs: 1]
o- iqn.2021-12.com.redhat:client ................................................ [Mapped LUNs: 3]
o- mapped_lun0 .......................................................... [lun0 block/lun0 (rw)]
o- mapped_lun1 .......................................................... [lun1 block/lun1 (rw)]
o- mapped_lun2 ......................................................... [lun2 fileio/lun3 (rw)]
/iscsi/iqn.20...940/tpg1/acls> cd iqn.2021-12.com.redhat:client/
#cd到具体client下设置acl
/iscsi/iqn.20...redhat:client> set auth userid=lxb
#设置用户为lxb :set auth userid=lxb
Parameter userid is now 'lxb'.
/iscsi/iqn.20...redhat:client> set auth password=123456
#设置用户密码为123456
Parameter password is now '123456'.
/iscsi/iqn.20...redhat:client> exit
Global pref auto_save_on_exit=true
Last 10 configs saved in /etc/target/backup/.
Configuration saved to /etc/target/saveconfig.json
//退出并重启服务
[root@lxb ~]# systemctl restart iscsi iscsid
在iscsi的客户端:
//在客户端的
[root@localhost ~]# cd /etc/iscsi/
[root@localhost iscsi]# ll
total 20
-rw-r--r--. 1 root root 95 Dec 30 09:43 initiatorname.iscsi #主要是登录的物理认证
-rw-------. 1 root root 13187 Aug 10 01:10 iscsid.conf #登录的加载认证(用户,密码)
[root@localhost iscsi]# vim iscsid.conf
#此时需要修改iscsid.conf 的配置
//启用认证
node.session.auth.authmethod = CHAP
//用户名
node.session.auth.username = lxb
//密码
node.session.auth.password = 123456
//此时重新扫描等登录iscsi
[root@localhost iscsi]# iscsiadm -m node -p 192.168.220.129:3260 -l
Logging in to [iface: default, target: iqn.2003-01.org.linux-iscsi.lxb.x8664:sn.2c4dc2594940, portal: 192.168.220.129,3260]
Login to [iface: default, target: iqn.2003-01.org.linux-iscsi.lxb.x8664:sn.2c4dc2594940, portal: 192.168.220.129,3260] successful.
//查看磁盘挂载
[root@localhost iscsi]# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 5G 0 disk
sdb 8:16 0 2G 0 disk
sdc 8:32 0 500M 0 disk
sdd 8:48 0 5G 0 disk
sr0 11:0 1 7.9G 0 rom /run/media/root/RHEL-8-2-0-BaseOS-x86_64
nvme0n1 259:0 0 40G 0 disk
├─nvme0n1p1 259:1 0 1G 0 part /boot
└─nvme0n1p2 259:2 0 39G 0 part
├─rhel-root 253:0 0 37G 0 lvm /
└─rhel-swap 253:1 0 2G 0 lvm [SWAP]
//取消iscsi登录
[root@localhost iscsi]# iscsiadm -m node -p 192.168.220.129:3260 -u