实验环境:
服务器: redhat8.0 192.168.31.209/24 hostname:server iqn:iqn.2021-02.com.test:server
客户机: redhat8.0 192.168.31.7/24 hostname:test iqn:iqn.2021-02.com.test:test
需提前安装完成yum,并确保网络环境可以传输会话
1.服务器添加一块新硬盘实验用
虚拟机关机添加一块新硬盘,按照虚拟机推荐的来就行
[root@server ~]# lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sr0 11:0 1 6.6G 0 rom nvme0n1 259:0 0 20G 0 disk ├─nvme0n1p1 259:1 0 1G 0 part /boot └─nvme0n1p2 259:2 0 19G 0 part ├─rhel-root 253:0 0 17G 0 lvm / └─rhel-swap 253:1 0 2G 0 lvm [SWAP] nvme0n2 259:3 0 20G 0 disk //这是新硬盘
创建分区
# fdisk /dev/nvme0n2 命令(输入 m 获取帮助):n 选择 (默认 p):p 分区号 (1-4, 默认 1): 1 第一个扇区 (2048-41943039, 默认 2048): //两个都默认回车就行 上个扇区,+sectors 或 +size{K,M,G,T,P} (2048-41943039, 默认 41943039): 命令(输入 m 获取帮助):w
2.服务器iscsi部署
修改主机名为server
hostnamectl set-hostname server
关闭防火墙
# systemctl disable firewalld --now # setenforce 0 # vi /etc/sysconfig/selinux SELINUX=disabled :wq
修改iqn名称
# cd /etc/iscsi/ # vi initiatorname.iscsi InitiatorName=iqn.2021-02.com.test:server :wq # systemctl restart iscsid
安装服务
# yum -y install iscsi-initiator-utils targetcli # systemctl enable iscsid --now
targetcli 进入配置界面
root@server Packages]# targetcli Warning: Could not load preferences file /root/.targetcli/prefs.bin. targetcli shell version 2.1.fb49 Copyright 2011-2013 by Datera, Inc and others. For help on commands, type 'help'. /> ls o- / ........................................................................... [...] o- backstores ................................................................ [...] | o- block .................................................... [Storage Objects: 0] | o- fileio ................................................... [Storage Objects: 0] | o- pscsi .................................................... [Storage Objects: 0] | o- ramdisk .................................................. [Storage Objects: 0] o- iscsi .............................................................. [Targets: 0] o- loopback ........................................................... [Targets: 0] />
添加nvme0n2p1到 backstores 下
/> /backstores/block create disk1 /dev/nvme0n2p1
创建target
/> /iscsi create iqn.2021-02.com.test:server
新建ACL 指定只有iqn为:iqn.2020-01.com.test:test客户端访问
/> /iscsi/iqn.2021-02.com.test:server/tpg1/acls create iqn.2021-02.com.test:test
添加backstores到LUN下 之后系统会自动映射到iqn.2021-02.com.test:test下
/> /iscsi/iqn.2021-02.com.test:server/tpg1/luns create /backstores/block/disk1
设置监听地址 需要先删除默认的地址
/> /iscsi/iqn.2021-02.com.test:server/tpg1/portals/ delete 0.0.0.0 3260 /> /iscsi/iqn.2021-02.com.test:server/tpg1/portals/ create 192.168.31.209 3260
ls列出信息,查看是否有问题,没问题就保存退出
/> ls o- / ........................................................................... [...] o- backstores ................................................................ [...] | o- block .................................................... [Storage Objects: 1] | | o- disk1 ....................... [/dev/nvme0n2p1 (0 bytes) write-thru activated] | | o- alua ..................................................... [ALUA Groups: 1] | | o- default_tg_pt_gp ......................... [ALUA state: Active/optimized] | o- fileio ................................................... [Storage Objects: 0] | o- pscsi .................................................... [Storage Objects: 0] | o- ramdisk .................................................. [Storage Objects: 0] o- iscsi .............................................................. [Targets: 1] | o- iqn.2021-02.com.test:server ......................................... [TPGs: 1] | o- tpg1 ................................................. [no-gen-acls, no-auth] | o- acls ............................................................ [ACLs: 1] | | o- iqn.2021-02.com.test:test .............................. [Mapped LUNs: 1] | | o- mapped_lun0 ................................... [lun0 block/disk1 (rw)] | o- luns ............................................................ [LUNs: 1] | | o- lun0 .................. [block/disk1 (/dev/nvme0n2p1) (default_tg_pt_gp)] | o- portals ...................................................... [Portals: 1] | o- 192.168.31.209:3260 .................................................. [OK] o- loopback ........................................................... [Targets: 0] /> saveconfig /> exit
3.客户机部署:
安装iscsi
# yum -y install iscsi-initiator-utils
修改iqn名称
# vi /etc/iscsi/initiatorname.iscsi InitiatorName=iqn.2021-02.com.test:test :wq # systemctl restart iscsid
发现服务端target
root@test /]# iscsiadm -m discovery -t st -p 192.168.31.209 192.168.31.209:3260,1 iqn.2021-02.com.test:server
登入target
# iscsiadm -m node -T iqn.2021-02.com.test:server -l
查看自己的硬盘信息
[root@test /]# lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sda 8:0 0 20G 0 disk sr0 11:0 1 6.6G 0 rom /mnt nvme0n1 259:0 0 20G 0 disk ├─nvme0n1p1 259:1 0 1G 0 part /boot └─nvme0n1p2 259:2 0 19G 0 part ├─rhel-root 253:0 0 17G 0 lvm / └─rhel-swap 253:1 0 2G 0 lvm [SWAP]
多出来了一块nvme0n1p2,实验成功
解除登入target则是
# iscsiadm -m node -T iqn.2021-02.com.test:server -u
iscsi代码参数选项解析
-m --mode指定模式,发现为discovery,登陆为node节点模式,session -l --login登陆 -t --type 一般为sendtarget,简写为st -o --op=op 指定选项,new delete update show nonpersistent 可以用-o delete 对已存在的node进行删除 -p --portal 指定入口 可以为IP地址或者域名 -P n 指定输出详细信息,[0|1|2|3],有四种格式可选 -u --logout 登出 -T --targetname=targetanme 指定要使用的服务器端的target名称,有时候服务器端创建了多个target,iqn.2015-10.com.example:
4.chap 单向认证
服务器配置
# targetcli /> cd iscsi /iscsi> set discovery_auth enable=1 userid=test password=123456 /iscsi> cd / /> saveconfig
客户机配置
# vi /etc/iscsi/iscsid.conf 在70到80行之间,修改这三条代码,注意去掉前面#号,直接搜索/CHAP也能很快找到位置:wq # systemctl restart iscsid
5.chap 双向认证
服务器配置
# targetcli /> cd iscsi/ /iscsi> set discovery_auth enable=1 userid=test password=123456 mutual_userid=test mutual_password=123456 /iscsi> cd / /> saveconfig
客户机配置
# vi /etc/iscsi/iscsid.conf:wq 跟单向认证配置极为相似,多修改了2行代码
6.normal 认证
服务器配置
# targetcli /> cd /iscsi/iqn.2021-02.com.test:server/tpg1/ /iscsi/iqn.20...t:server/tpg1> set attribute generate_node_acls=1 /iscsi/iqn.20...t:server/tpg1> set auth userid=test password=123456 /iscsi/iqn.20...t:server/tpg1> set auth mutual_userid=test mutual_password=123456 //这是设置双向认证,若只需要单向认证则不用打 /iscsi/iqn.20...t:server/tpg1> cd / /> saveconfig
客户机配置
# vi /etc/iscsi/iscsid.conf:wq 这是设置双向认证配置,若只需要单项认证则最后2行username_in和password_in不用进行修改