[RH342]iscsi配置与排错
- 1. 服务端配置
- 1.1 安装targetcli
- 1.2 准备磁盘
- 1.3 服务端配置
- 1.4 防火墙配置
- 2. 客户端配置
- 2.1 安装客户端软件
- 2.2 配置客户端
- 2.3 连接登录服务端
- 2.4 挂载使用
- 3. 安全验证扩展
- 3.1 服务端
- 3.2 客户端
- 4. 常见的排错点
- 4.1 服务端常见错误
- 4.2 客户端常见错误
1. 服务端配置
1.1 安装targetcli
安装iscsi组件
dnf install -y targetcli
1.2 准备磁盘
iscsi服务需要一个磁盘,我们就利用vdb上的空余磁盘建一个vdb2来作为iscsi数据存放的位置
fdisk /dev/vdb
1.3 服务端配置
启动服务
systemctl enable --now targetclid.service
创建backstores
[root@serverd ~]# targetcli
targetcli shell version 2.1.53
Copyright 2011-2013 by Datera, Inc and others.
For help on commands, type 'help'./> ls
o- / ......................................................................................................................... [...]o- backstores .............................................................................................................. [...]| o- block .................................................................................................. [Storage Objects: 0]| o- fileio ................................................................................................. [Storage Objects: 0]| o- pscsi .................................................................................................. [Storage Objects: 0]| o- ramdisk ................................................................................................ [Storage Objects: 0]o- iscsi ............................................................................................................ [Targets: 0]o- loopback ......................................................................................................... [Targets: 0]
/> backstores/block create
dev= name= readonly= wwn=
/> backstores/block create dev=/dev/vdb2
Missing required parameter name
/> backstores/block create dev=/dev/vdb2 name=target1
Created block storage object target1 using /dev/vdb2.
/> ls
o- / ......................................................................................................................... [...]o- backstores .............................................................................................................. [...]| o- block .................................................................................................. [Storage Objects: 1]| | o- target1 ..................................................................... [/dev/vdb2 (200.0MiB) write-thru deactivated]| | o- alua ................................................................................................... [ALUA Groups: 1]| | o- default_tg_pt_gp ....................................................................... [ALUA state: Active/optimized]| o- fileio ................................................................................................. [Storage Objects: 0]| o- pscsi .................................................................................................. [Storage Objects: 0]| o- ramdisk ................................................................................................ [Storage Objects: 0]o- iscsi ............................................................................................................ [Targets: 0]o- loopback ......................................................................................................... [Targets: 0]
创建acl
/> backstores/block create dev=/dev/vdb2 name=target1
Created block storage object target1 using /dev/vdb2.
/> ls
o- / ......................................................................................................................... [...]o- backstores .............................................................................................................. [...]| o- block .................................................................................................. [Storage Objects: 1]| | o- target1 ..................................................................... [/dev/vdb2 (200.0MiB) write-thru deactivated]| | o- alua ................................................................................................... [ALUA Groups: 1]| | o- default_tg_pt_gp ....................................................................... [ALUA state: Active/optimized]| o- fileio ................................................................................................. [Storage Objects: 0]| o- pscsi .................................................................................................. [Storage Objects: 0]| o- ramdisk ................................................................................................ [Storage Objects: 0]o- iscsi ............................................................................................................ [Targets: 0]o- loopback ......................................................................................................... [Targets: 0]
/> iscsi/ create iqn.2025-02.com.example.lab:serverd
Created target iqn.2025-02.com.example.lab:serverd.
Created TPG 1.
Global pref auto_add_default_portal=true
Created default portal listening on all IPs (0.0.0.0), port 3260.
/> ls
o- / ......................................................................................................................... [...]o- backstores .............................................................................................................. [...]| o- block .................................................................................................. [Storage Objects: 1]| | o- target1 ..................................................................... [/dev/vdb2 (200.0MiB) write-thru deactivated]| | o- alua ................................................................................................... [ALUA Groups: 1]| | o- default_tg_pt_gp ....................................................................... [ALUA state: Active/optimized]| o- fileio ................................................................................................. [Storage Objects: 0]| o- pscsi .................................................................................................. [Storage Objects: 0]| o- ramdisk ................................................................................................ [Storage Objects: 0]o- iscsi ............................................................................................................ [Targets: 1]| o- iqn.2025-02.com.example.lab:serverd ............................................................................... [TPGs: 1]| o- tpg1 ............................................................................................... [no-gen-acls, no-auth]| o- acls .......................................................................................................... [ACLs: 0]| o- luns .......................................................................................................... [LUNs: 0]| o- portals .................................................................................................... [Portals: 1]| o- 0.0.0.0:3260 ..................................................................................................... [OK]o- loopback ......................................................................................................... [Targets: 0]
/> iscsi/iqn.2025-02.com.example.lab:serverd/tpg1/acls create iqn.2025-02.com.example.lab:serverc
Created Node ACL for iqn.2025-02.com.example.lab:serverc
/> ls
o- / ......................................................................................................................... [...]o- backstores .............................................................................................................. [...]| o- block .................................................................................................. [Storage Objects: 1]| | o- target1 ..................................................................... [/dev/vdb2 (200.0MiB) write-thru deactivated]| | o- alua ................................................................................................... [ALUA Groups: 1]| | o- default_tg_pt_gp ....................................................................... [ALUA state: Active/optimized]| o- fileio ................................................................................................. [Storage Objects: 0]| o- pscsi .................................................................................................. [Storage Objects: 0]| o- ramdisk ................................................................................................ [Storage Objects: 0]o- iscsi ............................................................................................................ [Targets: 1]| o- iqn.2025-02.com.example.lab:serverd ............................................................................... [TPGs: 1]| o- tpg1 ............................................................................................... [no-gen-acls, no-auth]| o- acls .......................................................................................................... [ACLs: 1]| | o- iqn.2025-02.com.example.lab:serverc .................................................................. [Mapped LUNs: 0]| o- luns .......................................................................................................... [LUNs: 0]| o- portals .................................................................................................... [Portals: 1]| o- 0.0.0.0:3260 ..................................................................................................... [OK]o- loopback ......................................................................................................... [Targets: 0]
/> iscsi/iqn.2025-02.com.example.lab:serverd/tpg1/luns create /backstores/block/target1
Created LUN 0.
Created LUN 0->0 mapping in node ACL iqn.2025-02.com.example.lab:serverc
保存配置
/> saveconfig
Last 10 configs saved in /etc/target/backup/.
Configuration saved to /etc/target/saveconfig.json
1.4 防火墙配置
[root@serverd ~]# firewall-cmd --permanent --add-port=3260/tcp
success
[root@serverd ~]# firewall-cmd --reload
success
2. 客户端配置
2.1 安装客户端软件
安装iscsi-initiator-utils
dnf install -y iscsi-initiator-utils
2.2 配置客户端
修改配置文件/etc/iscsi/initiatorname.iscsi
[root@serverc ~]# cat /etc/iscsi/initiatorname.iscsi
InitiatorName=iqn.2025-02.com.example.lab:serverc
启动iscsid服务
systemctl enable --now iscsid
2.3 连接登录服务端
发现,登录服务端
iscsiadm --mode discoverydb --type sendtargets --portal 172.25.250.13 --discover
iscsiadm --mode node --targetname iqn.2025-02.com.example.lab:serverd --portal 172.25.250.13:3260 --login
此时可以看到iscsi磁盘已经完成挂载,本地出现新磁盘sda
fdisk -l
2.4 挂载使用
将磁盘格式化并挂载
[root@serverc ~]# mkfs.xfs /dev/sda
meta-data=/dev/sda isize=512 agcount=4, agsize=12800 blks= sectsz=512 attr=2, projid32bit=1= crc=1 finobt=1, sparse=1, rmapbt=0= reflink=1
data = bsize=4096 blocks=51200, imaxpct=25= sunit=0 swidth=0 blks
naming =version 2 bsize=4096 ascii-ci=0, ftype=1
log =internal log bsize=4096 blocks=1368, version=2= sectsz=512 sunit=0 blks, lazy-count=1
realtime =none extsz=4096 blocks=0, rtextents=0
[root@serverc ~]# mkdir -p /data/iscsi
[root@serverc ~]# mount /dev/sda /data/iscsi
[root@serverc ~]# df -Th
Filesystem Type Size Used Avail Use% Mounted on
devtmpfs devtmpfs 360M 0 360M 0% /dev
tmpfs tmpfs 405M 84K 405M 1% /dev/shm
tmpfs tmpfs 405M 11M 394M 3% /run
tmpfs tmpfs 405M 0 405M 0% /sys/fs/cgroup
/dev/vda3 xfs 9.9G 5.6G 4.4G 56% /
/dev/vda2 vfat 100M 5.8M 95M 6% /boot/efi
tmpfs tmpfs 81M 140K 81M 1% /run/user/1002
tmpfs tmpfs 81M 0 81M 0% /run/user/0
/dev/sda xfs 195M 12M 184M 6% /data/iscsi
测试写入
[root@serverc ~]# echo 123 > /data/iscsi/test.txt
[root@serverc ~]# cat /data/iscsi/test.txt
123
到这里基本算完成了.但既然RH342了就加点难度.
我们发现只要任何一个网络通的节点,只要客户端配置正确就能挂载这个iscsi磁盘.
这显然是不够安全的.那么我们再上点验证.
3. 安全验证扩展
假设我们给这个iscsi加个验证
用户名为:admin
密码为:redhat
3.1 服务端
配置用户名密码
/> iscsi/iqn.2025-02.com.example.lab:serverd/tpg1/acls/iqn.2025-02.com.example.lab:serverc/ set auth userid=admin password=redhat
Parameter userid is now 'admin'.
Parameter password is now 'redhat'.
/> saveconfig
Last 10 configs saved in /etc/target/backup/.
Configuration saved to /etc/target/saveconfig.json
/>
3.2 客户端
先卸载挂载并退出iscsi登录
[root@serverc ~]# umount /data/iscsi
[root@serverc ~]# iscsiadm --mode node --targetname iqn.2025-02.com.example.lab:serverd --portal 172.25.250.13:3260 --logout
Logging out of session [sid: 4, target: iqn.2025-02.com.example.lab:serverd, portal: 172.25.250.13,3260]
Logout of [sid: 4, target: iqn.2025-02.com.example.lab:serverd, portal: 172.25.250.13,3260] successful.
[root@serverc ~]# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
vda 252:0 0 10G 0 disk
├─vda1 252:1 0 1M 0 part
├─vda2 252:2 0 100M 0 part /boot/efi
└─vda3 252:3 0 9.9G 0 part /
vdb 252:16 0 1G 0 disk
└─datavg-lv01 253:0 0 300M 0 lvm
修改配置文件
vi vim /etc/iscsi/iscsid.conf
打开红框这3行内容并按服务端配置修改成对应值
重启iscsid服务
systemctl restart iscsid.service
尝试重新登录
[root@serverc ~]# iscsiadm --mode node --targetname iqn.2025-02.com.example.lab:serverd --portal 172.25.250.13:3260 --login
Logging in to [iface: default, target: iqn.2025-02.com.example.lab:serverd, portal: 172.25.250.13,3260]
Login to [iface: default, target: iqn.2025-02.com.example.lab:serverd, portal: 172.25.250.13,3260] successful.
[root@serverc ~]# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 200M 0 disk
vda 252:0 0 10G 0 disk
├─vda1 252:1 0 1M 0 part
├─vda2 252:2 0 100M 0 part /boot/efi
└─vda3 252:3 0 9.9G 0 part /
vdb 252:16 0 1G 0 disk
└─datavg-lv01 253:0 0 300M 0 lvm
[root@serverc ~]# df -Th
Filesystem Type Size Used Avail Use% Mounted on
devtmpfs devtmpfs 360M 0 360M 0% /dev
tmpfs tmpfs 405M 84K 405M 1% /dev/shm
tmpfs tmpfs 405M 11M 394M 3% /run
tmpfs tmpfs 405M 0 405M 0% /sys/fs/cgroup
/dev/vda3 xfs 9.9G 5.6G 4.4G 56% /
/dev/vda2 vfat 100M 5.8M 95M 6% /boot/efi
tmpfs tmpfs 81M 140K 81M 1% /run/user/1002
tmpfs tmpfs 81M 0 81M 0% /run/user/0
[root@serverc ~]# mount -a
[root@serverc ~]# df -TH
Filesystem Type Size Used Avail Use% Mounted on
devtmpfs devtmpfs 377M 0 377M 0% /dev
tmpfs tmpfs 425M 87k 425M 1% /dev/shm
tmpfs tmpfs 425M 12M 414M 3% /run
tmpfs tmpfs 425M 0 425M 0% /sys/fs/cgroup
/dev/vda3 xfs 11G 6.0G 4.8G 56% /
/dev/vda2 vfat 105M 6.1M 99M 6% /boot/efi
tmpfs tmpfs 85M 144k 85M 1% /run/user/1002
tmpfs tmpfs 85M 0 85M 0% /run/user/0
[root@serverc ~]# mount /dev/sda /data/iscsi/
[root@serverc ~]# cat /data/iscsi/test.txt
123
可以看到iscsi的磁盘及内容未出现变化.而且这样多了一层用户名密码也更为安全.
4. 常见的排错点
4.1 服务端常见错误
- 防火墙端口未打开
- 服务未启动和自动开启(systemctl enable --now target)
- targetcli中未创建luns
4.2 客户端常见错误
- /etc/iscsi/initiatorname.iscsi配置和服务端不一致
- /etc/iscsi/iscsid.conf 配置和服务端不一致,通常是密码验证.要么就都开,要么都不开
- 修改配置后没有重启iscsid服务
- login时由于之前的错误导致无法登陆,删除/var/lib/iscsi/nodes/下的异常目录
