Introduction
what is iscsi ?????
In computing, iSCSI (Listeni/a ɪˈ sk ʌ zi/ eye-SKUZ-ee), is an acronym
for Internet Small Computer System Interface, an Internet Protocol
(IP)-based storage networking standard for linking data storage
facilities.
By carrying SCSI commands over IP networks, iSCSI is used to
facilitate data transfers over intranets and to manage storage over long
distances. iSCSI can be used to transmit data over local area networks
(LANs), wide area networks (WANs), or the Internet and can enable
location- independent data storage and retrieval.
The protocol allows clients (called initiators) to send SCSI commands
(CDBs) to SCSI storage devices (targets) on remote servers.It is a
storage area network (SAN) protocol,allowing organizations to
consolidate storage into data center storage arrays while providing
hosts (such as database and web servers) with the illusion of locally attached disks.
But here in this practical , we will do iscsi on lan, for an exmaple you
are linux admin in company , as you have as server of 2 TB and enough
ram required.You can make this server as an iscsi server or a backup
server or storage server.
Storage consolidation :
Organizations move disparate storage resources from servers around their
network to central locations, often in data centres.This allows for
more efficiency in the allocation of storage, as the storage itself is
no longer tied to a particular server. In a SAN environment, a server
can be allocated a new disk volume without any changes to hardware or cabling.
Disaster recovery:
Organizations mirror storage resources from one data centre to a remote
data center, which can serve as a hot standby in the event of a
prolonged outage. In particular, iSCSI SANs allow entire disk arrays to
be migrated across a WAN with minimal configuration changes, in effect
making storage “routable” in the same manner as network traffic.
I want to make you understand that here in this practical in our
company , we are using one machine as a server(iscsi) which we can say
“target” for better technical understanding or client machine will be
work as a “initiator” to access storage from target.
Logical unit number
Main article: Logical unit number In SCSI terminology, LUN stands for logical unit number. A LUN
represents an individually addressable (logical) SCSI device that is
part of a physical SCSI device (target). In an iSCSI environment, LUNs
are essentially numbered disk drives.Dont be confuse.
iSCSI uses TCP (typically TCP port 3260) for the protocols itself.
iqn is very important while doing this practical, so just we have to
know this,no need to go in detail.As this is like a name for iscsi
between target and initiator defined to work in this practical.
Example:which i m showing here, you will get this more while
ging through practical.
—————————————————- ———
<target iqn.2015-03.target.local:initiator.local>
————————————————————–
Security Authentication :
ISCSI initiators and targets prove their identity to each other using
the CHAP protocol, which includes a mechanism to prevent cleartext
passwords from appearing on the wire. By itself, the CHAP protocol is
vulnerable to dictionary attacks, spoofing, or reflection attacks. If
followed carefully, the rules for using CHAP within iSCSI prevent most of these attacks.
For more information do check CHAP protocol on web.You will get details.
Step 1: Flush all the firewall rules by .
# iptables -F
#service iptables save
And also check selinux status by sestatus command.
And
# vi /etc/sysconfig/selinux
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
enforcing – SELinux security policy is enforced.
permissive – SELinux prints warnings instead of enforcing
disabled – SELinux is fully disabled.
SELINUX=enabled (keep it disabled here)
Step 2: keep the hostname entries in /etc/hosts file and network file on both target and client.
# vi /etc/hosts
# vi /etc/sysconfig /network
firstly ,here i have access to both the machines.
Here for storage sharing, i have added harddisk of 20 GB in target to
share as a LUN by client.If you have physical, you can add or attach
physical harddisk either you can add virtual hard-disk , if you are
working vmvare or virtual box.Now we will go to hosts file to keep
entries of host name of both
target and client on both sides.
Step 3: Create partition of added hard disk and format it with file system.You can check the filesystem by df -T command.
[root@server ~]# df -T
Filesystem Type 1K-blocks Used Available Use% Mounted on
/dev/sda3 ext4 7422920 2771180 4268592 40% /
/dev/sda1 ext4 194442 11426 172977 7% /boot
#fdisk /dev/sdb1 ( create a new primary partition )
#mkfs.ext4 /dev/sdb1 (format it with filesystem)
The above has shown that , on target machine, we have added .You can see /dev/sdb of 22GB has been added.
On SERVER Side:
Step 4: yum install scsi-target-utils -y
step 5:#vi /etc/tgt/targets.conf ( configuation file at target side)
just go the end by pressing shift+G.
<target iqn.2015-03.target.local:initiator.local>
backing-store /dev/sdb1
initiator-address 192.168.0.144
incominguser iscsiadm iscsiadm123
iscsiadm123
</target>
As above target is syntax.
Iqn: ISCSI Qualified Name (IQN)
Then target machine(target.local) host name and after initiator machine(initiator.local) hostname.
Then give the disk of Lun you are sharing, in my case i m sharing /dev/sdb1.
Then initiator client IP address.
Then user name and password on the basis of which our client
machine authenticate with target.
Then end the syntax.
Step 6: Then start the tgtd service and keep the chkconfig on .
#/etc/init.d/tgtd start
# chkconfig –levels 235 tgtd on
Step 7:Then open the tcp port 3260 of iscsi on target machine by
iptable rule, don’t worry if you don’t understand,but you need to do
that if you are using firewalls.
[root@server ~]# iptables -A INPUT -p tcp –dport 3260 -j ACCEPT
[root@server ~]# service iptables save
Saving firewall rules to /etc/sysconfig/iptables: [ OK ]
Step 8:Now its time to test, whether upto till now, we have done
everything right or not.Please go through below command and check
whether it is showing shared partition or not,because at first time when
you will do this practical, i m sure you will be amazed to not get this
.As i also i did not get, but dont worry , try again or check the
following all , which we have done till now.
Step 9: To check all parameter is correct
#tgtadm –mode target –op show
Output would be like >>
As it is showing in LUN:1 as a shared partition of /dev/sdb1.
That all up to now on target machine.Now our job to configure client(initiator machine IP:192.168.0.144).
ON CLIENT SIDE CONFIGURATION
Step 10: yum -y install iscsi-initiator-utils -y
Now its time to use iqn , which we have done or used in target machine iscsi tgt configuration file,if you remember.
Step 11:Go to file and do some changes.
#vim /etc/iscsi/initiatorname.iscsi
InitiatorName=iqn.2015-03.target.local:initiator.local
keep the above entry in above file.You can keep the # symbol on already there or delete it or keep
another line with required information and save the file.
step 12: Go to config file .
Now go to main config file on client side.
[root@initiator ~]# vi /etc/iscsi/iscsid.conf
:Here in this you have to some changes as required.
# To manually startup the session set to “manual”. The default is
automatic.
node.startup = automatic
# To enable CHAP authentication
node.session.auth.authmethod = CHAP
# To set a CHAP username and password for initiator
node.session.auth.username = iscsiadm
node.session.auth.password = iscsiadm123
:wq!
Then save the file.
Step 13: And the start the iscsi daemon and keep it chkconfig on
#service iscsid start
# chkconfig –levels 235 iscsid on
Friends as there is caution , you needs to do that don’t start
service through init script but do start the service by service
command,other wise if you do by /etc/init.d/iscsid start, it will not
start.And after that you have to start service by below command.
step 14: /etc/rc.d/init.d/iscsid force-start
step 15: Now to test on client side , you have to put below command.
#iscsiadm –mode discovery -t sendtargets –portal 192.168.0.44 (here 192.168.0.44 is target ip )
Output would be like >
192.168.0.29:3260,1 iqn.2015-03.target.local:initiator.local
step 16: Now its time to connect to target,you have to put below
command, and when you will get this type of output, showing
successful,it means that you have connected to target from client
machine and now can that /dev/sdb1 partition on you system as locally.
#iscsiadm –mode discovery -t sendtargets –portal 192.168.0.44 -l
Now you have login to target machine and shared partition /dev/sdb1
is now accessible to you.As you can check this by fdisk -l command.
Now put fdisk -l command , to check shared partition /dev/sdb.
Yipee!!! i got
Step 17:You will get device uid by this command.
#blkid /dev/sdb
For permanent mounting, use mount it in /etc/fstab file.
#vim /etc/fstab
UUID=”1e38954b-80df-4060-9ac7-77e335a” /mnt ext4 _netdev 0 0
Where
• UUID=”1e38954b-80df-4060″ of NAS partition of target Server
• /mnt is mount point
•Ext3 : file system used
•netdev : device type may be _netdev,rw
_# mount –a
never restart initiator except shutdown
# umount /mnt
# chkconfig netfs on
# service netfs restart
Then you can check this mount by df -H command.
Thats all friends for iscsi topic.For any queries,you can contact us at linux@kvit.in or lalit@kvit.in.