利用iSCSI服务部署IP SAN网络存储服务

一、配置环境（Vmware WorkStation虚拟环境）

服务端与客户端OS：openEuler 22.03-LTS

CPU：1U1C

内存：2G

硬盘：5个SCSI磁盘，其中一个作为系统盘，另外四个配置为RAID5阵列

服务器IP：192.168.17.200

二、详细配置过程

1、配置RAID5

mdadm -Cv /dev/md0 -n 3 -l 5 -x 1 /dev/sdb /dev/sdc /dev/sdd /dev/sde

其中，-Cv参数为创建阵列并显示过程，/dev/md0为生成的阵列组名称，-n 3参数为创建RAID 5磁盘阵列所需的硬盘个数，-l 5参数为RAID磁盘阵列的级别，-x 1参数为磁盘阵列的备份盘个数。

执行以下命令查看RAID5阵列详情

mdadm -D /dev/md0

2、配置iSCSI服务端

（1）在服务器上安装iSCSI服务软件包

dnf install -y targetcli

（2）配置iSCSI服务端共享资源

• 查看iSCSI服务端共享资源

[root@ipsan ~]# targetcli
targetcli shell version 2.1.54
Copyright 2011-2013 by Datera, Inc and others.
For help on commands, type 'help'.

/> ls
o- / ............................................................................................................. [...]
  o- backstores .................................................................................................. [...]
  | o- block ...................................................................................... [Storage Objects: 0]
  | o- fileio ..................................................................................... [Storage Objects: 0]
  | o- pscsi ...................................................................................... [Storage Objects: 0]
  | o- ramdisk .................................................................................... [Storage Objects: 0]
  o- iscsi ................................................................................................ [Targets: 0]
  o- loopback ............................................................................................. [Targets: 0]
  o- vhost ................................................................................................ [Targets: 0]
  o- xen-pvscsi ........................................................................................... [Targets: 0]

• 将前面创建的RAID 5磁盘阵列md0作为iSCSI共享设备

/> cd /backstores/block
/backstores/block> create disk0 /dev/md0
Created block storage object disk0 using /dev/md0.
/backstores/block> cd /
/> ls
o- / ............................................................................................................. [...]
  o- backstores .................................................................................................. [...]
  | o- block ...................................................................................... [Storage Objects: 1]
  | | o- disk0 ............................................................. [/dev/md0 (40.0GiB) write-thru deactivated]
  | |   o- alua ....................................................................................... [ALUA Groups: 1]
  | |     o- default_tg_pt_gp ........................................................... [ALUA state: Active/optimized]
  | o- fileio ..................................................................................... [Storage Objects: 0]
  | o- pscsi ...................................................................................... [Storage Objects: 0]
  | o- ramdisk .................................................................................... [Storage Objects: 0]
  o- iscsi ................................................................................................ [Targets: 0]
  o- loopback ............................................................................................. [Targets: 0]
  o- vhost ................................................................................................ [Targets: 0]
  o- xen-pvscsi ........................................................................................... [Targets: 0]

• 创建iSCSI target名称及配置共享资源

/> cd iscsi 
/iscsi> create 
Created target iqn.2003-01.org.linux-iscsi.ipsan.x8664:sn.a54ce739d195.
Created TPG 1.
Global pref auto_add_default_portal=true
Created default portal listening on all IPs (0.0.0.0), port 3260.
/iscsi> ls
o- iscsi .................................................................................................. [Targets: 1]
  o- iqn.2003-01.org.linux-iscsi.ipsan.x8664:sn.a54ce739d195 ................................................. [TPGs: 1]
    o- tpg1 ..................................................................................... [no-gen-acls, no-auth]
      o- acls ................................................................................................ [ACLs: 0]
      o- luns ................................................................................................ [LUNs: 0]
      o- portals .......................................................................................... [Portals: 1]
        o- 0.0.0.0:3260 ........................................................................................... [OK]
/iscsi> cd iqn.2003-01.org.linux-iscsi.ipsan.x8664:sn.a54ce739d195/
/iscsi/iqn.20....a54ce739d195> cd tpg1/luns
/iscsi/iqn.20...195/tpg1/luns> create /backstores/block/disk0
Created LUN 0.

• 设置访问控制列表（ACL）

iSCSI协议通过客户端名称进行验证的。即iSCSI客户端的名称与服务端中设置的访问控制列表中某一名称条目一致即可。acls参数目录用于存放能够访问iSCSI服务端共享存储资源的客户端名称，推荐在前面系统生成的iSCSI target后面追加上类似于:client的参数，这样既能保证客户端的名称具有唯一性，又非常便于管理和阅读。

/iscsi/iqn.20...195/tpg1/luns> cd ../acls 
/iscsi/iqn.20...195/tpg1/acls> create iqn.2003-01.org.linux-iscsi.ipsan.x8664:sn.a54ce739d195:client
Created Node ACL for iqn.2003-01.org.linux-iscsi.ipsan.x8664:sn.a54ce739d195:client
Created mapped LUN 0.

• 设置iSCSI服务端的监听IP地址和端口号

默认情况下，iSCSI允许所有网卡提供iSCSI服务，但这种配置存在安全隐患，可以删除默认配置，然后指定服务接口IP地址。

/iscsi/iqn.20...195/tpg1/acls> cd ../portals/
/iscsi/iqn.20.../tpg1/portals> ls
o- portals ................................................................................................ [Portals: 1]
  o- 0.0.0.0:3260 ................................................................................................. [OK]
/iscsi/iqn.20.../tpg1/portals> delete 0.0.0.0 3260
Deleted network portal 0.0.0.0:3260
/iscsi/iqn.20.../tpg1/portals> create 192.168.17.200
Using default IP port 3260
Created network portal 192.168.17.200:3260.

• 查看并确认配置

/iscsi/iqn.20.../tpg1/portals> cd /
/> ls
o- / ............................................................................................................. [...]
  o- backstores .................................................................................................. [...]
  | o- block ...................................................................................... [Storage Objects: 1]
  | | o- disk0 ............................................................... [/dev/md0 (40.0GiB) write-thru activated]
  | |   o- alua ....................................................................................... [ALUA Groups: 1]
  | |     o- default_tg_pt_gp ........................................................... [ALUA state: Active/optimized]
  | o- fileio ..................................................................................... [Storage Objects: 0]
  | o- pscsi ...................................................................................... [Storage Objects: 0]
  | o- ramdisk .................................................................................... [Storage Objects: 0]
  o- iscsi ................................................................................................ [Targets: 1]
  | o- iqn.2003-01.org.linux-iscsi.ipsan.x8664:sn.a54ce739d195 ............................................... [TPGs: 1]
  |   o- tpg1 ................................................................................... [no-gen-acls, no-auth]
  |     o- acls .............................................................................................. [ACLs: 1]
  |     | o- iqn.2003-01.org.linux-iscsi.ipsan.x8664:sn.a54ce739d195:client ........................... [Mapped LUNs: 1]
  |     |   o- mapped_lun0 ..................................................................... [lun0 block/disk0 (rw)]
  |     o- luns .............................................................................................. [LUNs: 1]
  |     | o- lun0 .......................................................... [block/disk0 (/dev/md0) (default_tg_pt_gp)]
  |     o- portals ........................................................................................ [Portals: 1]
  |       o- 192.168.17.200:3260 .................................................................................. [OK]
  o- loopback ............................................................................................. [Targets: 0]
  o- vhost ................................................................................................ [Targets: 0]
  o- xen-pvscsi ........................................................................................... [Targets: 0]

• 保存配置

/> exit
Global pref auto_save_on_exit=true
Last 10 configs saved in /etc/target/backup/.
Configuration saved to /etc/target/saveconfig.json

3、配置防火墙，放行iSCSI服务

[root@ipsan ~]# firewall-cmd --permanent --zone=public --add-port=3260/tcp
[root@ipsan ~]# firewall-cmd --reload

4、配置iSCSI客户端

以下操作在iSCSI客户端完成

（1）安装iSCSI客户端服务程序initiator

dnf install iscsi-initiator-utils

（2）编辑iSCSI客户端配置文件

CNA01:~ # vi /etc/iscsi/initiatorname.iscsi 

InitiatorName=iqn.2003-01.org.linux-iscsi.ipsan.x8664:sn.a54ce739d195:client

（3）重启iSCSI服务

systemctl restart iscsid
systemctl enable  iscsid

（3）扫描发现远程iSCSI服务端

iscsiadm -m discovery -t st -p 192.168.17.200

其中，-m discovery参数的目的是扫描并发现可用的存储资源，-t st参数为执行扫描操作的类型，-p 192.168.17.200参数为iSCSI服务端的IP地址

（4）登录iSCSI服务端

CNA01:~ # iscsiadm -m node -T iqn.2003-01.org.linux-iscsi.ipsan.x8664:sn.a54ce739d195 -p 192.168.17.200 --login
Logging in to [iface: default, target: iqn.2003-01.org.linux-iscsi.ipsan.x8664:sn.a54ce739d195, portal: 192.168.17.200,3260] (multiple)
Login to [iface: default, target: iqn.2003-01.org.linux-iscsi.ipsan.x8664:sn.a54ce739d195, portal: 192.168.17.200,3260] successful.

其中，-m node参数为将客户端所在主机作为一台节点服务器，-T参数为要使用的存储资源，-p 192.168.17.200参数为iSCSI服务端的IP地址，--login或-l参数表示登录。

（4）查看共享设备

在iSCSI客户端成功登录之后，会在客户端主机上多出一块名为/dev/sdb的设备文件。

CNA01:~ #  ls -l /dev/sdb
brw-rw---- 1 root disk 8, 16 Feb 21 05:19 /dev/sdb
CNA01:~ # file /dev/sdb 
/dev/sdb: block special (8/16)

（5）格式化共享设备

CNA01:~ # mkfs.ext4 /dev/sdb
mke2fs 1.45.0 (6-Mar-2019)
/dev/sdb is apparently in use by the system; will not make a filesystem here!

若出现上述错误，则执行以下命令解决问题

CNA01:~ # dmsetup remove_all
CNA01:~ # dmsetup status

正常格式化共享设备的输出信息如下

CNA01:~ # mkfs.ext4 /dev/sdb
mke2fs 1.45.0 (6-Mar-2019)
Creating filesystem with 10477056 4k blocks and 2621440 inodes
Filesystem UUID: f012928f-9e69-4631-b0bc-1d97e75a305b
Superblock backups stored on blocks: 
	32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208, 
	4096000, 7962624

Allocating group tables: done                            
Writing inode tables: done                            
Creating journal (65536 blocks): done
Writing superblocks and filesystem accounting information: done

（6）编辑/etc/fstab配置文件

因是网络共享设备，通常采用UUID进行挂载，且挂载选项中选用_netdev参数。

CNA01:~ # blkid | grep /dev/sdb
/dev/sdb: UUID="f012928f-9e69-4631-b0bc-1d97e75a305b" TYPE="ext4" 

CNA01:~ # vi /etc/fstab
......在文件末尾添加以下挂载信息......
UUID="f012928f-9e69-4631-b0bc-1d97e75a305b" /iscsi      ext4    defaults,_netdev 0 0 

（7）挂载共享设备

CNA01:~ # mkdir /iscsi
CNA01:~ # mount -a

注：如果不再需要使用iSCSI共享设备资源了，可以用iscsiadm命令的-u参数将其设备卸载，命令如下：

iscsiadm -m node -T iqn.2003-01.org.linux-iscsi.ipsan.x8664:sn.a54ce739d195 -u