[RH342]iscsi配置与排错
- [1. 服务端配置](#1. 服务端配置)
-
- [1.1 安装targetcli](#1.1 安装targetcli)
- [1.2 准备磁盘](#1.2 准备磁盘)
- [1.3 服务端配置](#1.3 服务端配置)
- [1.4 防火墙配置](#1.4 防火墙配置)
- [2. 客户端配置](#2. 客户端配置)
-
- [2.1 安装客户端软件](#2.1 安装客户端软件)
- [2.2 配置客户端](#2.2 配置客户端)
- [2.3 连接登录服务端](#2.3 连接登录服务端)
- [2.4 挂载使用](#2.4 挂载使用)
- [3. 安全验证扩展](#3. 安全验证扩展)
-
- [3.1 服务端](#3.1 服务端)
- [3.2 客户端](#3.2 客户端)
- [4. 常见的排错点](#4. 常见的排错点)
-
- [4.1 服务端常见错误](#4.1 服务端常见错误)
- [4.2 客户端常见错误](#4.2 客户端常见错误)
1. 服务端配置
1.1 安装targetcli
安装iscsi组件
bash
dnf install -y targetcli1.2 准备磁盘
iscsi服务需要一个磁盘,我们就利用vdb上的空余磁盘建一个vdb2来作为iscsi数据存放的位置
bash
fdisk /dev/vdb
1.3 服务端配置
启动服务
bash
systemctl enable --now targetclid.service创建backstores
bash
[root@serverd ~]# targetcli
targetcli shell version 2.1.53
Copyright 2011-2013 by Datera, Inc and others.
For help on commands, type 'help'.
/> ls
o- / ......................................................................................................................... [...]
o- backstores .............................................................................................................. [...]
| o- block .................................................................................................. [Storage Objects: 0]
| o- fileio ................................................................................................. [Storage Objects: 0]
| o- pscsi .................................................................................................. [Storage Objects: 0]
| o- ramdisk ................................................................................................ [Storage Objects: 0]
o- iscsi ............................................................................................................ [Targets: 0]
o- loopback ......................................................................................................... [Targets: 0]
/> backstores/block create
dev= name= readonly= wwn=
/> backstores/block create dev=/dev/vdb2
Missing required parameter name
/> backstores/block create dev=/dev/vdb2 name=target1
Created block storage object target1 using /dev/vdb2.
/> ls
o- / ......................................................................................................................... [...]
o- backstores .............................................................................................................. [...]
| o- block .................................................................................................. [Storage Objects: 1]
| | o- target1 ..................................................................... [/dev/vdb2 (200.0MiB) write-thru deactivated]
| | o- alua ................................................................................................... [ALUA Groups: 1]
| | o- default_tg_pt_gp ....................................................................... [ALUA state: Active/optimized]
| o- fileio ................................................................................................. [Storage Objects: 0]
| o- pscsi .................................................................................................. [Storage Objects: 0]
| o- ramdisk ................................................................................................ [Storage Objects: 0]
o- iscsi ............................................................................................................ [Targets: 0]
o- loopback ......................................................................................................... [Targets: 0]创建acl
bash
/> backstores/block create dev=/dev/vdb2 name=target1
Created block storage object target1 using /dev/vdb2.
/> ls
o- / ......................................................................................................................... [...]
o- backstores .............................................................................................................. [...]
| o- block .................................................................................................. [Storage Objects: 1]
| | o- target1 ..................................................................... [/dev/vdb2 (200.0MiB) write-thru deactivated]
| | o- alua ................................................................................................... [ALUA Groups: 1]
| | o- default_tg_pt_gp ....................................................................... [ALUA state: Active/optimized]
| o- fileio ................................................................................................. [Storage Objects: 0]
| o- pscsi .................................................................................................. [Storage Objects: 0]
| o- ramdisk ................................................................................................ [Storage Objects: 0]
o- iscsi ............................................................................................................ [Targets: 0]
o- loopback ......................................................................................................... [Targets: 0]
/> iscsi/ create iqn.2025-02.com.example.lab:serverd
Created target iqn.2025-02.com.example.lab:serverd.
Created TPG 1.
Global pref auto_add_default_portal=true
Created default portal listening on all IPs (0.0.0.0), port 3260.
/> ls
o- / ......................................................................................................................... [...]
o- backstores .............................................................................................................. [...]
| o- block .................................................................................................. [Storage Objects: 1]
| | o- target1 ..................................................................... [/dev/vdb2 (200.0MiB) write-thru deactivated]
| | o- alua ................................................................................................... [ALUA Groups: 1]
| | o- default_tg_pt_gp ....................................................................... [ALUA state: Active/optimized]
| o- fileio ................................................................................................. [Storage Objects: 0]
| o- pscsi .................................................................................................. [Storage Objects: 0]
| o- ramdisk ................................................................................................ [Storage Objects: 0]
o- iscsi ............................................................................................................ [Targets: 1]
| o- iqn.2025-02.com.example.lab:serverd ............................................................................... [TPGs: 1]
| o- tpg1 ............................................................................................... [no-gen-acls, no-auth]
| o- acls .......................................................................................................... [ACLs: 0]
| o- luns .......................................................................................................... [LUNs: 0]
| o- portals .................................................................................................... [Portals: 1]
| o- 0.0.0.0:3260 ..................................................................................................... [OK]
o- loopback ......................................................................................................... [Targets: 0]
/> iscsi/iqn.2025-02.com.example.lab:serverd/tpg1/acls create iqn.2025-02.com.example.lab:serverc
Created Node ACL for iqn.2025-02.com.example.lab:serverc
/> ls
o- / ......................................................................................................................... [...]
o- backstores .............................................................................................................. [...]
| o- block .................................................................................................. [Storage Objects: 1]
| | o- target1 ..................................................................... [/dev/vdb2 (200.0MiB) write-thru deactivated]
| | o- alua ................................................................................................... [ALUA Groups: 1]
| | o- default_tg_pt_gp ....................................................................... [ALUA state: Active/optimized]
| o- fileio ................................................................................................. [Storage Objects: 0]
| o- pscsi .................................................................................................. [Storage Objects: 0]
| o- ramdisk ................................................................................................ [Storage Objects: 0]
o- iscsi ............................................................................................................ [Targets: 1]
| o- iqn.2025-02.com.example.lab:serverd ............................................................................... [TPGs: 1]
| o- tpg1 ............................................................................................... [no-gen-acls, no-auth]
| o- acls .......................................................................................................... [ACLs: 1]
| | o- iqn.2025-02.com.example.lab:serverc .................................................................. [Mapped LUNs: 0]
| o- luns .......................................................................................................... [LUNs: 0]
| o- portals .................................................................................................... [Portals: 1]
| o- 0.0.0.0:3260 ..................................................................................................... [OK]
o- loopback ......................................................................................................... [Targets: 0]
/> iscsi/iqn.2025-02.com.example.lab:serverd/tpg1/luns create /backstores/block/target1
Created LUN 0.
Created LUN 0->0 mapping in node ACL iqn.2025-02.com.example.lab:serverc保存配置
bash
/> saveconfig
Last 10 configs saved in /etc/target/backup/.
Configuration saved to /etc/target/saveconfig.json
1.4 防火墙配置
bash
[root@serverd ~]# firewall-cmd --permanent --add-port=3260/tcp
success
[root@serverd ~]# firewall-cmd --reload
success2. 客户端配置
2.1 安装客户端软件
安装iscsi-initiator-utils
bash
dnf install -y iscsi-initiator-utils2.2 配置客户端
修改配置文件/etc/iscsi/initiatorname.iscsi
bash
[root@serverc ~]# cat /etc/iscsi/initiatorname.iscsi
InitiatorName=iqn.2025-02.com.example.lab:serverc启动iscsid服务
bash
systemctl enable --now iscsid2.3 连接登录服务端
发现,登录服务端
bash
iscsiadm --mode discoverydb --type sendtargets --portal 172.25.250.13 --discover
iscsiadm --mode node --targetname iqn.2025-02.com.example.lab:serverd --portal 172.25.250.13:3260 --login此时可以看到iscsi磁盘已经完成挂载,本地出现新磁盘sda
bash
fdisk -l
2.4 挂载使用
将磁盘格式化并挂载
bash
[root@serverc ~]# mkfs.xfs /dev/sda
meta-data=/dev/sda isize=512 agcount=4, agsize=12800 blks
= sectsz=512 attr=2, projid32bit=1
= crc=1 finobt=1, sparse=1, rmapbt=0
= reflink=1
data = bsize=4096 blocks=51200, imaxpct=25
= sunit=0 swidth=0 blks
naming =version 2 bsize=4096 ascii-ci=0, ftype=1
log =internal log bsize=4096 blocks=1368, version=2
= sectsz=512 sunit=0 blks, lazy-count=1
realtime =none extsz=4096 blocks=0, rtextents=0
[root@serverc ~]# mkdir -p /data/iscsi
[root@serverc ~]# mount /dev/sda /data/iscsi
[root@serverc ~]# df -Th
Filesystem Type Size Used Avail Use% Mounted on
devtmpfs devtmpfs 360M 0 360M 0% /dev
tmpfs tmpfs 405M 84K 405M 1% /dev/shm
tmpfs tmpfs 405M 11M 394M 3% /run
tmpfs tmpfs 405M 0 405M 0% /sys/fs/cgroup
/dev/vda3 xfs 9.9G 5.6G 4.4G 56% /
/dev/vda2 vfat 100M 5.8M 95M 6% /boot/efi
tmpfs tmpfs 81M 140K 81M 1% /run/user/1002
tmpfs tmpfs 81M 0 81M 0% /run/user/0
/dev/sda xfs 195M 12M 184M 6% /data/iscsi测试写入
bash
[root@serverc ~]# echo 123 > /data/iscsi/test.txt
[root@serverc ~]# cat /data/iscsi/test.txt
123到这里基本算完成了.但既然RH342了就加点难度.
我们发现只要任何一个网络通的节点,只要客户端配置正确就能挂载这个iscsi磁盘.
这显然是不够安全的.那么我们再上点验证.
3. 安全验证扩展
假设我们给这个iscsi加个验证
用户名为:admin
密码为:redhat
3.1 服务端
配置用户名密码
bash
/> iscsi/iqn.2025-02.com.example.lab:serverd/tpg1/acls/iqn.2025-02.com.example.lab:serverc/ set auth userid=admin password=redhat
Parameter userid is now 'admin'.
Parameter password is now 'redhat'.
/> saveconfig
Last 10 configs saved in /etc/target/backup/.
Configuration saved to /etc/target/saveconfig.json
/> 3.2 客户端
先卸载挂载并退出iscsi登录
bash
[root@serverc ~]# umount /data/iscsi
[root@serverc ~]# iscsiadm --mode node --targetname iqn.2025-02.com.example.lab:serverd --portal 172.25.250.13:3260 --logout
Logging out of session [sid: 4, target: iqn.2025-02.com.example.lab:serverd, portal: 172.25.250.13,3260]
Logout of [sid: 4, target: iqn.2025-02.com.example.lab:serverd, portal: 172.25.250.13,3260] successful.
[root@serverc ~]# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
vda 252:0 0 10G 0 disk
├─vda1 252:1 0 1M 0 part
├─vda2 252:2 0 100M 0 part /boot/efi
└─vda3 252:3 0 9.9G 0 part /
vdb 252:16 0 1G 0 disk
└─datavg-lv01 253:0 0 300M 0 lvm 修改配置文件
bash
vi vim /etc/iscsi/iscsid.conf打开红框这3行内容并按服务端配置修改成对应值
重启iscsid服务
bash
systemctl restart iscsid.service 尝试重新登录
bash
[root@serverc ~]# iscsiadm --mode node --targetname iqn.2025-02.com.example.lab:serverd --portal 172.25.250.13:3260 --login
Logging in to [iface: default, target: iqn.2025-02.com.example.lab:serverd, portal: 172.25.250.13,3260]
Login to [iface: default, target: iqn.2025-02.com.example.lab:serverd, portal: 172.25.250.13,3260] successful.
[root@serverc ~]# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 200M 0 disk
vda 252:0 0 10G 0 disk
├─vda1 252:1 0 1M 0 part
├─vda2 252:2 0 100M 0 part /boot/efi
└─vda3 252:3 0 9.9G 0 part /
vdb 252:16 0 1G 0 disk
└─datavg-lv01 253:0 0 300M 0 lvm
[root@serverc ~]# df -Th
Filesystem Type Size Used Avail Use% Mounted on
devtmpfs devtmpfs 360M 0 360M 0% /dev
tmpfs tmpfs 405M 84K 405M 1% /dev/shm
tmpfs tmpfs 405M 11M 394M 3% /run
tmpfs tmpfs 405M 0 405M 0% /sys/fs/cgroup
/dev/vda3 xfs 9.9G 5.6G 4.4G 56% /
/dev/vda2 vfat 100M 5.8M 95M 6% /boot/efi
tmpfs tmpfs 81M 140K 81M 1% /run/user/1002
tmpfs tmpfs 81M 0 81M 0% /run/user/0
[root@serverc ~]# mount -a
[root@serverc ~]# df -TH
Filesystem Type Size Used Avail Use% Mounted on
devtmpfs devtmpfs 377M 0 377M 0% /dev
tmpfs tmpfs 425M 87k 425M 1% /dev/shm
tmpfs tmpfs 425M 12M 414M 3% /run
tmpfs tmpfs 425M 0 425M 0% /sys/fs/cgroup
/dev/vda3 xfs 11G 6.0G 4.8G 56% /
/dev/vda2 vfat 105M 6.1M 99M 6% /boot/efi
tmpfs tmpfs 85M 144k 85M 1% /run/user/1002
tmpfs tmpfs 85M 0 85M 0% /run/user/0
[root@serverc ~]# mount /dev/sda /data/iscsi/
[root@serverc ~]# cat /data/iscsi/test.txt
123可以看到iscsi的磁盘及内容未出现变化.而且这样多了一层用户名密码也更为安全.
4. 常见的排错点
4.1 服务端常见错误
- 防火墙端口未打开
- 服务未启动和自动开启(systemctl enable --now target)
- targetcli中未创建luns
4.2 客户端常见错误
- /etc/iscsi/initiatorname.iscsi配置和服务端不一致
- /etc/iscsi/iscsid.conf 配置和服务端不一致,通常是密码验证.要么就都开,要么都不开
- 修改配置后没有重启iscsid服务
- login时由于之前的错误导致无法登陆,删除/var/lib/iscsi/nodes/下的异常目录