Create Centralized Storage using iSCSI Target on RHEL/CentOS

Create Centralized Storage using iSCSI Target on RHEL/CentOS


what is iscsi ?????
In computing, iSCSI (Listeni/a ɪˈ sk ʌ zi/ eye-SKUZ-ee), is an acronym for Internet Small Computer System Interface, an Internet Protocol (IP)-based storage networking standard for linking data storage facilities.

By carrying SCSI commands over IP networks, iSCSI is used to facilitate data transfers over intranets and to manage storage over long distances. iSCSI can be used to transmit data over local area networks (LANs), wide area networks (WANs), or the Internet and can enable location- independent data storage and retrieval.

The protocol allows clients (called initiators) to send SCSI commands (CDBs) to SCSI storage devices (targets) on remote servers.It is a storage area network (SAN) protocol,allowing organizations to consolidate storage into data center storage arrays while providing hosts (such as database and web servers) with the
illusion of locally attached disks.
But here in this practical , we will do iscsi on lan, for an exmaple you are linux admin in company , as you have as server of 2 TB and enough ram required.You can make this server as an iscsi server or a backup server or storage server.

Storage consolidation :
Organizations move disparate storage resources from servers around their network to central locations, often in data centres.This allows for more efficiency in the allocation of storage, as the storage itself is no longer tied to a particular server. In a SAN environment, a server can be allocated a new disk volume without
any changes to hardware or cabling.
Disaster recovery:
Organizations mirror storage resources from one data centre to a remote data center, which can serve as a hot standby in the event of a prolonged outage. In particular, iSCSI SANs allow entire  disk arrays to be migrated across a WAN with minimal configuration changes, in effect making storage “routable” in the same manner as network traffic.

I want to make you understand that here in this practical in our company , we are using one machine as a server(iscsi) which we can say “target” for better technical understanding or client machine will be work as a “initiator” to access storage from target.

Logical unit number
Main article: Logical unit number In SCSI terminology, LUN stands for logical unit number. A LUN
represents an individually addressable (logical) SCSI device that is part of a physical SCSI device (target). In an iSCSI environment, LUNs are essentially numbered disk drives.Dont be confuse.

iSCSI uses TCP (typically TCP port 3260) for the protocols itself.

iqn is very important while doing this practical, so just we have to know this,no need to go in detail.As this is like a name for iscsi between target and initiator defined to work in this practical.
Example:which i m showing here, you will get this more while
ging through practical.
—————————————————- ———
<target iqn.2015-03.target.local:initiator.local>

————————————————————–

Security Authentication :
ISCSI initiators and targets prove their identity to each other using the CHAP protocol, which includes a mechanism to prevent cleartext passwords from appearing on the wire. By itself, the CHAP protocol is vulnerable to dictionary attacks, spoofing, or reflection attacks. If followed carefully, the rules for using CHAP
within iSCSI prevent most of these attacks.
For more information do check CHAP protocol on web.You will get details.

Step 1: Flush all the firewall rules by .

# iptables -F

#service iptables save

And also check selinux status by sestatus command.

And
# vi /etc/sysconfig/selinux
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
enforcing – SELinux security policy is enforced.
permissive – SELinux prints warnings instead of enforcing
disabled – SELinux is fully disabled.
SELINUX=enabled                             (keep it disabled here)
# SELINUXTYPE= type of policy in use. Possible values are:
targeted – Only targeted network daemons are protected.
strict – Full SELinux protection.
SELINUXTYPE=targeted

Step 2: keep the hostname entries in /etc/hosts file and network file on both target and client.

# vi /etc/hosts

and

# vi /etc/sysconfig /network

firstly ,here i have access to both the machines.

first1

Here for storage sharing, i have added harddisk of 20 GB in target to share as a LUN by client.If you have physical, you can add or attach physical harddisk either you can add virtual hard-disk , if you are working vmvare or virtual box.Now we will go to hosts file to keep entries of host name of both
target and client on both sides.

 

Selection_315

Step 3: Create partition of added hard disk and format it with file system.You can check the filesystem by df -T command.

[root@server ~]# df -T
Filesystem    Type   1K-blocks      Used Available Use% Mounted on
/dev/sda3     ext4     7422920   2771180   4268592  40% /
/dev/sda1     ext4      194442     11426    172977   7% /boot

#fdisk /dev/sdb1   ( create a new primary partition )
#mkfs.ext4  /dev/sdb1  (format it with filesystem)

fdisk target

The above has shown that , on target machine, we have added .You can see /dev/sdb of 22GB has been added.

On SERVER Side:

Step 4: yum install scsi-target-utils -y

step 5:#vi /etc/tgt/targets.conf          ( configuation file at target side)
just go the end by pressing shift+G.
<target iqn.2015-03.target.local:initiator.local>
backing-store /dev/sdb1
initiator-address 192.168.0.144

incominguser  iscsiadm iscsiadm123
iscsiadm123
</target>

1503 tgtd

As above target is syntax.
Iqn: ISCSI Qualified Name (IQN)
Then target machine(target.local) host name and after initiator machine(initiator.local) hostname.
Then give the disk of Lun you are sharing, in my case i m sharing /dev/sdb1.
Then initiator client IP address.
Then user name and password on the basis of which our client
machine authenticate with target.
Then end the syntax.

Step 6: Then start the tgtd service and keep the chkconfig on .
#/etc/init.d/tgtd start
# chkconfig –levels 235 tgtd on

Step 7:Then open the tcp port 3260 of iscsi on target machine by iptable rule, don’t worry if you don’t  understand,but you need to do that if you are using firewalls.

[root@server ~]# iptables -A INPUT -p tcp –dport 3260 -j ACCEPT
[root@server ~]# service iptables save
Saving firewall rules to /etc/sysconfig/iptables:          [  OK  ]

Step 8:Now its time to test, whether upto till now, we have done everything right or not.Please go through below command and check whether it is showing shared partition or not,because at first time when you will do this practical, i m sure you will be amazed to not get this .As i also i did not get, but dont worry , try again or check the following all , which we have done till now.

Step 9: To check all parameter is correct
#tgtadm –mode target –op show
Output would be like >>

6

As it is showing in LUN:1 as a shared partition of /dev/sdb1.

That all up to now on target machine.Now our job to configure client(initiator machine IP:192.168.0.144).

ON CLIENT SIDE CONFIGURATION

Step 10: yum -y install iscsi-initiator-utils -y

Now its time to use iqn , which we have done or used in target machine iscsi tgt configuration file,if you remember.

Step 11:Go to  file and do some changes.

#vim  /etc/iscsi/initiatorname.iscsi

InitiatorName=iqn.2015-03.target.local:initiator.local

keep the above entry in above file.You can keep the # symbol on already there or delete it or keep
another line with required information and save the file.

step 12:  Go to config file .

Now go to main config file on client side.
[root@initiator ~]# vi /etc/iscsi/iscsid.conf
:Here in this you have to some changes as required.
# To manually startup the session set to “manual”. The default is
automatic.
node.startup = automatic
# To enable CHAP authentication
node.session.auth.authmethod = CHAP
# To set a CHAP username and password for initiator
node.session.auth.username = iscsiadm
node.session.auth.password = iscsiadm123
:wq!

Then save the file.

Step 13: And the start the iscsi daemon and keep it chkconfig on
#service iscsid start
# chkconfig –levels 235 iscsid on

Friends as there is caution , you needs to do that don’t start service through init script but do start the service by service command,other wise if you do by /etc/init.d/iscsid start, it will not start.And after that you have to start service by below command.

step 14: /etc/rc.d/init.d/iscsid force-start

10

step 15: Now to test on client side , you have to put below command.

#iscsiadm –mode discovery -t  sendtargets –portal 192.168.0.44   (here 192.168.0.44 is target ip )
Output would be like >
192.168.0.29:3260,1 iqn.2015-03.target.local:initiator.local

123e

step 16: Now its time to connect to target,you have to put below command, and when you will get this type of output, showing successful,it means that you have connected to target from client machine and now can that /dev/sdb1 partition on you system as locally.

#iscsiadm –mode discovery -t  sendtargets –portal 192.168.0.44 -l

124e

Now you have login to target machine and shared partition /dev/sdb1 is now accessible to you.As you can check this by fdisk -l command.

Now put fdisk -l command , to check shared partition /dev/sdb.
Yipee!!! i got.

fdisk target

Step 17:You will get device uid by this command.

#blkid /dev/sdb

14

Check Session >
#iscsiadm –mode session –op show

Then you need to mount it , create any directory.Or you can mount it temmporary but after when clinet boots, it will not get mount. So you have to do one thing ,keep it in mount it permently in
/etc/fstab file or in /etc/rc.local.

Now if you want to mount temporary, use this command.

15

For permanent mounting, use mount it in /etc/fstab file.

#vim /etc/fstab

UUID=”1e38954b-80df-4060-9ac7-77e335a”   /mnt   ext4   _netdev  0 0
Where
• UUID=”1e38954b-80df-4060″ of NAS partition of target Server
• /mnt is mount point
•Ext3 : file system used
•netdev : device type may be _netdev,rw

_# mount –a
never restart initiator except shutdown
# umount /mnt
# chkconfig netfs on
# service netfs restart

Then you can check this mount by df -H command.

Thats all friends for iscsi topic.For any queries,you can contact us at linux@kvit.in or lalit@kvit.in.

 

Download PDF

NO COMMENTS

Leave a Reply

Required Captcha *