Shulou(Shulou.com)06/01 Report--

This article analyzes "what is the concrete step of building an ISCSI storage server in Linux system". The content is detailed and easy to understand. Friends who are interested in "what are the specific steps of building an ISCSI storage server in the Linux system" can follow the editor's idea to read it slowly and deeply. I hope it will be helpful to you after reading. Let's follow the editor to learn more about "what are the concrete steps of building an ISCSI storage server in a Linux system".

ISCSI is a storage technology based on Internet and SCSI-3 protocol proposed by LETF. Here are the specific steps of building an ISCSI storage server in the Linux system.

Introduction to ISCSI Storage Server:

ISCSI is an Ethernet-based storage protocol invented by IBM. Both this protocol and SUN's NFS protocol are solutions to the problem of storage resource sharing.

The intentions of the two are the same, but they are implemented in different ways, with the former presenting a block device on the client and the latter a directory tree.

ISCSI is a storage device remote mapping technology that maps a storage device on a remote server to a local and presents it as a block device (disk in vernacular). From the point of view of the average user, the mapped disk is no different from the locally installed disk.

The detailed steps of building an ISCSI storage server in the Linux system: here, the first primary partition of the second hard disk of the Target host (the hard disk partition is identified as / dev/sdb1) is used as the iSCSI shared disk, and the hard disk size is 20g, which is shared to a linux host.

1. Install the iscsi target package on the ISCSI storage server, as shown in the following figure:

2. The iscsi target configuration file is / etc/tgt/targets.conf, and all configuration items in this file are annotated by default. Edit the file to implement a simple ISCSI storage server configuration. Add the following at the end of the file:

Note: the naming of Target should be unique within the same subnet. The standard naming method is: iqn.yyyy-mm. [: identifier] where:

Iqn: stands for "iSCSI Qualified Name", or iqn for short. Yyyy-mm: indicates year-month. This is 2011-08. Reversed domain name: indicates the domain name upside down. This is com.example. Identifier: indicates the identification code. This is disk.

"backing-store is used to specify storage devices, generally referring to non-actual physical disks, such as LVM volumes, a partition, and raid disk arrays."

Then start the tgtd service and set it to start automatically when the system starts, and the port of iscsi communication: 3260/tcp to transmit data in clear text.

# service tgtd start

# chkconfig tgtd on

Run tgtadm-lld iscsi-op show-mode target to view target information

At this point, the iscsi target storage server is configured, and you can connect to the iscsi target server using iSCSI Initiator.

two。 Install and configure the iscsi client

1. Install iscsi initiator software: iscsi-initiator-utils package

# service iscsi start

# chkconfig iscsi on

2. Find the iscsi target on the iscsi server, that is, iscsi discovery.

Execute the IP of the iscsiadm-m discovery-t st-p iscsi server

Or

Iscsiadm-m discovery-t sendtargets-p targetIP address: Port number

If the default port 3260 can be omitted.

3. Log in to the iscsi target on the server, that is, iscsi registration

Execute iscsiadm-m node-T target name-p targetIP address: Port number-login

Exit the iscsi disk array

Execute iscsiadm-m node-T target name-p targetIP address: Port number-logout

4. Check the location of the iscsi symbolic link in the / dev/disk/by-path directory or fdisk-l to check the disk condition or check the status of the iscsi: service iscsi status or dmesg | tail

At this point, you can use the iscsi disk as if it were a locally attached hard drive.

5. Partition the connected iscsi disk and mount it automatically.

The following sdb information is displayed before partitioning. You can see from the figure below that sdb has not yet established a partition.

Execute the fdisk / dev/sdb partition and create the file system on the created partition (execute the mkfs-t ext4 / dev/sdb command to create the file system)

After executing the commands for partitioning and creating a file system, the sdb information is displayed as follows: a primary partition / dev/sdb1 has been created

Modify / etc/fstab file to realize automatic mount

Execute blkid / dev/sdb1 to get the UUID of the sdb1 partition

Modify the / etc/fstab file to automatically mount the sdb1 partition, as shown in the following figure:

Test auto mount: mount-an or execute df-hT after rebooting the system to check the mount

Note:

Use blkid to determine the file system UUID and mount it using UUID instead of the / dev/sd* device name. (the device name displayed at each boot is different, depending on the order in which the iscsi device responds over the network, which can lead to the use of the wrong device if mounted by device name)

Use _ netdev as the mount option in / etc/fstab. (this will ensure that the client does not attempt to mount the file system until networking is enabled, otherwise the system will make an error during boot)

Ensure that the iscsi and iscsid services will start at boot time

# chkconfig iscsi on

# chkconfig iscsid on

6. Delete iscsi

Unmount the new file system and delete or annotate the lines in / etc/fstab, exit and delete entries for the iscsi destination

7. Encrypt iscsi (the same as encrypting an ordinary LINUX partition)

three。 Configure discovery and registration of iscsi

1. # cryptsetup luksFormat / dev/sdb1 encrypts the last new partition of iscsi and sets the decryption password

Are you sure? (Type uppercase yes): YES (enter an uppercase YES to determine the creation of an encrypted partition)

Enter LUKS passphrase: (enter the create password and you will use the password to protect your encrypted partition. If you lose the password, it's too bad that you won't be able to get the data back.)

Verify passphrase: (confirm password)

2. Such an encrypted partition is established. Next we need to create a mountable partition and give it a name (here I'll call it sdb1, or you can call it test, fred, my secret partition or whatever you like.)

# cryptsetup luksOpen / dev/sdb1 sdb1

Enter LUKS passphrase: (enter the password that was set when the encrypted partition was created)

It will be created under / dev/mapper/. This is / dev/mapper/sdb1, which can be viewed with the ls command

Now format the partition as the ext4 file system. Mkfs.ext4 / dev/mapper/sdb1

4. Next we create a mount point for mounting and mount it. Remember, you must use the device from the / dev/mapper/ path

5. Now format the partition as the ext4 file system. Mkfs.ext4 / dev/mapper/sdb1

6. Next we create a mount point for mounting and mount it. Remember, you must use the device from the / dev/mapper/ path

# mkdir / bak

# mount / dev/mapper/sdb1 / bak

Well, now you can use your encrypted partition, such as creating or storing some files in it.

After use, in order to protect the confidentiality of the data, we need to unmount and close the encrypted partition.

# umount / bak

# cryptsetup luksClose sdb1

You need to enter the LUKS password only when you turn on the encryption device. Remember, if you lose your password, you're screwed. You can delete the partition and start over, but the data cannot be recovered. Once the encryption device is turned on and loaded, you can use it like any other partition.

# cryptsetup luksOpen / dev/sdb1 sdb1

Enter LUKS passphrase: (enter the password that was set when the encrypted partition was created)

Additional information:

Each time the system starts to mount the encrypted partition automatically:

/ etc/crypttab contains a list of devices to be unlocked during system startup, one for each row, separated by spaces. The format is as follows:

Name / dev/sdaN / path/to/password/file

The meaning of each field:

The name field is a name for the encrypted partition

The / dev/sdaN field is used for encrypted partition devices

The / path/to/password/file field is the password file used to unlock the device. If the field is empty or set to none, the user will be prompted to enter the decryption password when the system starts.

The specific operations are as follows:

Modify / etc/crypttab and add the following file, which serves as the password to be asked each time the encrypted partition is mounted when the system boots

Sdb1 / dev/sdb1 / path/file

The specific operations are as follows:

1. Modify / etc/crypttab and add the following. The function of this file is the password to be asked each time the encrypted partition is mounted when the system starts.

Sdb1 / dev/sdb1 / path/file

If / path/file is omitted or not set, the system will require the user to enter a password at startup

2. Modify / etc/fstab file: add the following

/ dev/mapper/sdb1 / mount point ext4 defaults 0 0

Note: sdb1 is the name given to the encrypted partition, that is, the name given to the partition after executing the cryptsetup luksOpen / dev/sdb1 sdb1 command

3. Echo "password" > / path/file "password" password set when the encrypted partition is created

4 、 chown root / path/file

5 、 chmod 600 / path/file

6. Execute the following command: cryptsetup luksAddKey / dev/sdb1 / path/file

Fourth, modify kernel startup parameters

Identify the running kernel:

Cat / etc/redhat-release / / install the Red Hat Enterprise Linux version.

Uname-r / / the currently running kernel version

Processor architecture on which uname-m or arch / / is currently running

Kernel version of yum list installed kernel* installation

The configuration file for Grub is located in "/ boot/grub/grub.conf" and the changes will be valid for each subsequent startup. This configuration file can be divided into two major parts: global configuration and menu item configuration: a. Global configuration commands the global configuration command ends from the top of the configuration file to before the first "title" command. This default menu number is only available when default 0timeout 10splashimage (hd0,2) / boot/grub/splash.xpm.gzpassword-md5 tBWhgwVY$sIzNYKY/iV9rZ4keYAkaQ/ # is set: specify the Grub default startup item (the default boot system), the menu number starts at 0, and 0 represents the following first menu item timeout seconds: the time between the Grub startup interface and the boot system with the default boot item waiting for the user to select. Splashimage full_path_of_xpm_or_xpm.gz: specifies the background file for the startup menu (the xpm image or its gzip zip file). b. Menu item configuration from "title" to the next "title" is a startup menu item, that is, the parameters required to boot an operating system

Title: define the name of the startup menu item root: set the root device (root) of Grub to the partition where the Linux kernel resides kernel: followed by the Linux kernel file as the parameter, load the Linux kernel file initrd: load the image file

1. Temporarily modify kernel startup parameters

When the system boots to the GRUB phase, the system is interrupted to start, and the system to boot is selected. As shown in the figure:

Press the "a" key to enter the interface for modifying kernel boot parameters and enter the kernel parameters to boot when the system starts. As shown in the following figure:

Press enter to continue to start the system.

The boot parameters related to kernel boot can be viewed in the following file:

/ usr/share/doc/kernel-doc-*/Documentation/kernel-parameters.txt file. Be sure to install the kernel-doc package.

For example: enforcing parameter: selinux control; enforcing=1 can set mandatory mode, enforcing=0 can set license mode.

Selinux parameter: selinux control; selinux=0 can completely disable selinux,selinux=1 to enable selinux

Vga parameter: change the resolution of the character terminal, vga=788

The meaning of the vga parameter value, which is given in decimal or hexadecimal, such as vga=0x317.

# VGA Mode Args# Color 640 × 480 800 × 600 1024 × 768 1280 × 1024 # 256 769 771 773 77 O 32K 784 787 790 79 V 64K 785 788 791 79 M 786 789 792 795

2. Permanently modify kernel startup parameters: use grub.conf file

In the / boot/grub/grub.conf or / etc/grub.conf file, add the kernel parameters before and after the rhgb quiet in the kernel line, and notice that there is a space between this declaration and other parts, as shown in the figure:

Your changes should be available in the / proc/cmdline file.

The loopback device is used to mount files like a device. For example, this device is very convenient for accessing ISO images. By default, the kernel supports eight loopback devices. Modify the kernel command line of the server to support 32 loopback devices.

List the loopback devices in the / dev directory (all loopback devices are named loop): ls / dev/loop

Add the parameter max_loop=32 to the kernel command line in / boot/grub/grub.conf, restart the server, and check the number of loopback devices again.

3. Set a password for GRUB: (be sure to place the password line above the first title line so that it can be applied globally)

Storing passwords in clear text: adding password passwords to the global configuration of grub.conf files

Ciphertext storage password: first execute the grup-md5-crypt command to generate the password encrypted string, then modify the grub.conf file to add the password-md5 encrypted password string to the global configuration

4. View or adjust kernel network parameters through / etc/sysctl.conf file or sysctl command

For example, starting kernel routing net.ipv4.ip_forward can adjust kernel parameters to start routing.

Modify the / etc/sysctl.conf file to make permanent changes, and then run sysctl p to reload

On the Linux system to build ISCSI storage server what is the specific steps to share here, I hope that the above content can make you improve. If you want to learn more knowledge, please pay more attention to the editor's updates. Thank you for following the website!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.