How To Add Iscsi Client On Centos 7
This commodity will help you learn how to setup/configure iSCSI on Linux/Unix based systems. iSCSI stands for (Internet Modest Figurer Arrangement Interface), which is an Industry standard protocol which is mainly used to share the storage device over the TCP/IP layer. Dissimilar Samba or NFS, which work at the file system level whereas iSCSI works only on the cake-level device. About block-level storage devices take the capability of built-in work to share information across volume.
Advantages of using block-level storage?
Everyman possible latency
High performance IOPS
Highly redundant
iSCSI handles customer-server architecture. It uses iSCSI components to communicate with each other. For Client, it uses "initiators" and for Server, it uses "targets".
iSCSI Target: This is also known as the iSCSI Server which is responsible for exporting disk/cake devices to the iSCSI initiator/client. Nosotros tin can create multiple targets in the iSCSI Server and each target has its own unique ID. Nosotros can also adhere one or more LUNs for each target. Each LUN has its back device attached to information technology and that device is the actual file that is exported and will exist visible to the iSCSI initiator. It could be either a disk or a disk partition, LVM, Raid or a file. Information technology uses the iscsi protocol to collaborate with the clients using the IP network. Information technology provides security features similar Hallmark, Network, etc.
iSCSI Initiator: It is besides known as iSCSI Customer which is responsible for importing the LUNs which are exported by the iSCSI target/server. Once the client application is connected to the server, and then information technology volition send the ISCSI commands to the iscsi server over the IP network.
This step-by-stride guide will help you on how to configure the iSCSI target and initiator on RHEL/CentOS 7.6 Linux. This guide is fair enough to work for all the versions of RHEL/CentOS/Fedora with a few minimal changes in commands.
Prerequisites :
Operating System: CentOS Linux seven
IP Accost : For Server and For Customer
Package : targetcli (Server) and iscsi-initiator-utils (Customer)
Port : 3260
Block device : /dev/sdb or /dev/sdc ..
My Lab Setup :
For the lab setup, I am using ii centos machines. One for iSCSI Server/ Target and the other for iSCSI initiator /Client
iSCSI-Server:-
Operating System: CentOS Linux seven (Core)
hostname: iscsi-server.local
IP Address: 192.168.3.101
Cake device : /dev/sdb
iSCSI-Client:-
Operating System: CentOS Linux seven (Core)
hostname: iscsi-client.local
IP Address: 192.168.3.102
Follow the steps to configure/setup iSCSI Target on RHEL / Centos-7.
Before starting the process, we need to confirm the available disk to use as an iSCSI Target Server.
# lsblk or # sfdisk -due south (Utilize either ane of the command )
Output:
Proper noun MAJ:MIN RM SIZE RO Blazon MOUNTPOINT
sda viii:0 0 20G 0 deejay
├─sda1 8:1 0 500M 0 part /boot
├─sda2 viii:2 0 iii.9G 0 part [SWAP]
└─sda3 eight:three 0 15.6G 0 part /
sdb 8:sixteen 0 1G 0 disk<-------
sr0 eleven:0 1 4.1G 0 rom /run/media/john/CentOS vii x86_64
Annotation:
The above control volition list the details of all available or particular block devices in a tree format. The output shows that now the iSCSI Target Server has 2 block-devices "/dev/sda and /dev/sdb". The /dev/sda is already being used for server OS and other applications and /dev/sdb is bachelor to employ as shared storage for iscsi.
Step1: Setup iSCSI Target/Server
Beginning, let's update the latest current version of the bundle.
# yum update -y
Install the target utility package using the following control:
# yum install -y targetcli
Once you accept successfully installed the packet, then enter the following control to become the interactive vanquish of the iSCSI target. At that place you can edit, list and relieve the configuration file. It is a ".jason" format. The targetcli layout of the filesystems is in a hierarchical structure.
# targetcli
targetcli shell version 2.1.fb49
Copyright 2011-2013 by Datera, Inc and others.
For help on commands, type 'help'./>
Note:
In the to a higher place interactive shell you lot tin hit the 'help' command to list all the available options. Now nosotros utilise the 'ls' command to list out the available configuration objects.
/> ls
In the in a higher place output, you tin can run into at that place are 3 options under '/' which are "backstores, iscsi, and loopback". Under "backstores" there are 4 sub-options which are "block, fileio, pscsi, and ramdisk".
A short explanation is given below of the above "options and sub-options":
| backstores | It is a kind of local storage or a partition that you need to access as storage object which defines the backstore use. Information technology could be either a cake device or LVM or a file. | ||||||||
| |||||||||
| iscsi | It is mainly used for all the configurations like who can access this LUN and how many LUNs can be attached and their ACLs (Access Command List). | ||||||||
| loopback | Information technology is nothing but a fabric module.. |
Note:
In backstores we more often than not only employ two sub-options i.due east., block or fileio. The residuum is non and then frequent. For our LAB exercise, I will use the showtime two options but.
In the interactive shell, you can use the TAB completion to fill in partially typed commands or object path.
Let's get-go with the configuration part:
(a) Create a backstore block device:
Option 1:
/> /backstores/block create ltecklun1 /dev/sdb
Output:
Created block storage object ltecklun1 using /dev/sdb.
--------> OR <---------
Option 2:
/> backstores/fileio/ create shareddata /opt/ltecklun1.img 1024M
Output:
Created fileio shareddata with size 1073741824
Annotation:
Using the 1st option, we can create a block type backing-store for the storage-object named as "ltecklun1" with an attached block device "/dev/sdb". Use the 'ls' command to come across the list below:
/> ls
Note:
As the above output shows, you have created a LUN named "ltecklun1" with the backed device of "/dev/sdb" in a hierarchy format.
(b) Create iSCSI for IQN target:
/> /iscsi create iqn.2020-01.local.server-iscsi:server
Note:
Using the above command we tin create a custom made 'iqn' for the iSCSI target. Alternatively, we can just execute "create command" i.due east. (/> /iscsi create) without any arguments and information technology will create a default iSCSI iqn and target proper name. Employ the 'ls' command beneath to meet the list:
/> ls
Note:
As the to a higher place output shows, 3 objects have been defined under TPG1 which are "acls, luns, and portals". Nether the portals, you can see the IPv4 interface with TCP port of '0.0.0.0:3260' every bit created automatically.
From RHEL 7.2 version onwards the default portal configuration is washed automatically, whereas the previous version of RHELs similar "7.0 and 7.one" we need to manually configure the default portal settings to mind to the TCP port of "3260 on 0.0.0.0" after the target configuration has been set.
Here is a short explanation of iSCSI component terminology:":
| IQN | (iSCSI Qualified Proper name: Worldwide unique identification name for both targets and initiators. The naming format of IQN is "iqn.yyyy-mm.naming-authority:unique-name"). |
| yyyy-mm | twelvemonth and month. Yous tin use either the current date or establishment date of your naming authority. |
| naming-potency | Meaning your organization authorisation name/internet domain name. The syntax is used in the form of reverse order eg: com.domainname. |
| unique-name | we can use whatever name, it is merely for identification. |
| ACLs | (Access Command Lists: to provide access permissions using iQN). |
| LUNs | (Logical Unit of measurement Number: it is a block device to attach. I or more LUNs can be fastened in a single target). |
| Portals | (Mainly used to configure the IP address and TCP port on either a target of initiator to constitute the connections). |
(c) Create ACLs:
/> /iscsi/iqn.2020-01.local.server-iscsi:server/tpg1/acls create iqn.2020-01.local.client-iscsi:client1
Note:
The to a higher place command would permit the client to admission the LUN which is based on the client'southward iQN. Don't forget to apply the aforementioned iQN name to configure the initiator/client name. If there is any mismatch of the iQN, then the client won't able to communicate to the Server. Utilize the 'ls' command to see the list below:
/> ls
(d) Create LUNs under the ISCSI target:
/> /iscsi/iqn.2020-01.local.server-iscsi:server/tpg1/luns create /backstores/block/ltecklun1
Output:
Created LUN 0.
Created LUN 0->0 mapping in node ACL iqn.2020-01.local.client-iscsi:client1
Note:
Using the to a higher place command nosotros can associate the block device with a item Target Portal Group (TPG). In our instance, we will be using the bankroll storage object which has been created above "/backstores/block/ltecklun1" to present to the LUN directory under TPG1. Use the 'ls' command below to see the list:
/> ls
(d) Two optional choices:
Note:
CHAP Authentication and use the specific IP accost on the Portal. It is completely at the discretion of your choice. In this article, we will use both optional services equally additional security.
Option 1: CHAPP Hallmark
This is an additional layer of security to substitution communication between the server and the client. Information technology is widely supported hallmark terminology to exchange passwords between Server-Customer communications. Follow the steps to configure :
⇒ Change the directory to tpg1
/> cd /iscsi/iqn.2020-01.local.server-iscsi:server/tpg1
⇒ Change the value of attribute authentication to '1', meaning information technology will disable all the corresponding endpoints, else information technology will grant open access to all the initiators.
/iscsi/iqn.20...i:server/tpg1> prepare attribute authentication=one
⇒ To cross-cheque the attribute auth condition.
/iscsi/iqn.20...i:server/tpg1> get attribute authentication
Output:
authentication=one
⇒ Change the directory to iSCSI Node ACL
/iscsi/iqn.twenty...i:server/tpg1> cd acls/iqn.2020-01.local.client-iscsi:client1
⇒ Execute user-id command to setup for CHAP authentication for iscsi initiator
/iscsi/iqn.20...iscsi:client1> set auth userid=linuxteck
⇒ Execute the command to create a password for the above user-id
/iscsi/iqn.20...iscsi:client1> set auth [email protected]
⇒ To go verify the to a higher place-executed credentials
/iscsi/iqn.20...iscsi:client1> go auth
Output:
AUTH CONFIG GROUP
=================
mutual_password=
----------------
The mutual_password auth parameter.mutual_userid=
--------------
The mutual_userid auth parameter.[email protected]
---------------------
The password auth parameter.userid=linuxteck
----------------
The user-id auth parameter.
Note:
Subsequently verifying the above credentials, use 'ls' command to confirm whether this LUN is marked equally "i-style auth" with the following output:
/iscsi/iqn.20...iscsi:client1> ls
o- iqn.2020-01.local.client-iscsi:client1 .......................................................... [1-way auth, Mapped LUNs: 1]
o- mapped_lun0 .......................................................................................................... [lun0 block/ltecklun1 (rw)]
⇒ Now move dorsum to the root directory and execute saveconfig and go out
/iscsi/iqn.20...iscsi:client1> cd /
/> saveconfig
/> get out
⇒ Restart the target service and check the status
# systemctl restart target.service
# systemctl condition target.service
Option 2: Create a specific IP address on Portal
/> cd /iscsi/iqn.2020-01.local.server-iscsi:server/tpg1/portals/
/iscsi/iqn.20.../tpg1/portals> create 192.168.3.102
Output:
Using default IP port 3260
Could non create NetworkPortal in configFS
WARNING:
You will be notified by the error mentioned higher up "Could not create NetworkPortal in configFS". The reason being, if any default portal (0.0.0.0:3260) exists, then it will not allow y'all to create any new portals, hence you need to delete the default/old portal and create a new portal using the following commands:
(i) Delete the default portal interface which is 0.0.0.0:3260
/> cd /iscsi/iqn.2020-01.local.server-iscsi:server/tpg1/portals/
/iscsi/iqn.20.../tpg1/portals> delete 0.0.0.0 ip_port=3260
Output:
Deleted network portal 0.0.0.0:3260
(two) Create a new portal with a specific IP accost of iSCSI target
/iscsi/iqn.20.../tpg1/portals> create 192.168.3.101
Output:
Using default IP port 3260
Created network portal 192.168.3.102:3260.
(3) Utilize the 'ls' command to see the list below:
/iscsi/iqn.20.../tpg1/portals> ls
o- portals .................................................................... [Portals: 1]
o- 192.168.three.102:3260 ......................................................... [OK]
(4) At present go dorsum to the root directory of targetcli shell 'cd /' and execute the 'saveconfig' control to salvage all the target configuration. This file will be saved in a ".json format" and get out.
/> saveconfig
Output:
Configuration saved to /etc/target/saveconfig.json
/> exit
Output:
Global pref auto_save_on_exit=true
Last x configs saved in /etc/target/backup/.
Configuration saved to /etc/target/saveconfig.json
Use the post-obit control to check whether the TCP port 3260 is open or non
# ss -na | grep 3260
tcp LISTEN 0 256 192.168.three.102:3260 *:*
# netstat -tnlp | grep 3260
tcp 0 0 192.168.three.102:3260 0.0.0.0:* LISTEN -
Note:
The 'ss' utility is similar to netstat, simply it tin can impress more than information than other tools. It is confirmed now the port 3260 is opened with our given IP address.
Use the following control to open Firewall ports on iSCSI target (3260) services OR simply disable the Firewall.
# firewall-cmd --permanent --add-port=3260/tcp
# firewall-cmd --reload
# firewall-cmd --list-all
OR
# systemctl disable firewalld.service
# systemctl stop firewalld.service
Disable the SELinux or click here to configure SELinux for the iSCSI target.
Finally, commencement the iSCSI target and enable it for every reboot.
# systemctl enable target.service
# systemctl restart target.service
# systemctl condition target.service
Step2: Setup iSCSI Initiator/Client
(a) Starting time, let'southward update the latest current version of the package.
# yum update -y
(b) Install the iscsi-initiator package using the post-obit command
# yum install -y iscsi-initiator-utils
Note:
In one case you have successfully installed the package, and so edit the iscsi-initiator configuration file "/etc/iscsi/initiatorname.iscsi" and add the proper noun of the initiator. In our case, nosotros have already created during the Target configuration, apply the same iqn here ( iqn.2020-01.local.customer-iscsi:client1 ) and restart service.
# vi /etc/iscsi/initiatorname.iscsi
InitiatorName=iqn.2020-01.local.client-iscsi:client1
Save the file and restart the iscsid service.
# systemctl restart iscsid.service
# systemctl enable iscsid.service
# systemctl status iscsid.service
(c) Configure CHAP Authentication
Edit the "iscsid" configuration file and enabled/uncomment line number 57 for "CHAP" authmethod and uncomment post-obit lines likewise 61 and 62 for ("node.session.auth.username = username and node.session.auth.countersign = countersign") in Centos-7.
# six /etc/iscsi/iscsid.conf
node.session.auth.authmethod = CHAP
node.session.auth.username = linuxteck
node.session.auth.password = [email protected]
Save and Exit:
(d) Discover iSCSI Targets/Server (LUNs):
Follow the 'iscsiadm' command to perform discovery and login to iSCSI Targets. Basically, it comes with a combination of three different arguments which are "discover, portal, send target type".
(i) We need to observe the target past executing the following command. Here is the IP accost that is for your target server:
# iscsiadm --style discoverydb --type sendtargets --portal 192.168.three.101 --discover
Output:
192.168.3.101:3260,one iqn.2020-01.local.server-iscsi:server
Note:
It will evidence yous the available iQNs of the target server. Adjacent, you lot tin can attempt to log-in. If you confront any errors related to authentication, so y'all can bank check your CHAP settings for your iscsi initatior.
(ii) # iscsiadm -m node --login
Output:
Logging in to [iface: default, target: iqn.2020-01.local.server-iscsi:server, portal: 192.168.iii.101,3260] (multiple)
Login to [iface: default, target: iqn.2020-01.local.server-iscsi:server, portal: 192.168.3.101,3260] successful.
Note:
Once y'all have logged in successfully without any error. Next, check the session and the node.
(iii) # iscsiadm -m session -o show
Output:
tcp: [1] 192.168.3.101:3260,1 iqn.2020-01.local.server-iscsi:server (non-wink)
# iscsiadm --style node -P 1
Output:
Target: iqn.2020-01.local.server-iscsi:server
Portal: 192.168.3.101:3260,one
Iface Proper name: default
(4) Use the following command to check the newly added deejay into iscsi initatior:
# lsblk or # sfdisk -s
Output:
NAME MAJ:MIN RM SIZE RO Blazon MOUNTPOINT
sda 8:0 0 20G 0 disk
├─sda1 8:one 0 500M 0 part /kick
├─sda2 8:2 0 3.9G 0 part [Bandy]
└─sda3 eight:three 0 15.6G 0 part /
sdb 8:sixteen 0 1G 0 disk<-------
Annotation:
The in a higher place output lists the newly added disk drive "sdb" with 1GB volume which is shared from the target server.
(e) Mount the Disk Drive (/dev/sdb)
(i) First, employ the following command to create a filesystem on newly added iscsi device '/dev/sdb'.
# mkfs.xfs /dev/sdb
Note:
The "xfs" filesystem has been created successfully. ".xfs" format is a highly scalable and high-performance file system in centos/rhel7.
(ii) Create a new Mountain Point for '/dev/sdb' block device
# mount /dev/sdb /mnt
# df -HT
Note:
Currently the iscsi disk can be mounted on the client'due south auto, but the mount point will last only on a temporary basis, which ways once you have rebooted the client machine the mount point will disappear. To avoid this event, nosotros need to get in an automount so that it volition be mounted permanently for every reboot.
To exercise so, add together an entry into '/etc/fstab', it is a system configuration file. it will handle all the mount points and related options.
(3) Utilize the following control to create a new mountain point and get the UUID of iSCSI disk
# mkdir /mnt/ltecklun1
# blkid /dev/sdb
Output:
/dev/sdb: UUID="f89efb1b-b02b-4d52-8d54-38567c61efc9" TYPE="xfs"
(iv) At present, add the above UUID entry into '/etc/fstab':
# vi /etc/fstab
UUID=f89efb1b-b02b-4d52-8d54-38567c61efc9 /mnt/ltecklun1 xfs defaults 0 0
save and exit
(5) Mount the iSCSI drive:
# mountain /mnt/ltecklun1 OR # mount -a (It will activate all the mount points)
(six) cheque the mountain points :
# df -HT
Note:
You lot tin can meet in a higher place "/dev/sdb" is mounted at present with the mount bespeak of /mnt/ltecklun1.
(f) How to detach iSCSI storage
Use the post-obit steps in instance you want to remove the iSCSI storage from the customer:
(i) # unmount /mnt/ltecklun1
(two) # iscsiadm --manner node --targetname iqn.2020-01.local.server-iscsi:server --portal 192.168.3.101:3260 --logout
Output:
Logging out of session [sid: 1, target: iqn.2020-01.local.server-iscsi:server, portal: 192.168.3.101,3260]
Logout of [sid: 1, target: iqn.2020-01.local.server-iscsi:server, portal: 192.168.3.101,3260] successful.
Note:
Yous accept at present successfully logout from the client machine.
Congratulations, yous have successfully configured an iSCSI target (server) and shared a block device with to an iSCSI initiator (client) on RHEL/CentOS 7.half-dozen. If you have any difficulties in configuring the same, merely allow u.s.a. know through the comment box.
I hope this article will help you to understand a few things nearly the 'iSCSI target/initiator'. Drop me your feedback/comments. If you like this article, kindly share information technology and it may help others as well.
Thank you lot!
How To Add Iscsi Client On Centos 7,
Source: https://www.linuxteck.com/how-to-configure-iscsi-target-initiator-on-rhel-centos-7-6/
Posted by: plummeraltrove1942.blogspot.com
0 Response to "How To Add Iscsi Client On Centos 7"
Post a Comment