基于IP SAN 的网络存储 ISCSI
一存储的专业术语
在存储的世界里,我们经常能听到DAS,NAS,SAN,SCSI和FC等的专业术语,那么这些专业术语表示的是什么,下面将为大家介绍。
1.1 SCSI
小型计算机系统接口(英语:SmallComputer System Interface; 简写:SCSI),一种用于计算机和智能设备之间(硬盘、软驱、光驱、打印机、扫描仪等)系统级接口的独立处理器标准。 SCSI是一种智能的通用接口标准。它是各种计算机与外部设备之间的接口标准。
1.2 FC
光纤通道(Fibre Channel)其实是对一组标准的称呼,这组标准用以定义通过铜缆或光缆进行串行通信从而将网络上各节点相连接所采用的机制。光纤通道标准由美国国家标准协会(American National Standards Institute,ANSI)开发,为服务器与存储设备之间提供高速连接。早先的光纤通道专门为网络设计的,随着数据存储在带宽上的需求提高,才逐渐应用到存储系统上。光纤通道是一种跟SCSI或IDE有很大不同的接口,它很像以太网的转换开头。光纤通道是可以提高多硬盘存储系统的速度和灵活性而设计的高性能接口。
1.3 DAS
DAS即直连方式存储,英文全称是Direct Attached Storage。顾名思义,在这种方式中,存储设备是通过电缆(通常是SCSI接口电缆)直接到服务器的。I/O(输入/输入)请求直接发送到存储设备。当人们访问该存储系统的时候只能够通过与之相连的服务器进行访问,缺点是不能够与其他的服务器进行共享,同时,DAS会占用很多的系统资源,如内存和CPU等
1.4NAS
NAS 即网络连接存储,英文全称是Network Attached Storage。通过网络交换机或路由器可以建立起一个私有的存储网络,内部客户可以通过http,cifs协议等共享数据。但是NAS受到网络带宽的影响
1.5 SAN
SAN即存储区域网络,英文全称是 Stroage Area Network,需要光纤和光线路由器或交换机的支持,可被用来绕过传统网络的瓶颈,它支持服务器与存储设备之间的直接高速数据传输。SAN存储区域网是独立于服务器网络系统之外的高速光纤存储网络,这种网络采用高速光纤通道作为传输体,将存储系统网络化,实现真正的高速共享存储。但是一般的中小型企业是很难支付如此高昂的费用。
二 ISCSI的概念
2.1 ISCSI的概念
iSCSI(Internet SCSI)是2003年IETF(InternetEngineering TaskForce,互联网工程任务组)制订的一项标准,用于将SCSI数据块映射成以太网数据包。SCSI(Small Computer SystemInterface)是块数据传输协议,在存储行业广泛应用,是存储设备最基本的标准协议。从根本上说,iSCSI协议是一种利用IP网络来传输潜伏时间短的SCSI数据块的方法,ISCSI使用以太网协议传送SCSI命令、响应和数据。ISCSI可以用我们已经熟悉和每天都在使用的以太网来构建IP存储局域网。通过这种方法,ISCSI克服了直接连接存储的局限性,使我们可以跨不同服务器共享存储资源,并可以在不停机状态下扩充存储容量。
三 ISCSI基本组成
3.1一个简单的ISCSI的基本组成如下
● ISCSI initiator
● ISCSI target
●以太网交换机
●服务器
3.2 ISCSI target
一个用于存储数据的ISCSI磁盘阵列或者具有ISCSI功能的设备都可以被称为ISCSI target,一般作为一个ISCSI的目标门户,通过网络向发起端提供目标的服务器。
3.3 ISCSI initiator
ISCSIinitiator一般安装在计算机,负责与ISCSI设备进行通信。
四基于IP SAN的ISCSI存储系统配置
实验前准备
名称 |
操作系统 |
ip地址 |
安装软件 |
Server |
redhat enterprises6.2 |
192.168.1.254 |
scsi-target-utils |
Client |
redhat enterprise6.2 |
192.168.1.1 |
iscsi-initiator-utils |
Test |
redhat enterprise6.2 |
192.168.1.2 |
iscsi-initiator-utils |
Xp |
windows xp |
192.168.1.3 |
windows initiator |
这里我们为了减少影响,分别关闭防火墙和selinux值设置为0
Server主机上有三个分区作为我们的ISCSI共享磁盘,分别是/dev/sdb5,/dev/sdb6,/dev/sdb7,对应的磁盘空间分别是300M,500M,700M,通过fdisk �Cl 可以查询
Disk /dev/sdb: 2147 MB, 2147483648 bytes
255 heads, 63 sectors/track, 261 cylinders
Units = cylinders of 16065 * 512 = 8225280bytes
Sector size (logical/physical): 512 bytes /512 bytes
I/O size (minimum/optimal): 512 bytes / 512bytes
Disk identifier: 0x7a30abb2
Device Boot Start End Blocks Id System
/dev/sdb1 1 261 2096451 5 Extended
/dev/sdb5 1 39 313204+ 83 Linux
/dev/sdb6 40 104 522081 83 Linux
/dev/sdb7 105 194 722893+ 83 Linux
[root@server ~]#
4.1 配置一个ISCSItarget
ISCSITarget的主配置文件是/etc/tgt/target.conf。进入该文件找到相关的选项进行编辑。
首先,找到下面这段代码,这就是等下需要进行修改的,
#<targetiqn.2008-09.com.example:server.target3>
# backing-store /dev/LVM/somedevice1 # Becomes LUN 1
# backing-store /dev/LVM/somedevice2 # Becomes LUN 2
# backing-store /dev/LVM/somedevice3 # Becomes LUN 3
# write-cache off
# vendor_id MyCompany Inc.
#</target>
#<targetiqn.2008-09.com.example:server.target3>
iqn 表示”ISCSI Qualified Name”,简称iqn
yyyy-mm表示年份-月份
reverseddomain name表示倒过来的域名
identifier表示识别代码
backing-store可以作为ISCSI的共享磁盘
现在,我们把注释#号去除,修改代码如下
<targetiqn.2013-11.com.example:server.rhel>
backing-store /dev/sdb5 #Becomes LUN 1
backing-store /dev/sdb6 #Becomes LUN 2
backing-store /dev/sdb7 #Becomes LUN 3
write-cache on
vendor_id thxy Inc.
</target>
到目前位置,一个简单的ISCSI target服务器配置完成,需要重启下ISCSI target
[root@server ~]#
[root@server ~]# /etc/init.d/tgtd start
Starting SCSI target daemon: [ OK ]
[root@server ~]#
4.2 linux端配置一个ISCSIinitiator
首先,需要在客户端安装软件ISCSI-initiator
[root@client ~]# yum search iscsi
Loaded plugins: product-id,refresh-packagekit, security, subscription-manager
Updating certificate-based repositories.
rhel6 | 4.0 kB 00:00 ...
rhel6/primary_db | 2.5MB 00:00 ...
============================== N/S Matched:iscsi ==============================
iscsi-initiator-utils.i686 : iSCSI daemonand utility programs
Name and summary matches only, use "search all" foreverything.
[root@client ~]# yum installiscsi-initiator-utils
在linux客户端上执行一下命令发现ISCSI target共享
[root@client Packages]# iscsiadm -m discovery -t st -p 192.168.1.254
Starting iscsid: [ OK ]
192.168.1.254:3260,1iqn.2013-11.com.example:server.rhel
这里说明一下,一般discovery ISCSI target只需执行一次,因为会把数据自动保存到/var/lib/iscsi/send_target
把ISCSI共享磁盘挂载到本地
[root@client ~]# iscsiadm -m node -Tiqn.2013-11.com.example:server.rhel -p 192.168.1.254 -l
Logging in to [iface: default, target:iqn.2013-11.com.example:server.rhel, portal: 192.168.1.254,3260] (multiple)
Login to [iface: default, target:iqn.2013-11.com.example:server.rhel, portal: 192.168.1.254,3260] successful.
[root@client ~]#
查询此刻的本地磁盘
[root@client ~]# fdisk -l
Disk /dev/sdc: 534 MB, 534610944 bytes
17 heads, 60 sectors/track, 1023 cylinders
Units = cylinders of 1020 * 512 = 522240bytes
Sector size (logical/physical): 512 bytes /512 bytes
I/O size (minimum/optimal): 512 bytes / 512bytes
Disk identifier: 0x00000000
Disk /dev/sdc doesn't contain a validpartition table
Disk /dev/sdd: 740 MB, 740242944 bytes
23 heads, 62 sectors/track, 1013 cylinders
Units = cylinders of 1426 * 512 = 730112bytes
Sector size (logical/physical): 512 bytes /512 bytes
I/O size (minimum/optimal): 512 bytes / 512bytes
Disk identifier: 0x00000000
Disk /dev/sdd doesn't contain a validpartition table
Disk /dev/sdb: 320 MB, 320721408 bytes
10 heads, 62 sectors/track, 1010 cylinders
Units = cylinders of 620 * 512 = 317440bytes
Sector size (logical/physical): 512 bytes /512 bytes
I/O size (minimum/optimal): 512 bytes / 512bytes
Disk identifier: 0x00000000
Disk /dev/sdb doesn't contain a validpartition table
[root@client ~]#
现在,你可以看到ISCSI target磁盘已经挂载到本地
格式化/dev/sdb,把它挂载到/mnt/wlyp,并且创建1.txt文件,这里我们等下会用到1.txt文件
[root@client ~]# cd /mnt/wlyp/
[root@client wlyp]# ls
lost+found
[root@client wlyp]# touch 1.txt
[root@client wlyp]# echo hello world>> 1.txt
[root@client wlyp]#
[root@client wlyp]#
[root@client wlyp]# cat 1.txt
hello world
[root@client wlyp]#
退出ISCSI目标,以暂时的退出
[root@client /]# iscsiadm -m node -Tiqn.2013-11.com.example:server.rhel -p 192.168.1.254 -u
Logging out of session [sid: 2, target:iqn.2013-11.com.example:server.rhel, portal: 192.168.1.254,3260]
Logout of [sid: 2, target:iqn.2013-11.com.example:server.rhel, portal: 192.168.1.254,3260] successful.
永久的退出ISCSI目标,删除本地记录
[root@client /]# iscsiadm -m node -Tiqn.2013-11.com.example:server.rhel -p 192.168.1.254 -o delete
假如知道该IP地址有ISCSI目标,可以使用以下命令直接登录服务器
[root@client Packages]# iscsiadm -mdiscovery -t st -p 192.168.1.254 �Cl
4.3 windows 客户端配置windows ISCSI initiator
安装windows ISCSI initiator
打开该软件
进入Discovery选项卡,点击”Add”按钮,
在新弹出的方框中输入IP地址为target端IP192.168.1.254,端口默认
点击”Advanced “
SourceIP 选择本地Ip ,该机的IP 是192.168.1.3,点击”确认”
选择Target选项卡,点击”log on”
选择第一个复选框,确认
此时本地计算机已经成功登录到ISCSI Target
打开磁盘管理,已经有三个分区成功挂载,大小分别是300M,500M,700M
五 ISCSI的安全设置
因为在ISCSI target上没有对共享磁盘进行安全设置,所以导致客户在对磁盘的数据使用上透明化,特别是当两个发起端同时挂载一个磁盘,可能会损坏文件系统。
看以下的实验你就会明白其中的道理
上面的实验中说了client主机挂载了ISCSI target中300M的磁盘,并创建了文件1.txt
现在我们在test客户端发现ISCSI target
[root@test ~]# iscsiadm -m discovery -t st-p 192.168.1.254
Starting iscsid: [ OK ]
192.168.1.254:3260,1iqn.2013-11.com.example:server.rhel
[root@test ~]#
登录到ISCSI target
[root@test ~]# iscsiadm -m node -Tiqn.2013-11.com.example:server.rhel -p 192.168.1.254 -l
Logging in to [iface: default, target:iqn.2013-11.com.example:server.rhel, portal: 192.168.1.254,3260] (multiple)
Login to [iface: default, target:iqn.2013-11.com.example:server.rhel, portal: 192.168.1.254,3260] successful.
[root@test ~]#
查看本地的磁盘
Disk /dev/sdb: 320 MB, 320721408 bytes
10 heads, 62 sectors/track, 1010 cylinders
Units = cylinders of 620 * 512 = 317440bytes
Sector size (logical/physical): 512 bytes /512 bytes
I/O size (minimum/optimal): 512 bytes / 512bytes
Disk identifier: 0x00000000
Disk /dev/sdb doesn't contain a validpartition table
Disk /dev/sdc: 534 MB, 534610944 bytes
17 heads, 60 sectors/track, 1023 cylinders
Units = cylinders of 1020 * 512 = 522240bytes
Sector size (logical/physical): 512 bytes /512 bytes
I/O size (minimum/optimal): 512 bytes / 512bytes
Disk identifier: 0x00000000
Disk /dev/sdc doesn't contain a validpartition table
Disk /dev/sdd: 740 MB, 740242944 bytes
23 heads, 62 sectors/track, 1013 cylinders
Units = cylinders of 1426 * 512 = 730112bytes
Sector size (logical/physical): 512 bytes /512 bytes
I/O size (minimum/optimal): 512 bytes / 512bytes
Disk identifier: 0x00000000
Disk /dev/sdd doesn't contain a validpartition table
[root@test ~]#
Disk /dev/sdb: 320 MB, 320721408 bytes
10 heads, 62 sectors/track, 1010 cylinders
Units = cylinders of 620 * 512 = 317440bytes
Sector size (logical/physical): 512 bytes /512 bytes
I/O size (minimum/optimal): 512 bytes / 512bytes
Disk identifier: 0x06c9aecc
Device Boot Start End Blocks Id System
/dev/sdb1 1 1010 313069 83 Linux
同样的,我们这里也把300M的磁盘挂载到test本地
[root@test /]# mount -t ext4 /dev/sdb1/mnt/mydrive/
mount: special device /dev/sdb1 does notexist
[root@test Desktop]# mount -t ext4 /dev/sdb1/mnt/mydrive/
这时,我们发现了client客户端创建的文件内容
[root@test Desktop]# cd /mnt/mydrive/
[root@test mydrive]# ls
1.txt lost+found
[root@test mydrive]# cat 1.txt
hello world
[root@test mydrive]#
所以说,ISCSI的安全设置是非常重要的
5.1 基于ip地址的 ISCSI安全性设置
在server主机上添加以下代码
这里说明一下initiator-address表示只有该IP地址能够使用该分区
<targetiqn.2013-11.com.example:server.1>
backing-store /dev/sdb5 #Becomes LUN 1
initiator-address 192.168.1.1
</target>
<targetiqn.2013-11.com.example:server.2>
backing-store /dev/sdb6 #Becomes LUN 1
initiator-address 192.168.1.2
</target>
<targetiqn.2013-11.com.example:server.3>
backing-store /dev/sdb7 #Becomes LUN 1
initiator-address 192.168.1.3
</target>
在client主机上,访问ISCSI target,看看和之前的差别
[root@client ~]# iscsiadm -m discovery -tst -p 192.168.1.254
192.168.1.254:3260,1iqn.2013-11.com.example:server.1
[root@client ~]# iscsiadm -m discovery -tst -p 192.168.1.254 -l
192.168.1.254:3260,1iqn.2013-11.com.example:server.1
Logging in to [iface: default, target:iqn.2013-11.com.example:server.1, portal: 192.168.1.254,3260] (multiple)
Login to [iface: default, target:iqn.2013-11.com.example:server.1, portal: 192.168.1.254,3260] successful.
[root@client ~]# fdisk -l
Disk /dev/sda: 4294 MB, 4294967296 bytes
255 heads, 63 sectors/track, 522 cylinders
Units = cylinders of 16065 * 512 = 8225280bytes
Sector size (logical/physical): 512 bytes /512 bytes
I/O size (minimum/optimal): 512 bytes / 512bytes
Disk identifier: 0x000e5cf0
Device Boot Start End Blocks Id System
/dev/sda1 * 1 26 204800 83 Linux
Partition 1 does not end on cylinderboundary.
/dev/sda2 26 52 204800 82 Linux swap / Solaris
Partition 2 does not end on cylinderboundary.
/dev/sda3 52 523 3783680 83 Linux
Partition 3 does not end on cylinderboundary.
Disk /dev/sdf: 320 MB, 320721408 bytes
10 heads, 62 sectors/track, 1010 cylinders
Units = cylinders of 620 * 512 = 317440bytes
Sector size (logical/physical): 512 bytes /512 bytes
I/O size (minimum/optimal): 512 bytes / 512bytes
Disk identifier: 0x06c9aecc
Device Boot Start End Blocks Id System
/dev/sdf1 1 1010 313069 83 Linux
[root@client ~]#
在test客户端上访问ISCSI target
[root@test ~]# iscsiadm -m discovery -t st-p 192.168.1.254
192.168.1.254:3260,1iqn.2013-11.com.example:server.2
[root@test ~]# iscsiadm -m discovery -t st-p 192.168.1.254 -l
192.168.1.254:3260,1iqn.2013-11.com.example:server.2
Logging in to [iface: default, target:iqn.2013-11.com.example:server.2, portal: 192.168.1.254,3260] (multiple)
Login to [iface: default, target:iqn.2013-11.com.example:server.2, portal: 192.168.1.254,3260] successful.
[root@test ~]# fdisk -l
Disk /dev/sda: 4294 MB, 4294967296 bytes
255 heads, 63 sectors/track, 522 cylinders
Units = cylinders of 16065 * 512 = 8225280bytes
Sector size (logical/physical): 512 bytes /512 bytes
I/O size (minimum/optimal): 512 bytes / 512bytes
Disk identifier: 0x000e5cf0
Device Boot Start End Blocks Id System
/dev/sda1 * 1 26 204800 83 Linux
Partition 1 does not end on cylinderboundary.
/dev/sda2 26 52 204800 82 Linux swap / Solaris
Partition 2 does not end on cylinderboundary.
/dev/sda3 52 523 3783680 83 Linux
Partition 3 does not end on cylinderboundary.
Disk /dev/sdc: 534 MB, 534610944 bytes
17 heads, 60 sectors/track, 1023 cylinders
Units = cylinders of 1020 * 512 = 522240bytes
Sector size (logical/physical): 512 bytes /512 bytes
I/O size (minimum/optimal): 512 bytes / 512bytes
Disk identifier: 0xdeb353aa
Device Boot Start End Blocks Id System
/dev/sdc1 1 1023 521700 83 Linux
[root@test ~]#
所以,以上实验看出在IP地址的限制上,ISCSI 的安全性有了很大的提升
5.2 基于密码验证的ISCSI安全设置
在ISCSI target端设置如下
<targetiqn.2008-09.com.example:server.target3>
backing-store /dev/sdb5 #Becomes LUN 1
incominguser wjh01 123456
vendor_id thxy Inc.
</target>
<targetiqn.2008-09.com.example:server.target4>
backing-store /dev/sdb6 #Becomes LUN 1
incominguser wjh02 654321
write-cache off
vendor_id thxy Inc.
</target>
配置完成后重启服务
在客户端上发现目标
[root@client ~]# iscsiadm -m discovery -tst -p 192.168.1.254
192.168.1.254:3260,1iqn.2008-09.com.example:server.target3
192.168.1.254:3260,1iqn.2008-09.com.example:server.target4
[root@client ~]#
但是在挂载到本地的时候出现如下的情况,明显出现错误
[root@client ~]# iscsiadm -m node -Tiqn.2008-09.com.example:server.target3 -l
Logging in to [iface: default, target:iqn.2008-09.com.example:server.target3, portal: 192.168.1.254,3260] (multiple)
iscsiadm: Could not login to [iface:default, target: iqn.2008-09.com.example:server.target3, portal:192.168.1.254,3260].
iscsiadm: initiator reported error (24 -iSCSI login failed due to authorization failure)
iscsiadm: Could not log into all portals
[root@client ~]#
所以,在客户端必须设置和服务器一样的帐号和密码
编辑/etc/iscsi/iscsi.conf
修改如下命令行
node.session.auth.username = wjh01
node.session.auth.password = 123456
重启iscsid服务
这时,ISCSI共享存储可以挂载到客户端
[root@client ~]# iscsiadm -m node -Tiqn.2008-09.com.example:server.target3 -l
Logging in to [iface: default, target:iqn.2008-09.com.example:server.target3, portal: 192.168.1.254,3260] (multiple)
Login to [iface: default, target:iqn.2008-09.com.example:server.target3, portal: 192.168.1.254,3260] successful.
[root@client ~]# fdisk -l
Disk /dev/sda: 4294 MB, 4294967296 bytes
255 heads, 63 sectors/track, 522 cylinders
Units = cylinders of 16065 * 512 = 8225280bytes
Sector size (logical/physical): 512 bytes /512 bytes
I/O size (minimum/optimal): 512 bytes / 512bytes
Disk identifier: 0x000e5cf0
DeviceBoot Start End Blocks Id System
/dev/sda1 * 1 26 204800 83 Linux
Partition 1 does not end on cylinderboundary.
/dev/sda2 26 52 204800 82 Linux swap / Solaris
Partition 2 does not end on cylinderboundary.
/dev/sda3 52 523 3783680 83 Linux
Partition 3 does not end on cylinderboundary.
Disk /dev/sdf: 320 MB, 320721408 bytes
10 heads, 62 sectors/track, 1010 cylinders
Units = cylinders of 620 * 512 = 317440bytes
Sector size (logical/physical): 512 bytes /512 bytes
I/O size (minimum/optimal): 512 bytes / 512bytes
Disk identifier: 0x00000000
Disk /dev/sdf doesn't contain a validpartition table