SAN网络存储是一种高速网络或子网络,根据网络结构可以分为FC-SAN(光纤通道存储区域网),IP-SAN(基于IP的存储区域网)。
IP-SAN 是整合了存储和IP网络的iSCSI技术。IP-SAN技术由iSCSI Initiator(iSCSI客户端)、iSCSI Target(iSCSI目的端)和IP网络交换机组成。
开源iSCSI Initiator 有:
linux-iscsi:http://linux-iscsi.sourceforge.net/
(libiscsi是一个实现了ISCSI协议的I端的库,能用来访部T端;可用来进行I端的开发)
开源iSCSI Target有:
Open-iscsi:iscsid/iscsiadm http://www.open-iscsi.org/
iSCSI Enterprise Target(IET): ietd/ietadm http://sourceforge.net/projects/iscsitarget/files/
Generic scsi target subsystem for linux (SCST): iscsi-scstd/iscsi-scst-adm
http://sourceforge.net/projects/scst/files/?source=navbar
Linux scsi target framework (STGT):tgtd/tgtadm http://stgt.sourceforge.net/
Lio linux scsi target (LIO): /targetcli http://www.linux-iscsi.org/wiki/Main_Page
其中常用的有STGT:yum install scsi-target-utils 。 tgtadm为配置工具。tgtd为守护进程。配置文件为类HTML格式:/etc/tgt/targets.conf
其中LIO已经合并到内核中;yum install targetcli 。targetcli为配置工具,通过configfs与内核通信。保存配置的文件为JSON格式:/etc/target/saveconfig.json
STGT使用实例:tgtd/tgtadm
1.创建一个target设备
tgtadm --lld iscsi --mode target --op new --tid 1 -T iqn.2001-04.com.example:storage.disk2.amiens.sys1.xyz
(注:控制器设备会自动创建lun0,不能删除)
删除target
tgtadm --lld iscsi --mode target --op delete --tid 1
2.添加一个lun
tgtadm --lld iscsi --mode logicalunit --op new --tid 1 --lun 1 -b /dev/hdc1
添加更多的lun
tgtadm --lld iscsi --mode logicalunit --op new --tid 1 --lun 2 -b /dev/hdd1
删除lun
tgtadm -lld iscsi --mode logicalunit --op delete --tid 1 --lun 2
3.启动这个target;(使能target绑定到指定的I端)
tgtadm --lld iscsi --mode target --op bind --tid 1 -I ALL(或192.168.1.168,192.168.0.0/24)
tgtadm --lld iscsi --mode target --op bind --tid 1 -Q iqn.1991-05.com.microsoft:cc
tgtadm --lld iscsi --mode target --op unbind --tid 1 -I(-Q) iqn.1991-05.com.microsoft:cc
其它命今:
查询target信息:
tgtadm --lld iscsi --mode target --op show //显示所有targets信息
tgtadm --lld iscsi --mode target --op show --tid 1 //显示指定的targets信息
获取这个target 的iscsi 参数
tgtadm --lld iscsi --mode target --op show --tid 1
更改参数
tgtadm --lld iscsi --mode target --op update --tid 1 --name MaxRecvDataSegmentLength --value 16384
认证管理:
为target绑定帐户
tgtadm --lld iscsi --mode account --op bind --tid 1 --user fujita
tgtadm --lld iscsi --mode account --op unbind --tid 1 --user fujita
创建账户
tgtadm --lld iscsi --mode account --op new --user fujita --password 123456
删除账户
tgtadm --lld iscsi --mode account --op delete --user <name>
设置导出帐户
tgtadm --lld iscsi --mode account --op new --user hoge --password deadbeaf
tgtadm --lld iscsi --mode account --op show
tgtadm --lld iscsi --mode account --op bind --tid 1 --user hoge --outgoing
IET使用实例:ietd/ietadm . (类似于SCSI.)-->3.x内核好象已经不能用了。
如:
ietadm --op new --tid=1 --params Name=target-iet
ietadm --op new --tid=1 --lun=1 --params Path=/dev/sdb
LIO使用实例:targetcli
一,定义san资源
1.创建backstore;创见lun资源;
#targetcli
/>cd backstores/
/backstores> block/ create name=chengm dev=/dev/sdb
Generating a wwn serial.
Created iblock storage object chengm using /dev/sdb.
2.创建target
/backstores/block/chengm>/iscsi create
Created target iqn.2003-01.org.linux-iscsi.san01.x8664:sn.05135a0e4a11.
Selected TPG Tag 1.
Successfully created TPG 1.
Entering new node /iscsi/iqn.2003-01.org.linux-iscsi.san01.x8664:sn.05135a0e4a11/tpgt1.
3.导出lun;把backstore(lun资源)添加到target,
/iscsi/iqn.20...a0e4a11/tpgt1>luns/ create /backstores/block/chengm
Selected LUN 0.
Successfully created LUN 0.
Entering new node /iscsi/iqn.2003-01.org.linux-iscsi.san01.x8664:sn.05135a0e4a11/tpgt1/luns/lun0.
/iscsi/iqn.20...gt1/luns/lun0>
4.创见网络接口
/iscsi/iqn.20...a0e4a11/tpgt1> portals/ create 192.168.1.139
Using default IP port 3260
Successfully created network portal 192.168.1.139:3260.
Entering new node /iscsi/iqn.2003-01.org.linux-iscsi.san01.x8664:sn.05135a0e4a11/tpgt1/portals/192.168.1.139:3260.
/iscsi/iqn.20...68.1.139:3260>
二,定义访问权限 (从以下选一种认证方式);
1.Demo mode,向所有I端公开,不需要认证
/iscsi/iqn.20...a0e4a11/tpgt1> set attribute authentication=0 demo_mode_write_protect=0
generate_node_acls=1 cache_dynamic_acls=1.
Parameter demo_mode_write_protect is now '0'.
Parameter authentication is now '0'.
Parameter generate_node_acls is now '1'.
Parameter cache_dynamic_acls is now '1'.
/iscsi/iqn.20...a0e4a11/tpgt1> cd /
/>
2.CHAP认证,创建ACL,设置ID与PASSWD
2.1,设置ACL
/iscsi/iqn.20...a0e4a11/tpgt1> acls/ create iqn.1991-05.com.microsoft:ibm-t410s
Successfully created Node ACL for iqn.1991-05.com.microsoft:ibm-t410s
Created mapped LUN 0.
Entering new node /iscsi/iqn.2003-01.org.linux-iscsi.san01.x8664:sn.05135a0e4a11/tpgt1/acls/iqn.1991-05.com.microsoft:ibm-t410s/mapped_lun0.
/iscsi/iqn.20...s/mapped_lun0> cd <
Taking you back to /iscsi/iqn.2003-01.org.linux-iscsi.san01.x8664:sn.05135a0e4a11/tpgt1.
/iscsi/iqn.20...a0e4a11/tpgt1>
2.2,设置ID与PASSWD
/iscsi/iqn.20...a0e4a11/tpgt1> cd acls/iqn.1991-05.com.microsoft:ibm-t410s
/iscsi/iqn.20...oft:ibm-t410s> set auth userid=iqn.1991-05.com.microsoft:ibm-t410s
Parameter userid is now 'iqn.1991-05.com.microsoft:ibm-t410s'.
/iscsi/iqn.20...oft:ibm-t410s> set auth password=mytargetsecret
Parameter password is now 'mytargetsecret'.
/iscsi/iqn.20...oft:ibm-t410s> get auth
AUTH CONFIG GROUP
mutual_password=
The mutual_password auth parameter.
mutual_userid=
The mutual_userid auth parameter.
password=mytargetsecret
The password auth parameter.
userid=iqn.1991-05.com.microsoft:ibm-t410
The userid auth parameter.
/iscsi/iqn.20...oft:ibm-t410s> cd /iscsi
/iscsi>
相互CHAP认证:
1,添加ACL-->2.1(与上面相似)
2.添加userid ,passwd,和mutual_userid,mutual_password;
/iscsi/iqn.20...a0e4a11/tpgt1> cd acls/iqn.1991-05.com.microsoft:ibm-t410s
/iscsi/iqn.20...oft:ibm-t410s> set auth userid=iqn.1991-05.com.microsoft:ibm-t410s password=mytargetsecret mutual_userid=iqn.2003-01.org.linux-iscsi.san01.x8664:sn.05135a0e4a11 mutual_password=mymutualsecret
Parameter userid is now 'iqn.1991-05.com.microsoft:ibm-t410s'.
Parameter password is now 'mytargetsecret'.
Parameter mutual_userid is now 'iqn.2003-01.org.linux-iscsi.san01.x8664:sn.05135a0e4a11'.
Parameter password is now 'mymutualsecret'.
/iscsi/iqn.20...oft:ibm-t410s> get auth
AUTH CONFIG GROUP
mutual_password=mymutualsecret
The mutual_password auth parameter.
mutual_userid=iqn.2003-01.org.linux-iscsi.san01.x8664:sn.05135a0e4a11
The mutual_userid auth parameter.
password=mytargetsecret
The password auth parameter.
userid=iqn.1991-05.com.microsoft:ibm-t410
The userid auth parameter.
/iscsi/iqn.20...oft:ibm-t410s> cd /iscsi
/iscsi>
3.TPG认证,
1.使能TPG认证
/iscsi/iqn.20...a0e4a11/tpgt1> /iscsi/iqn.2003-01.org.linuxiscsi.
san01.x8664:sn.bf919196ff4e/tgpt1/ set attribute demo_mode_write_protect=0 generate_node_acls=1
cache_dynamic_acls=1
Parameter demo_mode_write_protect is now '0'.
Parameter generate_node_acls is now '1'.
Parameter cache_dynamic_acls is now '1'.
/iscsi/iqn.20...a0e4a11/tpgt1>
2.设置userid,password 和userid_mutual,password_mutual
/iscsi/iqn.20...a0e4a11/tpgt1> set auth userid=rts-user
Parameter userid is now 'rts-user'.
/iscsi/iqn.20...a0e4a11/tpgt1> set auth password=b492785e-bc91-4710
Parameter password is now 'b492785e-bc91-4710'.
/iscsi/iqn.20...a0e4a11/tpgt1> set auth userid_mutual=mutual-rts-user
Parameter userid_mutual is now 'mutual-rts-user'.
/iscsi/iqn.20...a0e4a11/tpgt1> set auth password_mutual=aeae2e26-f043-42a7
Parameter password_mutual is now 'aeae2e26-f043-42a7'.
/iscsi/iqn.20...a0e4a11/tpgt1> get auth
AUTH CONFIG GROUP
authenticate_target=0 [ro]
The authenticate_target auth_attr.
password=b492785e-bc91-4710
The password auth_attr.
password_mutual=aeae2e26-f043-42a7
The password_mutual auth_attr.
userid=rts-user
The userid auth_attr.
userid_mutual=mutual-rts-user
The userid_mutual auth_attr.
/iscsi/iqn.20...a0e4a11/tpgt1>
参数:discovery_auth :发现认证,认证后才能发现/查找
使能CHAP 发现认证:
/iscsi> set discovery_auth enable=1 userid=mytargetuid password=mytargetsecret
Parameter enable is now '1'.
Parameter password is now 'mytargetsecret'.
Parameter userid is now 'mytargetuid'.
/iscsi>
使能Mutual CHAP 发现认证:
/iscsi> set discovery_auth enable=1 userid=mytargetuid password=mytargetsecret
mutual_userid=mymutualuid mutual_password=mymutualsecret
Parameter password is now 'mytargetsecret'.
Parameter userid is now 'mytargetuid'.
Parameter mutual_password is now 'mymutualsecret'.
Parameter mutual_userid is now 'mymutualuid'.
Parameter enable is now '1'.
/iscsi> get discovery_auth
DISCOVERY_AUTH CONFIG GROUP
enable=1
The enable discovery_auth parameter.
mutual_password=mymutualsecret
The mutual_password discovery_auth parameter.
mutual_userid=mymutualuid
The mutual_userid discovery_auth parameter.
password=mytargetsecret
The password discovery_auth parameter.
userid=mytargetuid
The userid discovery_auth parameter.
/iscsi>
保存:下次重启后还在。
/> saveconfig
WARNING: Saving rtsnode1 current configuration to disk will overwrite your boot settings.
The current target configuration will become the default boot config.
Are you sure? Type 'yes': yes
Making backup of srpt/ConfigFS with timestamp: 2012-02-27_23:19:37.660264
Successfully updated default config /etc/target/srpt_start.sh
Making backup of qla2xxx/ConfigFS with timestamp: 2012-02-27_23:19:37.660264
Successfully updated default config /etc/target/qla2xxx_start.sh
Making backup of loopback/ConfigFS with timestamp: 2012-02-27_23:19:37.660264
Successfully updated default config /etc/target/loopback_start.sh
Making backup of LIO-Target/ConfigFS with timestamp: 2012-02-27_23:19:37.660264
Successfully updated default config /etc/target/lio_backup-2012-02-27_23:19:37.660264.sh
Making backup of Target_Core_Mod/ConfigFS with timestamp: 2012-02-27_23:19:37.660264
Successfully updated default config /etc/target/tcm_backup-2012-02-27_23:19:37.660264.sh
Generated Target_Core_Mod config: /etc/target/backup/tcm_backup-2012-02-27_23:19:37.660264.sh
Successfully updated default config /etc/target/lio_start.sh
Successfully updated default config /etc/target/tcm_start.sh
/>