开源SAN存储 之 IP-SAN

SAN网络存储是一种高速网络或子网络,根据网络结构可以分为FC-SAN(光纤通道存储区域网),IP-SAN(基于IP的存储区域网)。

IP-SAN 是整合了存储和IP网络的iSCSI技术。IP-SAN技术由iSCSI Initiator(iSCSI客户端)、iSCSI Target(iSCSI目的端)和IP网络交换机组成。

开源iSCSI Initiator 有:

linux-iscsi:http://linux-iscsi.sourceforge.net/

(libiscsi是一个实现了ISCSI协议的I端的库,能用来访部T端;可用来进行I端的开发)

开源iSCSI Target有:         

Open-iscsi:iscsid/iscsiadm     http://www.open-iscsi.org/
iSCSI Enterprise Target(IET): ietd/ietadm   http://sourceforge.net/projects/iscsitarget/files/
Generic scsi target subsystem for linux (SCST): iscsi-scstd/iscsi-scst-adm    

http://sourceforge.net/projects/scst/files/?source=navbar
Linux scsi target framework (STGT):tgtd/tgtadm    http://stgt.sourceforge.net/
Lio linux scsi target (LIO):      /targetcli     http://www.linux-iscsi.org/wiki/Main_Page


其中常用的有STGT:yum install scsi-target-utils 。 tgtadm为配置工具。tgtd为守护进程。配置文件为类HTML格式:/etc/tgt/targets.conf

其中LIO已经合并到内核中;yum install targetcli 。targetcli为配置工具,通过configfs与内核通信。保存配置的文件为JSON格式:/etc/target/saveconfig.json

STGT使用实例:tgtd/tgtadm

1.创建一个target设备
tgtadm --lld iscsi --mode target --op new  --tid 1 -T iqn.2001-04.com.example:storage.disk2.amiens.sys1.xyz
(注:控制器设备会自动创建lun0,不能删除)
删除target
tgtadm --lld iscsi --mode target --op delete --tid 1
  
2.添加一个lun
tgtadm --lld iscsi --mode logicalunit --op new  --tid 1 --lun 1 -b /dev/hdc1

添加更多的lun
tgtadm --lld iscsi --mode logicalunit --op new --tid 1 --lun 2 -b /dev/hdd1
删除lun
tgtadm -lld iscsi --mode logicalunit --op delete --tid 1 --lun 2

3.启动这个target;(使能target绑定到指定的I端)
tgtadm --lld iscsi --mode target --op bind  --tid 1 -I ALL(或192.168.1.168,192.168.0.0/24)
tgtadm --lld iscsi --mode target --op bind  --tid 1 -Q iqn.1991-05.com.microsoft:cc


tgtadm --lld iscsi --mode target --op unbind --tid 1 -I(-Q)  iqn.1991-05.com.microsoft:cc

其它命今:
查询target信息:
tgtadm --lld iscsi --mode target --op show //显示所有targets信息
tgtadm --lld iscsi --mode target --op show --tid 1 //显示指定的targets信息

获取这个target 的iscsi 参数
tgtadm --lld iscsi  --mode target --op show --tid 1
更改参数
tgtadm --lld iscsi --mode target --op update --tid 1 --name MaxRecvDataSegmentLength --value 16384

认证管理:
为target绑定帐户
tgtadm --lld iscsi --mode account --op bind  --tid 1 --user fujita 

tgtadm --lld iscsi --mode account --op unbind --tid 1 --user fujita
创建账户
tgtadm --lld iscsi --mode account --op new --user fujita --password 123456
删除账户
tgtadm --lld iscsi --mode account --op delete --user <name>

设置导出帐户
tgtadm --lld iscsi --mode account --op new  --user hoge --password deadbeaf
tgtadm --lld iscsi --mode account --op show 
tgtadm --lld iscsi --mode account --op bind  --tid 1 --user hoge --outgoing


IET使用实例:ietd/ietadm . (类似于SCSI.)-->3.x内核好象已经不能用了。

如:

ietadm --op new --tid=1 --params Name=target-iet
ietadm --op new --tid=1 --lun=1 --params Path=/dev/sdb


LIO使用实例:targetcli  

一,定义san资源
1.创建backstore;创见lun资源;

#targetcli

/>cd backstores/
/backstores> block/ create name=chengm dev=/dev/sdb
Generating a wwn serial.
Created iblock storage object chengm using /dev/sdb.

2.创建target
 /backstores/block/chengm>/iscsi create
 Created target iqn.2003-01.org.linux-iscsi.san01.x8664:sn.05135a0e4a11.
Selected TPG Tag 1.
Successfully created TPG 1.
Entering new node /iscsi/iqn.2003-01.org.linux-iscsi.san01.x8664:sn.05135a0e4a11/tpgt1.

3.导出lun;把backstore(lun资源)添加到target,
/iscsi/iqn.20...a0e4a11/tpgt1>luns/ create /backstores/block/chengm
Selected LUN 0.
Successfully created LUN 0.
Entering new node /iscsi/iqn.2003-01.org.linux-iscsi.san01.x8664:sn.05135a0e4a11/tpgt1/luns/lun0.
/iscsi/iqn.20...gt1/luns/lun0>

4.创见网络接口
/iscsi/iqn.20...a0e4a11/tpgt1> portals/ create 192.168.1.139
Using default IP port 3260
Successfully created network portal 192.168.1.139:3260.
Entering new node /iscsi/iqn.2003-01.org.linux-iscsi.san01.x8664:sn.05135a0e4a11/tpgt1/portals/192.168.1.139:3260.
/iscsi/iqn.20...68.1.139:3260>

二,定义访问权限  (从以下选一种认证方式);
1.Demo mode,向所有I端公开,不需要认证
/iscsi/iqn.20...a0e4a11/tpgt1> set attribute authentication=0 demo_mode_write_protect=0
generate_node_acls=1 cache_dynamic_acls=1.

Parameter demo_mode_write_protect is now '0'.
Parameter authentication is now '0'.
Parameter generate_node_acls is now '1'.
Parameter cache_dynamic_acls is now '1'.
/iscsi/iqn.20...a0e4a11/tpgt1> cd /
/>


2.CHAP认证,创建ACL,设置ID与PASSWD
2.1,设置ACL
/iscsi/iqn.20...a0e4a11/tpgt1> acls/ create iqn.1991-05.com.microsoft:ibm-t410s
Successfully created Node ACL for iqn.1991-05.com.microsoft:ibm-t410s
Created mapped LUN 0.
Entering new node /iscsi/iqn.2003-01.org.linux-iscsi.san01.x8664:sn.05135a0e4a11/tpgt1/acls/iqn.1991-05.com.microsoft:ibm-t410s/mapped_lun0.
/iscsi/iqn.20...s/mapped_lun0> cd <
Taking you back to /iscsi/iqn.2003-01.org.linux-iscsi.san01.x8664:sn.05135a0e4a11/tpgt1.
/iscsi/iqn.20...a0e4a11/tpgt1>
2.2,设置ID与PASSWD
/iscsi/iqn.20...a0e4a11/tpgt1> cd acls/iqn.1991-05.com.microsoft:ibm-t410s
/iscsi/iqn.20...oft:ibm-t410s> set auth userid=iqn.1991-05.com.microsoft:ibm-t410s
Parameter userid is now 'iqn.1991-05.com.microsoft:ibm-t410s'.
/iscsi/iqn.20...oft:ibm-t410s> set auth password=mytargetsecret
Parameter password is now 'mytargetsecret'.
/iscsi/iqn.20...oft:ibm-t410s> get auth
AUTH CONFIG GROUP
  mutual_password=
    The mutual_password auth parameter.

  mutual_userid=
    The mutual_userid auth parameter.

  password=mytargetsecret
    The password auth parameter.

  userid=iqn.1991-05.com.microsoft:ibm-t410
    The userid auth parameter.
/iscsi/iqn.20...oft:ibm-t410s> cd /iscsi
/iscsi>

相互CHAP认证:
1,添加ACL-->2.1(与上面相似)
2.添加userid ,passwd,和mutual_userid,mutual_password;
/iscsi/iqn.20...a0e4a11/tpgt1> cd acls/iqn.1991-05.com.microsoft:ibm-t410s
/iscsi/iqn.20...oft:ibm-t410s> set auth userid=iqn.1991-05.com.microsoft:ibm-t410s password=mytargetsecret mutual_userid=iqn.2003-01.org.linux-iscsi.san01.x8664:sn.05135a0e4a11 mutual_password=mymutualsecret
Parameter userid is now 'iqn.1991-05.com.microsoft:ibm-t410s'.
Parameter password is now 'mytargetsecret'.
Parameter mutual_userid is now 'iqn.2003-01.org.linux-iscsi.san01.x8664:sn.05135a0e4a11'.
Parameter password is now 'mymutualsecret'.
/iscsi/iqn.20...oft:ibm-t410s> get auth
AUTH CONFIG GROUP
  mutual_password=mymutualsecret
    The mutual_password auth parameter.

  mutual_userid=iqn.2003-01.org.linux-iscsi.san01.x8664:sn.05135a0e4a11
    The mutual_userid auth parameter.

  password=mytargetsecret
    The password auth parameter.

  userid=iqn.1991-05.com.microsoft:ibm-t410
    The userid auth parameter.
/iscsi/iqn.20...oft:ibm-t410s> cd /iscsi
/iscsi>

3.TPG认证,
1.使能TPG认证
/iscsi/iqn.20...a0e4a11/tpgt1> /iscsi/iqn.2003-01.org.linuxiscsi.
san01.x8664:sn.bf919196ff4e/tgpt1/ set attribute demo_mode_write_protect=0 generate_node_acls=1
cache_dynamic_acls=1
Parameter demo_mode_write_protect is now '0'.
Parameter generate_node_acls is now '1'.
Parameter cache_dynamic_acls is now '1'.
/iscsi/iqn.20...a0e4a11/tpgt1>


2.设置userid,password 和userid_mutual,password_mutual
/iscsi/iqn.20...a0e4a11/tpgt1> set auth userid=rts-user
Parameter userid is now 'rts-user'.
/iscsi/iqn.20...a0e4a11/tpgt1> set auth password=b492785e-bc91-4710
Parameter password is now 'b492785e-bc91-4710'.
/iscsi/iqn.20...a0e4a11/tpgt1> set auth userid_mutual=mutual-rts-user
Parameter userid_mutual is now 'mutual-rts-user'.
/iscsi/iqn.20...a0e4a11/tpgt1> set auth password_mutual=aeae2e26-f043-42a7
Parameter password_mutual is now 'aeae2e26-f043-42a7'.
/iscsi/iqn.20...a0e4a11/tpgt1> get auth
AUTH CONFIG GROUP
  authenticate_target=0 [ro]
    The authenticate_target auth_attr.

  password=b492785e-bc91-4710
    The password auth_attr.

  password_mutual=aeae2e26-f043-42a7
    The password_mutual auth_attr.

  userid=rts-user
    The userid auth_attr.

  userid_mutual=mutual-rts-user
    The userid_mutual auth_attr.
/iscsi/iqn.20...a0e4a11/tpgt1>

参数:discovery_auth :发现认证,认证后才能发现/查找
使能CHAP 发现认证:
/iscsi> set discovery_auth enable=1 userid=mytargetuid password=mytargetsecret
Parameter enable is now '1'.
Parameter password is now 'mytargetsecret'.
Parameter userid is now 'mytargetuid'.
/iscsi>
使能Mutual CHAP 发现认证:
/iscsi> set discovery_auth enable=1 userid=mytargetuid password=mytargetsecret
mutual_userid=mymutualuid mutual_password=mymutualsecret

Parameter password is now 'mytargetsecret'.
Parameter userid is now 'mytargetuid'.
Parameter mutual_password is now 'mymutualsecret'.
Parameter mutual_userid is now 'mymutualuid'.
Parameter enable is now '1'.
/iscsi> get discovery_auth
DISCOVERY_AUTH CONFIG GROUP
  enable=1
    The enable discovery_auth parameter.

  mutual_password=mymutualsecret
    The mutual_password discovery_auth parameter.

  mutual_userid=mymutualuid
    The mutual_userid discovery_auth parameter.

  password=mytargetsecret
    The password discovery_auth parameter.

  userid=mytargetuid
    The userid discovery_auth parameter.
/iscsi>

保存:下次重启后还在。
/> saveconfig
WARNING: Saving rtsnode1 current configuration to disk will overwrite your boot settings.
The current target configuration will become the default boot config.
Are you sure? Type 'yes': yes
Making backup of srpt/ConfigFS with timestamp: 2012-02-27_23:19:37.660264
Successfully updated default config /etc/target/srpt_start.sh
Making backup of qla2xxx/ConfigFS with timestamp: 2012-02-27_23:19:37.660264
Successfully updated default config /etc/target/qla2xxx_start.sh
Making backup of loopback/ConfigFS with timestamp: 2012-02-27_23:19:37.660264
Successfully updated default config /etc/target/loopback_start.sh
Making backup of LIO-Target/ConfigFS with timestamp: 2012-02-27_23:19:37.660264
Successfully updated default config /etc/target/lio_backup-2012-02-27_23:19:37.660264.sh
Making backup of Target_Core_Mod/ConfigFS with timestamp: 2012-02-27_23:19:37.660264
Successfully updated default config /etc/target/tcm_backup-2012-02-27_23:19:37.660264.sh
Generated Target_Core_Mod config: /etc/target/backup/tcm_backup-2012-02-27_23:19:37.660264.sh
Successfully updated default config /etc/target/lio_start.sh
Successfully updated default config /etc/target/tcm_start.sh
/>

你可能感兴趣的:(开源SAN存储 之 IP-SAN)