文件服务器架构设计

                      文件服务器架构

概述

WINDOWS2008R2系统使用MicrosoftiSCSI Software Target模拟IPSAN存储将1T磁盘通过iscsi协议共享出来,linux文件服务器通过iscsi-initiator与IPSAN存储建立连接后,模拟为本地磁盘,然后使用linux的mdadm做软件raid1(磁盘镜像),格式化raid1并挂载,配置samba服务,提供文件共享服务,避免服务器数据安全性受到威胁

1.     硬件资源

资源

操作系统

配置

192.168.0.174

Linux CentOS5.1

CPU:Intel P4 2.40GHz(单核)

内存:2G   硬盘:80G、1T

192.168.0.176

Windows 2008 R2_X64

CPU:AMD 245 2.90GHz(双核)

内存:4G   硬盘:500G、1T

 

2.     软件安装配置

Microsoft iSCSI Software Target :Windows2008R2系统IPSAN服务模拟软件,用于将SCSI数据块映射成以太网数据包。简洁的说法可以认为是:iSCSI协议将SCSI数据块打包成TCP/IP包,在现有网络内传输

 

iSCSI Initiator :实现linux系统与IP SAN存储设备的对接

 

2.1  Microsoft iSCSI Software Target 安装配置

安装配置方法网上有,此处省略

2.2  iSCSI Initiator 安装配置

Open-iSCSI的配置信息是以数据库的形式进行管理的,主要包含两个表:

l  Discovery table(/etc/iscsi/send_targets)

l  Node table(/etc/iscsi/nodes)

Open-iSCSI的管理主要是通过iscsiadm来完成的。iscsiadm是一个命令行管理工具,通过它来查询、更新、删除这两个表。

首先介绍一下Open-iSCSI的配置文件:

l  /etc/iscsi/iscsid.conf

该文件是默认的配置文件,配置文件内容可以在Discovery过程中或者用iscsiadm来改变。

l  /etc/iscsi/initiatorname.iscsi

保存启动器名称,可以修改,但需要注意符合命名规范。

l  /etc/iscsi/send_targets

该目录下包含所有曾经发现过的目标器地址信息等。

l  /etc/iscsi/nodes

该目录下包含发现的目标器节点信息。

下面将介绍Open-iSCSI常用的命令。

1.        open-iscsi服务的控制

A.       如何启动open-iscsi服务?

/etc/init.d/open-iscsi start   (Suse10)

/etc/init.d/iscsi start        (Redhat5)

B.      如何停止open-iscsi服务?

/etc/init.d/open-iscsi stop   (Suse10)

/etc/init.d/iscsi stop        (Redhat5)

C.       如何查看open-iscsi服务状态?

/etc/init.d/open-iscsi status   (Suse10)

/etc/init.d/iscsi status        (Redhat5)

D.       如何重启open-iscsi服务?

/etc/init.d/open-iscsi restart   (Suse10)

/etc/init.d/iscsi restart        (Redhat5)

E.        如何配置open-iscsi服务开机时自动启动?

chkconfig open-iscsi on

2.        iscsiadm的使用方法

A.       发现目标器:

iscsiadm -m discovery -t st -p 192.168.0.176

B.       显示所有已发现目标器节点信息:

iscsiadm -m node

C.       登陆已发现目标器:

iscsiadm -m node -T iqn.1991-05.com.microsoft:win-ir55lome043-filebackup-target-p 192.168.0.176 –l

D.       登出目标器:

iscsiadm -m node –T iqn.1991-05.com.microsoft:win-ir55lome043-filebackup-target-p 192.168.120.198 -u

E.        删除目标器节点信息:

Iscsidm –m node –o delete -T iqn.1991-05.com.microsoft:win-ir55lome043-filebackup-target-p 192.168.0.176

F.        更改对应目标器节点协商参数:

iscsiadm -m node -T iqn.1991-05.com.microsoft:win-ir55lome043-filebackup-target-p 192.168.0.176 -o update -n node.cnx[0].iscsi.MaxRecvDataSegmentLength -v65536

【注意】 由于更改配置文件/etc/iscsi/iscsid.conf后只有重新执行restart才能对所有已发现目标器生效,所以推荐使用-o方式更新目标器节点的配置信息。比如说之前登陆目标器时设备测没有用chap认证,后面又开始使用chap认证,那么我们就可以使用H中的方式进行更新,然后再重新登陆目标器即可。

G.       登陆、登出所有目标器:

iscsiadm -m node -L all

iscsiadm -m node –U all

H.       CHAP认证用法:

iscsiadm -m node -T Targetname -p 目标器IP -o update -nnode.session.auth.authmethod -v CHAP                          //设置为改目标器需要CHAP认证

iscsiadm -m node -T Targetname -p 目标器IP -o update -nnode.session.auth.username -v huawei                    //设置CHAP用户名为huawei

iscsiadm -m node -T Targetname -p 目标器IP -o update -nnode.session.auth.password -v huawei                    //设置CHAP密码为huawei

I.         查看当前活动session信息:

iscsiadm -m session                 //查看session详细信息

这个命令类似于suse9下iSCSI启动器的iscsi-ls,可以用来查看目标器是否已连接及目标器信息。

J.         设置系统启动时自动连接目标器:

修改/etc/iscsi/iscsid.conf配置文件中的node.startup修改为:node.startup =automatic

注:如果需要其他用法可以使用 man iscsiadm或者info iscsiadm来查看iscsiadm的说明。

3.iscsid服务开机启动

chkconfig iscsid –level35 on

3.mdadm创建raid1

1.创建RAID 1

 

[root@Meil89sda1]# mdadm -Cv /dev/md0 -l1 -n2  /dev/sdb /dev/sdc  

 提示:-C参数为创建阵列模式。/dev/md0为阵列的设备名称。-l1为阵列模式,可以选择0,1,4,5等多种不同的阵列模式,分别对应 RAID0,RAID1,RAID4,RAID5。-n2为阵列中活动磁盘的数目,该数目加上备用磁盘的数目应该等于阵列中总的磁盘数目/dev/hdc /dev/sdb为参与创建阵列的磁盘名称,阵列由2块镜象的活动磁盘组成

 

2.查看RAID阵列情况

[root@localhost~]#cat /proc/mdstat

Personalities : [raid1]

md0 : active raid1 sdc[1] sdb[0]

     952319936 blocks [2/2] [UU]

     [>....................]  resync=  2.2% (21430016/952319936)finish=1362.4min speed=11385K/sec

     

unused devices: <none>

 

[root@localhost ~]# mdadm -D /dev/md0

/dev/md0:

       Version : 0.90

 Creation Time : Mon Jan  512:26:00 2004

    Raid Level : raid1

    Array Size : 952319936 (908.20 GiB 975.18 GB)

 Used Dev Size : 952319936 (908.20 GiB 975.18 GB)

  Raid Devices : 2

 Total Devices : 2

Preferred Minor : 0

   Persistence : Superblock is persistent

 

   Update Time : Mon Jan  5 12:26:002004

         State : clean, resyncing

 Active Devices : 2

Working Devices : 2

 Failed Devices : 0

 Spare Devices : 0

 

 Rebuild Status : 3% complete

 

          UUID : 8293b1c6:3971bc36:626ceab4:34aef60b

        Events : 0.1

 

   Number   Major   Minor  RaidDevice State

      0       8       16       0      active sync   /dev/sdb

      1       8       32       1      active sync   /dev/sdc

 

3.写入md0信息到配置文件

保证系统自动识别raid

[root@localhost~]# mdadm --detail --scan>> /etc/mdadm.conf

 

4.格式化md0

避免破坏Raid1的superblock,保证md0的resync超过5%后进行格式

[root@localhost~]# mkfs.ext3 /dev/md0

 

 

5.挂载md0

[root@localhost~]#mount –t ext3 /dev/md0/mnt/gaga

 

4.配置启动samba服务

1.在/mnt/gaga目录下创建如下目录:文档、交换空间、备份、工具

2.修改/etc/samba/smb.conf文件如下

# This is the main Samba configurationfile. You should read the

# smb.conf(5) manual page in order tounderstand the options listed

# here. Samba has a huge number ofconfigurable options (perhaps too

# many!) most of which are not shown inthis example

#

# For a step to step guide on installing,configuring and using samba,

# read the Samba-HOWTO-Collection. This maybe obtained from:

# http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf

#

# Many working examples of smb.conf filescan be found in the

# Samba-Guide which is generated daily andcan be downloaded from:

# http://www.samba.org/samba/docs/Samba-Guide.pdf

#

# Any line which starts with a ;(semi-colon) or a # (hash)

# is a comment and is ignored. In thisexample we will use a #

# for commentry and a ; for parts of theconfig file that you

# may wish to enable

#

# NOTE: Whenever you modify this file youshould run the command "testparm"

# to check that you have not made any basicsyntactic errors.

#

#---------------

# SELINUX NOTES:

#

# If you want to use the useradd/groupaddfamily of binaries please run:

# setsebool -P samba_domain_controller on

#

# If you want to share home directories viasamba please run:

# setsebool -P samba_enable_home_dirs on

#

# If you create a new directory you want toshare you should mark it as

# "samba-share_t" so that selinuxwill let you write into it.

# Make sure not to do that on systemdirectories as they may already have

# been marked with othe SELinux labels.

#

# Use ls -ldZ /path to see which context adirectory has

#

# Set labels only on directories youcreated!

# To set a label use the following: chcon-t samba_share_t /path

#

# If you need to share a system createddirectory you can use one of the

# following (read-only/read-write):

# setsebool -P samba_export_all_ro on

# or

# setsebool -P samba_export_all_rw on

#

# If you want to run scripts (preexec/rootprexec/print command/...) please

# put them into the /var/lib/samba/scriptsdirectory so that smbd will be

# allowed to run them.

# Make sure you COPY them and not MOVE themso that the right SELinux context

# is applied, to check all is ok userestorecon -R -v /var/lib/samba/scripts

#

#--------------

#

#======================= Global Settings=====================================

 

[global]

 

# ----------------------- Network RelatedOptions -------------------------

#

# workgroup = NT-Domain-Name orWorkgroup-Name, eg: MIDEARTH

#

# server string is the equivalent of the NTDescription field

#

# netbios name can be used to specify aserver name not tied to the hostname

#

# Interfaces lets you configure Samba touse multiple interfaces

# If you have multiple network interfacesthen you can list the ones

# you want to listen on (never omitlocalhost)

#

# Hosts Allow/Hosts Deny lets you restrictwho can connect, and you can

# specifiy it as a per share option as well

#

         workgroup= MYGROUP

         serverstring = Samba Server Version %v

 

;        netbiosname = MYSERVER

 

;        interfaces= lo eth0 192.168.12.2/24 192.168.13.2/24

         hostsallow = 127. 192.168.12. 192.168.0.

 

# --------------------------- LoggingOptions -----------------------------

#

# Log File let you specify where to putlogs and how to split them up.

#

# Max Log Size let you specify the max sizelog files should reach

 

         #logs split per machine

;        logfile = /var/log/samba/%m.log

         #max 50KB per log file, then rotate

;        maxlog size = 50

 

# ----------------------- Standalone ServerOptions ------------------------

#

# Security can be set to user, share(deprecated)or server(deprecated)

#

# Backend to store user information in. Newinstallations should

# use either tdbsam or ldapsam. smbpasswdis available for backwards

# compatibility. tdbsam requires no furtherconfiguration.

 

         security= user

         passdbbackend = tdbsam

 

 

# ----------------------- Domain MembersOptions ------------------------

#

# Security must be set to domain or ads

#

# Use the realm option only with security =ads

# Specifies the Active Directory realm thehost is part of

#

# Backend to store user information in. Newinstallations should

# use either tdbsam or ldapsam. smbpasswdis available for backwards

# compatibility. tdbsam requires no furtherconfiguration.

#

# Use password server option only withsecurity = server or if you can't

# use the DNS to locate Domain Controllers

# The argument list may include:

#  password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]

# or to auto-locate the domain controller/s

#  password server = *

 

 

         security= Share

         passdbbackend = tdbsam

         realm= MY_REALM

 

;        passwordserver = <NT-Server-Name>

 

# ----------------------- Domain ControllerOptions ------------------------

#

# Security must be set to user for domaincontrollers

#

# Backend to store user information in. Newinstallations should

# use either tdbsam or ldapsam. smbpasswdis available for backwards

# compatibility. tdbsam requires no furtherconfiguration.

#

# Domain Master specifies Samba to be theDomain Master Browser. This

# allows Samba to collate browse listsbetween subnets. Don't use this

# if you already have a Windows NT domaincontroller doing this job

#

# Domain Logons let Samba be a domain logonserver for Windows workstations.

#

# Logon Scrpit let yuou specify a script tobe run at login time on the client

# You need to provide it in a share calledNETLOGON

#

# Logon Path let you specify where userprofiles are stored (UNC path)

#

# Various scripts can be used on a domaincontroller or stand-alone

# machine to add or delete correspondingunix accounts

#

;        security= user

;        passdbbackend = tdbsam

 

;        domainmaster = yes

;        domainlogons = yes

 

         #the login script name depends on the machine name

;        logonscript = %m.bat

         #the login script name depends on the unix user used

;        logonscript = %u.bat

;        logonpath = \\%L\Profiles\%u

         #disables profiles support by specifing an empty path

;        logonpath = 

 

;        adduser script = /usr/sbin/useradd "%u" -n -g users

;        addgroup script = /usr/sbin/groupadd "%g"

;        addmachine script = /usr/sbin/useradd -n -c "Workstation (%u)" -M -d/nohome -s /bin/false "%u"

;        deleteuser script = /usr/sbin/userdel "%u"

;        deleteuser from group script = /usr/sbin/userdel "%u" "%g"

;        deletegroup script = /usr/sbin/groupdel "%g"

 

 

# ----------------------- Browser ControlOptions ----------------------------

#

# set local master to no if you don't wantSamba to become a master

# browser on your network. Otherwise thenormal election rules apply

#

# OS Level determines the precedence ofthis server in master browser

# elections. The default value should bereasonable

#

# Preferred Master causes Samba to force alocal browser election on startup

# and gives it a slightly higher chance ofwinning the election

;        localmaster = no

;        oslevel = 33

;        preferredmaster = yes

 

#----------------------------- NameResolution -------------------------------

# Windows Internet Name Serving SupportSection:

# Note: Samba can be either a WINS Server,or a WINS Client, but NOT both

#

# - WINS Support: Tells the NMBD componentof Samba to enable it's WINS Server

#

# - WINS Server: Tells the NMBD componentsof Samba to be a WINS Client

#

# - WINS Proxy: Tells Samba to answer nameresolution queries on

#  behalf of a non WINS capable client, for this to work there must be

#  at least one      WINS Server onthe network. The default is NO.

#

# DNS Proxy - tells Samba whether or not totry to resolve NetBIOS names

# via DNS nslookups.

 

;        winssupport = yes

;        winsserver = w.x.y.z

;        winsproxy = yes

 

;        dnsproxy = yes

 

# --------------------------- PrintingOptions -----------------------------

#

# Load Printers let you load automaticallythe list of printers rather

# than setting them up individually

#

# Cups Options let you pass the cups libscustom options, setting it to raw

# for example will let you use drivers onyour Windows clients

#

# Printcap Name let you specify analternative printcap file

#

# You can choose a non default printingsystem using the Printing option

 

         loadprinters = yes

         cupsoptions = raw

 

;        printcapname = /etc/printcap

         #obtainlist of printers automatically on SystemV

;        printcapname = lpstat

;        printing= cups

 

# --------------------------- FilesystemOptions ---------------------------

#

# The following options can be uncommentedif the filesystem supports

# Extended Attributes and they are enabled(usually by the mount option

# user_xattr). Thess options will let theadmin store the DOS attributes

# in an EA and make samba not mess with thepermission bits.

#

# Note: these options can also be set justper share, setting them in global

# makes them the default for all shares

 

;        maparchive = no

;        maphidden = no

;        mapread only = no

;        mapsystem = no

;        storedos attributes = yes

 

 

#============================ ShareDefinitions ==============================

 

[交换空间]

         comment= share1

         path= /mnt/gaga/交换空间

       browseable = yes

         writable= yes

;        validusers = %S

;        validusers = MYDOMAIN\%S

       public = yes

;       host allow = 192.168.0.

[工具集]

      comment = share2

      path = /mnt/gaga/工具集

      browseable = yes

      writable = yes

       public = yes

[备份文件]

      comment = share3

      path = /mnt/gaga/备份文件

      browseable = yes

      writable = yes

      public = yes

[文档]

      comment = share4

      path = /mnt/gaga/文档

      browseable = yes

      writable = yes

      public = yes

[printers]

         comment= All Printers

         path= /var/spool/samba

         browseable= no

         guestok = no

         writable= no

         printable= yes

 

# Un-comment the following and create thenetlogon directory for Domain Logons

;        [netlogon]

;        comment= Network Logon Service

;        path= /var/lib/samba/netlogon

;        guestok = yes

;        writable= no

;        sharemodes = no

 

 

# Un-comment the following to provide aspecific roving profile share

# the default is to use the user's homedirectory

;        [Profiles]

;        path= /var/lib/samba/profiles

;        browseable= no

;        guestok = yes

 

 

# A publicly accessible directory, but readonly, except for people in

# the "staff" group

;        [public]

;        comment= Public Stuff

;        path= /home/samba

;        public= yes

;        writable= yes

;        printable= no

;        writelist = +staff

 

3.启动samba服务

启动samba服务前必须保证/dev/md0已挂载到/mnt/gaga目录

service smb start

你可能感兴趣的:(文件服务器架构设计)